United States: FCPA Compliance Lessons From The Record-Setting Siemens Enforcement Action

In December 2008, Siemens Aktiengesellschaft (Siemens) agreed to pay $800 million in combined fines and penalties to settle Foreign Corrupt Practices Act (FCPA) charges for engaging in a pattern of bribery the U.S. Department of Justice (DOJ) termed "unprecedented in scale and geographic scope." The combined fines and penalties against Siemens, a German company with global operations and shares listed on the New York Stock Exchange, are by far the largest ever imposed in an FCPA enforcement action.

The Siemens action, besides being of interest because of the size and scope of the action and the extent of the corruption in the company, teaches some important FCPA compliance lessons, including: (i) the FCPA's broad reach; (ii) the FCPA risks of utilizing third parties; (iii) the importance of a committed "tone at the top" to FCPA compliance; and (iv) the need for more than just a "paper" FCPA compliance program. Resolution of the FCPA charges against Siemens included both DOJ and U.S. Securities and Exchange Commission (SEC) enforcement actions.

The Siemens Enforcement Action and Plea

DOJ Resolution

Siemens pleaded guilty to a two-count criminal information charging criminal violations of the FCPA's books and records and internal control provisions. Although the criminal information does not include FCPA antibribery charges, it does describe approximately $1.36 billion in payments Siemens made through various mechanisms for unknown purposes or intended, in whole or in part, as corrupt payments to foreign officials. According to the DOJ, for much of Siemens' operations around the world, "bribery was nothing less than standard operating procedure," and the criminal information details improper conduct in various Siemens operating groups and subsidiaries around the world.

In addition to the Siemens criminal information, the DOJ also separately charged Siemens subsidiaries in Argentina, Bangladesh, and Venezuela, charging each with conspiracy to violate the FCPA in connection with government projects in those countries.

Siemens S.A. (Argentina) was charged with conspiracy to violate the FCPA's books and records and internal control provisions in connection with an Argentine government project. The criminal information details how Siemens Argentina used various agents and consulting companies to make improper payments to government officials involved in the project, and how certain of the improper activity took place in the United States (such as meetings in the United States during which the improper payments were discussed and payments made through U.S. bank accounts) thereby making Siemens Argentina subject to the FCPA's provisions. Payments to the third parties were accomplished through sham invoices and backdated agreements and were improperly characterized on the books and records of Siemens Argentina (which were incorporated into Siemens' books and records for purposes of preparing Siemens' year-end financial statements) as "commissions" or "business consulting fees" even though, in many cases, no legitimate services were actually provided.

Siemens S.A. (Venezuela) was charged with conspiracy to violate the FCPA's antibribery, books and records, and internal control provisions in connection with various mass transit projects in Venezuela. Siemens Venezuela was charged with using various agents and consulting companies to engage in a conspiracy to obtain or retain the mass transit projects with Venezuelan government entities through the payment of bribes to high-level government officials responsible for awarding the projects. Like the Argentine case, payments to the third parties were accomplished through sham invoices and backdated agreements and were improperly characterized as "commissions," "business consulting fees," and "shipping and marketing costs." Siemens Venezuela became subject to the FCPA because certain of the improper payments were accomplished through a U.S.-based consultant or routed through U.S. bank accounts.

Siemens Bangladesh Limited was charged with conspiracy to violate the FCPA's antibribery, books and records, and internal control provisions in connection with a digital cellular mobile telephone network for the Bangladeshi government. Siemens Bangladesh engaged consultants to pay bribes to Bangladeshi officials in exchange for favorable treatment during the project's bidding process. Siemens Bangladesh became subject to the FCPA because certain of the improper payments were routed through U.S. bank accounts, In addition, the criminal information charged that Siemens Bangladesh made direct payments to government officials or relatives of those officials in order to secure an improper advantage in connection with winning the project. Payments to the officials were improperly characterized as "commissions" and "business consulting fees."

Based on Siemens' conduct and that of its subsidiaries, Siemens entered into plea agreements with the DOJ containing the following core terms: (i) an agreement by Siemens (and the referenced subsidiaries) to plead guilty to the charges in the respective criminal informations; (ii) a total criminal penalty of $450 million (a $448.5 million fine against Siemens and a $500,000 fine against each of the three subsidiaries); (iii) a continuing obligation to cooperate with U.S. and foreign law enforcement agencies, including the investigation of potentially culpable individuals; (iv) continued implementation and testing of compliance policies and procedures; and (v) retention of an independent compliance monitor for a four-year period to ensure that Siemens implements an effective system of corporate governance, complies with all applicable law and regulations, and complies with the terms of the plea agreements.

In agreeing to fines and penalties substantially below the maximum $2.7 billion available under the advisory U.S. Sentencing Guidelines, the DOJ specifically noted, among other things, the company's "extraordinary" cooperation in connection with its investigation (and the investigations of foreign law enforcement agencies), the "unprecedented" scope of the company's internal investigation (which included virtually all aspects of its worldwide operations), and the significant remedial measures the company has undertaken.

SEC Resolution

In a parallel enforcement action based on the same conduct as that charged by the DOJ, the SEC filed a settled civil action against Siemens alleging violations of the FCPA's antibribery, books and records, and internal control provisions. The SEC alleges that Siemens violated the FCPA by engaging in a "widespread and systematic practice of paying bribes to foreign government officials to obtain business" and that the misconduct involved employees "at all levels of the Company, including foreign senior management, and reveals a corporate culture that had long been at odds with the FCPA." The SEC complaint alleges that Siemens made 4,283 separate payments totaling approximately $1.4 billion to bribe foreign government officials, and that an additional 1,185 separate payments to third parties (totaling approximately $391 million) were not properly controlled and were used, at least in part, for improper purposes, including commercial bribery and embezzlement.

The complaint contains more detail than the DOJ's criminal informations and identifies a number of specific projects where Siemens paid bribes: metro transit projects in Venezuela; metro trains and signaling devices in China; power plants in Israel; high voltage transmission lines in China; mobile telephone networks in Bangladesh; telecommunication projects in Nigeria; national identity cards in Argentina; medical devices in Vietnam, China, and Russia; traffic control systems in Russia; refineries in Mexico; and mobile communication networks in Vietnam.

The complaint alleges that Siemens made, directly or indirectly through intermediaries, improper payments in connection with at least 290 projects or individual sales in these countries. These payments, at least in part, had a U.S. jurisdictional nexus in that certain of the projects were financed by the World Bank or the U.S. Export-Import Bank, or because the payments were funneled through U.S. bank accounts, made through U.S.-based intermediaries, or were discussed in meetings in the United States or in communications (mail, e-mail, and fax) into and out of the United States.

Without admitting or denying the SEC's allegations, Siemens consented to entry of a final judgment under which it will pay $350 million in disgorgement of profits and will agree to engage in certain undertakings regarding its FCPA compliance program, including the engagement of an independent monitor for a four-year period. The SEC noted Siemens' cooperation in its investigation, its extensive internal investigation, and the remedial actions promptly undertaken by the company.

The FCPA Compliance Lessons From the Siemens Matter

The record-setting Siemens enforcement action offers several FCPA compliance lessons — not because other companies view bribery as "standard operating procedure" or have "cash desks," where employees could load up suitcases full of cash to make improper payments (facts alleged by the DOJ), but rather because of the FCPA "red flags" ignored by Siemens and its lack of an FCPA compliance ethic as it pursued business around the world.

The FCPA's Broad Reach

Despite several recent FCPA enforcement actions against foreign companies, a misperception persists that the FCPA applies only to U.S. companies. The truth is that the FCPA applies to any company, including foreign companies, with shares listed on U.S. markets (issuers), a point emphasized by various U.S. government official statements in connection with the Siemens matter. ("Simply stated, it is a federal crime for U.S. citizens and companies traded on U.S. markets to pay bribes in return for business.")

The Siemens enforcement action also shows that even non-issuer foreign companies can become subject to the FCPA's provisions if any conduct in furtherance of an improper payment takes place in the United States. This was true with respect to Siemens Argentina, Siemens Venezuela, and Siemens Bangladesh. None would have qualified as an issuer, but all of which became subject to the FCPA because certain improper conduct had a U.S. nexus; for example, meetings in the United States during which the improper payments were discussed, or use of U.S. bank accounts to facilitate the improper payments. It also is clear that U.S. regulators will not hesitate to bring FCPA books and records charges against an issuer parent corporation based on the conduct of its foreign subsidiary when the foreign subsidiary's books and records are consolidated with the issuer's books and records for purposes of financial reporting. Thus, the actions and activities occurring in overseas subsidiaries are important for the parent company to police internally.

The FCPA Risks of Utilizing Third Parties

While Siemens' conduct was (to use the DOJ's characterization) "egregious" and "systematic" and not merely the result of ineffective oversight of its foreign business partners, the enforcement action highlights the FCPA compliance risks of the use of foreign third parties to pursue business and instructs that reliance on third parties is not a shield to FCPA liability.

Because the FCPA's antibribery provisions apply not just to direct payments to foreign officials, but also to indirect payments made to "any person, while knowing that all or a portion" of such payments will be "offered, given or promised, directly or indirectly to any foreign official," companies must be cognizant of the FCPA risks of relying on foreign agents, representatives, or distributors (collectively third parties) to achieve business objectives. Like other elements of the FCPA, the knowledge requirement is broadly interpreted and can be satisfied not only when a company has actual knowledge that a third party is making an improper payment to a foreign official, but also when a company is willfully blind or consciously disregards facts that suggest an improper payment is being made by a third party to a foreign official on its behalf.

Siemens had numerous FCPA compliance failures in connection with its use of third parties, including: (i) engaging third parties with no expertise in the specific industry (i.e., a clothing company with no expertise in the power-generation industry); (ii) engaging third parties that simultaneously worked for the government entity the company was targeting for business; (iii) engaging third parties without a formal, written agreement or, if written agreements were executed (a) executing the agreements only after the company was awarded the business, or (b) using a form agreement with no substance and/or provisions calling for "success fee" payments; and (iv) paying the third party unreasonably high fees.

These FCPA red flags went undetected because, in part, Siemens rejected suggestions to create a company-wide list of third parties and to form a centralized committee to review third-party relationships. It was not until June 2005 that Siemens implemented mandatory and comprehensive company-wide rules governing the use of third parties. Among other things, these rules prohibited the payment of "success fees" and required a compliance officer to sign off on all third-party agreements.

Avoiding Siemens-like FCPA problems based on the use of third parties can best be accomplished through robust and thorough FCPA compliance policies and procedures specific to third parties. These policies and procedures should include, at a minimum: (i) pre-engagement due diligence; (ii) engagement of the third party by written agreement only with certain mandatory contractual provisions (such as third-party representations and warranties that it is not owned or controlled by a foreign government, that no foreign official holds an ownership interest in it, and that it will abide by the company's FCPA compliance policies and procedures); and (iii) post-engagement monitoring and supervision of the third party.

FCPA Compliance Begins With a Committed "Tone at the Top"

According to the SEC, at Siemens there was a "demonstrated tone at the top ... that was inconsistent with an effective FCPA compliance program [that] created a corporate culture in which bribery was tolerated and even rewarded at the highest levels of the company." The SEC complaint further alleges that "the misconduct [at Siemens] involved employees at all levels of the Company, including former senior management, and reveals a corporate culture that had long been at odds with the FCPA."

The DOJ was equally harsh in its judgment of Siemens' senior management. Among other things, the DOJ's criminal information notes that Siemens' senior management provided little guidance on how to conduct business lawfully in countries where the company had historically paid bribes, and provided few strong messages regarding business ethics, including no clear statements that the company would rather lose business than obtain it through bribery.

A committed FCPA compliance tone at the top alone is certainly not sufficient to ensure FCPA compliance. Nevertheless, tone at the top is a necessary element of an effective FCPA compliance program, and it can be shown through, among other things: (i) issuing frequent compliance messages from senior leadership, which stress that the company will seek business only in a transparent manner; (ii) including compliance metrics in leadership performance reviews; (iii) including a direct reporting structure from compliance to the board of directors enhanced with the inclusion of compliance issues on the agenda of board of directors and audit committee meetings; (iv) ensuring that senior management is reaching out and encouraging employees to bring troublesome facts to the attention of senior management; and (iv) appropriately staffing and equipping of the company's compliance functions.

FCPA Compliance Must Be More Than a "Paper Program"

The Siemens enforcement action also shows that, while written FCPA policies and procedures that are well communicated throughout the company are a necessary element of an effective FCPA compliance program, they alone are not sufficient. In fact, during a portion of the relevant period, Siemens did promulgate certain written policies and procedures aimed at preventing corruption.

However, the criminal information charges that these policies and procedures were little more than a "paper program." Specifically, the DOJ alleges that Siemens' compliance resources were small and its program understaffed given the company's extensive worldwide presence. The DOJ also noted that Siemens' compliance personnel had other full-time responsibilities besides compliance, that personnel received minimal training or direction regarding their compliance responsibilities, and that personnel were inherently conflicted because they were tasked with both defending the company against charges of wrongdoing and preventing compliance breaches. Because of these and other deficiencies, Siemens routinely: (i) ignored red flags suggesting that improper payments were being made; (ii) failed to adequately investigate or follow up on the red flags; and (iii) failed to take disciplinary action against known wrongdoers. The SEC's complaint is equally harsh in its assessment of Siemens' compliance program. It alleges that "the success of Siemens' bribery system was maintained by lax internal controls over corruption related activities and an acceptance of such activities by members of senior management and the compliance, internal audit, legal and finance departments."

The compliance lesson is that an FCPA compliance program must be real, multifaceted, and subject to periodic review and enhancement. Further, FCPA compliance is best achieved if personnel across the corporate spectrum (such as internal audit and finance, legal, sales and marketing, and human resources) are able to detect and prevent FCPA issues from occurring.

Conclusion

The FCPA compliance failures at Siemens were widespread and long-running because of the company's failure to adopt FCPA "best practices." The FCPA compliance lessons in the record-setting Siemens enforcement action should be a wake-up call to all companies conducting business in overseas markets of the need to be proactive and vigilant when it comes to FCPA compliance and of the importance of establishing a compliance ethic throughout the company.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.