Compliance Lessons From Boston Consulting Group’s FCPA Declination

Boston Consulting Group (BCG) recently resolved a Foreign Corrupt Practices Act (FCPA) matter with the DOJ by way of a declination and disgorgement penalty of more than $14 million despite there being evidence of bribery via a third-party sales intermediary engaged to assist with business in Angola.

The company has admitted that between 2011 and 2017, employees improperly paid a third party to secure business, and according to the DOJ, commissions promised to the third party were set at 20%-35% of any government contracts procured.

While the investigation found that bribery occurred, the DOJ assessed that there were sufficient mitigating factors for a declination. These factors are notable and offer many lessons for compliance practitioners, as do the firm’s efforts to improve its compliance program.

Factors contributing to declination

By way of a letter to the consulting group’s external counsel dated Aug. 27, the DOJ cited several factors in its decision to offer BCG a declination:

• Prompt self-disclosure
• Full cooperation and willingness to cooperate in future inquiries
• Type and egregiousness of the offense
• Prompt remediation action, including terminating involved staff and pecuniary punishment that included requiring implicated partners to give up equity in the company and not paying out bonuses
• Efforts to bolster the BCG compliance program and associated internal controls, notably “formalizing employee training and vendor/client screening protocols, establishing local and global risk committees that meet regularly, and developing guidelines for opening offices in new and emerging markets”
• Lack of aggravating factors, such as senior management involvement
• Agreement to disgorge some of the company’s profits earned via the naughty third party

Thoughts on declination

While it’s encouraging to know that remediation efforts are taken into account, Joe Murphy pointed out in a comment on a related post I shared on LinkedIn that “… there was no mention of their compliance program BEFORE the violation. It seems in these cases there never is.” 

To the extent that there was some kind of a compliance program in place, I think this is an important point. Are we getting much credit for a pre-existing program and controls? From the perspective of a compliance practitioner, I cannot begin to imagine how valuable it would be — and a demonstration of a company’s return on investment in the compliance program and function — if government agencies called out how existing integrity efforts contributed to lesser penalties.

In regard to the lack of senior management being an aggravating factor, it seems we ought to assume that’s in reference to the C-suite, the senior-most executives because there is (commendable) mention of the company requiring partners give up equity in the company. Aren’t partner-level staff still pretty darn senior? If it’s only an aggravating factor when concerns a small handful of executives, that likely will come as positive news to companies.

Mike Koehler pointed out that, “The DOJ’s conclusion that BCG voluntarily disclosed is interesting given that there have been media reports since at least 2020 of BCG’s (as well as PriceWaterhouseCoopers and McKinsey) business dealings in Angola (including possible corruption).” 

Fair point. Perhaps voluntary with an urgent nudge?

Compliance

Supply & Demand: New US Law Provides FCPA Counterpoint by Targeting Foreign Public Officials for Bribery

by Holland & Knight

March 13, 2024

For all its many benefits and demands on corporations, the FCPA tackles only one side of the bribery and corruption equation: the offer or payment of a bribe. A new law seeks to address that by giving American authorities the ability to criminally charge foreign officials who solicit or accept bribes.

Read moreDetails

Considerations for our compliance programs

For compliance officers, some prudent, proactive work based on this information is to consider implementing policies and protocols for establishing facilities in new markets and what controls should be included that might be most appropriate in high-risk markets. Perhaps a checklist would be a helpful aid and could be provided within this policy, as well as provided at initial compliance training. Speaking of such, is there an express agreement that compliance be informed by relevant staff whenever a new facility or site is considered by your organization?

Another policy area we can plan on in advance are disciplinary action policies and an associated matrix for clarity, certainty and consistency when punishment for misconduct is required. To supplement these documents, having conversations with management now, in the absence of a compliance crisis, about what might be appropriate from a pecuniary punishment standpoint and termination (including for executives) if there is ever need to do so. In other words, plant the seed early when emotions and specific people are not involved. How do you stand on maintaining and deploying clawback policies?

It’s also worthwhile reviewing whether you’re deploying your risk committees to their best purpose. Do they still have meaning and impact? Are they valuable? How do you know this?

BCG’s compliance improvements

BCG provided some high-level details on its compliance program improvements, which it says have been ongoing over the past decade, including reinforcing a positive culture, including a speak-up culture; enhancing policies, processes and controls; scaling the risk and compliance teams; and improving systems and technology (see list below).

Well, I don’t know about you, dear reader, but I for one have so many questions to ask about the granular detail of these elements of BCG’s compliance program. 

For example, the listed improvements include “embedding a global network of risk & compliance focused on managing directors,” which drew kudos from Anna Romberg — and me. But I want to know more! What does it mean in practice, how did you train up the managing directors, what hiring process (if any) were impacted, and what do you do with managing directors who aren’t doing enough to actively live ethics and integrity? 

How does the ombudsperson process work and what is the relationship to compliance? Did you feel you had an adequately staffed function before? How did you know how much scaling up was enough? What systems and technology are you using? What are some examples of data-driven decisions? 

Hopefully we’ll hear more from BCG in articles and at compliance conferences if the firm can follow the example of Andrew McBride, the former chief compliance officer of Albemarle, who has so graciously and generously helped raise the boats of everyone in the industry by speaking about his experience as being the CCO of a company in the midst of a federal investigation.

While this latest declination may lack the specificity of information that compliance officers found helpful as guidance from the Morgan Stanley declination, there are certainly some helpful points to ponder from both DOJ and BCG.