One of the more useless annual exercises that folks go through is to detail out the Foreign Corrupt Practices Act (FCPA) enforcement statistics each year and use that information to discuss whether the Justice Department and Securities and Exchange Commission are prosecuting less or more FCPA cases … as if such parsing had any meaning. Last year was perceived to be a down year, as there were “only” 10 Justice Department and 10 SEC FCPA enforcement actions. The problem with that data point has been borne out over the past 3 months, amid a plethora of new cases announced.

Indeed, February 1 to March 3 was one of the most prolific periods ever seen for FCPA enforcements. In this span of just 31 days, the SEC took the following enforcement actions: (1) against SAP for its bribery schemes in Panama to obtain long-term contracts; (2) against SciClone Pharmaceuticals around its conduct in China; (3) an individual enforcement action against the Chief Executive Officer (CEO) of LAN Airlines for paying bribes during a labor dispute in Argentina some 10 years ago; (4) another individual enforcement action against a former employee of PTC China, in conjunction with the company’s resolution of its SEC and Justice Department enforcement action; (5) an action against Nordion (Canada) for the illegal activities of its agent in Russia; (6) an individual action involving the Russian agent of Nordion, Mikhail Gourevitch, for his corrupt activities in Russia; (7) Qualcomm for its hiring of family members of employees of Chinese state-owned enterprises, which was done to obtain or retain business with those very same state-owned enterprises.

The Justice Department resolved some longstanding and very large FCPA enforcement actions as well, including the VimpelCom massive bribery scheme around its telecom business in Uzbekistan; the massive Olympus anti-trust and FCPA enforcement case for the company’s actions in Latin America; the aforementioned PTC Inc. bribery scheme in China. Also later in March there was the guilty plea by Abraham Jose Shiera Bastidas for his part in a bribery scheme involving Venezuela’s state-owned and state-controlled energy company, Petroleos de Venezuela S.A. (PDVSA). His plea was a part of the criminal case against Roberto Rincon and his company for its bribery of PDVSA employees.

Many compliance professionals are still digesting the lessons to be garnered from these cases. However, I think several clear trends can be derived even at this early stage. First and foremost is that the naysayers around Justice Department backing of FCPA enforcement were dead wrong, yet again. Many had claimed the dearth of substantial Justice Department cases in 2014 portended a drop in overall focus on the FCPA and, more nefariously, that somehow the business community had gotten through the back door what it could not achieve formally, all with the appointment of Andrew Weissmann. It turns out nothing could be further from the truth.

The Qualcomm matter also brings forward the clear lesson toward the growing trend of a strict liability standard in FCPA enforcement under the accounting provisions. This means if your books and records come under investigation, you will have to demonstrate that they meet some minimum standard that satisfies the SEC.

Both the VimpelCom and Olympus cases also point to increased international cooperation around anti-corruption investigations. Whether this is the fruit of U.S. government training for prosecutors in other countries on the techniques of anti-corruption investigations or simply a greater awareness across the globe of the scourge of bribery and corruption, it really does not matter, as the result is the same: more international cooperation. Finally, the VimpelCom financial penalty phase demonstrates a growing trend where the Justice Department and SEC will not cede a portion of the financial penalty to the home country of the settling defendant but will give credit to the charged defendant in their calculations.

There is the continued trend of the SEC for aggressive enforcement of both prongs of the Accounting Provisions of the FCPA, the books and records provisions and the internal controls provisions. In the realm of internal controls, the Qualcomm case was very instructive on how the SEC views internal controls and will do so going forward. Qualcomm was the second FCPA enforcement action brought by the SEC for the hiring of a family member of an employee of a state-owned enterprise (Bank of New York Mellon, August 2105 was the first).

Beyond this case reaffirming that the hiring of family members was a violation of FCPA, for the compliance professional, the focus on internal controls was critical. However, this focus was on the internal controls for the hiring process or HR internal controls, which are not typically considered compliance internal controls. This enforcement action restates the need for companies to follow their own internal controls and if there is an exception granted, that exception must be justified in writing, with the appropriate higher-level review.

The Qualcomm matter also brings forward the clear lesson toward the growing trend of a strict liability standard in FCPA enforcement under the accounting provisions. This means if your books and records come under investigation, you will have to demonstrate that they meet some minimum standard that satisfies the SEC. The FCPA Guidance states, “under the “books and records” provision, issuers must make and keep books, records, and accounts that, in reasonable detail, accurately and fairly reflect an issuer’s transactions and dispositions of an issuer’s assets.” Moreover, “the accounting provisions ensure that all public companies account for all of their assets and liabilities accurately and in reasonable detail.” Obviously, the question is: What is “reasonable detail?” The Qualcomm enforcement action does not provide much guidance.

The Olympus enforcement may also portend some longer-term trends in FCPA enforcement and resolution. The FCPA enforcement portion of the Olympus settlement was only $22.8 million out of a total fine and penalty of $646 million for three areas of illegal actions—violations of the domestic anti-kickback statute, the False Claims Act and the FCPA. This was clearly a company with a culture committed to bribery and kickbacks.

As Olympus is a healthcare concern, they agreed to a Corporate Integrity Agreement (CIA) rather than a Deferred Prosecution Agreement (DPA). The CIA details the compliance program that Olympus must maintain. It had some very interesting provisions which included very robust protocols not normally seen in a DPA, including:

compliance responsibilities for the company management and the board of directors

a compliance code of conduct that mandated minimum certain standards;

training and education that includes specified standards

requirements for consulting arrangements, grants and charitable contributions, management of field assets, and review of travel expenses

risk assessment and mitigation process

review procedures for testing the compliance program

The CIA also has specific language that mandates that board members, senior executives, and top management certify compliance in specific areas. This final requirement adds a personal level of responsibility not normally foisted upon senior leadership. Failure to make these certifications or meet the stringent requirements of the CIA necessitate written explanations to the corporate monitor. While these very harsh terms and restrictions set out in the CIA are limited to Olympus, they clearly portend the types of requirements the Justice Department is thinking about imposing down the line.

Finally, the Olympus case laid to rest for all time the question of whether a Chief Compliance Officer can be a whistleblower to the U.S. government and receive a portion of the monies paid to the United States as fines and penalties. Olympus CCO John Slowik was awarded $44.1 million from the federal share and $7 million from the state share of the civil settlement amount. Slowik had tried to bring his concerns about the company’s illegal activities to senior management and the board and was fired for his efforts. He filed suit under the False Claims Act, which allows whistleblowers to receive a portion of the settlement. If a CCO can be awarded money in this manner, they can also be awarded money for referrals to the SEC whistleblower program set up in the wake of the Dodd-Frank Act.

As to what may happen in the next quarter and into the rest of the year, perhaps only Carnac the Magnificent can see into the veiled land of the future. Yet the SEC and Justice Department have set out some clear signals in this most incredible first quarter of the FCPA year.