Anyone searching for some broader context to understand how Tyco International lurched into yet another bribery scandal—the third major misconduct meltdown to hit Tyco or one of its spin-off companies since 2002—would do well to ponder one of the most famous lines from The Godfather.

“Just when I thought I was out,” crime boss Michael Corleone utters in frustration, desperate to take the family business legitimate, “they pull me back in again.”

In truth, a better literary allusion for the bribery scheme, announced by the Securities and Exchange Commission last week, might be a John LeCarre spy thriller. The SEC's complaint identifies 12 separate bribery efforts run by Tyco subsidiaries from 1999 to 2009. Executives in China, France, Germany, Turkey, and elsewhere tapped resellers and other operatives, often working in yet more locations, to funnel money to foreign officials in exchange for lucrative petroleum contracts. The payments were recorded as commissions, “business introduction fees,” and the like, and netted Tyco more than $10.5 million.

Tyco's legal and compliance team did eventually get wind of the corruption and self-disclosed to regulators—more on that shortly—but the Foreign Corrupt Practices Act settlement announced Sept. 24 included $26.8 million in fines and penalties: $13.1 million to the Securities and Exchange Commission, and $13.7 million to the Justice Department in parallel criminal proceedings.

More painful, however, is the perception (fair or not) that Tyco just can't shake its bad habits.

“Tyco's subsidiaries operating in Asia and the Middle East saw illicit payment schemes as a typical way of doing business in some countries, and the company illicitly reaped substantial financial benefits as a result,” Scott Friestad, associate director of the SEC's Division of Enforcement, said in a statement announcing the settlement.

A statement from the Justice Department was equally down: “For more than 10 years, various Tyco entities bribed foreign officials and cooked the books to hide the payments,” said Neil MacBride, U.S. attorney for the Eastern District of Virginia.

Cynics do have ample reason to cast a disapproving eye at the $17 billion manufacturer. Tyco International is a direct descendant of Tyco Inc., a paragon of corporate misconduct in the 2000s. Many recall the sensational trial of former Tyco CEO Dennis Kozlowski, who was convicted in 2005 on numerous securities fraud charges. He remains in prison after being denied parole in April.

Tyco came into the spotlight again in 2006 following a $50 million settlement with the SEC for various wrongful practices, part of which involved bribes paid to government officials in Brazil from 1996 to 2002. That settlement included a permanent injunction against future violations of the FCPA. The following year, Tyco split itself into three companies: Tyco International (security systems), Tyco Electronics (other electronic components), and Covidien (healthcare).

So it's of particular interest, especially to any company in the midst of an FCPA investigation, that the Justice Department in Tyco's case agreed to a non-prosecution agreement, and did not require a compliance monitor. How'd that happen?

“It's important to conduct aggressive due diligence on third-party intermediaries, because the lion's share of FCPA cases involve, to some degree, the actions of agents and other third parties.”

—Brian Mich,

Managing Director,

BDO Consulting

Well, a close read of Tyco's anti-corruption efforts shows that the company did take its compliance program seriously. Specifically, the Justice Department acknowledged Tyco's “timely, voluntary, and complete disclosure, its cooperation—including a global internal investigation concerning bribery and related misconduct—and its extensive remediation.” That remediation included firing employees responsible for the misconduct, canceling contracts with the responsible third-party agents, and closing subsidiaries due to compliance failures.

Mike Koehler, a law professor at Southern Illinois University and better known in the blogosphere as “the FCPA professor,” says he is neither surprised nor shocked about the outcome. “There is no allegation or suggestion that Tyco—the parent company entity—knew of or participated in the improper conduct,” he says. “In other respects, the resolution documents allege or suggest that various indirect subsidiaries took steps to conceal the conduct at issue or circumvent Tyco's internal controls.”

Brett Ludwig, Tyco's director of external communications, stresses that the company has implemented several robust compliance controls since Kozlowski's departure. “Since the time that many of these matters occurred, the company has enhanced its compliance programs significantly, hiring additional resources and developing new programs to prevent, deter, and detect improper behaviors,” he says. (The company did not make Matt Tanzer, its chief compliance officer, available for comment.)

Immediately following its SEC settlement in 2006, Tyco adopted a comprehensive program to gain better control over the activities of its third parties, including its resellers and distributors. A massive undertaking, to say the least, the process involved gathering the names of all Tyco's third parties—more than 66,000 at the time—and classifying them from high to low risk, or no risk at all.

“It's important to conduct aggressive due diligence on third-party intermediaries, because the lion's share of FCPA cases involve, to some degree, the actions of agents and other third-parties,” says Brian Mich, a managing director for BDO Consulting and co-chair of the firm's U.S. anti-corruption compliance and investigations practice.

As an example of due diligence, Mich recommends including anti-bribery provisions as part of your agreements with third-party intermediaries. Agents also should be required to certify annually that they're complying with the company's Code of Conduct, and agree to audits of their books and records, he says.

Even prior to its latest settlements with the SEC and Justice Department, Ludwig says Tyco has implemented many additional compliance measures. Among them:

An anonymous reporting hotline;

Comprehensive internal audits;

Vigorous anti-corruption reviews;

A methodical third-party management program;

Strong leadership emphasis on ethical business practices;

Regular training for all employees on relevant compliance topics;

Biannual certification by all employees to the principles of Tyco's Guide to Ethical Conduct.


Below is an excerpt from “SEC Charges Tyco for Illicit Payments to Foreign Officials.”

The Securities and Exchange Commission today charged Tyco International Ltd. with violating the Foreign Corrupt Practices Act (FCPA) when subsidiaries arranged illicit payments to foreign officials in more than a dozen countries.

The SEC alleges that subsidiaries of the Swiss-based global manufacturer perpetuated schemes that typically involved payments of fake “commissions” or the use of third-party agents to funnel money improperly to obtain lucrative contracts. Overall, Tyco reaped illicit benefits amounting to more than $10.5 million as a result of the paid to win business.

Tyco, whose securities are publicly traded in the U.S., agreed to pay more than $26 million to settle the SEC's charges and resolve a criminal matter announced today by the U.S. Department of Justice ...

… The SEC alleges that Tyco subsidiaries operated 12 different illicit payment schemes around the world starting before 2006 and continuing until 2009. The most profitable scheme occurred in Germany, where agents of a Tyco subsidiary paid third parties to secure contracts or avoid penalties or fines in several countries. These payments were falsely recorded as “commissions” in Tyco's books and records when they were in fact bribes to pay off government customers. Tyco's benefit as a result of these illicit payments was more than $4.6 million.

According to the SEC's complaint, Tyco's subsidiary in China signed a contract with the Chinese Ministry of Public Security for $770,000 but reportedly paid approximately $3,700 to the “site project team” of a state-owned corporation to be able to obtain the contract. This amount was improperly recorded as a commission. Tyco's subsidiary in France recorded payments to individuals from 2005 to 2009 for “business introduction services.” However, one of the individuals receiving payments was a security officer at a government-owned mining company in Mauritania, and many of the earlier payments were deposited in the official's personal bank account in France. In Thailand, Tyco's subsidiary had a contract to install a CCTV system in the Thai Parliament House in 2006, and paid more than $50,000 to a Thai entity that acted as a consultant. The invoice for the payment refers to “renovation work,” but Tyco is unable to ascertain what, if any, work was actually done.

The SEC alleges that another scheme occurred in Turkey, where Tyco's subsidiary retained a New York City-based sales agent who made illicit payments involving the sale of microwave equipment in September 2006 to an entity controlled by the Turkish government. Employees at Tyco's subsidiary were well aware that the agent was paying foreign government customers to obtain orders. One internal e-mail stated, “Hell, everyone knows you have to bribe somebody to do business in Turkey. Nevertheless, I'll play it dumb if [the sales agent] should call.” The benefit obtained by Tyco as a result of the September 2006 deal was $44,513.

The SEC's complaint alleges that Tyco's books and records were misstated as a result of the misconduct, and Tyco failed to devise and maintain internal controls sufficient to detect the violations. The complaint also alleges that the payments by the sales agent to Turkish government officials violated the anti-bribery provisions of the FCPA …

Source: SEC.

Those compliance controls, the SEC acknowledged, played a crucial role in arriving at what the agency deems to be a reasonable settlement agreement. “Tyco conducted a global review and internal investigation for potential FCPA violations and voluntarily disclosed its findings to the SEC while implementing significant, broad-spectrum remedial measures,” the SEC said in its statement announcing the settlement.

“At the present time, Tyco International has no additional enforcement actions or lawsuits pending with regard to this matter,” Ludwig says. “The company is pleased to have reached a final resolution on these matters, and is committed to maintaining its rigorous compliance programs across all business activities.”

Overall Lessons

Still, broadly speaking, many businesses remain prone to FCPA violations. The mantra among chief compliance officers is that “you don't know what you don't know,” says Jonathan Marks, head of the fraud and ethics practice at audit firm Crowe Horwath.

True, some companies have implemented robust compliance programs and built a strong culture of compliance. Others, however, still “have their heads in the sand when it comes to understanding what's really out there,” Marks adds. “Some believe they don't even have this [risk] exposure.”

The Tyco case is also a powerful lesson in the perils of voluntarily disclosing misconduct to regulators. “I don't think we're ever going to get from regulators and prosecutors a black-line discussion of what the results of voluntary disclosure will be, Mich says, “because they'll say every case is different and factors vary from case-to-case.”

Marks agrees. “You really need to take into account all the facts and circumstances surrounding the nature of the alleged violation,” he says. “From a risk perspective, what you don't want to do is self-disclose without really understanding exactly what you're disclosing.”

For example, self-disclosing suspected fraud in one country, that might lead regulators to find similar misconduct in other countries, can be “the kiss of death,” Marks says. “You have to go through and do your own internal investigation to make sure you cover everything.”

Self-disclosure aside, the real value in building trust is “working with, and complying with, all the different governmental entities that regulate our business,” Ludwig says. “Having that relationship is very important.”