This article was republished with permission from Tom Fox’s FCPA Compliance and Ethics Blog.
Last week the Securities and Exchange Commission (SEC) concluded a Foreign Corrupt Practices Act (FPCA) enforcement action against Qualcomm Inc. for violations on the Accounting Provisions of the FCPA, including both the books and records and internal controls provisions. The enforcement action presented an interesting mix of clear FPCA violations of not having proper internal controls in place, a demonstration of the growing trend toward strict liability for violations of the Accounting Provisions and, finally, one head-scratcher that would seem to point toward internal controls that did work. Taken together, there are several important lessons to be learned for the compliance practitioner.
Hiring and Internal Controls Violations
In the Princeling enforcement category, first seen in the Bank of New York Mellon FCPA enforcement action from 2014, we see how widely Qualcomm varied from its standard hiring protocols to hire the sons and daughters of officials of a state-owned enterprise in China. Consider these business justifications for hiring a daughter of an official, as set out in the SEC Cease and Desist Order (Order):
- “We received a request from the GM of [the telecom company’s subsidiary] to help find an internship position for her daughter (currently studying in the U.S.) within QC. I discussed this with [high-level official] and determined that it would be important for us to support given our cooperation with [the subsidiary].”
- Qualcomm employees understood that the daughter’s “parents are [SOE 2 subsidiary] Dept. GM level and gave us great help for Q.C. new business development.” Because “[the regional branch] is our strategic partner in China and plays an important role in leading all [the telecom company] adopting Qualcomm’s technologies,” Qualcomm employees believed that the internship “would be important for us to support given our cooperation with [the subsidiary].” Specifically, the internship “would be good because we are doing quite a bit with [the subsidiary].”
In another instance, the company provided the following for a son of an official:
- support from a $75,000 research grant to an American university where he was studying, allowing him to retain his position in a Ph.D. program and renew his student visa;
- a Qualcomm internship;
- subsequent permanent employment despite interviewers concluding that he did not meet Qualcomm’s hiring standards for the position; and
- a business trip to China, followed by leave to visit his parents over the Chinese New Year, despite other employees expressing concern regarding his qualifications for the assignment. The EVP also personally provided this employee with a $70,000 loan to buy a home.
What is even more amazing about the hiring of the son is that after the initial hiring interview, he was rated as a “No Hire” because not only was he not a “skill match” for the company, but he did not even “meet the minimum requirements for moving forward with an offer.” Finally, among the Qualcomm team involved in the interview process, “there was an agreement that he would be a drain (not even neutral) on teams he would join.” Yet he was offered a job as a “special favor [emphasis added].” If someone is so unqualified that employing them will negatively impact the company, there must be another very good reason to hire them, such as providing a benefit to their father, who is an official under the FCPA.
Both of these instances demonstrate clear violations of internal controls around the company’s hiring process. If a candidate does not make it out of the initial interview with anything more than a “No Hire” rating, that should be the end of the decision-making process around compliance, full stop. Do not pass Go, do not collect $200. As the Order succinctly noted, “FCPA compliance, however, was not considered in Qualcomm’s hiring process.” A fine and penalty for this transgression was clearly warranted, as it was a clear violation of internal controls around the company’s hiring process.
Books and Records and Strict Liability
In summary fashion, the Order states, “when it provided things of value and engaged in transactions that caused the company to fail to make and keep books, records and accounts, which, in reasonable detail accurately and fairly reflected the transactions and disposition of assets of the company.” The recordation was done in a “generic and nondescript manner that obscured their purpose.” The items and other things of value included unnamed and undesignated gifts, travel and entertainment, with the specific notation that “meals, gifts and entertainments were repeatedly noted as missing from Qualcomm’s gift logs.”
This portion of the Qualcomm enforcement action points toward a growing trend of a strict liability standard in FCPA enforcement under the Accounting Provisions. While there may well be wide disagreement as to whether such a standard is warranted under the FCPA, I think it is coming, and it is something every Chief Compliance Officer (CCO) and compliance practitioner needs to be ready to address if and when the day comes that your company is under the shadow of an FCPA investigation.
This means if your books and records come under investigation, you will have to demonstrate that they meet some minimum standard that satisfies the SEC. The FCPA Guidance states, “under the ‘books and records’ provision, issuers must make and keep books, records and accounts that, in reasonable detail, accurately and fairly reflect an issuer’s transactions and dispositions of an issuer’s assets.” Moreover, “the accounting provisions ensure that all public companies account for all of their assets and liabilities accurately and in reasonable detail.” Obviously, the question is what is ‘reasonable detail’? This enforcement action does not provide much guidance.
There was one instance of the alleged failure of internal controls that seems so anomalous that it needs to be explored. I quote in full from the Order:
“For example, Qualcomm offered at least 15 foreign officials lavish hospitality packages worth approximately $95,000 per couple for the 2008 Beijing Olympics. Then, in mid to late-July 2008, a member of Qualcomm’s finance department raised FCPA issues related to the Olympics with Qualcomm counsel. In August 2008, just days before the Olympics began, Qualcomm rescinded the five hospitality invitations that had been accepted due to Qualcomm’s FCPA-related concerns. The disinvited guests were from three Chinese state-owned enterprises.”
Why does this seem so anomalous? It is because the company’s internal controls stopped this seeming violation. The internal controls did what they were supposed to do, detect a potential violation and even prevent it before it happened. Even if the local business folks started down this road, it is clear that the corporate office stopped it. If a compliance program is now going to be criticized in the form of an enforcement action for doing what it is supposed to do, detecting and then preventing FCPA violations, it may be well nigh impossible for any company to be in compliance with the FCPA.
Of course, this Order was the product of negotiations between the SEC and Qualcomm, so there may be additional facts around this — questionable at best — hospitality play by Qualcomm. However, if there was more to this story, the SEC needs to use those facts to educate and inform companies on their obligations and not hold them liable for actually stopping bribery and corruption.
The Qualcomm FCPA enforcement action reinforces the need for robust internal controls around the hiring process. It should be studied by both the compliance function and your company’s human resources function. The lessons you can learn from this enforcement action can help you to forestall a similar fate for your company.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business advice, legal advice or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The author gives his permission to link, post, distribute or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at firstname.lastname@example.org.