The Panasonic enforcement action in April — resulting in $280 million in penalties and disgorgement to the DOJ and SEC — offers almost every lesson a compliance officer might want to discuss about anti-bribery programs.
First, due diligence matters all the time, and matters all the way down. As often happens with anti-bribery offenses under the FCPA, bribes were relayed to government officials through intermediaries and sales agents. Multiple agents working for Panasonic failed the company’s internal due diligence checks and parted ways with the company — and were then hired back as subcontractors, with a sales agent that had passed the due diligence.
That scenario underlines the point of what due diligence truly is: an effort to expel corrupt third parties from the enterprise permanently, rather than a simple background check to be performed at one moment in time.
If the mantra is, “Companies don’t commit crime; people working for companies do,” then due diligence programs should flag specific high-risk people and ensure they don’t work on behalf of the organization. That can require language in contracts with other third parties (to avoid subcontractor risk), follow-up audits, and similar measures.
Second, accounting controls also matter. Panasonic engaged in considerable books-and-records violations both to mask the improper payments and to inflate revenue and pre-tax income by recognizing revenue early. Panasonic ultimately paid more than $1.75 million to supposed sales agents who provided few (if any) actual services. None of that was properly recorded in the company’s books.
Moreover, Panasonic employees knew about, and concealed, the scheme to sub-contract the sales agents who had been terminated. The third party that employed those sub-contractors was paid from a Panasonic budget line under the sole control of a senior Panasonic Avionics executive, with no oversight from anyone else at the company.
Proper accounting controls are crucial to effective FCPA compliance, since they can choke off the supply of money necessary for criminal violations. For example, a company could require multiple executives to counter-sign any payment above, say, $50,000; and require documentation that the party receiving that money has delivered the services promised.
Compliance with the civil side of the FCPA (implementing strong accounting controls) supports compliance with the criminal side (not paying bribes).
Third, leadership matters if a company wants the first two issues to matter. Large organizations are always porous collections of people and business practices. Even the most exhaustive controls, policies, and procedures leave some crack where misconduct can sprout. Strong ethical leadership is the sealant that tries to fill those cracks. The absence of strong leadership does the company no favors.
In Panasonic’s case, an internal audit in 2010 flagged potential problems with high-risk agents, and that report was circulated among senior executives. No follow-up happened for years.
Panasonic didn’t disclose the misconduct voluntarily. Only when the Securities and Exchange Commission began requesting documents did Panasonic admit potential problems and begin cooperating. That said, after the investigation began Panasonic did cooperate fully, including a thorough internal investigation and providing foreign employees for interviews with the Justice Department.
The company ultimately received a 20 percent discount on its penalties, per the DOJ’s new FCPA Corporate Enforcement Policy (pdf).
Eric Lochner, pictured above, @ELochner1 is the President and CEO of global intelligence and software firm Steele Compliance Solutions, Inc. | @SteeleGlobal. Steele provides comprehensive third-party due diligence, software-as-a-service (SaaS) solutions that help organizations comply with regulatory third-party compliance requirements, and engaging compliance training. Eric has more than two decades of experience building successful global technology companies.
Steele’s Whitepaper, “Creating a Credible and Defensible Third-Party Program,” can be requested here.