Well, if you needed yet another reminder that paying bribes is not the only way to trip over the Foreign Corrupt Practices Act, the Securities and Exchange Commission has just provided one: BHP Billiton, and its $25 million fine for FCPA books-and-records violations.
BHP Billiton is now the fourth company in recent months (along with FLIR Systems, Goodyear, and PBSJ) to pay a civil penalty to the SEC for books-and-records violations, while not suffering any criminal penalty with the Justice Department for the FCPA’s anti-bribery clauses. “That just goes to show the breadth of the accounting provisions versus the anti-bribery provision of the FCPA,” says James Tillen, a partner with law firm Miller & Chevalier.
Anti-bribery violations can sometimes be difficult for the Justice Department to prove for jurisdictional or evidentiary reasons. The SEC, however, can still bring charges under the Foreign Corrupt Practices Act’s accounting provisions because they require a lower standard of proof. And the BHP Billiton case is the most aggressive such enforcement action we’ve seen the SEC prosecute so far.
The back story: Last month the SEC fined Australia-based BHP Billiton $25 million to resolve charges that the mining resources company violated the law when it sponsored the attendance of 60 foreign government officials and their guests at the 2008 Summer Olympic Games in Beijing. According to the SEC, sponsored guests enjoyed lavish hospitality packages that included event tickets, luxury hotel accommodations, and sightseeing excursions valued up to $16,000 per package.
Furthermore, many of these guests were from countries in Africa and Asia with known histories of corruption. “BHP Billiton recognized that inviting government officials to the Olympics created a heightened risk of violating anti-corruption laws, yet the company failed to implement sufficient internal controls to address that heightened risk,” Andrew Ceresney, director of the SEC’s Division of Enforcement, said in a statement.
What’s usual about the BHP Billiton case is that the SEC based its charges not on any specific questionable financial transactions, but rather on the premise that the company’s actions “could potentially violate anti-corruption laws,” according to the SEC’s order. Other than condemning BHP for sponsoring the attendance of government officials at the Olympics, the SEC order “doesn’t go on to say that those resulted in business benefits or potential bribes,” Tillen says.
“BHP Billiton recognized that inviting government officials to the Olympics created a heightened risk of violating anti-corruption laws, yet the company failed to implement sufficient internal controls to address that heightened risk.”
Andrew Ceresney, Director of the Enforcement Division, SEC
In a statement dated May 20, BHP Billiton said that the Justice Department completed its criminal investigation without taking any action, “which is further evidence that there wasn’t an anti-bribery violation here,” Tillen says. A related investigation by the Australian Federal Police, announced in 2013, remains ongoing.
The core of the SEC’s charges focused squarely on gaps in BHP’s anti-corruption compliance procedures. “A check-the-box compliance approach of forms over substance is not enough to comply with the FCPA,” Antonia Chion, associate director of the SEC Enforcement Division, said in a statement. “Although BHP Billiton put some internal controls in place around its Olympic hospitality program, the company failed to provide adequate training to its employees and did not implement procedures to ensure meaningful preparation, review, and approval of the invitations.”
The case suggests that companies can be charged with violations of the FCPA’s accounting provisions if they do not have what the SEC deems to be an effective anti-corruption compliance program. “What the SEC action suggests here is that they expect something more,” says James Dowden, a partner with law firm Ropes & Gray. The SEC effectively is saying, “‘we expect compliance programs to have teeth,’” he says.
Devil in the Details
Below is a look at BHP Billiton’s biggest internal controls failures, and how to avoid them.
Inadequate due diligence. BHP Billiton required business managers to complete a hospitality application for any individuals they wished to invite, including government officials—but that was the extent of its due diligence. “They had people fill out a form, but they never really did anything with the form,” Kara Brockmeyer, chief of the FCPA unit of the SEC’s Division of Enforcement, said during a panel discussion at Compliance Week 2015, citing the case. “They never turned anyone down.”
Due to this lack of due diligence, many hospitality applications were “not accurate or complete,” the SEC stated. For example, many applications identified an employee of a state-owned enterprise as a “customer,” but failed to identify the person as a foreign government official.
“It’s not just about, do you have a nice form?” Brockmeyer added. “What are you actually doing with those answers? Do the compliance people feel they can say, ‘No, this is too risky?’ There’s too high of a chance that this is going to result in an improper payment.’”
No oversight. At the time of its sponsorship of the Beijing Olympics, “BHP Billiton had no independent compliance function,” the company stated. “Instead, accountability for complying with the company’s anti-corruption policies, which were set out in the company’s Guide to Business Conduct, was vested in its operating business units.”
Although BHP Billiton formally had in place an Olympic sponsorship steering committee and global ethics panel sub-committee, neither had the task of reviewing the appropriateness of individual hospitality applications or airfare requests. The ethics panel’s charter stated that its role simply was to provide advice on ethical and compliance matters, and that “accountability rest[ed] with business leaders,” the SEC’s order stated.
BAD CONTROLS AT BHPB
Below is an excerpt from the SEC’s order, explaining the deficient internal controls at BHPB that led to the FCPA violations.
Early in its planning for the Olympics, BHPB identified the risk that inviting government officials to the Olympics could potentially violate anti-corruption laws and the company’s own Guide to Business Conduct. The company relied on its existing operating model and an Olympic-specific internal approval process to address this risk. However, these internal controls, and BHPB’s implementation of them, were insufficient.
BHPB developed a hospitality application which business managers were required to complete for any individuals, including government officials, whom they wished to invite.
These applications included the following questions:
What business obligation exists or is expected to develop between the proposed invitee and BHP Billiton?
Is BHP Billiton negotiating or considering any contract, license agreement or seeking access rights with a third party where the proposed invitee is in a position to influence the outcome of that negotiation?
Do you believe that the offer of the proposed hospitality would be likely to create an impression that there is an improper connection between the provision of the hospitality and the business that is being negotiated, considered or conducted, or in any way might be perceived as breaching the Company’s Guide to Business Conduct? If yes, please provide details.
Are there other matters relating to the relationship between BHP Billiton and the proposed invitee that you believe should be considered in relation to the provision of hospitality having regard to BHP Billiton’s Guide to Business Conduct?
BHPB required each such application to be filled out and signed by an employee with knowledge of the invitee’s relationship with the company, and approved in writing by the president of the relevant CSG or the BHPB country president. A cover sheet that accompanied the blank forms included a short description of anti-bribery provisions in the Guide to Business Conduct and urged employees to re-read the section of the Guide concerning travel, entertainment, and gifts before completing the form. However, the controls did not adequately address the anti-bribery risks associated with offering expensive travel and entertainment packages to government officials.
No training. Even though oversight responsibility fell on the business units, the company failed to train them and senior-level executives on how to complete the forms, or evaluate whether an invitation to a government official complied with the company’s Guide to Business Conduct.
No reassessment process. BHP Billiton’s situation also speaks to the importance of having a process for updating hospitality applications, or reassessing the appropriateness of invitations to government officials if conditions changed, processes that BHP Billiton did not have in place.
“Almost all of the hospitality applications relating to government officials were approved and submitted in mid-2007,” the SEC’s order stated. BHP Billiton did not require, however, that hospitality forms be updated, or invitations be reconsidered, in those situations when government officials subsequently became involved in negotiations, attempts by BHP to obtain access rights, or other pending matters, the SEC’s order stated.
As a result of these internal control failures, BHP Billiton invited government officials who were directly involved in, or in a position to influence, regulatory actions, pending contract negotiations, efforts to obtain access rights, or business dealings in multiple countries where it operated, the SEC stated.
Following the settlement, BHP Billiton announced several remedial measures to enhance its compliance program. In a statement, BHP Billiton CEO Andrew Mackenzie said the settlement has continued to impart on the company “a number of important lessons as we continue our drive to eliminate the risk of corruption anywhere in our global operations.”
For example, BHP Billiton now has a compliance function within its legal department that is independent from the business units, which reports directly to the general counsel and the audit committee. One of its functions is to approve any offers of hospitality to a government official, the company stated.
Additionally, BHP Billiton enhanced its existing anti-corruption compliance program in a number of ways. “These include embedding independent anti-corruption managers into its businesses and further enhancing its policies and procedures concerning hospitality, gift giving, use of third-party agents, business partners, and other high-risk compliance areas,” the company stated.
Other remedial measures BHP Billiton took include:
Enhancing its financial and auditing controls, including policies to specifically address conducting business in high-risk markets.
Conducting extensive employee training on anti-corruption issues; and
Overhauling its processes for conducting internal investigations of potential violations of anti-corruption laws.
BHP Billiton’s situation speaks to the importance of proper documentation and “doing a better job of having full and complete records, supporting why you made the decision to approve the hospitality expense,” Tillen says. Companies should have a process to collect that information, “but then have legal and compliance kick the tires to question the business sponsors about the purpose of it,” he says.
Compliance officers in particular should review this case carefully because it puts laser sharp focus on hospitality policies in general. Says Tillen: “This case is a good case for companies to use in justifying why hospitality requires scrutiny.”