The Securities and Exchange Commission has resolved an Foreign Corrupt Practices Act enforcement action involving Canadian-based gold and silver mining company Kinross Gold Corp. The action was a civil matter, and there was no evidence of bribery presented in the SEC Order; it was rather a violation of the FCPA’s internal controls provisions, for which Kinross has agreed to pay a civil fine of $950,000.
The Kinross FCPA enforcement action presents some excellent lessons for every CCO, compliance practitioner, and compliance program on what constitutes effective internal controls, the role of internal audit in a best practices compliance program, the requirements of both pre-acquisition due diligence and post-integration in mergers and acquisitions (M&A), and what happens when senior management is not committed to doing business in compliance with the FCPA, such as:
M&A lessons: After closing, you must move to timely address deficiencies that were uncovered in the pre-acquisition due diligence.
Internal controls lessons: The SEC Order provides a good list of compliance internal controls to meaningfully assess transactions for accuracy or compliance with the FCPA. Internal controls should identify excessive rebates and discounts, advance payments, government commissions, and unjustified business expenses.
Internal audit lessons: The company’s internal audit group was able to determine the internal control deficiencies both in their initial audit and subsequent follow-up audits. The problem for internal audit was that there was no management will to actually remedy the failures to move toward a present and functioning effective set of internal controls.
Senior management lessons: Finally, in 2013, management did require that some internal controls be instituted to remedy the deficiencies noted by internal audit. The problem for Kinross was that senior management turned around and failed to follow those same controls when it suited them to do so.
The Kinross enforcement action presents some good lessons on the importance of internal controls under the FCPA. It is also a painful reminder that a company can find itself in FCPA hot water even if there is no evidence a bribe has been paid or offered.