You are reading the December 2024 Update of the Bass, Berry & Sims Enforcement Roundup, where we bring notable enforcement actions, policy changes, interesting news articles, and a bit of our insight to your inbox.
To stay up to date, subscribe to our GovCon & Trade blog. If you have questions about any actions addressed in the Roundup, please contact the international trade team. We welcome your feedback and encourage you to share this newsletter. Let's jump in!
Overview
- An aviation services and products firm agreed to pay more than $55 million to settle Foreign Corrupt Practices Act (FCPA) investigations by the Department of Justice (DOJ) and Securities and Exchange Commission (SEC).
- Freight forwarder C.H. Robinson International Inc. settled with the Treasury Department's Office of Foreign Assets Control (OFAC) related to apparent violations of U.S. sanctions on Cuba and Iran.
- The Department of Commerce's Bureau of Industry and Security (BIS) penalized Indium Corporation for
- violations of U.S. export controls on Russia.
- McKinsey's African subsidiary agreed to pay more than $120 million to resolve an FCPA investigation into a bribery scheme involving South African officials.
- OFAC settled with Córdoba Music Group for apparent violations of the Iranian Transactions and Sanctions Regulations (ITSR).
- An aviation equipment supplier settled with OFAC for inadvertently conducting business with sanctioned Russian parties.
AAR CORP to Pay Over $55 Million to Resolve FCPA Investigation (DOJ and SEC Action)
Those involved. AAR Corp., an Illinois-based provider of aviation services and products.
Charges and penalties. Violations of the anti-bribery, books and records, and internal accounting controls provisions of the FCPA.
What happened? On December 19, the SEC and DOJ announced that AAR Corp had agreed to pay over $55 million to resolve an investigation into bribery schemes involving government officials from Nepal and South Africa. AAR agreed to pay a $26 million penalty and $18.5 million in administrative forfeiture to the DOJ as part of an 18-month Deferred Prosecution Agreement (DPA). In addition, AAR agreed to pay almost $30 million in disgorgement and prejudgment interest to resolve the SEC's parallel investigation. The DOJ also agreed to credit AAR with the amount disgorged to the SEC.
The DOJ reached the resolution after considering a number of factors. For one, although AAR self-reported the misconduct, that report did not constitute a voluntary self-disclosure under the Criminal Division Corporate Enforcement and Voluntary Self-Disclosure Policy (CEP) because the DOJ was already aware of the matter from media reports and information from an independent source. However, AAR was credited for its cooperation. In addition, AAR engaged in remedial measures including reviewing all high-risk third-party representatives, enhancing onboarding protocols and vetting procedures, and strengthening public bidding policies. AAR ultimately received an approximately 45% reduction off the applicable guidelines sentence.
The DOJ press release can be found here. The SEC press release can be found here.
Notably. The action highlights the risk associated with government procurement, especially in parts of the world where corruption is perceived to be a risk. This includes dealings with state-owned enterprises such as airlines, energy companies, telecommunications firms, and others. It is essential to have very clear guidelines and processes in place for public procurement and the engagement of and payment to third party representatives.
BIS Imposes $180,000 Penalty Against Indium Corporation for Exports of Electronics Manufacturing Components to Russia (BIS Action)
Those involved. The Indium Corporation of America (Indium), a New York-based materials refiner, smelter, manufacturer, and supplier.
Charges and penalties. 11 apparent violations of the Export Administration Regulations (EAR) ($180,000 civil penalty).
What happened? On December 23, BIS announced a $180,000 civil penalty on Indium for 11 apparent violations of the EAR. Between April 2022 and March 2023, Indium exported solder preforms, ribbons, and wires to Russia without authorization. While the items are classified under EAR99, and though EAR99 items can be exported to most end-uses and end-users without a license, a license is required to export the items to Russia since they appear on Supplement no. 5 to Part 746 of the EAR.
The press release can be found here.
Notably. Compliance programs must be tailored to relevant risks. In this case, according to BIS, Indium missed several red flags related to the shipments. For example, after the order for solder ribbon was placed, a logistics specialist for the supplier attempted to reroute the shipment through Hong Kong instead of through Germany. Hong Kong is a popular transshipment route, and this fact should have increased suspicion. In addition, the actual purchaser was different than the party named on the underlying purchase orders.
Importantly, a red flag does not mean that a violation has occurred or will occur. But it does need to be reviewed before the underlying transaction proceeds. To that end, in March 2024 the DOJ, Department of Commerce, and Department of the Treasury issued a tri-seal compliance note detailing these, and other, red flags. Companies should review the compliance note and incorporate the lessons into their compliance programs and training curriculums. We wrote about the tri-seal compliance note in our March 2024 Roundup.
C.H. Robinson International Inc. Settles with OFAC for $257,690 Related to Apparent Violations of the ITSR and the Cuban Assets Control Regulations (OFAC Action)
Those involved. C.H. Robinson International Inc. (CHR), a Minnesota-based global transportation and logistics company.
Charges and penalties. 82 apparent violations of the Iranian and Cuban sanctions programs ($257,690).
What happened? On December 13, OFAC announced that CHR had agreed to pay over $250,000 to settle potential civil liability related to apparent violations of U.S. sanctions on Iran and Cuba. Between November 2018 and February 2022, five non-U.S. subsidiaries of CHR provided freight brokerage services or transportation services involving Iran, Iranian or Cuban goods, or engaged with Mahan Airlines, a designated Iranian airline. The subsidiaries reportedly sent spare parts to Iran, provided brokerage services for numerous shipments of Iranian and Cuban origin goods to Canada, acted as a customs broker for the importation of Iranian goods into Australia, and facilitated an export from Peru to Iran. The violative conduct was discovered "during regular sample audits."
The press release can be found here.
Notably. The settlement underscores the importance of prompt and thorough integration of compliance systems following an acquisition. The subsidiaries that committed the violations were acquired between 2016 and 2019 but were not fully integrated into CHR's overarching compliance infrastructure. Instead, the subsidiaries continued to use their own systems until at least 2022. Following an acquisition, it is essential to ensure that the newly acquired company has appropriate compliance controls in place.
McKinsey & Company Africa to Pay Over $120 Million in Connection with Bribery of South African Government Officials (DOJ Action)
Those involved. McKinsey & Company Africa (McKinsey Africa), the subsidiary of an international consulting firm.
Charges and penalties. One Count of Conspiracy to Bribe a Foreign Official ($122 million fine).
What happened? On December 5, DOJ announced that McKinsey & Company agreed to pay $122 million and enter a DPA to resolve an investigation into a bribery scheme involving South African government officials. Between 2012 and 2016, McKinsey's African subsidiary partnered with South African consulting firms with the understanding these firms would bribe South African officials for nonpublic information about contract awards. The consulting firms paid a portion of the fees received from McKinsey Africa to officials at Transnet SOC Ltd., a state-owned infrastructure company, and Eskom Holdings SOC Ltd., a state- owned energy company. Confidential information elicited from the government officials helped McKinsey Africa secure approximately $85 million in profits. The scheme was largely orchestrated by a McKinsey senior partner who pleaded guilty to conspiracy to violate the FCPA in 2022.
McKinsey Africa agreed to a three-year DPA and a $122,850,000 fine. The fine included a 35% discount. In reaching this resolution, DOJ considered a number of factors including the nature and seriousness of the conduct and the fact that the misconduct was not voluntarily disclosed. However, McKinsey Africa received credit for the company's extensive cooperation, including making presentations to DOJ of the company's internal investigation findings; collecting, reviewing, and producing records in response to DOJ requests; promptly reporting a scheme by a McKinsey employee to delete documents; preserving, collecting, producing documents located abroad; engaging a third-party forensics consultant to analyze electronic devices; making employees available for interviews; and tracing internal accounting money flows and currency exchange information in response to DOJ requests. The DOJ also credited the company because it engaged in timely remedial measures including putting the partner primarily responsible for the misconduct on leave upon learning of the matter, conducting supplemental anti-bribery training for employees located in Africa, strengthening due diligence procedures for engaging third parties, enhancing the review process for all sole-source work, and voluntarily repaying all revenues received from potentially tainted contracts. The DOJ also agreed to credit up to $61,425,000 of the fine for payments to South African authorities as part of a parallel investigation.
The press release can be found here.
Notably. The McKinsey partner responsible for the bribes took steps to avoid detection. He conducted meetings at coffee shops and restaurants rather than at the McKinsey office and limited the use of written communications often corresponding via personal email addresses. Nevertheless, McKinsey was fined $122 million largely due to the action of one employee. Companies should be aware that even when an individual acts alone, the company can be fully liable under the FCPA. Maintaining a strong culture of compliance and providing ample training for personnel, while ensuring transactions and expenditures are adequately approved and monitored, are key steps to protect against rogue actors – and to detect such actors early.
Córdoba Music Group LLC Settles with OFAC for $41,591 Related to Apparent Violations of the ITSR (OFAC Action)
Those involved. Córdoba Music Group LLC, a California-based musical instrument manufacturer.
Charges and penalties. Nine apparent violations of the ITSR ($41,591 fine).
What happened? On December 18, OFAC announced that Córdoba had agreed to settle its potential civil liability for nine apparent violations of the ITSR. Starting in November 2019, Córdoba worked with an Iranian company to sell musical instruments and related accessories to customers in Iran. The Iranian company instructed Córdoba to bill and ship products to a Dubai-based company that then shipped the products to Iran. In total, between November 2019 and March 2022, Córdoba shipped $118,831 worth of instruments and related products that it knew were ultimately destined for Iran. The conduct was discovered following the sale of Córdoba when the new owner received a draft distribution agreement from the Iranian company. The new U.S. owner directed Córdoba to immediately terminate the business relationship, began an internal investigation, and ultimately submitted a voluntary disclosure.
Although the statutory maximum civil monetary penalty was over $3 million, and OFAC identified several aggravating factors, the agency ultimately assessed a far less severe fine of just over $40,000 after considering mitigating factors. In particular, OFAC considered Córdoba's small size, lack of past misconduct, cooperation with OFAC's investigation, and concerted efforts to strengthen its compliance program.
The press release can be found here.
Notably. The settlement agreement highlights the important role training programs play in compliance programs. Córdoba personnel apparently failed to understand the scope of the ITSR and particularly that indirect sales to Iran were prohibited. Even small companies conducting international business need to ensure they and their employees understand their international trade obligations.
SkyGeek Logistics, Inc. Settles with OFAC for $22,172 for Apparent Violations of the Russian Harmful Foreign Activities Sanctions Regulations (RuHSR) (OFAC Action)
Those involved. SkyGeek Logistics, Inc., a New York-based supplier of aviation products.
Charges and penalties. Six apparent violations of the RuHSR ($22,172).
What happened? On December 31, OFAC announced that SkyGeek Logistics, Inc. agreed to pay approximately $22,000 to settle potential civil liability related to six apparent violations of U.S. sanctions against Russia. Between January and March 2024, SkyGeek made shipments to and attempted to refund payments made by two United Arab Emirates-based aircraft parts suppliers on OFAC's List of Specially Designated Nationals and Blocked Persons. The refund payments totaled $17,511 and the shipments totaled $3,429.
According to OFAC, the violations resulted from incomplete screening of transaction partners. In particular, while SkyGeek apparently screened the transaction parties before commencing business with them, it did not subsequently re-screen them before issuing refunds or making shipments. This resulted in violations because the parties were designated between the initial screening and the time of the transactions at issue.
Although the statutory maximum civil monetary penalty applicable to the matter was over $2 million, OFAC agreed to a far smaller penalty because the conduct was not egregious and because of significant remedial efforts taken by SkyGeek's parent company, including a comprehensive review of sales to high-risk jurisdictions, and the engagement of a new software vendor to improve screening.
The press release can be found here.
Notably. This matter serves as a reminder of the importance of ongoing prohibited parties screening. Historically, SkyGeek compliance policies did not require re-screening of customers prior to issuing refunds. Then, even after the company modified its processes to require rescreening, the company failed to identify one transaction party as blocked. Screening must occur regularly, and when changes to the screening policy and procedures are made, those changes must be rolled out fully to personnel.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
