Regulators have been intensifying their scrutiny of corporate bribery infractions lately. In the last half of 2004, for example:
- Bristol-Myers Squibb Co. revealed that the Securities and Exchange Commission has launched an investigation into some of the company's German units for possible violations of the Foreign Corrupt Practices Act (FCPA).
- Three former Lucent Corp. employees, including a former CEO, received SEC Wells notices stemming from the alleged bribing of Saudi Arabia's former telecommunications minister with cash and gifts worth up to $21 million.
- Halliburton Corp., embroiled in investigations by both the Department of Justice and the SEC, disclosed that it may have bribed Nigerian officials to secure favorable tax treatment for a liquefied-natural-gas facility.
- The SEC hit the U.S. unit of Zurich-based ABB Ltd. with a $16.4 million judgment reflecting information on bribery and related accounting improprieties that were uncovered in due diligence prior to a divestiture.
From the corporate perspective, of course, Sarbanes-Oxley raises the stakes for violating the FCPA. With CEOs and CFOs now personally signing off on company financials, those executives are likely to be warier than ever of letting a bribe slide through, or letting their guard down in matters of compliance or disclosure.
Corporate directors, who are responsible for monitoring internal audits, are also worried. Sarbanes-Oxley "has increased our company's efforts dramatically to document our processes and internal controls on a companywide basis," says Warren Malmquist, director of audit services at Coors Brewing Co. in Golden, Colorado. When it is auditing company subsidiaries, his department expends "considerable effort" testing the validity of payments made by foreign subsidiaries, he adds, noting that the brewer has never had an FCPA violation. Meanwhile, the USA Patriot Act, which lists bribery of foreign officials as a possible component in money-laundering cases related to the funding of terrorism, allows separate penalties to be assessed for both the payoffs and the money-laundering schemes.
Avoiding the Shadows
Conducting business globally, of course, exposes U.S. companies to all sorts of payoff minefields that don't exist at home. The Corruption Perceptions Index, based on bribery data and surveys conducted by Berlin-based Transparency International, a nongovernment organization dedicated to fighting bribery, finds signs of "rampant corruption" in no fewer than 60 countries. (Bangladesh and Haiti are the worst of that group, and Russia and several other former Soviet republics are included.)
Non-U.S. companies face far fewer constraints when dealing in this shadowy business world. While the 35 signatories of the Organization of Economic Cooperation and Development's 1997 convention made it a crime to bribe foreign officials, "there has been little enforcement of new laws by national governments, other than by the United States," Fritz Heimann, chairman of the U.S. branch of Transparency International, writes on its Website. "There is insufficient awareness in the business community that foreign bribery has become a crime, and relatively few non-U.S. companies have adopted anti-bribery compliance programs."
And that bribery gap has been costly for American companies. During the 12 months ending last April 30, according to a U.S. Commerce Department report, competition for 47 contracts worth $18 billion may have been affected by bribes that foreign firms paid to foreign officials. Because U.S. companies wouldn't participate in the tainted deals, the department estimates, at least 8 of those contracts, worth $3 billion, were lost to them.
Since 1977, the FCPA has barred all issuers of U.S.-traded equities from bribing foreign government officials to acquire or retain business. But while the act makes it illegal for U.S.-listed companies and employees to take part in bribes or to create slush funds for payoffs, some authorities suggest that until a few years ago companies weren't in the habit of informing regulators when they unearthed corruption in their overseas units.
"Traditionally, under general U.S. criminal law," says Kathryn Atkinson, a partner in the Washington, D.C., law firm Miller & Chevalier, "the concept was that you don't have to turn yourself in on a potential crime." Thus, companies finding evidence of potential bribes paid investigated them and imposed disciplinary and remedial measures, but didn't disclose incidents to authorities or shareholders. SEC policy and Sarbanes-Oxley rules, however, now call for disclosure of both the incidents and the steps a company takes to address them.
Accounting for Bribes
Corporate views about reporting abuses began to change in October 2001, though, when the SEC settled an enforcement action involving a subsidiary of Shawnee Mission, Kansas-based Seaboard Corp. — an action that had nothing to do with bribery.
The commission alleged that Gisela de Leon-Meredith, while controller of Seaboard's Chestnut Hill Farms unit, caused inaccuracies in the books and covered up her actions. The SEC merely slapped the ex-controller (who neither admitted nor denied guilt) with a cease-and-desist order, and took no action against the company. In a statement at the time, though, the commission said that Seaboard's cooperation — specifically in sharing details of its internal investigation, not invoking attorney-client privilege, and promptly notifying the commission of restatement plans — had won it lenient treatment.
More broadly, the SEC spelled out criteria to credit companies for any self-policing, self-reporting, cooperation, or remediation. Among other things, the commission said it would consider how a company uncovered the information, whether its audit committee had been informed of it, and how committed the company was to digging out the truth (see "Defining Compliance," at the end of this article).
As a result of the Seaboard case, more companies began to self-report bribery and other abuses, maintains Paul Berger, the SEC's associate director of enforcement. Also, he notes, investigative programs at the SEC and the Justice Department "really got fired up." And soon "Sarbanes-Oxley created more pressure to comply with federal securities laws," such as the FCPA.
Sarbox's whistle-blower protections now encourage employees to report bribes upward within the organization. But Berger also credits the act with supplying a "design to change the tone at the top."
Required certification of internal controls over financial reporting is especially meaningful to a company facing a decision whether to report any improper payments. The Public Company Accounting Oversight Board's Audit Standard 2, issued in connection with Section 404, says a company's internal controls must provide "reasonable assurance" that payments and receipts are authorized by management and the board.
Standard 2 provides a "direct connection between Sarbanes-Oxley and the FCPA," says Jonny Frank, New York-based head of the fraud risks and controls practice at PricewaterhouseCoopers. That means that a bribe payment, as described by the FCPA, also represents a breach of a company's controls over unauthorized payments.
In other words, says attorney Atkinson, "if someone has been able to pay a bribe, your internal-controls system has failed."
Damned If You Do
A bribe can spell the end of an acquisition — and raise the prospect of hefty fines and investigations for the companies involved. U.S. firms buying businesses that have overseas operations "are much more careful about uncovering potential FCPA issues during due diligence," according to Dick Cassin, an attorney in the Hong Kong office of Heller Ehrman White & McAuliffe. "An acquiring firm risks prosecution if it buys a business that has unresolved FCPA problems."
For Lockheed Martin Corp., a $2.4 billion merger agreement with Titan Corp. eventually fell through last year after what Titan filings described as "allegations that improper payments were made, or items of value were provided by consultants for Titan or its subsidiaries." (Under the FCPA, it's illegal for a U.S.-based company to pay an intermediary when it knows that the payment will go improperly to a public official.)
And ABB had to hold off on the sale of two subsidiaries last year until it could settle its SEC charges. The charges, which it settled without admitting or denying guilt, were that ABB's U.S. and foreign units paid $1.1 billion in bribes to officials in Nigeria, Angola, and Kazakhstan between 1998 and 2003. The SEC also alleged that ABB improperly booked the payments and lacked the internal controls to prevent them. In one instance, it alleged, ABB's country manager for Angola doled out $21,600 in a paper bag to five officials of the state-owned oil company.
Despite praising the cooperation of ABB Ltd. for bringing the violations to the attention of the SEC and the Justice Department, the commission's July agreement with ABB called for the company to disgorge $5.9 million in illicit profits. And in pleading guilty to the related Justice case, two ABB units were fined $10.5 million. Within a week of the settlement, ABB announced it had closed the sale of the two subsidiaries, including one that had been charged with FCPA violations.
The case provides a benchmark for merging or divesting companies to use in dealing with foreign bribery liabilities. Until now, the SEC hasn't forced companies to cough up ill-gotten gains. If companies make improper payments when they acquire a business, according to Berger, "that money should be given back."
David M. Katz is deputy editor of CFO.com, where this article originally appeared in somewhat different form.
New federal sentencing guidelines approved last November 1 for bribery offenses also give corporations a way out. Or, as the U.S. Sentencing Commission puts it: "Establishing an effective compliance and ethics program is essential for an organization seeking to mitigate its punishment."
When the government considers filing a case under the Foreign Corrupt Practices Act, "the compliance department is a measure of management's effort to prevent violations," according to Charles Grice, director of anti-money-laundering and financial services at New York-based Kroll Inc. "If it's weak, it looks as if it was intentionally created that way."
The new guidelines require companies to identify how vulnerable they are to internal crime, to train staffers, and to provide company compliance officers with sufficient resources. The board of directors is responsible for oversight and management of the company's compliance and ethics programs.
Because of the guidelines, says Warren Malmquist, director of audit services at Coors Brewing Co., senior managers and boards are beefing up compliance with the antibribery laws. At Coors, that means increased reporting to the audit committee. Previously, internal auditors would report to the committee only if they discovered compliance violations. Now, says Malmquist, they must also report in detail on the effectiveness of compliance programs.
Among the potential problem areas for companies: signing bonuses for foreign government officials. In considering the legitimacy of such bonuses, standard in the oil industry, for example, "you need to look at the facts and circumstances," says Peter Sprung, director of litigation and fraud-investigation services at BDO Seidman LLP in New York. "If the government official is telling you to pay it into a personal bank account offshore, you should be scratching your head."
Be on the lookout, too, for large travel and entertainment expenses booked by foreign employees. Sprung notes that special attention should be paid if the payments are going into offshore accounts and take "more than a couple of sentences to explain."
Antibribery compliance programs also should track company payments to third-party agents or consultants. "Are you in a country where there's a $10,000 [annual] per capita income and you're paying $500,000 to agents? That raises red flags," says Paul Berger, associate director of enforcement at the Securities and Exchange Commission. "That's the kind of circumstantial evidence we look for. What payments were made, to whom, and to what purpose?" —D.M.K.