Keynote Speech, ACI's 33rd International Conference on the FCPA

Andrew Ceresney, Director, Division of Enforcement

Nov. 30, 2016

Thank you very much for that very kind introduction.  At the outset, let me give our standard disclaimer that the views I express today are my own and do not necessarily reflect the views of the Commission or its staff.[1]

I am very happy to be here at ACI's 33rd Annual FCPA Conference.  This is my fourth year here as Director of Enforcement and a tremendous amount has happened in FCPA enforcement over the last four years.  Investigating and bringing enforcement actions for FCPA violations has been an important priority for us at the SEC and we have taken a lead role in fighting corruption worldwide.  During this time, we have seen tremendous improvement in FCPA awareness and compliance both in the United States and abroad, and there is no question that we have made great progress in our attempts to curb corruption under the FCPA and its foreign counterparts.  However, as our recent actions demonstrate, there is still much more work to be done to deter and punish FCPA wrongdoing.

This past year was a record year for the SEC's FCPA enforcement program.  We brought 21 FCPA actions against entities and individuals, the most ever, entered into two non-prosecution agreements and a deferred prosecution agreement, and obtained hundreds of millions of dollars in financial remedies.  Many of these cases involved well-known issuers, including Anheuser-Busch InBev, Las Vegas Sands, Qualcomm, GlaxoSmithKline, and Bristol-Meyers Squibb.  We also continued our successful partnership with the DOJ and FBI, and announced two joint resolutions with foreign authorities.

Today, I want to talk about a few important themes and cases.  First, I want to spend a few minutes on self-reporting and cooperation, following up on a topic I have spoken about in each of my past speeches.  Then, I will discuss two very important FCPA cases we brought recently – our case against Och-Ziff from September and the JPMorgan case we filed earlier this month – and the lessons to be drawn from these cases.  Finally, I will talk about the importance of international cooperation and discuss two recent cases where we entered into global settlements together with international authorities, which I believe foreshadow the structure of some future FCPA resolutions.

I. Self-Reporting and Cooperation

I want to start by briefly discussing our efforts to incentivize companies to self-report misconduct and cooperate with our investigations.  Self-reporting and cooperation are very important and helpful to us, particularly in FCPA cases, given the challenges we face in identifying and investigating FCPA violations.  We use a carrot and stick approach to encouraging cooperation.  We reward cooperation in multiple ways.  Parties that self-report and cooperate can benefit from reduced charges, including deferred prosecution or non-prosecution agreements (DPAs or NPAs), and in certain instances when the violations are minimal, no charges.  We also reward cooperation with significantly reduced penalties, and in some cases, no penalties.  At the same time, companies who discovered misconduct but made the decision not to report it to us and did not provide meaningful cooperation, have not received any reduction in penalties or other benefits when we learned of the conduct from other sources, including whistleblowers, and in some cases, have paid significantly higher penalties as a result.  As I have said before, companies are gambling if they fail to self-report FCPA misconduct to us.[2]

I have been stressing the benefits of companies self-reporting and cooperating for the past few years – and those benefits are real.  While it is not always possible to identify circumstances where we declined to bring a case, we were able to do so earlier this year when we declined to bring an action against Harris Corporation given their self-policing, self-reporting and substantial cooperation.[3]  In that case, the Chairman and CEO of a Chinese subsidiary acquired by Harris facilitated a bribe scheme where illegal payments were made in the form of gifts to officials of state-owned hospitals in China.  Although it was only able to perform limited pre-acquisition due diligence on the subsidiary, Harris took immediate and significant steps after the acquisition to train staff in China and integrate the subsidiary into Harris's system of internal accounting controls.  As a result of these measures, including the implementation of an anonymous complaint hotline, Harris discovered and reported the misconduct within five months of the acquisition.  The SEC determined not to bring charges against Harris, taking into consideration the company's efforts at self-policing that led to the discovery of the misconduct, prompt self-reporting, thorough remediation, and exemplary cooperation with the SEC's investigation.

In my speech at this conference last November, I announced that in FCPA cases, a company must self-report to be eligible for an NPA or DPA.[4]  In June of this year, we announced two NPAs with companies that self-reported violations and provided full cooperation.  In the first case, Akamai Technologies, a Massachusetts-based internet services provider, agreed to disgorge more than $650,000 in profits connected to bribes paid to officials of Chinese state-owned entities by a foreign subsidiary.[5]  In the second case, Nortek, a Rhode Island-based residential and commercial building products manufacturer, agreed to disgorge nearly $300,000 in profits connected to bribes paid to Chinese officials by a foreign subsidiary.[6]  In both cases, the companies promptly self-reported the misconduct, took remedial measures, including improving their internal controls, and cooperated extensively with the SEC's investigation, thereby justifying NPAs.    

The Commission also gave significant credit for cooperation in connection with penalties imposed in more than a half a dozen other recent FCPA cases.  These include our settlements with AstraZeneca[7] and Nordion,[8] where the Commission reduced penalty amounts in recognition of their cooperation, and our settlement with SAP,[9] where the Commission agreed not to impose any penalty in recognition of its significant cooperation.

My sense from discussions with defense counsel is that our actions have sent a clear message to the defense bar and the C-Suite that there are significant benefits to self-reporting and cooperation with the SEC.  I expect that the Division of Enforcement will continue in the future to reinforce this message and reward companies that self-report and cooperate.

II. Och-Ziff African Bribery

I want to focus now on a case we brought this past September against the publicly-traded hedge fund, Och-Ziff Capital Management Group LLC, its CEO, Daniel Och, and its CFO, Joel Frank, for violations of the FCPA and the Investment Advisers Act.[10]  As set forth in the Order, the SEC's investigation found that beginning in 2007, and continuing through 2011, Och-Ziff entered into a series of transactions and investments in which Och-Ziff paid bribes through intermediaries, agents and business partners to high ranking government officials in multiple African countries, including Libya, Chad, Niger, Guinea, and the Democratic Republic of the Congo.[11]  The purposes of these schemes were to induce the Libyan sovereign wealth fund to invest in Och-Ziff managed funds, to secure mining rights for Och-Ziff-related entities in other African countries, and to maintain political favor in the countries in which Och-Ziff and its partners operated.

To settle our action, Och-Ziff agreed to pay approximately $200 million in disgorgement and prejudgment interest.  The Department of Justice and United States Attorney's Office for the Eastern District of New York brought parallel criminal proceedings against the firm as part of which Och-Ziff was assessed a criminal penalty of approximately $213 million and entered into a deferred prosecution agreement with the DOJ, and a subsidiary of Och-Ziff pleaded guilty to one count of conspiracy to violate the anti-bribery provisions of the FCPA.[12]  In addition, the SEC took action against the two most senior executives at the firm – Dan Och and Joel Frank.  Mr. Och, the CEO, agreed to an SEC order finding that he caused books and records violations in two of the transactions in the Congo, and agreed to pay approximately $2.2 million in disgorgement and prejudgment interest.  Mr. Frank, the CFO, also agreed to an SEC order finding that he caused books and records and internal controls violations in transactions in the Congo and Libya.

This case was one of our most significant FCPA actions in years.  To begin with, it was the first FCPA action against a hedge fund and one of the first against a financial services firm.  The case served notice to financial services companies that, like other U.S. companies, they face unique corruption risks when operating in some international markets.  Beyond that, in most instances, Och-Ziff used funds provided by the investors in its managed funds to pay bribes.  The Investment Advisers Act violations charged here serve to provide notice that investment advisers have a special duty to ensure that they do not engage in misconduct using funds entrusted to them by investors.    

This case also emphasized the important obligations of senior executives.  Here, the SEC's Order found that Mr. Och knew of the significant corruption risks when doing business in the Congo, was aware of corruption accusations against Och-Ziff's business partner in the Congo, and received due diligence on the business partner that identified substantial corruption risks.[13]  Nevertheless, Mr. Och made the decision to approve transactions with the business partner in the Congo despite being aware of the significant risks of corruption and despite the fact that Och-Ziff's senior compliance and legal personnel were recommending against proceeding with the transactions.[14]  This case sends the message loud and clear that CEOs will be held responsible if they do business with persons with close ties to government officials when due diligence raises significant red flags, particularly when control functions are raising serious questions about such transactions.  It is only by holding such senior decision makers responsible that we will deter such conduct.

Similarly, Mr. Frank was responsible for ensuring that all transactions were recorded accurately and was likewise responsible for devising and maintaining Och-Ziff's internal accounting controls.  Yet, the Order found that he approved Och-Ziff's payments in the transactions in the Congo in which he believed there was a high risk of corruption.[15]  He deferred to Mr. Och as the final decision maker and executed those transactions per Mr. Och's approval.[16]  CFOs who are responsible for the organization's internal controls cannot escape responsibility for executing such transactions in these circumstances, even when they are not the ultimate decision maker.

Och-Ziff is not the only case that demonstrates the Enforcement Division's renewed emphasis on individual liability in FCPA cases.  Seven enforcement actions in the past year involved individuals.  For example, in the Harris Corporation case I mentioned earlier, the Commission charged the former CEO and Chairman of Harris's subsidiary in China for violating the FCPA by facilitating a bribery scheme that provided illegal gifts to officials at state-owned hospitals in order to obtain and retain business for the company.[17]  The Commission also recently brought FCPA actions against the CEO of LAN Airlines,[18] the former CFO of a Danish subsidiary of Analogic Corporation, a Massachusetts-based medical device manufacturer,[19] a former vice-president of SAP SE,[20] a worldwide software company, and a former engineer for Nordion Inc., a Canadian health science company,[21] for violations of the FCPA.  Although cases against individuals have challenges, including jurisdictional and statute of limitations issues, pursuing individual accountability is a critical part of deterrence and, as these cases show, the Division of Enforcement will continue to do everything we can to hold individuals accountable. 

III. JP Morgan Referral Hiring Practices

Another significant recent case was our action against JPMorgan relating to their hiring practices in Asia.  In that settled case, the Commission charged JPMorgan Chase & Co. with violations of the anti-bribery, books and records, and internal accounting controls provisions of the FCPA related to its hiring of relatives and friends of government officials and executives at Chinese state-owned entities in order to obtain business from those entities.[22] 

As set forth in the Order, our investigation found that, between 2006 and 2013, JPMorgan, primarily through its subsidiary JPMorgan Securities (Asia Pacific) Limited—or JPMorgan APAC—created a client referral hiring program to leverage the benefits of providing prestigious, career building JPMorgan internships and employment to the relatives and friends of government officials and executives of clients.[23]  In exchange, those officials and executives used their positions to assist JPMorgan APAC in obtaining or retaining investment banking business.  Many of JPMorgan's clients whose executives requested internships were state-owned entities, and therefore the executives requesting employment for their relatives and friends were foreign government officials under the FCPA. 

Importantly, the JPMorgan APAC "Sons and Daughters" program bypassed the firm's normal hiring process.  Referral candidates did not compete against other candidates based on merit and did not meet JPMorgan's minimum educational, grade-point, or background qualifications.  Nor did they undergo the typical rigorous multi-round interviews.  Referral candidates were hired based on direct or potential links to investment banking revenue that could be generated from the referring client in exchange for the hire. 

The client referral hiring program at JPMorgan was broad in scope.  Over a seven-year period, JPMorgan hired approximately 100 interns and full-time employees at the request of foreign government officials.  This included candidates referred by foreign government officials at more than twenty different Chinese state-owned entities.  In return, the referring state-owned entities entered into transactions generating more than $100 million in revenue for JPMorgan APAC or its affiliates during this period. 

As set out in the Order, JPMorgan APAC also committed internal controls and books and records violations related to the client referral hiring program.  JPMorgan legal and compliance personnel recognized the risks inherent in referral hiring, and created a review process that included a "Sons & Daughters" questionnaire seeking the reasons for the hire, the merits of the candidate apart from the referral, and the expected benefit, if any, to JPMorgan expected from the referral hire.[24]  However, the legal and compliance review became a formality in which JPMorgan APAC investment bankers and supporting personnel provided inaccurate or incomplete answers to secure approval for hires without revealing the links to business as a result of the hires.  Indeed, in some instances, questionnaires were modified so that certain referral hires linked to business would be approved, even though the initial draft of the questionnaire made clear the direct link to business that would result from the hiring.  During the life of the referral program, no candidates were rejected as a result of the legal and compliance review.

As part of the settlement, JPMorgan agreed to pay the SEC disgorgement and prejudgment interest of approximately $130.5 million.  The Department of Justice conducted a parallel investigation and negotiated a Non-Prosecution Agreement, with a criminal penalty of approximately $72 million.[25]  In addition, the New York Federal Reserve Bank entered into a concurrent settlement agreement with JPMorgan involving payment of approximately $62 million. 

In the wake of some of the Commission's prior hiring practices cases, including our cases against Bank of New York Mellon and Qualcomm, some questioned whether providing internships could amount to an FCPA violation.  But the JPMorgan case should put that debate to rest.  The statute precludes the payment or provision of "anything of value" to a foreign official in order to induce that official to take official action or obtain an improper advantage for the purpose of obtaining or retaining business.  As I stressed in my speech here last year, "anything of value" is a broad term and is not limited to cash or tangible gifts but includes less traditional items of value that have been given in order to influence foreign officials.[26]  There is no question that JPMorgan itself recognized that employment given at the request of a foreign official can be a thing of value under the FCPA, providing tangible or intangible benefits to a foreign official.  When these benefits are given to influence a foreign official in the performance of their official duties to assist an issuer in obtaining or retaining business, the FCPA is violated. 

This case also makes clear that employment of a child, friend or relative can influence a foreign official in his or her official actions.  JPMorgan actually tracked the benefits it received under the "Sons and Daughters" program through a spreadsheet that kept track of the revenues related to each hiring, which demonstrated JPMorgan's view that the foreign officials were indeed influenced to take action.[27]  JPMorgan personnel also spoke openly about the tangible benefits they were getting from this hiring, noting in an email to the CEO of JPMorgan APAC that the program "has an almost linear relationship with mandates in China."[28]  In one instance, a senior JPMorgan APAC banker wrote in response to a request to hire the son of an official of a state-owned entity that "[the public official's state-owned entity] is an important client.  We need to help his son that definitely [sic] will give us leverage of business opportunities for both fig [JPMorgan's Financial Institutions Group] and non fig for jpm."[29]  A few weeks after the son was hired, JPMorgan APAC announced that it had won a mandate to work on deal for a subsidiary of the official's state-owned entity.[30] 

Some have asked whether these hiring practices cases tread too far into hiring decisions made by institutions, which are complex and typically based on many factors.  I think the facts of this case also put to rest any such claim.  After all, it is clear from the order that the relatives hired under this program were not hired under the normal hiring process, and in many cases, did not meet the minimum qualifications for their positions.  It also is clear that the hires were made for the specific purpose of influencing the public officials in their official duties.  So while each of these cases will turn on their particular facts and circumstances, the JPMorgan matter involved clear violations of the FCPA.

Finally, I should note that this case is also important because it demonstrates that having an anti-corruption policy that addresses potential violations of the FCPA is not enough, without rigorous compliance review and testing.  JPMorgan recognized the FCPA issues surrounding hiring and set up a specific program to review official hires.  That program, however, was ineffective because the investment bankers took actions to evade it and the compliance personnel did not sufficiently understand the program to review it adequately.  It is not enough for a company to set up rules and controls, and to train its employees, if those controls are not enforced.

The JPMorgan case was the first case to be brought resulting from the Enforcement Division's Asia Referral Hiring Sweep, which began in 2013 with our investigation of JPMorgan.  As part of this sweep, Enforcement began looking at hiring practices in the Asia-Pacific region for investment banks based on what we perceived, in part through our investigation of JPMorgan, could be an industry-wide problem.  Enforcement's work on the sweep is ongoing. 

IV. International Cooperation and Global Settlements

Finally, I want to talk about the strides Enforcement has made over the last few years in international cooperation.  Collaboration with international regulators and law enforcement is critical to our success in the FCPA space.  As global markets become more interconnected and complex, no one country or agency can effectively fight bribery and corruption alone.  In this globalized marketplace, the SEC's ability to protect investors and maintain fair and efficient markets is often dependent on Enforcement's ability to investigate misconduct that takes place, at least in part, abroad.  Coordination allows the SEC to maximize its ability to investigate wrongdoing while working within the parameters of many different legal systems.  

For many years, the SEC has cooperated extensively with our international partners and these relationships and cooperative arrangements have given us the ability to leverage the information and resources of our counterparts to strengthen our own enforcement efforts.  In fact, in this past fiscal year alone, the Commission has publicly acknowledged assistance from more than two dozen different jurisdictions in the FCPA cases we brought. 

Two recent cases, though, demonstrate another trend in our international cooperation that I am sure will become more pronounced in the coming years.  We are starting to see that as our foreign partners adopt anti-bribery laws that prohibit corruption, those countries join together with us in bringing actions against wrongdoers simultaneously with our actions.  In our recent cases against VimpelCom and Embraer, we cooperated successfully with international colleagues and reached global settlements that included charges brought by the SEC and DOJ in the United States and by authorities in the Netherlands and Brazil.

In February of this year, we reached a global settlement, along with the U.S. Department of Justice and the Prosecution Authority of the Netherlands, which required telecommunications provider VimpelCom to pay more than $795 million to address its violations of the FCPA.[31]  The Complaint alleged that the company paid at least $114 million in bribes to an Uzbek government official linked to the President of Uzbekistan as the company entered the Uzbek telecommunications market and sought government-issued licenses, frequencies, channels, and number blocks.  This case involved extraordinary international assistance.  The Division of Enforcement, with the help of the Commission's Office of International Affairs, worked seamlessly with the Dutch authorities and received international assistance in the course of the investigation from no fewer than 14 jurisdictions - the most ever provided in a single FCPA investigation.  The global settlement – one of the largest in the history of the FCPA – required VimpelCom to pay $397.5 million to U.S. authorities (split between the DOJ and SEC), and $397.5 million to the Prosecution Authority of the Netherlands.

Last month, we worked closely with the DOJ and Brazilian authorities to bring charges against the Brazilian aircraft manufacturer Embraer.  Our global settlement required the company to pay more than $205 million to resolve allegations that it violated the FCPA by paying bribes to win business in the Dominican Republic, Saudi Arabia and Mozambique.[32]  The settlement requires Embraer to pay DOJ a $107 million penalty as part of a DPA, and to pay more than $98 million in disgorgement to the SEC.  $18.5 million of that disgorgement amount was paid to Brazilian authorities in the parallel civil and criminal proceeding in Brazil, with us crediting those payments against the disgorgement owed to the Commission.

These global settlements are critical and welcome FCPA developments.  They demonstrate that the Division of Enforcement is now not only receiving assistance from foreign authorities but bringing simultaneous actions and sharing disgorgement and penalties with them appropriately.  These sorts of global resolutions send strong messages of deterrence to companies and individuals, as they know they will face sanctions from the U.S., as well as other places they do significant business.  Global settlements also allow us to resolve cases efficiently and provide closure to companies and individuals on all exposure they face.

Enforcement will continue to work closely with foreign law enforcement and regulators to bring anti-bribery actions.  I fully expect that you will see more global settlements involving foreign authorities in the coming years.

V. Conclusion

I hope that this has given you a better sense of the SEC's recent enforcement work pursuing FCPA violations.  We have made tremendous progress over the past 10 years in deterring FCPA misconduct and incentivizing companies across the world to improve their compliance programs.  I am confident that in the coming years, we will continue to treat FCPA violations as a priority and see significant FCPA actions against entities and individuals involving the SEC, our criminal partners, and foreign authorities. 

Thank you for your attention today and enjoy the rest of the conference. 

 

[1] The Securities and Exchange Commission, as a matter of policy, disclaims responsibility for any private publication or statement by any of its employees.  The views expressed herein are those of the author and do not necessarily reflect the views of the Commission or of the author's colleagues on the staff of the Commission.

[2]  See Andrew Ceresney, The SEC's Cooperation Program: Reflections on Five Years of Experience (May 13, 2015), available at http://www.sec.gov/news/speech/sec-cooperation-program.html; and FCPA, Disclosure, and Internal Controls Issues Arising in the Pharmaceutical Industry (March 3, 2015), available at http://www.sec.gov/news/speech/2015-spch030315ajc.html.

[3] See Administrative Proceeding Summary, File No. 3-17535, SEC Charges Former Information Technology Executive with FCPA Violations; Former Employer Not Charged Due to Cooperation with SEC (Sept. 12, 2016), available at https://www.sec.gov/litigation/admin/2016/34-78825-s.pdf.

[4] See Andrew Ceresney, ACI's 32nd FCPA Conference Keynote Address (Nov. 17, 2015), available at https://www.sec.gov/news/speech/ceresney-fcpa-keynote-11-17-15.html.

[5] See Press Release 2016-109, SEC Announces Two Non-Prosecution Agreements in FCPA Cases (June 7, 2016), available at https://www.sec.gov/news/pressrelease/2016-109.html.

[6] See id.

[7] See Administrative Proceeding File No. 3-17517 (Aug. 30, 2016), available at https://www.sec.gov/litigation/admin/2016/34-78730.pdf .

[8] See Administrative Proceeding File No. 3-17153, Order Instituting Proceedings (March 3, 2016), available at https://www.sec.gov/litigation/admin/2016/34-77290.pdf.

[9] See Administrative Proceeding File No. 3-17080, Order Instituting Proceedings (Feb. 1, 2016), available at https://www.sec.gov/litigation/admin/2016/34-77005.pdf.

[10] See Press Release 2016-203, Och-Ziff Hedge Fund Settles FCPA Charges (Sept. 29, 2016), available at https://www.sec.gov/news/pressrelease/2016-203.html.

[11] See Administrative Proceeding File No. 3-17959, Order Instituting Proceedings("Och-Ziff Order) (Sept. 29, 2016), available at https://www.sec.gov/litigation/admin/2016/34-78989.pdf

[12] See DOJ Press Release, Och-Ziff Capital Management Admits to Role in Africa Bribery Conspiracies and Agrees to Pay $213 Million Criminal Fine (Sept. 29, 2016) available at https://www.justice.gov/opa/pr/och-ziff-capital-management-admits-role-africa-bribery-conspiracies-and-agrees-pay-213.

[13] See Och-Ziff Order ¶¶ 45, 47, 104.

[14] See id., ¶ 104.

[15] See Och-Ziff Order ¶¶ 105-06.

[16] See Id.

[17] See Administrative Proceeding Summary, File No. 3-17535, SEC Charges Former Information Technology Executive with FCPA Violations; Former Employer Not Charged Due to Cooperation with SEC (Sept. 12, 2016), available at https://www.sec.gov/litigation/admin/2016/34-78825-s.pdf.

[18] See Airline Executive Settles FCPA Charges (Feb. 4, 2016), available at https://www.sec.gov/litigation/admin/2016/34-77057-s.pdf.

[19] See Press Release 2016-126, SEC Charges Medical Device Manufacturer With FCPA Violations (June 21, 2016), available at https://www.sec.gov/news/pressrelease/2016-126.html.

[20] See Press Release 2015-165, SEC Charges Former Software Executive With FCPA Violations (Aug. 12, 2015), available at https://www.sec.gov/news/pressrelease/2015-165.html.

[21] See SEC Charges Engineer and Former Employer with Bribe Scheme in Russia (March 3, 2016) available at https://www.sec.gov/litigation/admin/2016/34-77288-s.pdf.

[22] See Press Release 2016-241, JPMorgan Chase Paying $264 million to settle FCPA Charges (Nov. 17, 2016), available at https://www.sec.gov/news/pressrelease/2016-241.html.

[23] See AP File No. 3-17684, Order Instituting Proceedings ("JPMorgan Order") (Nov. 17, 2016) available at https://www.sec.gov/litigation/admin/2016/34-79335.pdf.

[24] See JPMorgan Order ¶¶ 17-18.

[25] See DOJ Press Release JPMorgan's Investment Bank in Hong Kong Agrees to Pay $72 Million Penalty for Corrupt Hiring Scheme in China (Nov. 17, 2016), available at https://www.justice.gov/opa/pr/jpmorgan-s-investment-bank-hong-kong-agrees-pay-72-million-penalty-corrupt-hiring-scheme.

[26] See Andrew Ceresney, ACI's 32nd FCPA Conference Keynote Address (Nov. 17, 2015), available at https://www.sec.gov/news/speech/ceresney-fcpa-keynote-11-17-15.html.

[27] See JPMorgan Order ¶ 43.

[28] Id. ¶34.

[29] See id., ¶ 68.

[30] See id. ¶¶ 68, 70.

[31] See Press Release 2016-34, VimpelCom to Pay $795 Million in Global Settlement for FCPA Violations (Feb. 18, 2016) available at https://www.sec.gov/news/pressrelease/2016-34.html.

[32] See Press Release 2016-224, Embraer Paying $205 Million to Settle FCPA Charges (Oct. 24, 2016), available at https://www.sec.gov/news/pressrelease/2016-224.html.