Compliance officers have yet another real-life case study to add to their growing library of epic corporate compliance failures resulting in violations of the Foreign Corrupt Practices Act.  

The latest poster child is French power and transportation giant Alstom, which entered into a guilty plea in December and agreed to a $772 million criminal penalty, the largest ever obtained by the Justice Department in an FCPA case.  

According to the Justice Department, various Alstom executives paid bribes to government officials around the world to win power, grid, and transportation projects, and then falsified books and records to cover it up. Countries on the hit list include in Indonesia, Egypt, Saudi Arabia, the Bahamas, and Taiwan. In total, Alstom paid more than $75 million from at least 2000 to 2011 to secure $4 billion in projects, with a profit to the company of approximately $300 million.   

“The Alstom case is the antithesis of the hallmarks of an effective compliance program,” says Edward Kang, a partner at the law firm Alston & Bird. “It represents everything companies should not do when it comes to compliance with the FCPA.”

Below is a look at some of Alstom’s biggest governance, risk-management, and compliance pitfalls, and how to avoid them.

Inadequate Due Diligence

One warning compliance officers hear all the time: Paper policies are not enough. “Although Alstom had policies in place prohibiting unlawful payments to foreign officials, including through consultants, Alstom knowingly failed to implement and maintain adequate controls to ensure compliance with those policies,” the plea agreement stated.

Take consultants as one example, since lots of them hired by Alstom raised red flags familiar to many. The consultants had no prior experience or expertise related to their assigned projects; they resided in countries different from where the project was located; and they requested payment in currencies or bank accounts outside of the consultant’s or the project’s location.

“The Alstom case is the anti-thesis of the hallmarks of an effective compliance program. It represents everything companies should not do when it comes to compliance with the FCPA.”
Edward Kang, Partner, Alston & Bird

Alstom executives intentionally ignored those trouble signs. In some cases, the plea deal said, executives “knew, or knowingly failed to take action that would have allowed them to discover, that the purpose of hiring the consultant was to conceal payments to foreign officials in connection with securing projects and other favorable treatment in various countries around the world for Alstom and its subsidiaries.”

Although Alstom’s actions were deliberate, the case is a stark reminder of the dangers of ignoring red flags in business dealings with consultants. “You’ve got to make sure that you conduct due diligence on third parties and not ignore red flag warnings,” Kang says.

“A lot of it is common sense,” Kang continues. “If they’re asking you to funnel money into companies that are safe havens, or asking you to forward money into bank accounts that are in countries other than the country that they’re actually providing the service, that’s a classic red flag.”

Merely relying on representations and warranties from consultants that they won’t bribe government officials is insufficient. “That trust needs to flow from the due diligence you have done to rely on those representations and warranties,” says William Barry, with law firm Richards, Kibbe & Orbe. 

Citing dozens of e-mails and other documents, the Justice Department alleged that Alstom executives further deviated from consulting contracts to expedite large up-front payments to consultants to generate cash available to bribe foreign officials.

“The Alstom executives and employees responsible for approving consultancy agreements did not adequately scrutinize these changes, and in certain instances were copied on e-mails in which the true purpose for the change was discussed,” the plea agreement stated. 

Any time a multinational company works with external consultants, the Justice Department expects to see auditing and testing of consultant invoices and payments. Failure to maintain proper documentation is also seldom tolerated.

Since the start of the investigation in 2010, Alstom has “made significant progress in the area of compliance over the last several years,” the company stated. “To ensure that Alstom strives for the best compliance procedures, Alstom has discontinued the hiring of such sales consultants.”

Failure to Cooperate

According to the Justice Department, Alstom failed to disclose the conduct voluntarily—even though headquarters was aware of related misconduct at Alstom Power, a U.S. subsidiary, which settled misconduct charges with the Justice Department several years before prosecutors turned their attention to Alstom in Paris. Worse, Alstom initially failed to cooperate with the Justice Department’s investigation, responding only to subpoenas to its subsidiaries.

“One important message of this case is this: While we hope that companies that find themselves in these situations will cooperate with the Department of Justice, we do not wait for or depend on that cooperation,” Assistant Attorney General Leslie Caldwell said in a statement.

“The trend toward globalization of anti-corruption enforcement increases the risk that governments can find out about misconduct on their own,” Kang says. “That should factor into the calculus when companies are figuring out whether or not to self-report potential violations to U.S. authorities or other authorities around the world.”

At the same time, however, the decision of whether to self-report requires careful analysis as to the risks and benefits. Yes, you get credit from enforcement agencies for coming forward. You also open yourself up to the risk of investigations in other countries.


The Department of Justice considered the following facts in reaching its agreement with Alstom:
Failure to Self-Report: The Defendant failed to voluntarily disclose the conduct even though it was aware of related misconduct at Alstom Power, Inc., a U.S. subsidiary, which entered into a resolution for corrupt conduct in connection with a power project in Italy several years prior to the Department reaching out to Alstom regarding its investigation.
Cooperation: The Defendant initially failed to cooperate with the Department's investigation, responding only to the Department's subpoenas to the Defendant's subsidiaries, Approximately one year into the investigation, the Defendant provided limited cooperation, but still did not fully cooperate with the Department's investigation, The Defendant's initial failure to cooperate impeded theDepartment's investigation of individuals involved in the bribery scheme. At a later stage in the investigation, the Defendant began providing thorough cooperation, including assisting in the Department's investigation and prosecution of individuals and other companies that had partnered with the Defendant on certain projects. The Defendant’s thorough cooperation did not occur until after the Department had publicly charged multiple Alstom executives and employees.
Nature and Seriousness of the Offense: The Defendant's conduct spanned many years and a number of countries and business lines, and involved sophisticated schemes to bribe high-level government officials, as well as to falsify its books and records related to bribe payments and a failure to maintain adequate controls to prevent improper bribe payments.
Compliance and Remediation: The Defendant lacked an effective compliance and ethics program at the time of the offense, Since that time, the Defendant has undertaken substantial efforts to enhance its compliance program and to remediate prior inadequacies, including complying with undertakings contained in resolutions with the World Bank (including an ongoing monitorship) and the government of Switzerland, substantially increasing its compliance staff, improving its alert procedures, increasing training and auditing/testing, and ceasing the use of external success fee-based consultants.
Source: Department of Justice.

For example, the U.K. Serious Fraud Office brought fresh corruption charges in December against Alstom Power, a British subsidiary of Alstom, over allegations that it bribed officials in Lithuania to secure a project there. That same month, Polish prosecutors charged five people in connection with transport contracts won by Alstom’s Polish subsidiary, Alstom Konstal.

Exactly when to self-report is another important consideration that needs to be weighed carefully. “Do you know what you need to know to provide a viable disclosure to the government?” says Barry.

New Player

Now some good news: The Justice Department excused Alstom from the burden of a compliance monitor, so long as Alstom continued to work with another monitor it had agreed to accept as part of a settlement it reached with the World Bank in 2012. That’s never happened in an FCPA enforcement action before.

Under its plea agreement with the Justice Department, Alstom must report to the Justice Department at least annually for three years about implementation of its compliance program, internal controls, policies, and procedures. According to the plea agreement, “such monitoring requirements will be considered satisfied if the World Bank’s Integrity Compliance Office concludes that Alstom has implemented a corporate compliance that complies with the World Bank’s integrity compliance policies and practices, particularly those reflected in the World Bank’s Integrity Compliance Guidelines.”

If Alstom fails to satisfy the World Bank compliance monitor, then the Justice Department can return and impose one of its own.

That provision “reflects the prominence of the World Bank’s compliance initiatives,” says Andrew Levine, a partner with law firm Debevoise & Plimpton. “More broadly, this resolution underscores the risk to companies of parallel proceedings extending not only to foreign government regulators, but also to development banks and other third parties.”

The World Bank funds construction and development projects in impoverished areas around the world, just the type of business prone to bribery risk. In its annual report issued in 2012, the World Bank Group said “close cooperation with national authorities—including American, British, Canadian, Dutch, and Nigerian, among others—has resulted in swift interventions by their law enforcement authorities in connection with World Bank Group investigations.”

Twenty years ago, enforcement agencies had a difficult time discovering overseas corruption without a company self-reporting; that’s not the case anymore, says Barry. “It’s more likely than ever before that word of your problem outside the United States is going to be reaching the ears of U.S. regulators,” he said.