Don’t Gamble on a Deficient Compliance Program
As part of the government’s second settlement of a multi-million-dollar anti-bribery enforcement action against the Las Vegas Sands Corp. in less than a year, the casino and resort operator must ensure it has an effective compliance program that meets detailed specifications set forth by the authorities. In addition to a mandated beefing-up of its compliance efforts, the Sands was required to pay more than $16 million to resolve two lawsuits for violations of the US Foreign Corrupt Practices Act (FCPA). The FCPA is an anti-bribery law which also requires companies to maintain accurate books, records, and accounting controls.
Combined, these related cases serve as a reminder that it’s less costly to keep current on your compliance program than to find holes in the program too late. Worse, misconduct could cause federal agencies to find the holes first and mandate the precise means of fixing them.
$700,000 “Simply Disappeared”
The Securities and Exchange Commission (SEC) charged Sands with allegedly funneling millions of dollars in off-the-books payments through a consultant in China to obscure illegal purchases. Based on many of the same facts, the Department of Justice (DOJ) also charged Sands, in this case with the crime of failing to maintain internal controls to prevent improper payments.
To settle civil charges with the SEC in April of 2016, Sands was required to not only pay $9 million, but to also hire an independent consultant to monitor the company for FCPA compliance for two years. Sands acknowledged that the civil penalty would have exceeded $9 million if not for Sands’s cooperation and remedial action, such as promptly hiring outside counsel to investigate the SEC’s charges and providing access to real-time facts, translations of documents, and interviews with foreign officials.
DOJ Non-Prosecution Agreement
In January of 2017, Sands agreed to pay the DOJ nearly $7 million in exchange for the agency’s agreement not to further pursue criminal prosecution. This represented a discount for cooperation based on many of the same factors that earned credit with the SEC, but Sands received no voluntary disclosure credit. Not only did the company fail to self-report the misconduct, but admittedly terminated a whistleblower employee in the finance department. Sands did receive credit for cutting ties with individuals implicated in misconduct, revamping its compliance program, and retaining new leadership in key programs.
In its Non-Prosecution Agreement (NPA) with the DOJ, Sands admitted that it had paid approximately $60 million to a consultant in China without keeping accurate books or maintaining internal controls that would have prevented misconduct. Payments to the consultant included $7.5 million so the gaming company could indirectly buy and operate a Chinese basketball team in violation of a local rule, among other questionable expenses. Sands also admitted that “certain senior Sands executives knew that over $700,000 paid to [the] Consultant by Sands subsidiaries had simply disappeared.”
The agreement lasts for three years, which overlaps with the two-year agreement Sands entered with the SEC in April of last year. Under the NPA, reports of the consultant hired as part of SEC settlement must now be copied and sent to DOJ in addition SEC. Sands must also submit regular reports to the DOJ on its efforts to improve compliance.
The reports, which “will likely include proprietary, financial, confidential, and competitive business information” are generally confidential with one big exception: they can be released to the public at the DOJ’s “sole discretion that disclosure would be in furtherance of the Fraud Section’s discharge of its duties and responsibilities or is otherwise required by law,” the NPA stipulates.
In the NPA, Sands agreed to continue to implement a compliance program “designed to prevent and detect violations of the FCPA and other applicable anti-corruption laws throughout its operations” and to modify its program “where necessary and appropriate” to comply with the anti-corruption laws.
To ensure that Sands’s anti-corruption program would be up to snuff, “Exhibit B” to the NPA listed certain minimum standards, which are summarized below by topic. These standards, which were mandatory for Sands, can also serve as tips to get a jump-start on any company’s compliance program:
- Ensure that directors and senior managers explicitly and visibly support compliance with anti-corruption laws
- Develop a written anti-corruption policy that applies to everyone in the company and with whom the company does business
- Assign compliance and reporting responsibility to specific senior executives and provide them with adequate resources and autonomy.
- Maintain an effective system to facilitate confidential reporting of legal or policy violations
- Provide a reliable process, and make resources available, to investigate allegations of wrongdoing
- Implement internal enforcement and discipline mechanisms to address legal or policy violations..
- Provide compliance guidance and periodic training for employees, agents, and business partners
- Maintain a system of financial and accounting procedures reasonably designed to ensure accuracy in books, records, and accounts
- Build periodic risk assessments into the compliance program, and conduct a risk-based review of the program’s effectiveness at least annually
- Institute risk-based due diligence and continuous oversight of third-party dealings, as well as of mergers and acquisitions.
Ensure Effective Compliance Now — Don’t get Caught without It
You don’t have to get nabbed for violating the law to get guidance (or, in the case of Sands, a mandate) specifying what an effective compliance program looks like. As my colleague, Karen Peterson, noted in Hallmarks of Effective Compliance and Ethics Programs, the DOJ and the SEC may discount or eliminate penalties they may have otherwise levied if the answer is “yes” to all of these:
- Is the company’s compliance program well designed?
- Is it being applied in good faith?
- Does it work?.
The last point, “does it work,” gets at whether the program is effective. An otherwise solid compliance program will not be effective if people don’t understand it or know how to apply its principles. Training is how compliance programs are effectively communicated. The DOJ and the SEC look at training when evaluating compliance programs. If the training has not been effectively communicated, the authorities are less likely to consider the compliance program (particularly, policies and procedures that ensure that the law is understood and obeyed) effective overall.
The number and dollar amounts of FCPA enforcement actions continue to climb. According to the Stanford Law School Foreign Corrupt Practices Clearinghouse, “January 2017 now ranks as the single busiest January for FCPA enforcement in the history of the FCPA.” Not only have prosecutors been busy in terms of numbers of enforcement actions; these actions have yielded increasing penalties over recent years. The FCPA Today reports that in 2016, payouts for corporate settlements reached $570,053,000 (the largest single penalty was $397,600,000), whereas individual penalties came to $42,819,950 (the largest single penalty was $42,500,000). By contrast, corporate payouts for the entire year of 2015 totaled $132,875,00.
The fate of Sands in particular, and the increasing penalties resulting from DOJ & SEC enforcement actions in general, illustrate that an effective FCPA compliance program is necessary. As part of that program, effective FCPA training can help prevent costly violations of the law, reduce or eliminate penalties when the law is violated, and communicate a robust compliance program. This is the kind of program the FCPA Guide describes, and which non-compliant companies are forced, one way or another, to beef up.
LawRoom (powered by EverFi) delivers online training to help your business meet compliance requirements both dynamically and scalably. In addition to our award-winning online courses, LawRoom delivers a robust, cloud-based learning management system to help you easily deploy and track our growing library of ethics, anti-harassment, data security and employee conduct courses.