As noted in this series, Gunvor received a 25% discount despite substantial violations of the FCPA that extended into the corporate offices. The company made multiple changes, which compliance professionals should study. We conclude with key lessons learned from the Gunvor enforcement action for compliance professionals.

Remediation

The company did an excellent job in its remedial efforts. It took major steps to create an effective, operationalized compliance program that met the requirements of the Hallmarks of an Effective Compliance Program as laid out in the 2020 FCPA Resource Guide, 2nd edition, and the 2023 Evaluation of Corporate Compliance Programs (23 ECCP).

The remedial actions by Gunvor can be grouped as follows:

1. Implemented a control framework for internal business developers, as well as additional levels of review and approval for counter-party payments;
2. Enhanced the independent compliance committee with responsibility for reviewing high-risk transactions;
3. Updated its incentives to more fully align with the 23 ECCP;
4. Tested and enhanced its compliance program, including compliance culture reviews, testing new third-party due diligence process and payment controls, and evaluating controls around business development activities; and
5. It has implemented a business communications policy that addresses using ephemeral and encrypted messaging applications.

Change in Business Model

Gunvor eliminated the use of third-party business origination agents. Matt Kelly noted in Radical Compliance, “This is the latest in a string of FCPA enforcement cases where we’ve seen a big, structural change to the sale function. Albemarle eliminated its use of third-party sales agents as part of its FCPA settlement last year; SAP eliminated its third-party sales commission model globally as part of its own FCPA settlement announced in January. Now we have a third global enterprise going that same route, reducing its FCPA risk in a deep, permanent way by restructuring its sales operations.”

As I have noted in my review of the Albemarle and SAP enforcement actions, SAP eliminated its third-party sales commission model globally, prohibited all sales commissions for public sector contracts in high-risk markets, and enhanced compliance monitoring and audit programs, including the creation of a well-resourced team devoted to audits of third-party partners and suppliers. Albemarle changed its approach to sales and its sales teams, moving away from third-party agents to a direct sales force.

Moving to a direct sales force does have its risks, which must be managed, but those risks can certainly be managed with an appropriate risk management strategy, monitoring of the strategy, and improvement; those risks can be managed. Yet there is another reason, and more importantly, a significant business reason, to move towards a direct sales business model. Whenever you have a third-party agent or anyone else between you and your customer, you risk losing that customer because your organization does not have a direct relationship with the customer. A direct sales business model will give your organization more direct customer access.

The fact that the 2020 FCPA Resource Guide, 2nd edition, or the 23 ECCP does not lay out this strategy is another intriguing aspect of how Albemarle, SAP, and Gunvor use it. The companies developed all of these strategies based on their own analysis and risk models. It may have been a realization that the risk involved with 3rd party sales models was too great, that the companies wanted more control over their sales or another reason. Whatever the reason for the change, the DOJ clearly noted each organization and viewed it affirmatively.

(Lack of) Self-Disclosure

Even though this factor was not present in the Gunvor enforcement action, the DOJ’s message could not be any more explicit regarding the DOJ’s expectation of self-disclosure and the undeniable and palpable benefits. Under the Corporate Enforcement Policy, Gunvor’s failure to self-disclose cost it an opportunity of at least 50% and up to a 75% reduction off the low end of the U.S. Sentencing Guidelines: fine range. Its actions as a criminal recidivist resulted in it not receiving a reduction of at least 50% and up to 75% from the low end of the U.S.S.G. fine range but rather at 40% from above the low end. Gunvor’s failure to self-disclose cost it an estimated $40 million under the Sentencing Guidelines. Its inability to self-disclose and recidivism cost it a potential $150 million in discounts under the Corporate Enforcement Policy. The DOJ’s message could not be any clearer.

Cooperation

While most of the cooperation listed in the Plea Agreement was standard action previously seen, there are two that I believe were worth noting. The first was that the company expedited the production of documents for the DOJ from multiple foreign countries while navigating foreign data privacy and criminal laws. This language indicated that there were data privacy issues to overcome and that the company did so. This means that the DOJ expects any company to do so going forward.

The second was imaging the phones of relevant custodians at the beginning of Gunvor’s internal investigation, thus preserving business communications sent on mobile messaging applications. As with the SAP enforcement action, this is clear instruction around messaging apps in FCPA enforcement actions.

 Forward-Leaning Steps

Acting Assistant Attorney General Nicole M. Argentieri said in her speech, “As part of their resolutions with the Criminal Division, each of these trading companies was required to make critical enhancements to their compliance programs to prevent future violations of the FCPA. Companies that take forward-leaning steps on compliance will be better positioned to certify that they have met their compliance obligations at the end of the term of their agreements, as is now required in corporate resolutions with the Criminal Division. These prosecutions also help set the tone for the energy trading industry as a whole—they show that a robust compliance function is critical.”

This may be the most significant lesson garnered from the Gunvor enforcement action. By taking these “forward-leaning” steps, a company that finds itself in this situation can return even when home office officials look the other way or are directly involved in bribery and corruption.

[View source.]