Tuesday, January 26, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Compliance

Lessons From Qualcomm

by Thomas Fox
March 9, 2016
in Compliance
Compliance lessons from Qualcomm’s FCPA enforcement action

This article was republished with permission from Tom Fox’s FCPA Compliance and Ethics Blog.

Last week the Securities and Exchange Commission (SEC) concluded a Foreign Corrupt Practices Act (FPCA) enforcement action against Qualcomm Inc. for violations on the Accounting Provisions of the FCPA, including both the books and records and internal controls provisions. The enforcement action presented an interesting mix of clear FPCA violations of not having proper internal controls in place, a demonstration of the growing trend toward strict liability for violations of the Accounting Provisions and, finally, one head-scratcher that would seem to point toward internal controls that did work. Taken together, there are several important lessons to be learned for the compliance practitioner.

Hiring and Internal Controls Violations

In the Princeling enforcement category, first seen in the Bank of New York Mellon FCPA enforcement action from 2014, we see how widely Qualcomm varied from its standard hiring protocols to hire the sons and daughters of officials of a state-owned enterprise in China. Consider these business justifications for hiring a daughter of an official, as set out in the SEC Cease and Desist Order (Order):

  • “We received a request from the GM of [the telecom company’s subsidiary] to help find an internship position for her daughter (currently studying in the U.S.) within QC. I discussed this with [high-level official] and determined that it would be important for us to support given our cooperation with [the subsidiary].”
  • Qualcomm employees understood that the daughter’s “parents are [SOE 2 subsidiary] Dept. GM level and gave us great help for Q.C. new business development.” Because “[the regional branch] is our strategic partner in China and plays an important role in leading all [the telecom company] adopting Qualcomm’s technologies,” Qualcomm employees believed that the internship “would be important for us to support given our cooperation with [the subsidiary].” Specifically, the internship “would be good because we are doing quite a bit with [the subsidiary].”

In another instance, the company provided the following for a son of an official:

  • support from a $75,000 research grant to an American university where he was studying, allowing him to retain his position in a Ph.D. program and renew his student visa;
  • a Qualcomm internship;
  • subsequent permanent employment despite interviewers concluding that he did not meet Qualcomm’s hiring standards for the position; and
  • a business trip to China, followed by leave to visit his parents over the Chinese New Year, despite other employees expressing concern regarding his qualifications for the assignment. The EVP also personally provided this employee with a $70,000 loan to buy a home.

What is even more amazing about the hiring of the son is that after the initial hiring interview, he was rated as a “No Hire” because not only was he not a “skill match” for the company, but he did not even “meet the minimum requirements for moving forward with an offer.” Finally, among the Qualcomm team involved in the interview process, “there was an agreement that he would be a drain (not even neutral) on teams he would join.” Yet he was offered a job as a “special favor [emphasis added].” If someone is so unqualified that employing them will negatively impact the company, there must be another very good reason to hire them, such as providing a benefit to their father, who is an official under the FCPA.

Both of these instances demonstrate clear violations of internal controls around the company’s hiring process. If a candidate does not make it out of the initial interview with anything more than a “No Hire” rating, that should be the end of the decision-making process around compliance, full stop. Do not pass Go, do not collect $200. As the Order succinctly noted, “FCPA compliance, however, was not considered in Qualcomm’s hiring process.” A fine and penalty for this transgression was clearly warranted, as it was a clear violation of internal controls around the company’s hiring process.

Books and Records and Strict Liability

In summary fashion, the Order states, “when it provided things of value and engaged in transactions that caused the company to fail to make and keep books, records and accounts, which, in reasonable detail accurately and fairly reflected the transactions and disposition of assets of the company.” The recordation was done in a “generic and nondescript manner that obscured their purpose.” The items and other things of value included unnamed and undesignated gifts, travel and entertainment, with the specific notation that “meals, gifts and entertainments were repeatedly noted as missing from Qualcomm’s gift logs.”

This portion of the Qualcomm enforcement action points toward a growing trend of a strict liability standard in FCPA enforcement under the Accounting Provisions. While there may well be wide disagreement as to whether such a standard is warranted under the FCPA, I think it is coming, and it is something every Chief Compliance Officer (CCO) and compliance practitioner needs to be ready to address if and when the day comes that your company is under the shadow of an FCPA investigation.

This means if your books and records come under investigation, you will have to demonstrate that they meet some minimum standard that satisfies the SEC. The FCPA Guidance states, “under the ‘books and records’ pro­vision, issuers must make and keep books, records and accounts that, in reasonable detail, accurately and fairly reflect an issuer’s transactions and dispositions of an issu­er’s assets.” Moreover, “the accounting provisions ensure that all public companies account for all of their assets and liabilities accurately and in reasonable detail.” Obviously, the question is what is ‘reasonable detail’? This enforcement action does not provide much guidance.

The Head-Scratcher

There was one instance of the alleged failure of internal controls that seems so anomalous that it needs to be explored. I quote in full from the Order:

“For example, Qualcomm offered at least 15 foreign officials lavish hospitality packages worth approximately $95,000 per couple for the 2008 Beijing Olympics. Then, in mid to late-July 2008, a member of Qualcomm’s finance department raised FCPA issues related to the Olympics with Qualcomm counsel. In August 2008, just days before the Olympics began, Qualcomm rescinded the five hospitality invitations that had been accepted due to Qualcomm’s FCPA-related concerns. The disinvited guests were from three Chinese state-owned enterprises.”

Why does this seem so anomalous? It is because the company’s internal controls stopped this seeming violation. The internal controls did what they were supposed to do, detect a potential violation and even prevent it before it happened. Even if the local business folks started down this road, it is clear that the corporate office stopped it. If a compliance program is now going to be criticized in the form of an enforcement action for doing what it is supposed to do, detecting and then preventing FCPA violations, it may be well nigh impossible for any company to be in compliance with the FCPA.

Of course, this Order was the product of negotiations between the SEC and Qualcomm, so there may be additional facts around this — questionable at best — hospitality play by Qualcomm. However, if there was more to this story, the SEC needs to use those facts to educate and inform companies on their obligations and not hold them liable for actually stopping bribery and corruption.

The Qualcomm FCPA enforcement action reinforces the need for robust internal controls around the hiring process. It should be studied by both the compliance function and your company’s human resources function. The lessons you can learn from this enforcement action can help you to forestall a similar fate for your company.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business advice, legal advice or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The author gives his permission to link, post, distribute or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.


Tags: proxy access
Previous Post

5 Key Considerations When Negotiating an Executive Employment Agreement

Next Post

The Magic Fish

Thomas Fox

Thomas Fox has practiced law in Houston for 25 years. He is now assisting companies with FCPA compliance, risk management and international transactions. He was most recently the General Counsel at Drilling Controls, Inc., a worldwide oilfield manufacturing and service company. He was previously Division Counsel with Halliburton Energy Services, Inc. where he supported Halliburton’s software division and its downhole division, which included the logging, directional drilling and drill bit business units. Tom attended undergraduate school at the University of Texas, graduate school at Michigan State University and law school at the University of Michigan. Tom writes and speaks nationally and internationally on a wide variety of topics, ranging from FCPA compliance, indemnities and other forms of risk management for a worldwide energy practice, tax issues faced by multi-national US companies, insurance coverage issues and protection of trade secrets. Thomas Fox can be contacted via email at tfox@tfoxlaw.com or through his website www.tfoxlaw.com. Follow this link to see all of his articles.

Related Posts

illustration of mafia man in silhouette with red tie

The Mafia’s Jackpot: How Criminal Organizations are Profiting from COVID-19

January 22, 2021
illustration of videoconference, screen and speech bubbles

New Risks as COVID-19 Forces Rapid Technology Adoption

January 21, 2021
hand showing three fingers on gray background

A Culture of Compliance: The 3 R’s

January 19, 2021
2021 with light bulb in place of zero on orange background

Why 2021 is a Fresh Start for Compliance Training

January 18, 2021
Next Post
Lessons in business ethics can come from the most unlikely places

The Magic Fish

Access realtime data
Dynamic Risk Assessments with Workiva

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence fcpa enforcement actions financial crime GDPR GRC HIPAA information security internal audit KYC/know your customer machine learning monitoring regtech reputation risk risk assessment Sanctions SEC social media risk supply chain technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights