A landmark Foreign Corrupt Practices Act enforcement action in the financial services industry comes with valuable lessons, stern warnings, and broad repercussions. Compliance officers will want to add this one to their files.

Och-Ziff Capital Management Group, a publicly traded alternative investment and hedge fund firm, and its wholly-owned subsidiary, OZ Africa Management, in September agreed to pay a combined $412 million in criminal and regulatory penalties in connection with a widespread bribery scheme involving officials in Africa.

“This case marks the first time a hedge fund has been held to account for violating the Foreign Corrupt Practices Act,” Principal Deputy Assistant Attorney General David Bitkower said in a statement.

As part of the settlement, Och-Ziff will pay a criminal penalty to the Department of Justice of more than $213 million. In related proceedings, the Securities and Exchange Commission filed a cease-and-desist order against Och-Ziff and OZ Management, whereby Och-Ziff agreed to pay approximately $199 million in disgorgement, including prejudgment interest, to settle the FCPA violations.

The enforcement action resulted from findings that Och-Ziff used intermediaries, agents, and business partners to pay bribes to high-level government officials in Africa. These illicit payments induced the Libyan Investment Authority sovereign wealth fund to invest in Och-Ziff managed funds. Other bribes were paid to secure mining rights and corruptly influence government officials in Libya, Chad, Niger, Guinea, and the Democratic Republic of the Congo.

Compliance officers in the financial services industry should pay attention to the Och-Ziff FCPA enforcement action because of the broader enforcement risks that it signals, as well as the compliance lessons that it imparts. The Och-Ziff action appears to have resulted from a broader financial services industry probe initiated by the SEC in 2011, in which letters of inquiry were sent to at least 10 hedge funds, banks, and private equity firms requesting information about their interactions with sovereign wealth funds.

“Now that this matter was concluded successfully, the U.S. government may well look to charge other financial services firms that have engaged in similarly improper activities,” says Jeremy Zucker, co-chair of the international trade and government regulation practice at law firm Dechert.

Prior industry-wide enforcement sweeps—such as those in the healthcare and oil and gas industries—began with a single enforcement action quickly followed by others. “Recent statements by Department of Justice and SEC enforcement officials regarding their focus on the financial services industry reinforce the sense that more enforcement in this area is likely,” Zucker says.

Due diligence controls

According to settlement papers, Och-Ziff failed to conduct proper due diligence on numerous occasions, effectively demonstrating the FCPA risks companies will endure when violations of anti-corruption policies and procedure result.

In one particular example, Och-Ziff admitted that, beginning in 2007, it engaged a third-party agent to assist the company in securing an investment from the Libyan Investment Authority (LIA), that country’s sovereign wealth fund, knowing the agent would need to pay bribes to Libyan officials.  The agent was engaged without formal approval or any due diligence, according to court documents.

“Firms will be held accountable for their misconduct no matter how they might structure complex transactions or attempt to insulate themselves from the conduct of their employees or agents.”

Kara Brockmeyer, Chief, SEC Enforcement Division, FCPA Unit

Och-Ziff also failed to implement and maintain adequate internal accounting controls, which allowed its employees, agents, and business partners to misappropriate assets, the company admitted.  As a result of its failure to conduct due diligence on its partners and the lack of financial controls, Och-Ziff failed to prevent bribe payments from being made in the DRC, Libya, as well as in Chad and Niger, where an Och-Ziff joint venture made mining-related investments, according to admissions in court documents. 

“Och-Ziff falsely recorded the bribe payments and failed to devise and maintain proper internal controls,” Kara Brockmeyer, chief of the SEC Enforcement Division’s FCPA Unit, said in a statement.  “Firms will be held accountable for their misconduct no matter how they might structure complex transactions or attempt to insulate themselves from the conduct of their employees or agents.”

Taking lessons learned from Och-Ziff’s enforcement action, financial services firms—private equity firms and hedge funds, in particular—may want to think about re-examining their anti-corruption compliance programs.

Zucker recommends that financial services firms consider the following important measures:

Review business practices in high-risk jurisdictions, with a focus on foreign government touchpoints. Officers and employees of sovereign wealth funds, for example, are by definition considered “foreign officials.”

Confirm the beneficial ownership of all parties involved. In addition, justify expenses related to such ventures, and confirm the recipients of payments through such ventures.

Ensure that third-party agents and representatives, joint venture partners, and portfolio companies are subject to, and perform, due diligence to identify potential corruption issues. Red flags raised should be investigated and addressed with the involvement of legal or compliance personnel.

Involve the compliance team early in negotiations and deal considerations to discuss compliance requirements, the existence of any due diligence investigations, and what remedial measures may be needed to mitigate potential risks. In addition, authorize and empower compliance officers to play an active role in monitoring transactions and relationships that pose FCPA risks.

Compliance programs should apply to placement agents and other third parties that identify and secure investment sources, as well as to the daily operations of portfolio companies and other entities in which a firm holds a significant interest. 

The Och-Ziff case is a reminder that financial services firms are not immune from the risk of an FCPA action and should review their anti-corruption compliance programs accordingly. Likewise, the role that compliance officers play in this space will continue to evolve and expand.

Cooperation credit

The enforcement action also offers important insight into what amount of weight that enforcement authorities place on cooperation. In Och-Ziff’s case, it was the SEC that first detected the misconduct while “proactively scrutinizing the way that financial services firms were obtaining investments from sovereign wealth funds overseas,” the SEC said.


In 2007, with the assistance of outside counsel, Och-Ziff began work on an anti-corruption policy and procedures which was finalized in April 2008. This policy and procedures, which applied to OZ, OZM, OZ Europe, AML, AGC, and all of OZ’s affiliates,required rigorous due diligence and anti-corruption measures designed to provide reasonable assurances that transactions:(i) were executed in accordance with management’s general or specific authorization; and (ii) were recorded as necessary to permit preparation of financial statements in conformity with generally accepted accounting principles or any other criteria applicable to such statements, and to maintain accountability for assets.
For high-risk transactions like those described above, Och-Ziff’s policy recommended due diligence steps including:
Obtaining copies of the most recent financial statements for its business partners;
Identifying all shareholders owning or controlling each business partner, and the nature of that control;
Requesting references from financial institutions that have existing business relationships with business partners and clients;
Making all payments in the country in which an agent resides;
Accessing business partner books and records and utilizing a right-to-audit on a periodic basis;
Re-checking and confirming due diligence for business partners on an ongoing basis;
Reviewing of all monies paid out by business partners as part of ongoing due diligence;
Conducting heightened due diligence in business transactions involving government officials or state-owned businesses, where the business partner’s only contribution is influence, or where the partner refuses to put agreements or proof of  expenditures in writing; and
Obtaining annual certifications by the chief financial officer and chief legal officer that all foreign business partners have complied with the firm’s anti-corruption policies and procedures.
Och-Ziff failed to follow its own recommended due diligence steps in connection with the transactions set forth above.
Despite the presence of corruption risks in the above transactions, Och-Ziff did not impose sufficient procedures or measures to prevent corruption or provide reasonable assurance that the transaction documents accurately reflected the third party’s use of funds. Och-Ziff did not conduct sufficiently heightened due diligence in transactions involving state-owned entities, and failed to limit the interactions of its business partners with government officials. Och-Ziff
knew of the close connections between its business partners, counter-parties, agents and government officials. In fact, it chose them in part for their ability to influence to high-ranking government officials. Rather than limit such connections, Och-Ziff’s insufficient controls allowed its business partners and agents to exploit those relationships through bribery to benefit Och-Ziff. Och-Ziff Employee A knew that Och-Ziff’s business partners in Africa bought assets and made payments without oversight or control from Och-Ziff, and allowed such practices to continue despite the high risk of corruption.
Och-Ziff failed to conduct sufficient due diligence on asset purchases by its business partners. When due diligence on agents and business partners disclosed significant red flags, the company proceeded with the relationship without imposing sufficient limitations on the way the agent and business partners conducted business or used funds provided by Och-Ziff. Och-Ziff allowed its agents to use shell companies located in other jurisdictions to receive payment, failed to place restrictions on the agents themselves rather than their shell companies, transmitted payments through third-parties after which Och-Ziff had no oversight on the funds, and failed to monitor or audit how its agents used the Och-Ziff investor funds they were provided.
Och-Ziff entered into agreements with consultants and agents without conducting sufficient due diligence on the recipient of the funds or the role played by those agents and consultants. In some cases, Och-Ziff knew that AGC or its business partners in AGC were using consultants paid with Och-Ziff funds, yet took no steps to either conduct due diligence on those consultants or ascertain the basis for payments to those consultants. This led to bribes to government officials in Libya, Chad, and Niger.
Och-Ziff failed to implement sufficient safeguards to prevent corruption in ongoing joint ventures and investments. Och-Ziff was aware of significant corruption risks in its AGC joint venture, including a high risk of corruption with its partners in AGC. Och-Ziff failed to adequately address those risks and continued to give investor funds to AGC without appropriate oversight. Och-Ziff also continued to rely on its business partners in AGC despite knowledge of alleged criminal activity by those partners in other transactions. At no time did Och-Ziff audit the bank records, expenditures, or financial statements of its business partners or of AGC to ensure compliance with Och-Ziff’s internal controls and anti-corruption policies.
Och-Ziff failed to use its leverage to terminate transactions, foreclose on collateral, or bring legal action against its business partners. At no time did Och-Ziff exert its legal rights against its business partners. Instead, Och-Ziff allowed these corrupt relationships to continue in an effort to secure a return on investment rather than sever ties with illegal activity.
Source: SEC Order.

Based on this fact, the Justice Department admonished Och-Ziff for its failure to voluntarily self-disclose the misconduct in the process of resolving Och-Ziff’s case. Yet, the Justice Department still knocked 20 percent off the bottom of the U.S. Sentencing Guidelines fine range—a savings in the tens of millions of dollars—because of Och-Ziff’s cooperation with the government’s investigation.

Such cooperation included the audit committee’s “very thorough and comprehensive internal investigation through counsel, which included regular reports of the offices; the company’s counsel collection and production of voluminous evidence located in foreign countries, and efforts to make current and former employees available for interviews,” the DPA stated.

Och-Ziff would have received additional credit had it not delayed in producing “important, responsive documents on a timely basis,” the DPA stated. In some cases, Och-Ziff produced documents only after being flagged that the documents existed and needed to be produced.

Even though voluntary self-disclosure is one of the most significant factors the government considers, the terms of this particular agreement signal that the Justice Department and SEC are willing to consider cooperation credit even in the absence of voluntary self-disclosure. With or without a voluntary self-disclosure, enforcement authorities “still need companies to cooperate even after that fact,” says Jason Jones, a partner in the special matters and government investigations practice group at law firm King & Spalding. “This case show there is benefit in that cooperation.”

Individual accountability

The SEC charges brought against Och-Ziff’s current Chief Executive Officer Daniel Och and Chief Financial Officer Joel Frank for violating the FCPA’s accounting provisions are another reason why the case is noteworthy. “You just don’t often see the SEC settle and hold accountable sitting management of a publically traded company like that, certainly not in the FCPA context,” Jones says.

Although Och and Frank had no specific knowledge about the bribes paid to foreign government officials, they ignored red flags and corruption risk related to the transactions, resulting in books and records violations. “Both Och and Frank were aware of the high risk of corruption in transactions with Och-Ziff’s DRC partner in light of his reputation and connections to high-level DRC government officials,” the SEC order stated. “Despite these risks, Och approved and Frank authorized Och-Ziff to enter into each of these transactions.” Neither Och nor Frank faced criminal charges by the Department of Justice.

In recent years, enforcement authorities at both the SEC and Justice Department have publicly stressed the importance of holding culpable individuals accountable. The high-profile charges against Och and Frank signify that they will continue to make good on that promise.

That warning was reiterated in a statement by Andrew Ceresney, director of the SEC Enforcement Division, in announcing the enforcement action. “Senior executives cannot turn a blind eye to the acts of their employees or agents when they became aware of suspicious transactions with high-risk partners in foreign countries,” Ceresney said.

Financial services firms aren’t typically the first industry that comes to mind when talking about violations of the FCPA. If any warning is to come from the Och-Ziff enforcement action, however, it’s that the SEC and Justice Department are moving in that direction to hold accountable not only financial services firms themselves, but increasingly, senior executives, as well.

“While the financial services industry already was on notice regarding potential FCPA issues, the risk no longer is theoretical,” Zucker of Dechert says. “Due to the volume of cross-border activities and exposure to sovereign wealth funds, the financial services industry is ripe for U.S. government enforcement authorities to bring additional investigations and actions for FCPA violations.”