Not a good start to the year: Goodyear Tire fine and the FCPA lessons

March 3, 2015

By Julie DiMauro, Compliance Complete

NEW YORK, March 3, 2015 (Thomson Reuters Accelus) – The due diligence that companies must perform before acquiring overseas companies and the anti-bribery controls required of foreign subsidiaries came into clear focus this week when the U.S. Securities and Exchange Commission (SEC) sanctioned Goodyear Tire & Rubber Co. $16.2 million for alleged Foreign Corrupt Practices Act (FCPA) violations.

According to the SEC’s order released on Tuesday instituting an administrative settlement, Goodyear failed to prevent or detect more than $3.2 million in bribes from 2007 to 2011 due to inadequate FCPA compliance controls at its units located in sub-Saharan Africa. 

Goodyear’s bribes were generally paid in cash to employees of private companies or government-owned entities as well as other local authorities such as police or city council officials. The improper payments were falsely recorded as legitimate business expenses in the books and records of the subsidiaries, which were consolidated into Goodyear’s books and records.

A Kenya-based firm called Treadsetter’s made over $1.5 million in bribes to Kenyan government authorities, including the Ports Authority, Air Force and Ministry of Roads, the SEC said. Goodyear acquired a majority interest in Treadsetter’s in 2006, after acquiring a minority stake in 2002.

Goodyear’s wholly-owned subsidiary in Angola bribed employees of the Catoca Diamond Mine, which is owned by a consortium of mining interests including Angola’s national mining company Endiama E.P. and Russian mining company ALROSA.

As part of this enforcement action, the SEC has ordered Goodyear to report to the agency at least once a year for three years about “the status of its remediation and implementation of compliance measures.”

The agency credits the company in its order with taking prompt, remedial acts to stop the transgressions and assist in the investigation, including taking disciplinary actions against certain employees and implementing a new case-management system so legal, compliance and audit can now document and track complaints and investigations.

The SEC said Goodyear has disciplined certain employees, “including executives of its Europe, Middle East and Africa region who had oversight responsibility, for failing to ensure adequate FCPA compliance training and controls were in place at the company’s subsidiaries in sub-Saharan Africa.”

Goodyear has also just created a senior position of Vice President of Compliance and Ethics, “which further elevated the compliance function within the company,” the SEC said.

Lessons learned

Acquiring a business — and all of its compliance program limitations. A buyer of a company can end up buying the target company’s problems — from its ineffective policies, controls, training and hiring standards to its overall lack of a strong compliance ethos. The DOJ and SEC recognize successor and third-party liability in the context of the FCPA such that those firms acquiring other businesses with preexisting anti-corruption problems can become responsible for violations of anti-corruption laws that took place prior to the acquisition.

Referring to Treadsetters, the SEC noted: “Goodyear did not detect or prevent these improper payments because it failed to conduct adequate due diligence when it acquired Treadsetters, and failed to implement adequate FCPA compliance training and controls after the acquisition.”

One of the first steps to take is a complete assessment of the risks inherent in the M&A transaction before consummation. This involves writing questionnaires to the company’s executives in which you ask them to detail and share copies of their firm’s anti-corruption policies and procedures, personnel training mechanisms, testing of the policies and procedures and then doing an in-person, onsite visit that involves a deeper dive into their anti-corruption program.

The inquiry and investigation should elicit information about the company’s understanding of and compliance with the FCPA and the anti-bribery laws of other countries. A review of the persons from the (future) acquired entity who will be interacting with government authorities must be performed, such as whether they have ever been charged with a bribery offense, have had substantive and recent training on the laws and don’t trigger any other red flags.

There should also be an examination of the firm’s compensation and bonus schemes to make sure it does not reward bribery and other illicit transactions and a review of the consultants it has used and plans to continue using, so your firm can evaluate their adherence to the law.

The next stage would encompass a written contract that contains representations and warranties that the potentially acquired firm’s executives understand the law, are in compliance with the law, and will adopt new or strengthen existing anti-corruption policies, procedures, controls, monitoring, testing and training such that they align with the (future) parent firm’s program. The contract should mandate that it immediately report any possible violations to the parent company, give the parent the right to audit the books and records of the acquired firm at any time and to take immediate disciplinary actions against individuals that violate the company’s policies.

These steps provide the acquiring firm the ability to document its actions taken require full compliance by the target acquisition with the FCPA.

If a company has reason to believe the target of an acquisition has prospective FCPA liability exposure, the acquiring firm can use the FCPA Opinion Procedure Regulations to obtain an opinion of the Attorney General as to whether certain specified (not hypothetical) conduct conforms with the DOJ’s enforcement policy regarding the anti-bribery provisions of the FCPA.

Due diligence after the acquisition is equally important, including analyzing questionable facilitation payments, gifts and entertainment expenses, performing ongoing audit of financials and analyzing the steps the acquired firm is taking to synch up its anti-corruption program with the parent firm’s. And, as importantly, the parent firm must ensure that the acquired firm has more than just a policy in writing and actually has one in practice — with the correct no-tolerance stance that is evident in its monitoring and training of employees, avenues for employees to report possible violations of the rules, and in its contracts with vendors it employs.

Policies are good, controls make them work. At Trentyre, the SEC said, the bribery scheme was put in place by the firm’s former general manager. It said the firm falsely marked-up the costs of its tires to generate funds for the bribes, and falsely recorded the bribes as payments to vendors for legitimate costs. “Goodyear did not prevent or detect these improper payments because it failed to implement adequate FCPA compliance training and controls at this subsidiary,” the SEC said.

To ensure compliance with the FCPA, the control environment must be consistently monitored, and in a way that prevents management override. Creating a documented anti-corruption program does not in and of itself create a control environment. The program needs to be tested in every location where the company’s business is located — as well as inside its vendors and business suppliers.

Firms must conduct risk-control assessments that enable them to identify and understand the risk factors typical to the industry and unique to the company.

Design of controls must take into account the risk profile of the countries where a company operates. Controls for countries or regions with high-risk profiles should include greater oversight of accounting and purchasing functions.

Controls should be established to identify government-related entities and persons, particularly since the courts have taken an expansive view of what constitutes an instrumentality of a government-controlled entity. Furthermore, controls must be implemented to identify expenses related to these customers and ensure appropriate authorization is sought and received for all of them, not just the larger ones, with extra scrutiny over any made as a political or charitable contribution or to buy a license or permit.

The use of consultants as “agents” to help develop business significantly increases FCPA risk, so policies and procedures for retaining and contracting the service of agents should be developed that spell out all of the financial arrangements and purposes for each payment and identities of all parties involved.

When new businesses are acquired or new subsidiaries created, these controls must be extended to cover them, through a swift redeployment of resources and ample communication between these business units and the parent company.

Getting executive and board buy-in. Developing these processes is an enterprise-wide process that not only should include the compliance professionals of an organization, but also its corporate officers and the board of directors. Their pronouncement that compliance forms the foundation of the firm and that those who flout the rules will be held accountable — while those who abide by the rules will have this adherence factored into their performance reviews — is essential.

Building from that foundation, control activities should be continually assessed to ensure that FCPA risks have been mitigated. Furthermore, as the company evolves with new business enterprises and the changing global economy, compliance professionals must provide input into the assessment of risks associated with new operations, whether related to new business or geography.

Having a well-tested and evolving anti-corruption program will not only assist an organization in detecting and deterring violations of the FCPA, but also help in mitigating fines and penalties if violations do occur. Being able to demonstrate that top management set the proper tone and is supportive of a compliance team that is proactive in monitoring for compliance with anti-corruption policies and procedures will be helpful when dealing with regulators and prosecutors and when trying to separate the actions of individuals from those of the organization.

Although Goodyear said in a February 2013 SEC filing that the payments the regulator was investigating at the time would not jeopardize its overall financial condition — and this could seem true of the $16 million fine assessed on Tuesday — the financial impact of the loss in business reputation when a violation occurs can be more severe than the money penalty.

(This article was produced by the Compliance Complete service of Thomson Reuters Accelus. Compliance Complete provides a single source for regulatory news, analysis, rules and developments, with global coverage of more than 400 regulators and exchanges. Follow Accelus compliance news on Twitter: @GRC_Accelus)

No comments so far

We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/