India has emerged as the third-most common country for FCPA enforcement actions since 2010, with its complex regulatory environment and prevalence of state-owned entities creating unique compliance challenges. Miller & Chevalier attorneys Dan Solomon, James Tillen and Sandeep Prasanna and Trilegal’s Kunal Gupta and Shreya Kundu, examine how Moog’s recent $1.7 million settlement exemplifies the evolving risks multinational corporations face in India.
In October, the SEC announced a settlement with Moog, a New York-based global manufacturer of motion control systems for military aircraft, commercial aircraft, space and defense and industrial operations, to resolve violations of books and records and internal accounting controls provisions of the FCPA. Moog agreed to pay disgorgement, prejudgment interest and a civil monetary penalty totaling nearly $1.7 million.
While this amount is relatively small compared to the headline-grabbing FCPA settlements in recent years, Moog is another in a long list of FCPA cases that involve India, which has emerged as the third-most common country targeted for FCPA enforcement, tied with Mexico, since 2010.
Moog’s settlement and other FCPA matters involving India highlight the risks of conducting business in the country, particularly the bureaucratic regulatory environment, the prevalence of state-owned entities (whose employees are “foreign officials” under the FCPA) and risks associated with relying on third parties — agents, consultants, distributors and others — to obtain and retain business in India.
These risks create potential for liability for multinational corporations under both the anti-bribery and accounting provisions of the FCPA. Multinationals must also consider the possibility of follow-on local action in India by multiple and sometimes overlapping enforcement authorities, which often take adverse action on the same set of facts.
Recent regulatory and legal developments in India also underscore the importance for corporations to understand the role of external auditors — including privilege and disclosure concerns — as well as the wide range of potential touchpoints with federal, state and local government entities while doing business in India.
Moog allegations
The SEC alleged that Moog’s wholly owned Indian subsidiary, Moog Motion Controls Private Limited, bribed Indian officials between 2020 and 2022 in order to win business and exclude competitors, partially through the use of a third-party agent and distributor. The SEC described two schemes, involving payments to employees of South Central Railway (SCR) and Hindustan Aeronautics Limited (HAL), both wholly owned by the Indian government, as well as a general effort by Moog’s Indian subsidiary to improperly influence public tenders issued by the Indian government.
According to the SEC, beginning in 2020, Moog’s Indian subsidiary used a third-party agent to make bribe payments to SCR officials in order to get placed on an approved government supplier list and secure business. The subsidiary entered into a “liaison agreement” with the agent, which included a commission fee based on the value of any future contract with SCR. After the agent helped to place Moog’s Indian subsidiary on the approved supplier list on an upcoming SCR tender notice, subsidiary employees discussed undertaking further actions to eliminate their competition. Moog’s Indian subsidiary ultimately won a contract with SCR for nearly $35,000. According to the SEC, several subsidiary employees were aware that the company’s payments to the third-party agent, which were recorded as legitimate contractor services, included bribes to government officials.
The SEC also alleged that, beginning in 2021, subsidiary employees bribed an official with HAL, a Bangalore-based aerospace and defense company wholly owned by the Indian government, in order to eliminate competitors and secure a $1.4 million contract for aerospace parts and services. According to the SEC, Moog’s Indian subsidiary worked with a distributor to create inflated and false invoices in order to generate sufficient cash to pay a bribe to the HAL official, which was falsely recorded by the subsidiary as a legitimate expense. The SEC alleged that, in addition to the SCR and HAL bribery schemes, Moog’s Indian subsidiary worked with its third-party agent and a distributor to attempt to rig the bidding process for government contracts by bribing Indian government officials. The SEC noted that the free and open discussion of misconduct reflected the prevailing culture at the subsidiary, demonstrating a “breakdown in internal accounting controls, training, compliance, and tone at the top” of Moog’s Indian subsidiary.
The SEC charged Moog with violations of the books and records provision of the FCPA based on this conduct, including recording improper payments as legitimate business expenses and commissions. The SEC also charged Moog with violations of the internal accounting controls provision of the FCPA, finding that the company failed to devise and maintain sufficient internal accounting controls over payments to third-party agents, allowing the bribery schemes to continue for several years.
Jimmy Carter’s Anti-Corruption Legacy
Carter signed FCPA into law & nominated 2 women to SEC
Read moreDetailsRecent FCPA actions in India
India features frequently in FCPA resolutions with the SEC and DOJ, with more than a dozen corporate enforcement actions related to India in the past decade alone. These enforcement actions, summarized in the chart below, highlight a number of key considerations for U.S. companies doing business in India.
These cases involve a wide range of potential touchpoints with Indian government entities and officials: central government ministry officials; military entities; state officials in Telangana, Andhra Pradesh, Tamil Nadu, Maharashtra and Goa; and local officials with control over licensing and permitting.
India’s bureaucracy can be complex, cumbersome and unpredictable, particularly because its 28 states retain a high level of autonomy in issuing and enforcing regulations. This complexity and balkanization not only creates challenges for companies seeking to establish a business in India but also creates potential risks in navigating the regulatory environment (and often necessitates the assistance of local third-party agents).
Between the central government and separate governments for India’s states, the government is also a significant commercial player in India — especially as many government-owned entities are key economic players in strategic sectors such as transportation, aerospace and defense (as seen in Moog’s case), power distribution, petroleum and others. As part of a risk-assessment process, Companies doing business in India should fully map out potential governmental touchpoints and adapt compliance program strategies to ensure the risks are sufficiently mitigated.
For most of the FCPA actions involving India, corporations incurred liability based on the actions of their third parties — agents, consultants, distributors and others. It is therefore critical for corporations working in India to employ the full panoply of risk mitigation strategies for third parties. Such strategies could include establishing a legitimate business justification for the retention, ensuring compensation is reasonable, conducting thorough due diligence to determine potential connections to government officials and reputation, obtaining agreements with compliance clauses (e.g., prohibiting bribery, audit rights, termination rights), documenting services performed, monitoring the third party’s services and robust internal accounting controls over third-party payments.
Several of these cases also highlight the risks in acquiring an Indian entity: for example, WPP’s 2021 settlement with the SEC centered on the parent company’s “aggressive acquisition strategy,” under which the founders and/or CEOs of the acquired entities were effectively allowed to exercise “wide autonomy and outsized influence” despite being required to follow WPP’s global policies and internal accounting control requirements.
Corruption is endemic in many sectors in India, and varying cultural norms regarding bribery and other forms of corruption create a high level of risk for companies subject to the long arm of the FCPA and other anti-corruption enforcement tools. Companies considering acquiring an Indian entity should ensure that their due diligence processes have captured all potential compliance risks stemming from the acquired entity and that there is a comprehensive plan to mitigate local risks on a continuing basis.
|
FCPA enforcement actions related to India, 2014-2024 |
|||||
| Company | Year | Government official(s) | Alleged activities related to India | FCPA violation(s) related to India | Total settlement |
| Moog (SEC) | 2024 | South Central Railway (SCR); Hindustan Aeronautics Ltd. (HAL) | Moog’s wholly owned Indian subsidiary bribed SCR and HAL officials in order to win business and exclude competitors, partially through the use of a third-party agent and distributor. | Books and records; internal accounting controls | $1.7 million |
| Albemarle (SEC) | 2023 | Employees of state-owned oil company | Third-party consultant and sales agent paid bribes to decision-makers at a state-owned oil company and at a private sector customer to obtain and retain orders and secure sensitive, nonpublic information for Albemarle. | Anti-bribery; books and records; internal accounting controls | $103 million |
| Oracle (SEC) | 2022 | Officials from Indian Ministry of Railways | Oracle India employees used an excessive discount scheme using distributors to funnel payments to Ministry of Railway officials. | Anti-bribery; books and records; internal accounting controls | $23 million |
| WPP (SEC) | 2021 | Departments of information and public relations, states of Telangana and Andhra Pradesh | WPP acquired an Indian subsidiary, which subsequently paid up to $1 million, through third-party agents, in bribes to two Indian states’ departments of information and public relations. | Anti-bribery; books and records; internal accounting controls | $19.2 million |
| Beam Suntory (DOJ) | 2020 | State excise official and other officials involved in approving alcohol sales in state-owned liquor stores | Beam’s wholly owned Indian subsidiary paid bribes and other improper payments, through third-party sales promoters and distributors, to government officials to secure favorable treatment. | Anti-bribery; books and records; internal accounting controls | $19.5 million |
| Walmart (SEC) | 2019 | Permitting and licensing government officials | Walmart’s Indian joint venture and retail business entities were involved in a scheme to bribe government officials to obtain operating permits and licenses. | Books and records; internal accounting controls | $145 million |
| Cognizant Technology Solutions (SEC) | 2019 | Tamil Nadu and Maharashtra state government officials | Cognizant executives in India and the US authorized $3.6 million in bribes to Tamil Nadu and Maharashtra state government officials, including through the construction firm building the company’s campus in India. | Anti-bribery; books and records; internal accounting controls | $25 million |
| Beam Suntory (SEC) | 2018 | Indian state, military and excise officials | Beam’s Indian subsidiary made improper payments to Indian state, military, and excise officials through third-party distributors. | Books and records; internal accounting controls | $8 million |
| Stryker (SEC) | 2018 | Private health care providers | Stryker’s wholly owned Indian subsidiary failed to keep and maintain complete documentation for high-risk and compliance-sensitive accounts and payments in India, including sales through dealers to private healthcare providers. | Books and records; internal accounting controls | $7.8 million |
| Mondelez International; Cadbury (SEC) | 2017 | Government licensing officials | Cadbury India Limited, acquired by Mondelez in 2010, failed to properly document payments to a third-party agent to interact with government licensing officials in India. | Books and records; internal accounting controls | $13 million |
| Alere (SEC) | 2017 | Local governmental officials for a national disease control program | Alere’s wholly owned Indian subsidiary failed to properly record payments made by a third-party distributor. | Books and records; internal accounting controls | $13 million |
| Embraer (SEC) | 2016 | India’s Defence, Research and Development Organisation (DRDO) | Embraer improperly booked large payments to a third-party agent and concealed the relationship with the agent, while trying to obtain business in India. | Internal accounting controls | $205 million |
| Anheuser-Busch InBev (SEC) | 2016 | Andhra Pradesh Beverages Corporation Limited; Tamil Nadu State Marketing Corporation | AB InBev’s wholly owned Indian subsidiary and Indian joint venture used third-party sales promoters to make improper payments to Indian government officials in order to increase sales and production. | Books and records; internal accounting controls | $6 million |
| Louis Berger International (DOJ) | 2015 | Goa State official | Louis Berger International bribed an Indian official to secure government construction management contracts. | Anti-bribery | $17.1 million |
Regulatory trends in India
In addition to potential exposure under US law, multinationals doing business in India face a number of important considerations under Indian law, particularly in light of recent regulatory and legal developments. There are several practical aspects for corporations to consider while heading toward closure of a cross-border FCPA investigation involving India, particularly if a public settlement is imminent, including: (1) the role of the external auditor and associated concerns related to attorney-client privilege and the timing of disclosures; (2) the potential for follow-on, simultaneous enforcement actions by a range of Indian regulatory and enforcement entities with overlapping jurisdiction; and (3) potential contractual implications for corporations engaged in business with a state-owned entity.
External auditors
Regulations issued in 2023 by the main auditor regulator in India greatly widen cases where auditors are required to report findings of fraud to the Indian authorities. In practice, this has substantially impacted multinational corporations conducting investigations in India, particularly their decisions about whether to proactively report matters to US and other overseas authorities and maintaining privilege over investigation findings.
Until June 2023, auditors were obliged to report fraud (above prescribed financial thresholds) to the Indian government only when they themselves discovered it through their audit procedures. If the fraud was uncovered through an internal investigation, proactively disclosed to auditors and appropriately remediated by the company, auditors were not obliged to report the fraud, even if the financial threshold was crossed. Fraud is defined quite broadly under Indian law and includes deceptive acts by the company or perpetrated upon the company by employees or vendors and situations where there is no actual wrongful gain or wrongful loss. Practically speaking, therefore, most investigations of financial misconduct necessitate an assessment of whether fraud has occurred and whether it is material financially and to the company’s internal controls.
The new audit regulations expressly apply to audits of many Indian companies, those that are publicly traded in India or operate in specific sectors such as banking, insurance, energy and power or are non-publicly traded large companies that meet certain thresholds of turnover, indebtedness and other factors. In fact, even for audits where these regulations are not applicable, local practice trends demonstrate that external auditors will significantly enhance their scrutiny of an internal investigation, encompassing its scope, work procedures, findings and legal conclusions.
Privilege concerns: Multinationals should anticipate that auditors’ scrutiny will take the form of seeking extensive underlying documentation (for example, engagement letters of external advisers conducting the investigation, interim and final reports with findings, underlying investigation work-product like interview memos, keywords run on electronic data and resultant hit counts, etc.). External auditors also often request written representations on pointed queries regarding evidentiary analysis or the legal conclusions drawn. All the above are documents or information where there is a strong interest in fully maintaining attorney-client privilege. At the same time, US companies would want to facilitate closing the audit process for their Indian businesses, which would in turn necessitate some degree of information-sharing and cooperation with the latter’s auditors. Thus, the mode of complying with auditors’ information requests should be carefully designed to ensure that there is no inadvertent or limited waiver of privilege, either under US or Indian law. Another consideration to keep in mind is that in global investigations, privilege usually rests with the US parent (and not its Indian units).
Coordinating disclosures: If fraud is determined to have occurred and auditors are notified, there is a time-bound schedule to report to the Indian authorities. Auditors must first seek written explanations from the company and then file their report with the Indian central government, all within approximately a month of the auditor becoming aware of the fraud. Indian auditors are also required to separately disclose instances of fraud and whistleblower complaints in the audit report. The moment the above reporting and disclosure obligations are fulfilled (i.e., by either making a filing with the Indian government, or by disclosing a whistleblower complaint or fraud in the audit report), the existence of an investigation effectively becomes a part of the public record in India. Therefore, US companies evaluating voluntary self-disclosures of misconduct to the DOJ and/or the SEC will have to carefully time such disclosures to ensure that they are able to receive credit for making a disclosure that is truly proactive and not motivated solely by a foreign law obligation.
Overlapping enforcement
Given the overlapping jurisdictions of various enforcement agencies in India, companies should prepare for regulatory scrutiny from multiple fronts. For instance, the Central Bureau of Investigation at the federal level, each state’s anti-corruption police and the Directorate of Enforcement, the federal money-laundering agency, maintain varying levels of jurisdiction over allegations of bribery. Each agency pursues its own investigations. For instance, proceedings in India followed the Oracle, Walmart, Cognizant and Embraer settlements described above, among other actions.
Where there are elements of books and records or internal controls violations, tax authorities and the federal fraud investigation agency (the Serious Fraud Investigation Office) also have jurisdiction with respect to revenue previously reported and other issues. Therefore, it is advisable for multinationals’ local Indian operations to be prepared for a dawn raid and other search-and-seizure operations, especially at all corporate offices and locations where records are stored.
Variety of regulations and government contracting bodies
As noted above, the government is a significant commercial player in India. While a standard set of procurement regulations applies to entities owned or funded by the central government, each government body is also empowered to issue their separate tendering/bidding regulations. These tendering/bidding regulations typically allow the government body that is the counterparty to start debarment or blacklisting proceedings in the wake of an FCPA settlement. The question of whether the governmental party can only debar its (private) counterparty or also its affiliates or others is dependent on the specific contract and which exact tendering regulations apply. Thus, for multinationals nearing a public FCPA settlement with US authorities, their local operations should also closely evaluate their contractual obligations if they are in business with any Indian state-owned entity.
Key takeaways
Recent FCPA enforcement actions involving India, as well as follow-on actions in India, highlight the wide range of interrelated risks for multinational corporations considering or engaging in business in India. In order to understand and mitigate these risks, multinationals should consider:
- Mapping out all potential touchpoints with Indian government entities and officials, including state-owned entities, central, state and local officials and military entities.
- Ensuring that third parties — agents, consultants, distributors and others — operate in compliance with companywide policies and US and Indian law, and that their activities on behalf of the company are monitored and documented through robust internal accounting procedures.
- Understanding the role of the external auditor under Indian law, including implications for attorney-client privilege and the timing of disclosures to Indian and US authorities.
- Preparing not only for scrutiny from US authorities but also from a range of multiple enforcement agencies in India with overlapping jurisdiction, which may lead to several simultaneous investigations or other adverse actions based on the same set of facts.
Daniel Solomon
James Tillen
Sandeep Prasanna
Kunal Gupta
Shreya Kundu
