Read Part 1 here.
Where Are the Whistleblowers?
As my dad told me in 5th grade, “you can’t play if you don’t go out for the team.” So, given such good odds and lucrative awards, why so few FCPA whistleblowers? I have several theories, based perhaps on intuition and anecdotal evidence, as well as having represented a number of whistleblowers. First, there is the fear that, even if they proceed anonymously, the whistleblower’s identity may be discovered, or at least suspected. Retaliation can take many forms, from simple unemployment to physical harm. While the SEC itself does a very good job of concealing the existence and identify of its whistleblowers, the nature of the business carries the risk that, once the company comes under investigation, someone may be able to figure out the whistleblower’s identity. However, companies who retaliate against current employees risk severe sanctions from the SEC. Most of the potential whistleblowers who contact me have carefully considered this risk and nevertheless choose to proceed. In my opinion, while all of them are well aware of the potential monetary rewards, their predominant motivation is the simple desire to do the right thing, combined with a healthy disgust for the corruption they have witnessed and how the company has (or has not) addressed it.
Unfortunately, in the case of Liu v. Siemens AG, 763 F.3d 175 (2nd Cir. 2014), the U.S. Second Circuit Court of Appeals held that Congress did not provide for the Dodd-Frank protections against retaliation to apply extraterritorially, so the whistleblower coming in from abroad must assume that neither he nor the SEC will be able to sue his employer if he is retaliated against. For its part, shortly after the Liu decision, the SEC reaffirmed its right to pay awards to foreign whistleblowers, and in fact gave its largest ($30 million) award to a whistleblower outside the United States. If the Congress ever gets around to reviewing this law, it should specify that the retaliation provisions cover foreign whistleblowers and that retaliation by former employers (such as industry blacklisting) is also covered.
There may be a second reason for the apparent paucity of FCPA tips. I suspect that many individual corporate employees, both foreign and domestic, simply are not familiar with or do not understand the law and overlook (or possibly ignore) within their own companies the classic “red flags” present in most FCPA prosecutions. The SEC has done a good job over the years in alerting the corporate community about obeying the FCPA. Larger companies have (or better have) extensive training programs on the FCPA. A cottage industry has arisen among consultants and law firms presenting seminars to educate potential clients on every nuance of the FCPA. Nevertheless, there are no seminars aimed specifically at educating whistleblowers on how to detect fraud at their companies (this writer has wistfully considered offering one, at an undisclosed location). While all companies encourage internal whistleblowing, often providing tip lines and Internet submission sites, they do not encourage SEC whistleblowing. Faced with these obstacles, and presumably lack of knowledge of this law, most employees — even those who may have information that could very well trigger an SEC investigation — will elect to stay below the radar, do their business as usual and say nothing. As a result, the roster of hardy souls willing to play David against the Goliath of a powerful multinational corporation remains short.
Spotting the “Red Flags” — It’s Not Rocket Science
Fortunately, the SEC and DOJ have clearly spelled out how to detect potential FCPA violations. For example, if the whistleblower is uncertain whether or not the people he believes are being bribed by his company would qualify as government officials under the FCPA, he can look to the SEC and the courts for guidance. In a July 2014 interview with Bloomberg, the Chief of the SEC’s FCPA unit, Kara Brockmeyer, noted the significance of U.S. v. Esquenazi, 752 F.3d 912 (11th Cir 2014), cert. denied, 135 S.Ct. 293 (2014).8
In that case, the federal circuit court grappled with the meaning of the term “instrumentality” in the FCPA’s definition of a foreign official as “any officer or employee of a foreign government or any department, agency or instrumentality thereof.” The court defined it as “an entity controlled by the government of a foreign country that performs a function the controlling government treats as its own.” Id. at 925. The court set out a two-pronged test that is supposed to give guidance to businesses, whistleblowers and their respective lawyers. A Sidley “News and Insights” update (May 20, 2014) called it “a significant win” for the government. The decision, using this “fact-based” test, upheld the FCPA convictions of several employees of Haiti Telco, finding it was an instrumentality of the Haitian government. The court found that an “instrumentality” need not be a formal part of the government as long as it performs “a government function at the government’s behest.” Id. at 921.
This issue has become important given the increasing frequency of privatization of government functions in many developing countries. The whistleblower may work for a company that supplies equipment or services to foreign entities that have complex relationships with the government of the country and are to some extent controlled by the government. The payees of the bribes may themselves be employees of organizations that at first blush may not appear to be state entities. While the Esquenazi decision has been criticized as espousing an essentially “unworkable” test, see “Recent Cases,” 128 Harvard Law Review 1500 (2015), the fact is the decision will enable whistleblowers to provide tips on a wider variety of entities that do business with many multinational public companies and can only lead to more FCPA cases and potential awards to the whistleblowers. When in doubt, the whistleblower should consult counsel and first do some research on the operations and control of the foreign entity with which his company is doing business.
The Brockmeyer interview was informative to potential whistleblowers in other ways. According to the Bloomberg report, “she explained that the unit may get one case through a whistleblower, but during the investigation it appears that the conduct of the particular company ‘is something that appears to be endemic to the industry…that can start us looking at their competitors.'” This can be very significant to a whistleblower, because SEC rules allow a whistleblower to get credit for other “related cases” that may owe their generation to the whistleblower’s original tip. See Rule 21F-3(b)(2). Ms. Brockmeyer has more recently indicated that the SEC is looking closely at agents, distributors and other middlemen who work for multiple companies in a particular country or region. If it appears to the SEC that these individuals or entities are bribe conduits for one company, the SEC may ask other companies who use these suspect agents or consultants in that country or region to investigate if they are doing it for them as well.9
Internal Controls — the Key to Flagging the Red Flags
The SEC is very interested in examining a company’s internal controls, not just in accounting cases, but in the FCPA arena as well. These are the procedures a company puts in place to monitor its operations, including risks and compliance functions. Under the Sarbanes-Oxley Act, companies have to evaluate and certify the effectiveness of their internal controls. In her Bloomberg interview, Ms. Brockmeyer cited the example of a customs broker. She asks: “do you have all the documentation and supporting documentation you would expect? Are the expenses for that broker in line with what you would expect the service to be? If not, is there documentation to support a legitimate reason why you’re paying that broker more than the going rate?”
She further observed, “you really need to dig further. That’s really where companies fall down. They see things that might be a red flag and they just don’t dig far enough.” She also noted situations in which a third-party agent is paying bribes or an employee at a subsidiary has worked out a deal with the agent. “Either way, from the SEC’s perspective, as a public company you have a problem and you’re not being a very good steward of your investor’s assets.”
She also cautioned small and medium sized companies going overseas for the first time or moving into an emerging market but not paying enough attention to their internal controls and FCPA risks. She noted that the SEC is seeing more examples of “bribes being funneled through third parties that may appear to be more legitimate, such as customs brokers, or distribution or channel partners.” If the company has no explanation for what such middlemen do for their money, other than to “get business,” the SEC will want a valid explanation. Likewise, the SEC may be suspicious if the company does not object to agents/consultants/distributors being paid well above market rates, a frequent ploy to create room for payments of bribes.
Another red flag is the so-called “world tour” for public officials who, for example, only needed a few hours to conduct a factory inspection in a city but stay for a few extra days to go sightseeing on the company tab. If it’s a one-off trip, and the company reports it, that’s probably okay. If its been going on for years, the whistleblower who reports this may instigating a case the SEC will act upon.
In general, any corporate practices that generate cash, perks or any other things of value, for the benefit of individuals or entities with whom the company does business who are in any way involved with securing or servicing business with foreign government entities of any kind, should be considered potential FCPA cases, particularly if the amounts being paid out by the company exceed market rates for such services. If the agent is the brother-in-law of the prince, that’s clearly a red flag. If the payment to the agent or consultant goes offshore, that’s another. If payments are for a percentage of the contract, not hourly rates or flat fees, that can be a problem. If the accounting for such expenses seems suspicious, that’s another red flag. Disguising a payment meant to be a bribe in any fashion in the books is a big red flag, and most likely an FCPA violation all in itself (see below). Even if the whistleblower does not have concrete proof, the information may be enough for the SEC to trigger an investigation, which, once it gets going, can open the proverbial “Pandora’s Box.”
The Risk of Running a Paper Compliance Program
Halfhearted, nonexistent or so-called “paper” compliance programs will also get the SEC’s attention. In remarks delivered in November 2014 and March 2015, SEC Enforcement Director Ceresney focused on “the importance of comprehensive FCPA compliance programs.” He stated, “this is a message that I think has started to get through in the past five years. Nothing situates a company better to avoid FCPA issues than a robust FCPA compliance program.”10 There are multitudes of ways a compliance program can be deemed insufficient, at least in the eyes of the SEC or DOJ.
The astute whistleblower will take a critical look at his company’s compliance programs and internal controls. Does the company perform risk assessments that consider what the DOJ and SEC believe to be the “hallmarks of an effective compliance program”? The DOJ and SEC jointly published a Resource Guide on the FCPA in 2012, which sets out at pp. 57- 62 a detailed description of what these agencies consider an effective compliance program. The U.S. Sentencing Commission has issued guidelines as well.11 Does the company perform third-party agent due diligence? Does it utilize distributors who may use their margins or spreads to create a slush fund of cash that could be used for bribes? Does the company improperly account for bribes as legitimate expenses? Is there a thorough vetting of agents? Are appropriate expense controls in place to ensure that third-party payments are not being used to direct bribes to foreign officials? Do compliance officers really seem to care about these issues, or are they frustrated with the company’s responses to their efforts? It never hurts to inquire about these matters with compliance when one is seeing the red flags. Do it in an innocuous email and see if you get a response.
The whistleblower should also “evaluate whether the company has disciplinary measures in place to deter violations” and compliance programs that are “periodically tested and reviewed to ensure they are keeping pace with the business.”12 Mr. Ceresney also reiterated the SEC’s negative view of “paper [compliance] programs.” The whistleblower does not have to be a compliance officer to figure out if the compliance function, if it exists at all, is little more than a sham effort to provide cover for upper management if anything goes wrong, or to set up a straw man compliance officer to blame if the company gets caught.13 Once the SEC, and perhaps an outside law firm, starts digging into these issues, the lack of a viable compliance program will probably become apparent. In November 2015, the DOJ hired a “compliance counsel,” Ms. Hui Chen (a former Global Head for Anti-Bribery and Corruption at Standard Chartered Bank) to assist its lawyers in assessing the effectiveness of companies’ corporate compliance programs. Clearly both the SEC and DOJ are very keyed into this issue, and if you have a company with many of these red flags and a weak compliance program to boot, you may be on to a potential FCPA case.
The FCPA’s Utility Infielders — the Internal Controls and Books and Records Provisions
The SEC has of late increasingly used the obscure “little brother” of the FCPA bribery provisions as a useful go-to statute when evidence of bribery is lacking or otherwise difficult to prove. These so-called “accounting” provisions take two forms. The “books and records” provisions require issuers to make and keep accurate books, records and accounts that accurately, fairly and in reasonable detail reflect the issuers’ transactions and disposition of assets. The “internal controls” provision requires that issuers devise and maintain reasonable internal accounting controls in an effort to prevent and detect FCPA violations.
There is no requirement that a false record of deficient control be linked to an improper payment, so a payment that does not entail a violation of the anti-bribery provisions can be a violation of the accounting provision if inaccurately recorded or such errors can be blamed on an internal control deficiency.14
Fake documents may become violations of this provision even if what is being covered up is legal. There is no materiality requirement, and violations are not limited to transactions above a certain amount. Off-book payments or ones that fail to show the actual purpose of a transaction can thus violate the FCPA.
These provisions are very broad and give the SEC and DOJ useful negotiating tools in reaching settlements in cases lacking clear, provable bribery. Lately the SEC has used these provisions in settlements in large penalty cases, which usually involved ineffective compliance programs or payments which were not accurately recorded (such as falsely booking them as “expenses” instead of “bribes”). Compliance programs that fail to catch bribery schemes or simply don’t work in practice can be the basis for internal control FCPA violations.
For the astute whistleblower, these provisions, while not as damning as outright bribery evidence, can nevertheless be the route to a viable FCPA case that can, in the context of a major investigation of a major corporation, lead to a substantial whistleblower award. If your company has shoddy internal controls, a weak compliance program or books containing suspicious accounts and is also doing business with agents or middlemen who have bad reputations, you may have the makings of an FCPA case, even if the SEC is ultimately unable to prove concrete evidence of bribery. To be clear—the whistleblower does not have to have concrete evidence of bribery to make a submission to the SEC, assuming some of the other elements we have discussed here are present.
Conclusion — “Where There is Smoke, Trust the SEC to Find the Fire”
With all this evidence of increasing FCPA enforcement activity and the resulting multimillion-dollar settlements, it is evident that whistleblowers who make the government aware of what they know about possible FCPA violations may well be in line for a substantial award, provided they have the courage to start the process and the patience to see it through. When considering the fact that FCPA cases come from across the globe and have covered just about every form of business activity in just about every industry, no suspicious activity involving any form of business with a foreign governmental entity should be overlooked for a whistleblowing opportunity. In this world, there are few chances to do good, follow the law and potentially get a substantial monetary reward. It can literally pay (and very well) to learn about the FCPA and look for any suspicious activities at the company you are most familiar with which may upon investigation turn out to violate this most powerful and far-reaching law.
Footnotes Bloomberg BNA Corporate Accountability Report, “More FCPA Cases in Pipeline, Brockmeyer Says; Some Administrative,” July 25, 2014.  Recent FCPA Developments, Panel held by District of Columbia Bar, December 17, 2015.  Andrew Ceresney, “Remarks at 31st International Conference on the Foreign Corrupt Practices Act”, National Harbor, Maryland, Nov. 19, 2014. See also his address “FCPA, Disclosure and Internal Control Issues Arising in the Pharmaceutical Industry”, March 3, 2015 (both available on the SEC website).  U.S. Sentencing Commission, 2014 Federal Sentencing Guidelines Manual Chapter 8 (effective Nov. 1, 2014).  Ceresney, supra n. 3, Nov. 19, 2014, at 3.  Even a compliance officer can in some circumstances become a whistleblower, see Daniel J. Hurson, “When Should Internal Auditors and Compliance Officers Become Whistleblowers”, Mondaq News Service, Dec. 10, 2014.  See Gibson Dunn 2015 Mid-Year FCPA Update, supra n. 1, page 1.
This piece was originally shared on Mondaq and is republished here with permission. The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.