SEC Finds Violation for Failure to Require Code of Conduct Compliance
Failure to devise and enforce sufficient internal accounting controls to require compliance with a company’s business code of conduct violates the Securities Exchange Act (Act), according to a recent order issued by the Securities and Exchange Commission (SEC). The SEC imposed a $2.4 million fine against United Airlines’ parent company (United) for violating the Act’s accounting provisions when its CEO failed to follow anti-corruption and anti-bribery procedures.
Based on the same facts, the United States Department of Justice (DOJ) entered into a non-prosecution agreement, requiring United to revise and address any deficiencies in its code of conduct, policies, and procedures to enforce compliance with applicable anti-bribery and anti-corruption laws.
The violations arose from a Continental Airlines route between Newark, New Jersey, and Columbia, South Carolina, that was cancelled prior to its merger with United because it was unprofitable. However, David Samson ― a former New Jersey attorney general, a founding member of the New Jersey law firm Wolf & Samson, and former chairman of the Board of Commissioners of the Port Authority of New York and New Jersey ― had regularly flown that route to his vacation home in South Carolina.
The Port Authority operates Newark Liberty International Airport, one of United’s largest hubs. Several months after Samson became chairman of the Port Authority, he and Jamie Fox, a consultant and lobbyist for United, had dinner with United representatives. During that dinner, Samson told the United representatives that the non-stop flight from Newark to Columbia had been convenient for him to travel to his South Carolina home. Later, United told Samson that they would not reinstate the unprofitable route.
Coincidentally, around that time United sought the Port Authority’s approval to build a maintenance hangar at the Newark Airport. Seizing the opportunity to create leverage, Samson took the matter off the board of commissioner’s agenda. In an email exchange, Fox told Samson, “You have them dancing,” and Samson responded: “Good. I hope they dance my tune ― let me know if there’s a way to keep the pressure on this issue: It will save me a lot of heartache.”
On the same day that the Port Authority later approved the maintenance hangar, United’s CEO approved initiation of the Newark-Columbia route, which was aptly nicknamed the “Chairman’s Flight.” Samson pleaded guilty to a felony count of bribery and faces ten years in prison at his sentencing hearing scheduled in January 2017. Fox also faces five years in prison on charges of conspiracy to commit bribery.
Even though the United cases involved domestic bribery, the SEC’s and DOJ’s focus on code of conduct violations should draw the attention of compliance officers given the potential application for Foreign Corrupt Practices Act (FCPA) violations. Below is a summary of the best practices outlined by the SEC and the DOJ for compliance program requirements to address the code of conduct enforcement failures that facilitated bribery and corruption.
The SEC found that United’s Code of Business Conduct contained two key provisions at the time the “Chairman’s Flight” was reinstated:
- “[C]ompany policy prohibits United employees from directly or indirectly making bribes, kickbacks or other improper payments to government officials, civil servants or anyone else to influence their acts or decisions” and that “[n]o gift may be offered or accepted if it will create a feeling of obligation, compromise judgment or appear to improperly influence the recipient.”
- “In the extremely unlikely event that a waiver of the Code for executive officers would be in the best interest of United, it must be approved by the Audit Committee of the Board of Directors and promptly disclosed to the SEC or on United’s website.” [SEC Order, p. 6]
However, there was no record that written authorization to initiate the route was ever sought or obtained, leading to the SEC’s conclusion that “The South Carolina Route was initiated in violation of United’s Policies.” This failure to follow company policies violated the Act because United failed to:
- Make and keep accurate records of the transaction and use of assets, including the required written authorization
- Devise and maintain a system of internal controls to ensure that assets are used and transactions are executed in accordance with the company’s policies
During the investigation, United’s CEO, executive vice president for communications and government affairs, and senior vice president for corporate and government affairs resigned. The SEC noted that United also took these further steps to address its compliance failures:
- Improved its Ethics and Compliance Office, including creating a new senior legal position focusing on global corruption risk
- Enhanced its global code of conduct and anti-bribery/anti-corruption policies
- Conducted extensive anti-bribery/anti-corruption training
- Developed a third-party due diligence process and anti-bribery/anti-corruption compliance audit
As explained below, the DOJ’s July 2016 non-prosecution agreement requires United to take specific actions to create an effective “corporate compliance program.”
Policies and Procedures
To avoid criminal bribery and corruption charges, United paid a $2.25 million fine and also agreed to address the need for ethical leadership by creating a rigorous anti-bribery and anti-corruption compliance program that ensures:
- A high-level commitment by senior management to provide strong, explicit, and visible support and commitment to comply with laws and United’s business code of conduct
- Compliance by personnel at all levels and locations of United, as well as outside parties working on behalf of United
Specifically, the DOJ required that United’s policies and procedures address:
- Gifts, hospitality, entertainment, and expenses
- Customer travel
- Political contributions
- Charitable donations and sponsorships
- Facilitation payments
- Solicitation and extortion
Review, Oversight, and Independence
It’s well established that simply having a code of conduct is not enough and doing what’s minimally required will not produce results. Implementation is key to the success of any ethics and compliance program.
Once United adopted the necessary code of conduct, policies, and procedures, the DOJ required United to review them at least annually and update them as needed to address developments in the field and evolving international and industry standards.
Additionally, one or more senior corporate executives will be responsible for the oversight and implementation of these codes, policies, and procedures. And they will have direct reporting obligations to internal auditors, the Board of Directors, or their committees, and be given sufficient resources and authority to maintain autonomy from management.
Training and Guidance
Of course, these codes, policies, and procedures must be effectively communicated to all executives, directors, officers, employees, and appropriate agents and business partners. Therefore, United is required to provide periodic training to:
- Senior management
- Those in positions of leadership or trust
- Individuals in other positions that require such training (e.g. corporate, community, government, and congressional affairs; internal audit, sales, real estate, legal, compliance, and finance)
In addition, these individuals must provide annual certification of compliance.
And, a key support system must be put in place to provide compliance guidance and advice when necessary to individuals, regardless of their location.
The United case provides valuable lessons and a strong argument for internal compliance reviews of business conduct codes, policies, and procedures, especially given that it may signal an enforcement strategy for cases involving corruption and bribery covered by the FCPA.
LawRoom (powered by EverFi) delivers online training to help your business meet compliance requirements both dynamically and scalably. In addition to our award-winning online courses, LawRoom delivers a robust, cloud-based learning management system to help you easily deploy and track our growing library of ethics, anti-harassment, da