Halliburton’s recent decision to enter into a $29.2 million settlement with the SEC over alleged FCPA violations in Angola illustrates the challenges faced by corporate compliance officers in designing and implementing an effective FCPA compliance program.
Halliburton had a sophisticated FCPA compliance program at the time of the incidents that gave rise to the recent settlement. That’s no doubt due in part to the $579 million FCPA enforcement action against it and its former subsidiary KBR in 2009 for conduct in Nigeria, and the subsequent monitorship requirement with the DOJ.
How did Halliburton become an FCPA repeat offender? I think any company would have had difficulty preventing the incidents described in the SEC’s cease and desist order (pdf) on the Angola matter.
Most third party due diligence programs would not have weeded out the local partner whose hiring created the problem.
Angola has a law requiring the use of local suppliers for a minimum percentage of contract value. Halliburton needed a local partner, and the solution in this case was a former employee who apparently was a local resident and in a position to provide real estate maintenance, travel and ground transportation services. There appears to have been a legitimate business purpose to the engagement, despite an initial attempt to set the local company up as a commissioned sales agent (which was abandoned due to Halliburton’s strict requirements around agents).
Even if this local company would not have been engaged but for the Angolan local content requirements, it still looks like services were going to be provided and the “legitimate business purpose” test for due diligence would have been met.
The local partner was a friend and neighbor of a government official who was involved in the contracting process. That is a major red flag for due diligence of course, and it would likely have ended the relationship if detected.
However, third party due diligence does not normally focus on friends and neighbors. We ask about family members, work relationships, and co-owners, but not friends or neighbors. Even a “boots on the ground” local due diligence investigation might not have discovered this friendship. It will be a significant challenge for most companies to extend due diligence programs to detect high risk friendships of this nature.
While the friendship may have resulted in some indirect benefit to the government official from Halliburton’s decision to hire the local partner, this is far from clear. The selection of this business partner seems to have been based on his previous employment with Halliburton, not his friendship with the government official.
Perhaps it is the tenuous nature of the inference of benefit to a government official in this case that led the SEC to focus on the books and records provisions of the FCPA rather than the anti-bribery provisions.
The books and records provision of the FCPA is generally understood to refer to accounting controls. However in this case the focus is on procurement controls. Internal requirements of competitive bidding were disregarded, and the company entered into a temporary consulting services agreement contrary to company procedures.
But the SEC order disregards any distinction between accounting controls and other applicable business controls such as procurement policies, apparently sweeping a broad range of possible control failures into the requirements of the FCPA. The lesson for compliance programs is that we need to monitor all our relevant business controls and make sure they are effective, not just the financial ones, especially any controls related to third parties.
While the appropriate level of due diligence and controls to address risk is specific to each organization, the Halliburton settlement indicates regulatory expectations are moving in the direction of more extensive due diligence inquiries, and increased attention to non-financial controls such as procurement controls. This creates new challenges for compliance officers as we struggle to implement programs that meet these expectations.
Steven Smart is Assistant Global Compliance Officer with ICL Group, a global minerals producer and chemical products manufacturer. He can be contacted here.