Since the U.S. Securities and Exchange Commission (“SEC”) unveiled its new Cooperation Initiative in January 2010, securities lawyers and regulated companies have been waiting to see how the SEC would use Deferred Prosecution Agreements (“DPAs”). Some of the answers may be found in the DPA signed on May 17, 2011, by Tenaris, S.A., a multi-billion dollar Luxembourg manufacturer and supplier of steel pipe products with over 24,000 employees and American Depository Receipts (“ADRs”) traded on the New York Stock Exchange. By entering into the DPA, Tenaris admitted violations of the U.S. Foreign Corrupt Practices Act (“FCPA”).1 According to the DPA, Tenaris hired, for a substantial commission, a third-party agent in Uzbekistan in order to gain access to competitors’ bid information, which the agent then improperly obtained from officials in a partly state-owned gas company. This information enabled Tenaris to secure lucrative contracts worth close to $20 million.2
This DPA teaches us about the SEC’s Cooperation Initiative, including the SEC’s embrace of traditional prosecutorial tools and methods long employed by the U.S. Department of Justice (“DOJ”), and the SEC’s view of FCPA compliance.
The SEC’s “Cooperation Initiative”
In launching its Cooperation Initiative last year, the SEC pledged to enhance its investigative and enforcement power by “encouraging greater cooperation from individuals and companies in the agency’s investigations and enforcement actions.”3 The Initiative included three tools—long familiar staples of DOJ enforcement—that the SEC would deploy for the first time, including: cooperation agreements, DPAs, and non-prosecution agreements (“NPAs”).4
The SEC entered into its first (and, to date, only) NPA with Carter’s Inc., an Atlanta- based marketer of children’s clothing, on December 20, 2010.5 The NPA followed an investigation into financial fraud at Carter’s resulting in a SEC complaint against Carter’s Executive Vice President, who was charged with fraud and insider trading.6 The press release announcing the agreement noted that the NPA “reflect[ed] the relatively isolated nature of the unlawful conduct, Carter’s prompt and complete self-reporting of the misconduct to the SEC, its exemplary and extensive cooperation in the investigation, including undertaking a thorough and comprehensive internal investigation, and Carter’s extensive and substantial remedial actions.”7 In exchange for Carter’s assistance with the SEC’s investigation—including its agreement to provide the SEC with unprivileged documents; to use its best efforts to compel the cooperation of current and former officers, directors, employees, and agents; and to testify at trial8—as well as Carter’s commitment to take “substantial remedial actions,”9 the SEC promised “not to bring any enforcement action or proceeding” against the company.10
The announcement of the Tenaris DPA, like the Carter’s NPA before it, strongly suggests that the SEC is committed to adopting and incorporating enforcement practices honed by the DOJ. Under the leadership of SEC Enforcement Director Robert Khuzami, himself a former DOJ prosecutor, the SEC increasingly sees value in cooperation agreements that have long been utilized by the DOJ, of late with increasing frequency. Since the first DPA/NPA adopted by the DOJ in 1993, the use of these agreements has significantly increased—from 4 in 2003, to 23, as reported by the DOJ in 2009.11 This growing use of the agreements, especially in the FCPA area, which garners the “lion’s share” of such agreements,12 demonstrates understandable enthusiasm for a cost-effective means of preserving scarce investigative resources. It also provides well-publicized models of good remediating conduct for other would-be violators.
It is noteworthy that the SEC chose to offer a DPA to Tenaris but an NPA to Carter’s. The SEC has offered no public explanation why it used different cooperation tools, and in fact the instructions in the SEC manual for the use of the two types of agreements are similar.13 The SEC press releases for both use similar language to describe the cooperation from the respective companies.14 One explanation for this different treatment may lie in the seriousness with which the SEC views FCPA violations. While NPAs are typically reserved for those viewed by the charging agency as witnesses with little or no criminal exposure, DPAs are often accompanied by a formal charging document, are filed with a court, and generally include a rigorous set of corrective measures that the cooperating company must undertake in order for the prosecution to remain deferred.15 Thus, the DPA is likely to remain a favored agreement in the FCPA context, where there will invariably be additional measures for the corporate defendant to undertake in the area of compliance and/or monitoring. Moreover, there are potentially additional adverse consequences if the DPA is violated, so it is a more rigorous enforcement tool.
The Tenaris Deferred Prosecution Agreement
The Tenaris DPA is significant not only because it marks the SEC’s first use of a DPA, but also because it was used in a high-profile FCPA case. According to the DPA, from mid-2006 through mid-2007, Tenaris bid on several contracts with O’ztashqineftgaz (“OAO”), a subsidiary of Uzbekneftegaz, a state-owned Uzbek oil and gas holding company.16 Around December 2006, an agent in Uzbekistan offered Tenaris’s regional salepersonnel access to competitors’ bid information, which was in turn obtained improperly from OAO officials. Tenaris agreed to use the agent’s services, and to pay a hefty commission, ultimately securing four contracts worth a total of close to $20 million. According to the statement of facts agreed to by Tenaris and the SEC in the DPA, Tenaris took in just under $9 million, and made a profit of approximately $4.8 million.17
Under the FCPA, it is illegal for a foreign entity with shares traded on a national U.S. exchange (including ADRs18) to provide money to an agent, knowing the agent will forward the money to a “foreign official” for the purpose of securing an improper business advantage.19 The DPA establishes that Tenaris understood that a portion of the commissions it paid to the agent would end up in the hands of OAO officials, who in turn would supply the company with confidential bid information from its competitors. As employees of a subsidiary of a majority state-owned holding company, the OAO officials were deemed to be “foreign officials” for FCPA purposes.20 Although the money did not go directly to rig a bid, this exchange was made to secure an improper advantage for Tenaris, and was made to “foreign officials.” It therefore violated the FCPA’s anti-bribery provisions. The DPA also noted that Tenaris “failed to make and keep books, records, and accounts which accurately and fairly reflected Tenaris’s transactions with the agent described above, and which failed to accurately record the payments to OAO officials.”21 This violated the FCPA “books and records” provisions.22
In exchange for Tenaris accepting responsibility for its conduct, agreeing not to contest the facts as stated in the DPA, and undertaking certain commitments, the SEC agreed, in accordance with its Cooperation Initiative, to defer prosecution against Tenaris for a two-year period. Although the SEC imposed no civil money penalty, Tenaris will have to disgorge the profits derived from its illegal deals and pay prejudgment interest, totaling $5.4 million.
The non-financial undertakings that the DPA imposed on Tenaris were substantial. First, the firm will have to provide the SEC with written notice of any new charges of any degree of seriousness brought against it, whether by federal, state, or local enforcement authorities, or regulatory agencies. It must also inform the SEC of any charge related to an anti-bribery or securities law brought by a foreign agency.23
Second, Tenaris must annually review and update its Code of Conduct, ensure that each director, officer, and management-level employee “certif[ies] compliance with the Code of Conduct on an annual basis,” and “conduct effective training regarding anticorruption and compliance with the FCPA” throughout the firm.24 This requirement was imposed notwithstanding the SEC’s acknowledgement of Tenaris’s thorough review of its pre-existing compliance program and adoption of a strengthened Code of Conduct, Business Conduct Policy, and Agent Retention Procedure—all steps that Tenaris took on its own initiative after discovering the violation as a result of an internal investigation.
Third, Tenaris agreed to continue to cooperate fully with any related enforcement litigation to which the SEC is a party, to provide all non-privileged documents requested by the SEC, and to use its best efforts to secure the same cooperation, including interviews and provision of testimony, from current and former Tenaris directors, officers, employees, and agents.25 Tenaris also agreed to allow the tolling of the statute of limitations for any related action brought by the SEC during the deferral period.26
The Tenaris DPA is not binding on other federal or state agencies. In fact, the DOJ announced its own NPA the same day as the SEC made its announcement. The DOJ NPA, dated March 14, 2011, included an agreement that Tenaris would pay a penalty of $3.5 million.27
According to the press release accompanying the DOJ NPA, this, “substantially reduced monetary penalty . . . reflects the department’s commitment to providing meaningful credit to Tenaris for its extraordinary cooperation with the department.”28
What the SEC’s Tenaris DPA Means for Companies Doing Business Abroad
The Tenaris DPA is instructive for compliance departments and in-house legal personnel. Rigorous and robust compliance programs can help companies avoid violations in the first place; but if a violation nonetheless occurs, they can also help to mitigate and control the damage. In the worst case, as the newly amended U.S. Sentencing Guidelines make clear, even imperfect compliance procedures can reduce a company’s sentencing exposure. Indeed, following passage of the U.K. Bribery Act, in some jurisdictions “adequate procedures” might preclude liability altogether.29
The Tenaris DPA highlights the following recommendations for corporate compliance programs:
- review compliance policies to ensure conformance with the elements outlined in DOJ Advisory Opinion 04-02 and successor opinions on particular topics (available on the DOJ’s Fraud Section website),30 as well as recent amendments to Chapter 8 of the U.S. Sentencing Guidelines, which offer guidance on how a corporation can reduce its culpability score in the event of sentencing;31
- ensure that due diligence procedures related to the retention of third-party agents are sufficient to withstand regulatory scrutiny in light of a discovery of a violation, and ideally are sufficiently robust to prevent such conduct from occurring;
- conduct periodic audits of third-party relationships and FCPA compliance more generally;
- carefully review relationships with foreign business partners to foreign governmental agents and state-owned enterprises, and scrutinize policies and compliance training for personnel dealing with entities that have some measure of state control;
- regularly review payments made to third-party agents for inconsistencies that might reveal improper and unrecorded payments to foreign officials;
- promptly conduct an internal investigation and consider whether to voluntarily report findings after carefully weighing risks;
- conduct regular training of officers, directors, and employees, and require annual certification of compliance policies;
- provide avenues for employees to confidentially report suspected violations.
The last point is particularly relevant in light of the new “whistleblower” rule adopted by the SEC on May 25, 2011, pursuant to the Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank”).32 That Act establishes “bounty” provisions of 10% to 30% of monetary sanctions collected for potential whistleblowers who report wrongdoing to the SEC.33 In conjunction with the SEC’s Cooperation Initiative, the whistleblower rule is another facet of the SEC’s efforts to incentivize reporting. Naturally, a company that seeks to benefit from voluntarily reporting bad conduct should take steps to ensure that employees are able to report “internally” before they do so “externally.” The new Final Rule adopted by the SEC, however, may further impede internal reporting, as the SEC refused to abide by the myriad comments from business interests calling for the SEC to adopt a rule that required a whistleblower to first use a company’s internal reporting process before informing the SEC of a suspected violation.34
* * *
Upon the announcement of the Tenaris DPA, Director Khuzami said: “[t]he Tenaris foreign bribery scheme was unacceptable and unlawful, but the company’s response demonstrated high levels of corporate accountability and cooperation,” and “[t]he company’s immediate self-reporting, thorough internal investigation, full cooperation with SEC staff, enhanced anti-corruption procedures, and enhanced training made it an appropriate candidate for the Enforcement Division’s first Deferred Prosecution Agreement.”35 Thus, Tenaris is in fact an example of the compelling benefits of cooperation. Should a company make the determination to voluntarily disclose misconduct, the kind of affirmative disclosure and proactive compliance measures taken by Tenaris after discovering the improper activities of its regional sales personnel may well aid a potential defendant. This is the message conveyed frequently by authorities, including by Assistant Attorney General Lanny Breuer, who, in November 2010, advised firms to err on the side of voluntarily disclosing violations and reiterated “the value of cooperat[ing]” with the DOJ.36
Yet cooperation is not without significant risk. Most obviously, self-disclosure will bring great scrutiny, but ultimately may not be deemed worthy of a DPA or NPA. Weighed against the potential risks, there is the possibility that bad conduct that is isolated and remediable may otherwise never come to light (to the extent it is not otherwise subject to reporting requirements); cooperation, on the other hand, typically will include at least a fine, which may be substantial, and may trigger other potentially onerous obligations and requirements, including potentially expensive monitoring requirements that are a frequent target of the defense bar’s criticism.
Aside from these risks, civil lawsuits may well follow government settlements. The Tenaris DPA, in contrast to the Carter’s NPA, included a thorough statement of facts that Tenaris agreed the SEC would have presented sufficient evidence to prove had the case gone to trial. Although a footnote says that the statement of facts is “made pursuant to settlement negotiations,” and is “not binding against Tenaris in any other legal proceeding or on any other person or entity,”37 it remains to be seen what use, if any, plaintiffs’ attorneys can make of the admissions. Furthermore, the substantial two-year compliance period under the Tenaris DPA, during which time Tenaris must report other agencies’ investigations, could lead to burdensome and costly investigation. In sum, the decision to voluntarily disclose to regulatory authorities FCPA violations (or others, for that matter) is never an easy one. In navigating these rocky shoals, companies naturally are always well advised to seek the guidance of experienced counsel and to exercise a thorough deliberative process before arriving at a strategic decision on how to proceed.