In October 2021, Deputy Attorney General Lisa Monaco announced revised US Department of Justice (DOJ) guidance on corporate monitorships, signaling a sharp change in the declining trend of the tool over the past few years. (NRF has previously examined the DOJ's policy changes.) Recently, the DOJ and the US Securities and Exchange Commission (SEC) announced that their parallel investigations of a transnational medical waste services company had ended, with the company set to pay over US$84 million to the agencies for violations of the Foreign Corrupt Practices Act (FCPA) arising out of a multijurisdictional bribery scheme. Included in the terms of the Deferred Prosecution Agreement (DPA) is a requirement for the company to engage an independent compliance monitor for two years. According to the DOJ in publicly filed documents, the company was a victim of its own global success; when expanding into Latin America, it failed to sufficiently account for the implementation and scaling of internal accounting controls to prevent or detect misconduct. The DOJ stated that in the absence of sufficient controls, the company paid over US$10.5 million in bribes to foreign officials in Brazil, Mexico and Argentina to promote and benefit their business.
The DPA explains that the company first entered the Latin American market in 1997 and grew rapidly through the acquisitions of small businesses in Argentina, Brazil and Mexico. Each country's office had an executive team that reported up to a single regional executive, who was first based in the Bannockburn, Illinois corporate headquarters and later established the company's headquarters for Latin American operations in Miami in 2015. As the company continued to grow, however, the accounting processes and systems remained largely decentralized and lacked uniformity and oversight to prevent misconduct. As stated by the DOJ, under the direction of the regional executive, employees in the Brazil, Mexico and Argentina offices paid over US$10.5 million (predominantly in cash) bribes to government officials, including state-owned and state-controlled hospitals, calculated as a percentage of the underlying receivables from government customers. The DOJ maintains that as a result of the bribes, the company obtained and maintained business from these officials for government contracts and obtained authorization for priority release of payments owed under these contracts. According to the DOJ, the employees in each country tracked their bribe payments in spreadsheets and described the bribes using code words, such as "CP" or "commission payment" in Brazil; "IP" or "incentive payment" in Mexico; and "alfajores" (a popular cookie) or "IP" in Argentina. DOJ states that between 2011 and 2016, the scheme earned the company at least US$21.5 million in profits.
For the civil charges, the company will pay the SEC approximately US$28.2 million in disgorgement and prejudgment interest in addition to engaging an independent compliance monitor for two years who will report back to the SEC. For the criminal charges, the company has entered into a three-year deferred prosecution agreement with the DOJ. It will pay a US$52.5 million criminal fine that accounts for the company's post-investigation remedial measures and failure to report its violations promptly. The company's legal troubles—much like its underlying conduct—extend outside of the US. The company has also agreed to resolve investigations in related proceedings by the Controladoria-Geral da União and the Advocacia-Geral de União (Attorney General's Office) in Brazil.
These settlements are striking reminders that when examining ways to expand a business globally or reexamining a company's global reach, companies must continually return to their compliance obligations. Independent compliance monitors can become costly penalties for companies, especially when requirements to engage a monitor extend over a number of years. Investing in proper compliance programs can help companies minimize corruption risks by providing mechanisms for timely identification of concerns, investigation and remediation, as well as early opportunities to weigh the appropriateness, benefits and risks of self-disclosure should a company discover any compliance concerns. This matter also serves as a reminder of regulators' strong preferences for centralized compliance programs that are consistently applied yet sensitive to risks presented in specific regions, which can present challenges for implementation but can be key to preventing compliance issues. Plans for expansion into new jurisdictions in particular should trigger an evaluation of a company's compliance program and accounting structure as well as conversations on how the compliance program may need to be tailored to fulfill the company's obligations while operating in the new jurisdiction, how to properly train new employees on the company's policies and procedures and plans for regular auditing of the compliance and accounting programs. As companies continue to expand their operations around the globe, it is important to be aware of not only compliance obligations but the various risks posed in the applicable jurisdiction to best protect their interests.