How Offering Cookies and Chocolates Can Expand Your Business: Stericycle Settles Parallel U.S. and Brazilian Bribery Investigations

On April 20, 2022, Illinois-based waste management company Stericycle, Inc. agreed to pay more than $80 million to resolve parallel civil and criminal charges brought by U.S. and Brazilian authorities related to alleged bribery of foreign officials in Argentina, Brazil, and Mexico.1 According to the settlements, Stericycle made hundreds of bribe payments totaling approximately $10.5 million over a four-year period to foreign officials, profiting by at least $21.5 million. In addition to fines, the company agreed to a two-year compliance monitor, reflecting the government's updated policy of imposing monitorships when the government views a compliance program as not fully implemented or tested prior to settlement.2

This settlement – the third corporate FCPA resolution of 2022 – encompasses an array of recurring anti-corruption risks worthy of ongoing attention by compliance professionals. Like the WPP case of September 2021, Stericycle expanded rapidly by acquiring local and regional businesses in Latin America without adequately addressing the underlying anti-corruption risks. The company kept local management in place and did not integrate the new businesses into a centralized accounting or internal controls system.

More broadly, anti-corruption risk was not top of mind, as reflected by the company not having implemented its FCPA policies until 2016 (the last year of the relevant conduct).3 Absent sufficient controls, employees in Brazil, Argentina, and Mexico continued paying bribes without detection. Company personnel even maintained spreadsheets that tracked bribe recipients and referred to bribes using code words like "little pieces of chocolates," "alfa," and "alfajores" – a traditional cookie popular in Argentina.4 Indeed, the creative ways in which company employees and executives (and third-party co-conspirators) hid improper payments in company books and correspondence are particularly noteworthy

The Bribery Schemes

Stericycle entered the Latin America market in 1997, expanding rapidly through acquisitions of local and regional businesses in Argentina, Brazil, and Mexico. Stericycle kept the owners of the local acquired businesses on to run the new Stericycle subsidiaries, reporting to an executive responsible for Latin America operations, who in turn reported to senior executives at Stericycle's headquarters. According to the SEC's Order, Stericycle maintained mostly decentralized accounting processes without proper oversight and did not centralize its compliance department or implement anti-corruption policies and procedures until 2016.5

The U.S. authorities charged the company in connection with participating in widespread bribery schemes across all three markets:

  • Argentina. According to the settlement papers, from 2011 to 2016, Stericycle executives and employees paid bribes to government officials in Argentina to secure new business and also to get priority payments of invoices for services provided to government-owned healthcare facilities and health ministries. For example, in connection with a 2012 contract to provide medical waste disposal services to a government entity, local officials sought bribes of roughly 15% of invoice amounts. Stericycle executives calculated 10%-15% of the invoice amounts and authorized these payments, which were typically delivered in cash by sales employees. Stericycle employees gave code names to the bribes in email communications, such as "commission," "IP," "alfa," and "alfajores," and they included "alfa" as a "Commercial Expenses" line item on spreadsheets comparing actual and projected revenue.6

"[T]he creative ways in which company employees and executives (and third-party co-conspirators) hid improper payments in company books and correspondence are particularly noteworthy."

  •  Brazil. Stericycle entered and expanded throughout Brazil by acquiring local and regional businesses. With knowledge and authorization from the executive responsible for Latin American operations, the company used sham third-party debt collection vendors and fictitious invoices to disguise cash withdrawals that were authorized by executives, falsely recorded by finance personnel (at the direction of executives) and made by employees and third-party intermediaries to government customers. The company maintained multiple spreadsheets saved on company servers that documented the behavior, recording the government officials receiving the bribes, the corresponding amounts, and the Stericycle Brazil employee responsible for acquiring the cash and delivering it to the customer. Fake invoices created to cover for the employee cash withdrawals were reflected in the company's general ledger as a reduction of revenues or as SG&A expenses.7
  • Mexico. Stericycle first entered Mexico through a joint venture with a business owned by the company's executive responsible for Latin America operations. Again, the bribery scheme involved authorization from high-level local executives, the use of third-party vendors that issued fake invoices to cover the company's cash payments to government officials, and tracking through spreadsheets that recorded recipient, amount, and delivery method details – and loss projections in the event bribe payments were not made.8


Stericycle entered into a three-year DPA with DOJ to settle charges that the company conspired to violate the FCPA's anti-bribery and books and records provisions. The company (which did not self-report) paid a $52.5 million criminal penalty, a 25% reduction off the bottom of the applicable U.S. Sentencing Guidelines range, given the company's cooperation and remediation.9

The company also paid $28.2 million in disgorgement and prejudgment interest to settle SEC charges that the company violated the FCPA's anti-bribery, books and records, and internal accounting controls provisions. Notably, despite both DOJ and the SEC charging books and records violations, only the SEC charged a violation of the FCPA's internal accounting controls provision, an asymmetrical application of the accounting provisions that is rare but has been done in the past.10

Both DOJ and the SEC noted the company's cooperation, which included sharing facts developed through its internal investigation and voluntarily facilitating interviews. Its remediation included relatively standard measures like termination of relationships with responsible employees and third parties; strengthening corporate governance by appointing new senior management and directors; and enhancing its compliance infrastructure (by hiring more local compliance personnel and an experienced new CECO who reports directly to the CEO and chair of the board's Audit Committee). Notably, DOJ also called out Stericycle's divestment of its subsidiaries in Argentina and Mexico.11 It is an unusual remedial measure, but one that has been cited over the years, including, for example, where DOJ noted that Florida-based asphalt company Sargeant Marine's extensive remedial measures tied to its September 2020 FCPA settlement included "no longer operating in Brazil, Venezuela, Ecuador or Chile"12 and where the SEC cited as remedial efforts Goodyear's divestment of subsidiaries in Kenya and Angola following an SEC resolution in 2015.13


1. See Deferred Prosecution Agreement, United States v. Stericycle, Inc., No. 22-cr-20156-KMM (S.D. Fla. Apr. 18, 2022), ["Stericycle DPA"]; Order, In re Stericycle, Inc., Securities Exchange Act Release No. 94760 (Apr. 20, 2022), ["Stericycle Order"].

2. See Kara Brockmeyer, et al., "DOJ Revises Corporate Criminal Enforcement Policies," Debevoise In Depth (Nov. 1, 2021), (recounting that per Deputy Attorney General Monaco's October 2021 policy announcement, prosecutors will consider a monitor where a company's compliance program and controls are "untested, ineffective, inadequately resourced, or not fully implemented at the time of a resolution"); Memorandum from the Deputy Attorney General (Lisa O. Monaco), "Corporate Crime Advisory Group and Initial Revisions to Corporate Criminal Enforcement Policies" (Oct. 28, 2021), [hereinafter the "Monaco Memo"].

3. Stericycle Order ¶ 6.

4. Stericycle DPA ¶¶ 15, 28, 40–43; Stericycle Order ¶¶ 18–19.

5. Stericycle Order ¶¶ 4–7.

6. Stericycle DPA ¶¶ 36–43; Stericycle Order ¶¶ 4–7, 16–19.

7. Stericycle DPA 16–26; Stericycle Order ¶¶ 8–12.

8. Stericycle DPA 27–35; Stericycle Order ¶¶ 13–15.

9. Stericycle DPA ¶ 4.

10. For example, DOJ charged books and records violations without corresponding internal controls violations (which the SEC charged) against Herbalife and Novartis/Alcon in 2020 and Diebold in 2013.

11. Stericycle DPA ¶ 4(d); Stericycle Order ¶¶ 27–28.

12. Plea Agreement ¶ 7(d), United States v. Sargeant Marine Inc., No. 20-cr-00363 (E.D.N.Y. Sept. 21, 2020),

13. Order ¶ 21, In re the Goodyear Tire & Rubber Co., Securities Exchange Act Release No. 74356 (Feb. 24, 2015), admin/2015/34-74356.pdf.

To view the full article click here

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.