Article by M. Richard Schroeder and Stephen J. Haedicke

Two recent enforcement actions have set new records for penalties for violations of the U.S. Foreign Corrupt Practices Act ("FCPA"). In the first case, Siemens Aktiengesellschaft ("Siemens") and three of its subsidiaries agreed to pay a total of $800 million in criminal fines and civil disgorgements related to the companies' world-wide practice of bribing foreign officials in aid of business. In the second, the former Halliburton subsidiary Kellogg, Brown & Root, Inc. ("KBR"), agreed to pay a total of $579 million in criminal fines and civil disgorgements for its corrupt actions in securing a series of lucrative construction contracts in Nigeria. These penalties are each many times greater than any penalty previously imposed under the FCPA. Together, they demonstrate the seriousness with which U.S. enforcement authorities continue to pursue corporate bribery world wide.

But while the sheer size of these two cases may put them in a class all their own, some of the lessons they teach from an FCPA compliance perspective are applicable to any company doing business overseas, regardless of size. These lessons include: (1) Innovative corporate structures and the use of third parties cannot insulate a company from liability where its employees know or have reason to know bribes are being paid on its behalf; (2) A company's culture matters— where management ignores or condones bribery, the practice will thrive; (3) An effective FCPA compliance program must be an on-going, meaningful effort, not simply a "paper program"; and (4) Regardless of the underlying conduct, a company can reap real rewards if it responds effectively and appropriately to signs that one or more of its employees may have paid or authorized a bribe.

  1. The Siemens Case

In December 2008, Siemens pleaded guilty to a two-count bill of information charging it with knowingly violating the FCPA's mandate that companies (1) maintain internal controls sufficient to detect and deter bribery and (2) make and keep accurate books and records. This was the first time that the government charged a company with criminal violations of the FCPA's so-called accounting provisions. Concurrently, three Siemens subsidiaries each pleaded guilty to conspiring to violate the FCPA's anti-bribery provisions, its internal controls provisions, and its book-and-records provisions. Additionally, the Securities and Exchange Commission ("SEC") filed a settled enforcement action against the company on December 12, 2008.

A review of documents associated with these cases reveals that Siemens suffered from a pervasive culture of corruption. For example, according to the government, Siemens' older project cost calculation sheets sometimes reflected "nutzliche aufwendungen," a term that literally translates as "useful money" but which many Siemens employees understood to mean bribes. Additionally, many Siemens offices maintained "cash desks" from which employees could withdraw up to one million euros at a time; employees would often visit these desks with suitcases that they would fill up with money. There were few internal controls to assure that the money would be used for lawful purposes.

Although some of these more blatant practices stopped after Germany enacted domestic laws prohibiting foreign bribery in 1999, the Siemens culture of corruption persisted. According to the government, Siemens and its subsidiaries engaged in widespread corrupt practices including:

  1. using off-book accounts for corrupt payments, even after compliance risks associated with these accounts were raised at the highest level of management;
  2. entering into purported business consulting agreements with no basis, sometimes after Siemens had won the relevant project;
  3. engaging former Siemens employees to funnel bribes to foreign officials on the Company's behalf;
  4. justifying payments to purported business consultants based on false invoices;
  5. mischaracterizing corrupt payments on the corporate books and records as consulting fees;
  6. limiting the quantity and scope of audits of payments to purported business consultants;
  7. accumulating profit reserves as liabilities on internal balance sheets and then using them to make corrupt payments;
  8. concealing the identities of employees approving payments by using removable Post-It notes to affix signatures on approval forms;
  9. allowing third-party payments to be made based on a single signature, contrary to company policy requiring dual authorization;
  10. drafting and backdating sham business consulting agreements to justify third party payments; and
  11. changing the titles of documents to avoid their review by company lawyers.

These practices resulted in payments totaling over $1.4 billion over the course of six years (between 2001 and 2007). Of this amount, over $800 million is known to have been used in whole or in part to bribe foreign officials on the Company's behalf. The remainder went primarily to business consultants for unknown purposes.

Siemens' schemes began to unravel as governments the world over initiated investigations into its practices. Finally, in November 2006, the public prosecutor's office in Munich, Germany raided the Siemens office there and arrested a number of high-level members of management. Shortly thereafter, the Company disclosed to the U.S. Department of Justice ("DOJ") and SEC the possibility that it had violated the FCPA and initiated a global internal investigation of its practices. The Siemens investigation—which the DOJ termed "exceptional"—involved over 1.5 million billable hours by attorneys and forensic accountants, the collection and preservation of over 100 million documents, and over 1700 in-person interviews conducted in 34 countries. Additionally, Siemens spent over $150 million developing an FCPA compliance program in tandem with its investigation.

Ultimately, Siemens and its three charged subsidiaries agreed to a criminal sentence consisting of (a) a $450 million fine, (b) a continuing duty to cooperate with domestic and foreign enforcement authorities, (c) the implementation of a "rigorous" FCPA compliance program, and (d) retention of an independent compliance monitor for a term of four years. These penalties were in addition to a $350 million civil disgorgement agreed upon with the SEC and fines and disgorgements imposed by the Munich Public Prosecutor's Office. All told, Siemens will pay over $1.6 billion in fines and penalties in connection with the cases brought by the DOJ, the SEC, and the Munich Public Prosecutor's Office. Other countries continue to investigate the company.

  1. The KBR Case

On February 11, 2009, former Halliburton subsidiary KBR pleaded guilty to a five-count indictment charging it with a near decade-long conspiracy to violate the anti-bribery provisions of the FCPA and four substantive FCPA bribery violations. The Company agreed to pay a $402 million criminal fine. Concurrently, KBR and Halliburton settled with the SEC books-andrecords and internal control charges related to the bribery, agreeing to disgorge $177 million in corruptly obtained profits. Halliburton is likely to pay the full amount of both these penalties pursuant to indemnification clauses contained in the separation agreement between it and KBR.

The KBR case stems from four contracts let by various Nigerian government entities between 1995 and 2004 to build a liquefied natural gas production facility on Bonny Island, Nigeria. KBR was part of a joint venture with three international companies that bid on these contracts, which the Nigerian government valued at approximately $6 billion.

According to U.S. enforcement authorities, KBR and the other joint venture members paid $182 million in bribes to a range of Nigerian officials to secure the four Bonny Island contracts. These bribes were negotiated by designated representatives of high-level Nigerian officials and funneled through two international consultants, one based in Gibraltar, the other in Japan. The joint venture entered into contracts with these two consultants through a wholly owned Portuguese shell company that KBR had specifically created in an attempt to insulate itself from FCPA liability. KBR also intentionally refrained from placing Americans on the Portuguese company's board in order to further shield itself from liability.

The resolution of this case follows quickly on the September 2008 guilty plea of Albert "Jack" Stanley, a former KBR vice-president who helped manage and execute the bribery scheme. Stanley's sentencing is scheduled for May 2009; under the terms of his plea agreement, he faces up to seven years in prison and a restitution payment of $10.8 million.

In addition to the fine, KBR's plea agreement with the government requires that it hire an independent compliance monitor for a period of three-years to review its FCPA compliance program. Documents filed with the plea agreement reveal that KBR faced criminal fines as high as $763.6 million, partly because tolerance of the corrupt conduct was pervasive throughout the company. The Company's full cooperation during the government's investigation, however, mitigated the ultimate penalty imposed.

  1. Compliance Lessons

The Siemens and KBR cases offer valuable compliance lessons for any company doing business internationally. First and foremost, of course, is that enforcement authorities take transnational corruption very seriously and, after years of heightened enforcement activity, they expect companies to do the same.

Other lessons include:

  1. Innovative Corporate Structures and Use of Third Parties Cannot Insulate a Company from Liability

In both the Siemens case and the KBR case, the companies used consultants to funnel bribes to foreign officials. In the KBR case, the company even set up a foreign shell company—with no Americans on the board—that it and its co-conspirators used to enter into contracts with the consultants.

These attempts to insulate the companies from FCPA liability failed, for two reasons. First, the FCPA contains a broad knowledge standard, criminalizing paying or authorizing payment of anything of value to a third party where the payor knows or has reason to know that the thing of value will be used to bribe a foreign official. It makes no difference if the thing of value flows through one or more other entities before it reaches the foreign official: If the original payor knew or even just had reason to know that a bribe would be paid on its behalf, then the payor can be liable for the FCPA violation.

The second reason the use of third-parties could not insulate Siemens and KBR from FCPA liability is that they are publicly traded companies, subject to the FCPA's books-and-records and internal control provisions. Under these provisions, public companies must make and keep books and records which, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company. Additionally, they must devise and implement a system of internal controls sufficient to provide reasonable assurance that transactions are occurring only pursuant to appropriate authorization and that they are recorded accurately.

If the FCPA's knowledge provisions did not already prohibit willful blindness to suspicious circumstances, these accounting provisions clearly do. A public company is not free simply to distribute money to consultants in the hopes that they will use it properly. Instead, the company must take reasonable steps to assure it knows what its money is being used for.

  1. Culture Matters

It is often said that the "tone at the top" matters when it comes to compliance. The Siemens and KBR cases demonstrate the truth of that proposition. In both cases, the government specifically noted the companies' pervasive tolerance for bribery. In the Siemens case, for example, the SEC noted that the company's culture "had long been at odds with the FCPA" and was one in which bribery "was tolerated and even rewarded at the highest levels." Likewise, in the KBR case, the government noted that "tolerance of the offense by substantial authority personnel was pervasive" throughout the organization.

What can a company do to promote an honest, ethical culture? Some steps that should be taken are:

  1. Make sure that employees "get the message" by promulgating clear, easy-to-understand policies prohibiting corrupt practices;
  2. Company leadership should periodically reinforce the message by emphasizing the Company's commitment to compliance, for example through a speech or letter to employees;
  3. Ensure that the Company's compliance team is appropriately staffed and funded, and has a clear mandate to prevent and report corruption, even at the expense of business;
  4. Institute programs that ensure corrupt practices are punished and ethical activities are rewarded.

Although an ethical culture cannot by itself prevent corrupt practices, it is always an important first step in achieving a corruption-free company.

  1. Real Compliance Programs Aren't Just Paper

A company's compliance program can't exist only on paper—it must be a living, breathing, constantly evolving effort that receives an appropriate amount of time, support, and funding. The Siemens case dramatically illustrates this point. As the government pointed out, in 2000 and 2001 the Company began to develop anti-corruption policies, but this "paper program" did little or nothing to stop on-going corrupt practices. The Company's compliance officer worked only part-time on his compliance duties and had a staff of only two lawyers. Furthermore, the Company's management rejected suggestions that would have made for a more robust compliance structure—for example, a recommendation for a company-wide list of agents and consultants and a central committee to review those relationships.

So, while FCPA policies are important, they are hardly worth the paper they are written on unless they are backed up with practices and procedures. Although every company is different, some compliance practices that should be considered are:

  1. Mandating FCPA compliance training for "key personnel," meaning personnel who are expected to interface with foreign officials on the company's behalf or who supervise third parties who interface with foreign officials on the company's behalf;
  2. Conduct risk-based due diligence for all third-party agents and consultants, and centralize those efforts within the legal or compliance departments;
  3. Provide FCPA compliance training to any "high-risk" agents;
  4. Require agents to sign annual certifications attesting that they have not and will not violate anti-corruption laws;
  5. Involve multiple company departments in compliance efforts, for example, legal, internal audit, and accounting;
  6. Conduct periodic reviews and audits of the company's compliance systems to ensure that they are functioning and to look for ways to improve.
  1. The Response Can Be as Important as the Conduct

A final compliance lesson from the Siemens and KBR cases is that a company's response to a corruption allegation can be nearly as important as the underlying conduct itself. This point is most graphically demonstrated in the Siemens case, where under the U.S. Sentencing Guidelines the Company faced a potential fine of $2.7 billion. In explaining its decision not to seek this maximum fine, the government specifically noted the Company's "exceptional" and standardsetting internal investigation, full cooperation with authorities, and intensive remedial efforts.

The lesson here is that it doesn't pay to be "penny wise but pound foolish" when it comes to internal investigations of potential FCPA violations. Although Siemens spent a tremendous amount on its investigation, that investment paid dividends in the form of a criminal fine that was some $2.25 billion less than what might have been required.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.