DOJ Fraud Section Puts Boards of Directors on Notice Regarding “Conduct at the Top”

In February 2017, the U.S. Department of Justice (DOJ) Fraud Section published its latest guidance on corporate compliance programs with the release of the very useful document titled “Evaluation of Corporate Compliance Programs.”

While many legal and compliance scholars have rightly stated that this latest publication isn’t anything radically different than prior authoritative guidance issued by the DOJ and other organizations, what jumps out is the reframing of the well-worn expression, “tone at the top,” with the potentially more insightful, and arguably much scarier, “conduct at the top.” In a just-released Flash Report, we put forth questions and insights that illustrate the degree to which the DOJ is examining senior management and the board of directors while evaluating a corporate compliance program.

Internal Controls and Anti-Corruption Culture Are Still the Best Deterrents to Bribery

scott-moritzBy Scott Moritz, Managing Director
Protviti Forensic




In my post yesterday, I suggested penalizing companies that pay bribes where it hurts them the most: in falling stock price and market share — not just civil fines and penalties. But ultimately, it is the internal controls and anti-corruption culture that companies set in place that serve as the most effective deterrent.

While anti-corruption and its correlation with business ethics command a great deal of attention, bribery of foreign public officials and employees of state-owned companies remains an enormous challenge for companies seeking to operate ethically and within the rule of law of each country in which they do business.

In December 2014, the OECD published the Foreign Bribery Report, an analysis of the crime of bribery of foreign public officials. For those unfamiliar with the report, it is a study of 427 prosecutions of bribery offenses that have been brought in countries that are signatories to the OECD Anti-Bribery Convention, enacted in 1999. The report is a very comprehensive analysis of cases involving bribery of foreign officials, and it debunks some widely held beliefs about bribery and corruption. We covered the findings of the report in detail in a blog post back in 2014 – these findings are as relevant as ever, and I highly recommend a read.

Unfortunately, the current state of companies’ abilities to deter, detect, investigate and report fraud and corruption remains discouragingly anemic. Despite the many legal and economic incentives for companies to maintain robust anti-fraud and anti-corruption programs, most companies do not dedicate sufficient resources to adequately manage the risks of their employees and business partners paying bribes to gain unfair business advantages. This was recently confirmed in Protiviti’s 2016 White Collar Crime and Fraud Risk Survey.

For example, despite the fact that the OECD Foreign Bribery Report cited that 75 percent of the foreign bribery cases that they studied involved bribes that were paid by third-party business partners, Protiviti’s survey revealed that only 6 percent of respondents reported a high degree of confidence in their organization’s vendor fraud and corruption risk oversight. More than 35 percent of those surveyed stated that they did not perform any form of due diligence on the third parties acting on their behalf. And an equal number of respondents (35 percent) stated that they were not aware of any efforts to identify foreign government agencies, state-owned companies and public international organizations amongst their customer base.

Our findings also suggested that most companies do not perform sufficient due diligence on the corruption risk and anti-corruption practices of their acquisition targets, which often leads to the unwitting “purchase” of ongoing corruption and bribery schemes that continue, sometimes for many years, after the deal has been closed. Hiring practices is another area that has come into focus due to recent corruption enforcement actions. Here again, our survey revealed that only 34 percent of respondents could say that their organizations attempt to determine whether job candidates are family members or associates of government officials in a position to influence the award of contracts.

In order for anti-corruption efforts to be truly effective and to reduce the human suffering corruption causes, compliance professionals have to do not “just this” or “just that,” but everything: Correct misconceptions about the sources of corruption risk in order to direct resources where they would be most effective; understand where their organizations are most vulnerable in order to apply strong internal controls to these areas; and question the cultural acceptance of kleptocracy and bribery as a way of life. Until there is a highly publicized linkage between the companies that pay bribes, the corrupt regimes that favor bribe payers and the human toll that corruption and kleptocracy take in those countries, anti-corruption efforts will continue to be less than effective.

Can Improving Business Ethics Reduce Human Suffering?

scott-moritzBy Scott Moritz, Managing Director
Protiviti Forensic




Tomorrow, December 9, is International Anti-Corruption Day, a United Nations’ observance celebrated not with cake, but with a public awareness campaign to stop crooked officials from carving off a slice of the global relief pie.

There is a common misperception that bribery is a “victimless crime.” That’s simply not true. The news is filled with buildings that collapse that should not have, killing thousands due to use of substandard building materials, inaction on the part of corrupt building inspectors and morally bankrupt construction companies. There is corruption in pharmaceutical drugs, food safety, product safety, environmental pollution. Wherever there is lax government oversight of products and other commercial activity and corruption on the part of government inspectors and the companies responsible for the unsafe products, there is the very real possibility of tragedy.

While there are no direct corruption-related death toll statistics, credible research shows that 83 percent of all deaths from building collapses in earthquakes in the last three decades occurred in countries with high corruption.

UNICEF lists Angola as the number-one country in the world where children die before the age of five — one out of every six. Angola is also considered among the most corrupt countries in the world, ranking 161st out of 174 countries and territories rated by Transparency International’s Corruption Perceptions Index and scoring just 19 out of a possible 100, with 100 being the least corrupt.

Angola is rich with natural resources, including oil and diamonds. Its ruler, President Dos Santos, has ruled for 35 years, and his daughter’s wealth is estimated at $3 billion. Her wealth is widely believed to have been accumulated through the President’s having strong-armed companies that want to do business in Angola into payments to his family through his control over the country’s oil, banking, cement, diamonds and telecom industries. The country with the worst child mortality rate spends three times as much money on its military as it does on public health. There is insufficient food, lack of access to clean water, shortage of medicine or medical treatment, but the political elite, the small group of families who are allied with Dos Santos, accumulate more and more wealth.

Whether it’s buildings that collapse during earthquakes in Haiti, Turkey or Nepal, or relief supplies for natural disasters stolen in full view of the police and the military charged with ensuring they are delivered to the victims, the fact that one out of nine people in the world is starving and many millions of people don’t have access to clean water and lifesaving medical care means one thing: corruption kills.

What do these tragedies have to do with us? Given that the wealth of corrupt public officials is derived from companies seeking to curry favor, companies have an obligation to do careful due diligence to make sure they don’t contribute to the cycle of corruption. Acquisition due diligence, strong anti-corruption compliance programs and hiring practices, continuous oversight of how money in foreign markets is spent, and a tone at the top that promotes ethics and integrity throughout the organization are key.

From a consumer standpoint, much can be done also. We are increasingly seeing boycotts of companies that are revealed to use child or slave labor, or that have irresponsible environmental practices. If similar “consumer penalties,” in addition to fines and criminal penalties, are applied to companies that actively practice or simply turn a blind eye to corruption, and if these companies begin to lose market share and shareholder value as a result, maybe we’ll see the cultural change we as corruption investigators are advocating for, and the refrain “that’s the way business is done here” will become a relic of the past.

The Intersection of Bribery, Kleptocracy and Money Laundering

International Anti-Corruption Day is this Friday, December 9.


scott-moritzBy Scott Moritz, Managing Director
Protiviti Forensic




At last week’s ACI FCPA Conference, Paul Abbate, Assistant Director in charge of the FBI’s Washington, DC field office, delivered a keynote address describing the mission of the FBI’s International Corruption Squads. Their mission includes the investigation of international corruption in violation of the Foreign Corrupt Practices Act (FCPA); acts of kleptocracy, in which heads of state steal large sums of money from their country; and money laundering, in which financial transactions are undertaken either in the furtherance of criminal activity – such as the payment of bribes – or to conceal the true origins of money obtained illegally. There is an elegance to the FBI’s international corruption squads’ mission, in that corruption, kleptocracy and money laundering intersect frequently, and the tracing of illicit money will often be the key to proving bribery and kleptocracy cases.

Before we get into how bribery, corruption and money laundering are interrelated, it helps to clarify what each of those terms means.

  • Bribery is the offering or giving of something of value in order to induce the recipient to abuse his or her position in some way for the benefit of the bribe payer or the person or entity on whose behalf the bribe is being offered or paid.
  • Corruption is the abuse of one’s official position for personal gain. Most often, corruption is the act of receiving a bribe.
  • Kleptocracy is corruption on the grandest scale possible. It is when a head of state or someone acting on that person’s behalf steals large sums of money from their country’s treasury for their own personal gain.
  • Money laundering is undertaking financial transactions with either the proceeds of unlawful activity or in an effort to conceal the origins of ill-gotten money. There are three stages of money laundering: placement, layering and integration. Placement is the introduction of money earned through criminal activity into the financial system. Layering, typically, is a series of transactions undertaken solely for the purpose of obscuring the origins of the illicit money. Integration is the point at which the layering has had the effect of making the illicit money seem as if it was obtained through legitimate means.

Of the four crimes above, the one that is discussed and enforced most often, through FCPA action, is bribery. We have discussed it here, here, and here. However, the FCPA only criminalizes the supply side of bribery, i.e., when companies offer or pay bribes to foreign officials in exchange for an unfair business advantage. What’s interesting is that in recent months the FBI has begun to give voice to the less-understood “demand” side of bribery – corruption and kleptocracy – an aspect that has traditionally been left to the home countries from where corrupt officials operate.

Specifically, the FBI and the Department of Justice’s (DOJ) Asset Forfeiture and Money Laundering Section have been focusing on kleptocracy through the Kleptocracy Asset Recovery Initiative. Most notably, in July of this year (2016), the DOJ initiated the largest ever kleptocracy-related asset forfeiture action, in which allegations of the looting of billions of dollars from Malaysia’s sovereign wealth fund led to the seizing of $1 billion of assets in the U.S., the UK and Switzerland. The seized assets included luxury hotels in New York City and Beverly Hills, penthouse apartments, a private jet, and an ownership interest in the production company that produced the movie “The Wolf of Wall Street.”

The 1MDB kleptocracy civil asset forfeiture action was brought under the civil money-laundering statute in that the assets were involved in or represented the proceeds of money misappropriated from Malaysia’s sovereign wealth fund. While this is the largest civil forfeiture action to date brought under the Kleptocracy Asset Recovery Initiative, the nexus between corruption, kleptocracy and money laundering is nothing new. In fact, the whole concept of “politically exposed persons,” or PEPs, and their designation as high-risk banking customers, came about as a result of multiple scandals in which heads of state looted their government treasuries and then laundered the money through the traditional banking system. Ferdinand Marcos, Baby Doc Duvalier, Raul Salinas, Suharto, Manuel Noriega, Saddam Hussein – the list seems endless. These corrupt leaders, who famously looted the treasuries of their countries, also set the tone for corruption across their governments. In many instances, their corruption doesn’t just set the tone, but is sanctioned by them, and the bulk of the proceeds of the corrupt payments received benefit the corrupt presidents and their families.

Perhaps no case better illustrates the government’s rationale behind combining its FCPA investigative efforts with the DOJ’s ongoing anti-kleptocracy initiative than the VimpelCom case. In February this year, Dutch telecom company VimpelCom settled a DOJ and SEC investigation by agreeing to pay a combined $795 million to U.S. and Dutch authorities in connection with $114 million in bribes paid to a relative of an Uzbek government official in order for the company to enter and remain in the Uzbek telecommunications market. While the government official in this case is unnamed, the money is traced to Uzbek president Islam Karimov’s eldest daughter, Gulnara Karimova. Karimova, who at the time held control over the country’s telecom assets and the issuance of mobile phone system operating licenses, has been under house arrest for the past two years in connection with corruption allegations that she pocketed more than a $1 billion in bribe payments, including shares in the telecom companies she licensed. In addition to securing the guilty plea and deferred prosecution agreement with VimpelCom and its Uzbek subsidiary, the DOJ has filed civil actions against multiple offshore bank accounts that are alleged to belong to the unnamed Uzbek official and hold a total of $850 million. This was the largest civil forfeiture action in the history of the DOJ’s kleptocracy initiative before the 1MDB suit was filed in July.

The recent integrated approach by the FBI to FCPA, kleptocracy and money-laundering enforcement should be viewed as more than a source of shocking stories about fabulous riches obtained by power-hungry autocratic rulers in far-away countries. It should serve as an important reminder to compliance professionals and corporate executives that greed is a byproduct of human nature, enabled by the right conditions of opportunity, lack of ethics and lack of oversight. Compliance, therefore, should be more than a list of “must do” checkboxes – it should be about the moral obligation of the organization, and each individual within it, to operate ethically and to consider any unethical action holistically, from all sides and all possible consequences, in order to prevent, deter and set a tone against corruption and not contribute to the human suffering that corruption and kleptocracy cause.

Strategic Use of Email in Internal Investigations

robert-henniganmarshall-matus-rhiBy Robert Hennigan, Associate Director
Protiviti Forensic

and Marshall Matus, Engagement Manager
Robert Half Legal



When we first started talking about putting together a webinar on the role of email in internal investigations, none of us anticipated the global impact a single email investigation could have. As it turned out, our well-attended November 15 webinar couldn’t have been more timely.

We presented the webinar during International Fraud Awareness Week together with Scott Moritz, the global leader of Protiviti Forensic, and James Koukios, a partner in Morrison & Foerster’s White Collar and Anti-Corruption practice group.

Our goal was to demystify the process of email investigations. In addition to addressing some of the popular misconceptions that might cause organizations to avoid undertaking a forensic email investigation, we wanted to offer some clear and simple strategies for managing the process, based on our years of experience, both as consulting professionals and as special agents of the FBI.

We thought the webinar was necessary because we’ve heard from a lot of people who believe, incorrectly, that:

  • Due to high volume, email investigations are cost-prohibitive and overly time-consuming.
  • Email investigations are a waste of time because no employee in their right mind would put anything incriminating in an email on a company server.
  • Privacy laws give employees the right to refuse employer access to their individual work emails.

To be sure, the email universe is vast, with more than one hundred billion work-related emails sent and received each day around the globe. We’ve read that employees spend about 28 percent of their work week sending and receiving emails at a rate of 122 emails each day.

It’s easy to see how the prospect of an email investigation of, say, 15 or 20 individuals, spanning several years, could be daunting — not only because of the volume, but also because of the need to maintain the integrity of evidence, which involves following established procedures regarding the acquisition, preservation and processing of email evidence. Managing this process effectively involves striking a balance between sufficiency and overkill.

Planning an Investigation

As with most business controls and processes, the time and cost of an email investigation can be carefully managed through planning. In that regard, it is important to start with a clear understanding of what you are looking for. What is the complaint? How many people could potentially be involved? Over what time frame did the alleged activity take place? Where does that data reside? And who were the custodians of that data?

As for the misconception that employees wouldn’t leave anything incriminating on a company server, experience has shown that it happens all the time. Also, if an employee forwards work emails to a personal mobile phone or home computer, those devices are considered to be discoverable for investigative purposes. There is ample case law to establish that work emails are work product owned by the company. Most U.S.-based organizations have electronic communication policies making it clear that users have no expectation of privacy. There are a few notable exceptions that include communications covered by attorney/client confidentiality, but for the most part, electronic communication at work is fair game for investigators.

Nor do investigations have to be confrontational. Often, investigators can obtain all the evidence they need from system backups or the company email server, without having to notify employees.

Companies also have had great success leveraging email review platforms and other forensic technologies to search for keywords indicative of potential malfeasance. Newer versions of email platform tools have significant capabilities built in.

Each of our expert panelists emphasized the criticality of communication between the various players in an investigation — the review team, forensic accountants, and outside counsel — to ensure coordination, avoid redundancies and share knowledge. A good investigation will follow project management best practices, with phases of the project including data collection, data processing, data analysis and review.

There’s an art to this process that involves knowing how to select key words; when to go broad and when to go narrow; how to leverage techniques and theories from related fields, such as information retrieval; and how to use various forensic technologies. All of this was discussed in our webinar at length, and we encourage you to listen to it.

Finally, we had a number of interesting questions from the audience that followed the presentation and speakers. We will summarize some of these questions in an upcoming post. Subscribe to our blog to be sure not to miss it.

The Princeling Problem: Is Your Company Avoiding Corrupt Hiring Practices?

November 13-19 is Fraud Awareness Week. Once again, we are celebrating by highlighting the perspectives of leaders in the Protiviti Forensic practice and other fraud and anti-corruption professionals. To learn more, visit Protiviti Forensic online.


scott-moritzBy Scott Moritz, Managing Director
Protiviti Forensic




One of the more interesting threads to come out of panel discussions at Protiviti’s inaugural Foreign Corrupt Practices Act and Anti-Kleptocracy Conference this summer was a discussion of the Securities and Exchange Commission’s (SEC) crackdown on hiring the offspring of foreign officials to gain business advantage. Chuck Duross, Head of the Anti-Corruption Practice at Morrison & Foerster, Matt Tanzer, Chief Ethics and Compliance Officer at Johnson Controls, and Raja Chatterjee, Chief Risk Officer at Tishman Speyer, discussed the topic during our FCPA Compliance Success Stories panel moderated by Protiviti Director Pam Verick. Below, I’d like to offer you a recap of the perspectives they provided, with which I, and many anti-corruption advisory practitioners very much agree.

Anyone with hiring authority has likely been approached by a friend, a customer, or an important business contact, seeking to leverage the relationship on behalf of a family member seeking a job or internship. In fact, employee referrals are often encouraged and even institutionalized since such recruiting channels are a much lower-cost alternative to the use of outside recruiters. Even when the identification of candidates through referrals is not programmatic, the practice is common. Thus, the old saying: “It’s not what you know, but who you know.”

The rules are different, however, when the person doing the asking is a foreign government official, and the employment offer could be construed as “something of value” that has been offered in exchange for an unfair business advantage. Such quid pro quo arrangements fall under rules of the Foreign Corrupt Practices Act (FCPA). The practice has come to be known as the “princeling” problem — because many of the beneficiaries, especially in China, are the offspring of senior Chinese government officials, often referred to as “princelings” — and the SEC has been particularly focused on the practice.

The FCPA prohibits companies from improperly influencing foreign officials with anything of value, including cash payments, gifts, or in this case, jobs or internships.

In one high-profile case, a telecom company agreed to pay almost $8 million to settle an FCPA enforcement action for hiring relatives of Chinese government officials. In another, a major financial holding company paid almost twice that for providing student internships to family members of foreign government officials affiliated with a Middle Eastern sovereign wealth fund. The latter case raised a lot of eyebrows, because two of the internships in question were unpaid. The SEC contended that the value was in the internship itself, which was a coveted and highly competitive position.

It’s easy to see how a company could get into trouble. Executives tend to be sales-focused when meeting with clients, so there’s a natural tendency to accommodate an important business contact when they mention that a family member needs help finding a job. The resulting internal efforts undertaken on behalf of the candidate most often occur by email. Resumes are communicated by email and then are forwarded along to someone in a recruiting role along with some context as to who the candidate is. It wouldn’t be unusual if that email overstated the importance of the relationship with the business contact asking for the favor in an effort to ensure that that the candidate gets the desired attention. Those emails, which may even include the original email from the foreign official who transmitted the candidate’s resume in the first place, can make it very difficult to deny a quid pro quo. The trouble is multiplied if the business contact making the request is a foreign official who wields influence over the company’s business and especially if the candidate is not someone who meets the company’s hiring criteria for the position. This is when the FCPA gets involved.

From a compliance perspective, the key to avoiding trouble is to have a structure in place to prevent such conflicts from developing. One of the best ways to do that is through segregation of duties — separating sales from hiring decisions. Taking executives out of the hiring loop allows them to be gracious in the moment, by agreeing, perhaps, to accept a resume, but with the understanding that they have no sway in the decision-making process. Empowering the Human Resource department to function independently helps to ensure that all hiring decisions are made based on objective qualifications, independent of any business dealings.

In addition, documented policies and procedures, and a clear paper trail, can ultimately serve as a backstop in the event of, say, a whistleblower compliant. If the company has a record, it can demonstrate to investigators that the position was open, the applicant was qualified, and the hiring followed normal vetting procedures.

By and large, human resources and recruiting personnel want what is best for the organization, and they understand the importance of compliance. Aligning an organization’s hiring practices with the anti-corruption program by communicating and applying proper hiring procedures that separate the recipients of backchannel candidates from the hiring decisions may look like unnecessary hoops to jump through but can mean the difference between being the latest example of “the princeling problem” or not.

Anti-Corruption Program Post-Acquisition Integration

scott-moritzBy Scott Moritz, Managing Director
Protiviti Forensic



As mentioned in my post last week, one of the ways the Department of Justice (DOJ) determines whether or not a company has performed the required anti-corruption due diligence when acquiring an entity is looking at whether the new entity was promptly incorporated into the acquiring company’s internal controls, including its compliance program.

There are three main areas to focus on in order to successfully accomplish this integration, whether it be into your existing anti-corruption program or one that has been newly established. These are:

  1. Identifying the universe of foreign official touchpoints
  2. Fully identifying the intermediaries among third parties, and
  3. Examining hiring practices as they relate to foreign officials

Mapping Foreign Official Touchpoints

Most senior executives struggle to understand the term “foreign officials.” The designation includes not only government officials but employees of state-owned companies and public international organizations like the World Bank or the United Nations. Further, when companies look at foreign officials, the focus of scrutiny tends to be on customers, while failing to consider the various ways in which companies routinely interact with government agencies at the federal, state and local level and the ways those interactions can be problematic. It is therefore critically important to perform an exhaustive “inventory” of all of the ways that the organization may come into contact with foreign officials, not just among the company’s customer base, but through the various ways in which the company may interact with such persons in connection with meeting regulatory, legal, administrative and licensing obligations as well as any other way there may be contact, official or unofficial. Mapping these relationships, examining them and then prioritizing them in terms of the potential risk is a critically important step to successfully integrating the acquired entity into the acquiring organization and its compliance program.

Fully Identifying Intermediaries

In the overwhelming majority of FCPA prosecutions, the bribe payers are business intermediaries acting on behalf of the defendant company. It is not common practice to delve deeply into business intermediaries during pre-acquisition due diligence, and yet most FCPA risk resides within those relationships. Part of the process of identifying intermediaries is doing something similar to the mapping of foreign official touchpoints discussed above. Understanding the activities of each intermediary and determining whether and to what extent they may be interacting with foreign officials on the company’s behalf will make mitigating the potential corruption risk of the newly acquired entity a far less challenging exercise.

Examining Hiring Practices

Government touchpoints extend to the hiring of employees, interns and consultants. In several recent cases, the SEC has charged companies with FCPA violations in connection with hiring employees or interns who would not have otherwise been hired were it not for the fact that their family members were government officials in a position to award business to the defendant companies. Most companies do not include hiring practices in their anti-corruption program risk assessments, nor do they examine how a candidate was sourced and whether a prospective hire poses any added FCPA risk. While simply hiring a family member of a foreign government official does not violate the FCPA, it is the hiring decision that could eventually come under intense scrutiny. The key is ensuring that the candidate has met or exceeded all of the criteria for the position and there is no indication of a quid pro quo. Since such a hire represents heightened risk, some organizations require additional controls, such as increased levels of approval prior to extending an offer to a family member or associate of a foreign official.

In closing, acquisitive companies should seek to examine the potential FCPA risk of a prospective acquisition within the constraints of the information that is made available to them pre-close and then perform a timely, thorough risk assessment focusing on the three areas above: touchpoints with foreign officials and the acquired entity’s intermediaries – especially those who are interacting with foreign officials on the company’s behalf – and the alignment of recruiting and hiring activities with the company’s anti-corruption compliance program. It is not uncommon for a company to get more than it bargains for when buying an entity – such as ongoing fraud and bribery schemes. Being able to demonstrate the lengths the company has gone to root them out will make all the difference in the government’s determination as to whether to hold it accountable for someone else’s sins.