Yesterday, I began a review of Foreign Corrupt Practices Act (FCPA) enforcement actions by the Securities and Exchange Commission (SEC) where there were no parallel Department of Justice (DOJ) enforcement actions. Today I conclude the two-part review by looking at the Bristol Squibb-Myers, Hitachi and Mead Johnson enforcement actions.

Bristol-Myers Squibb: Lessons from Remediation

In October, the SEC announced a FCPA enforcement action against Bristol-Myers Squibb Company (BMS) for the actions of the company’s joint venture (JV) in China, which made cash payments and provided other benefits to health care providers (HCPs) at state-owned and state-controlled hospitals in exchange for prescription sales. The company agreed to a total fine and penalty of $14MM, which included the return of $11.4 million of profits plus prejudgment interest of $500,000 and payment of a civil penalty of $2.75 million.

BMS was slow to remediate gaps in internal controls over interactions with HCPs and monitor potential inappropriate payments to them that were identified repeatedly in annual internal audits of BMS China between 2009 and 2013.” Kara Brockmeyer, Chief of the Enforcement Division’s FCPA Unit, was quoted in the Press Release for the following,  “Bristol-Myers Squibb’s failure to institute an effective internal controls system and to respond promptly to indications of significant compliance gaps at its Chinese joint venture enabled a widespread practice of providing corrupt inducements in exchange for prescription sales to continue for years.”

The company extensively remediated its compliance program in the face of these deficiencies. The Order set out may of the steps taken by BMS to enhance its anti-bribery and general compliance training and policies and to strengthen its accounting and monitoring controls relating to interactions with HCPs, including travel and entertainment expenses, meetings, sponsorships, grants, and donations funded by its Chinese business unit. Many of these can be useful actions that a Chief Compliance Officer (CCO) or compliance practitioner can use as a benchmark against their compliance program.

The measures taken include: numerous steps to improve the internal controls and compliance program at BMS China. Examples cited in the Order included (1) a 100% pre-reimbursement review of all expense claims; (2) the implementation of an accounting system designed to track each expense claim, including the request, approval, and payment of each claim; and (3) the retention of a third-party vendor to conduct surprise checks at events sponsored by sales representatives. The company terminated over ninety employees and also disciplined an additional ninety employees, including sales representatives and managers of the company, who failed to comply with or sufficiently supervise compliance with relevant policies. In addition, BMS replaced certain BMS China officers as part of an overall effort to enhance “tone at the top” and a culture of compliance. Finally, BMS revised the compensation structure for BMS China employees by reducing the portion of incentive-based compensation for sales and distribution, eliminated gifts to HCPs, implemented enhanced due diligence procedures for third-party agents, implemented monitoring systems for speaker fees and third-party events, and incorporated risk assessments based on data analytics into its compliance program.

This enforcement action continued the clear trend of SEC only FCPA enforcement actions for internal controls violations of the Act. CCOs need to heed this very clear message and determine what gaps exist in their compliance internal controls. Most interestingly, although a corporate monitor was not required, there was a quite rigorous schedule laid out under which the company had to report to the SEC its continued progress on implementation of a best practices compliance program going forward. Further, the company was required to submit to the Commission staff a report within 180 calendar days of the entry of the Order and then again at 270 days, a complete description of its remediation efforts, its plans for any future enhancements or improvements to its policies and procedures for ensuring compliance with the FCPA and other applicable anti-corruption laws.

Hitachi: No Good Deed Goes Unpunished

In September, the SEC announced resolution of a FCPA enforcement action involving Hitachi Ltd (Hitachi). Hitachi agreed to a penalty of $19MM in a separate and also uncontested final judgment. Perhaps the most interesting aspect of the Hitachi matter is that it involved bribery of a political party, the African National Congress (ANC). This portion of the enforcement action stands as a stark reminder that political parties are covered by the FCPA just the same as government officials. The FCPA Guidance states: “The FCPA’s anti-bribery provisions apply to corrupt payments made to (1) “any foreign official”; (2) “any foreign political party or official thereof ”; (3) “any candidate for foreign political office”; or (4) any person, while knowing that all or a portion of the payment will be offered, given, or promised to an individual falling within one of these three categories.” Although the statute distinguishes between a “foreign official,” “foreign political party or official thereof,” and “candidate for foreign political office,” the term “foreign official” in this guide generally refers to an individual falling within any of these three categories.

Also of interest is the jurisdictional basis of the enforcement action. Hitachi is a Japanese corporation. Yet, according to the Compliant “At the time of the violations, and from at least January 1, 2005 until April 26, 2012, Hitachi’s American Depositary Shares (“ADSs”) – representing shares of common stock – were registered with the Commission under Section 12(b) of the Exchange Act [15 U.S.C. § 781] and were listed and traded on the New York Stock Exchange. Hitachi was an issuer of securities in the United States and filed reports on Form 20-F with the Commission pursuant to Section 13(a) of the Exchange Act [15 U.S.C. § 78m].” Thereafter Hitachi delisted its ADRs from registration. This jurisdictional prong once again emphasizes the breadth and scope of FCPA enforcement. Further, many foreign companies may be inadvertently subjecting themselves to US jurisdiction through such registrations.

The bribery schemes themselves were notable only for their blantantness. Yet, the enforcement action pointed up the oft-times difficulty in providing corporate social responsibility and distinguishing it from outright corruption in certain countries. As noted in a Financial Times (FT) article, entitled “Hitachi reaches deal over S Africa ‘payments’”, businesses “operating in South Africa are encouraged to take on black business partners under the ANC’s policy of black economic empowerment (BEE), intended to redress economic imbalances created by apartheid.” Yet, critics claim that there is a “blurred line between business and politics in the awarding of state tenders” in South Africa. However, the ANC front group was charged “only approximately $190,819 stake which returned to it over $5MM in “dividends” and another $1MM in a “success fee” for contracts to Hitachi worth “about $5.6bn.””

Listed at the end of the SEC Press Release were the groups that assisted the SEC in investigating and bring the enforcement action. They included, “the Justice Department’s Fraud Section, the Federal Bureau of Investigation, the Integrity and Anti-Corruption Department of the African Development Bank, and the South African Financial Services Board.” Brockmeyer also singled out the “assistance we [the SEC] received from the African Development Bank’s Integrity and Anti-Corruption Department and hope this is the first in a series of collaborations.”

For the compliance practitioner, the Hitachi SEC enforcement action provides a valuable reminder that the FCPA covers more than foreign government officials and officials of state owned enterprises. Political parties are also covered so that if part of your corporate social responsibility includes payments to political party front groups, your company could get into FCPA hot water. For foreign companies that have subjected themselves to FCPA jurisdiction, intentionally or otherwise, the message is even starker. The SEC (and Department of Justice (DOJ)) will leave no stone unturned to root out bribery and corruption, even if done by non-US subsidiaries, with no apparent ties to the US.

Mead Johnson: The Importance of Your Internal Investigation

Rather than violations of internal controls, this enforcement action turned on violations of the accounting provisions of the FCPA. According to the Cease and Desist Order, “certain employees of Mead Johnson China improperly compensated HCPs, who were foreign officials under the FCPA, to recommend Mead Johnson’s infant formula to, and to improperly provide contact information for, expectant and new mothers.” One of Mead Johnson’s sales channels in China was through distributors. To facilitate this illegal conduct, funding to the distributors, called the “Distributor Allowance”, was diverted to make illegal payments.

This tactic was clearly a violation of the company’s books and records obligations under the FCPA. By doing so, Mead Johnson was able to hide its payments to doctors and HCPs from not only regulators but the company’s shareholders as well. As the Cease and Desist Order noted, the company’s “records were incomplete and did not reflect that a portion of Distributor Allowance was being used contrary to Mead Johnson’s policies.”

In an interesting twist Mead Johnson, based on an allegation of potential FCPA violations in China, performed an internal investigation on its China unit in 2011 and came up with no evidence. Somewhat dryly the SEC noted that the company did not make any self-disclosure around these allegations and “did not thereafter promptly disclose the existence of this allegation in response to the Commission’s inquiry into this matter.”

Marc Alain Bohn, writing in the FCPA Blog, said, “if a company has decided against voluntarily disclosing allegations of misconduct — something it has no affirmative obligation to do — it is critical for the company to conduct a thorough and well-documented internal investigation that is clear-eyed about the investigation results and can be defended to the agencies in the event the government ever becomes aware of the allegations.” He went on to note, “Investigations that lack sufficient depth, resources, or forethought can pose significant risk because they increase the likelihood that something critical will be overlooked, potentially permitting misconduct to continue unabated. They may also give the appearance that a company is not truly committed to compliance or is more concerned with sweeping misconduct under the rug.”

There are several lessons to be learned from the Mead Johnson enforcement action. Performing an investigation, finding no FCPA violations only to have a regulator sitting on your shoulder and later finding such evidence is never good. The SEC also reaffirmed its clear intention to continue to enforce the accounting provisions of the FCPA, with or without a parallel DOJ enforcement action. Companies must also take heed on their internal controls. Clearly certain China business unit employees had developed a work-around of the compliance internal controls by requiring the distributors to use their allowances to pay bribes. Internal controls must not only exist but they must be effective. That means you have to test their effectiveness, not simply tick the box that you have put them in place.

I see no evidence or even reason for SEC only FCPA enforcement to slow down in 2016. I would suggest you initiate a review of your internal compliance controls sooner rather than later.

[View source.]