The recent resolution of the Foreign Corrupt Practices Act (FCPA) enforcement action against Halliburton Company (Halliburton) and its affiliated entities sends a “proceed with caution” message to any company seeking to engage a foreign agent to assist in obtaining foreign business. The action and its resolution also reinforce the importance of the minimum due diligence a company should conduct before engaging a foreign agent. Parent companies should pay particular attention to the Halliburton enforcement action because the due diligence expectations will likely apply not only to agents they engage, but also to agents engaged by all subsidiaries and affiliates over which the parent company exercises control and supervision.
Halliburton Enforcement Action
In February 2009, Halliburton, a publicly traded energy services company based in Houston and Dubai, agreed to settle a U.S. Securities and Exchange (SEC) enforcement action charging Halliburton with violations of the FCPA’s books and records and internal controls provisions in connection with a bribery scheme carried out by its former predecessor companies in Nigeria.
The bribery scheme is detailed in a parallel U.S. Department of Justice (DOJ) FCPA enforcement action against Kellogg Brown & Root LLC (a wholly owned subsidiary of KBR, Inc., a former Halliburton wholly owned subsidiary and currently a separate publicly traded company). In the DOJ enforcement action, Kellogg Brown & Root LLC pleaded guilty to a five-count criminal information charging it with conspiracy to violate the FCPA and FCPA antibribery violations. As charged in the criminal information, Kellogg Brown & Root LLC and its predecessor companies (together, KBR) were part of a joint venture (JV) in Nigeria to design, build, and expand liquefied natural gas (LNG) facilities. JV profits, revenues, and expenses were shared equally among the four JV partners. The JV’s steering committee was composed of high-level executives from each of the four member companies, including Albert Stanley, an officer and director of KBR.1 The information charges that the steering committee made major decisions on behalf of the JV, including whether to hire agents to assist the JV in winning contracts, who to hire as agents, and how much to pay the agents. The information further charges that the JV operated through three Portuguese special-purpose corporations, including a corporation (Company #3) specifically used to enter into consulting agreements with JV agents. The information charges that KBR held its interest in Company #3 indirectly rather than directly, and avoided placing U.S. citizens on Company #3’s board of managers “as part of KBR’s intentional efforts to insulate itself from FCPA liability for bribery of Nigerian government officials through the JV agents.”
The criminal conduct centered on two agents hired by the JV and on KBR’s efforts to use these agents to pay bribes to Nigerian government officials and employees of the government-owned entity responsible for awarding LNG contracts. The first agent was a citizen of the United Kingdom who used a Gibraltar-based consulting company as a vehicle to enter into agent contracts and to receive payments from the JV. The information charges that the JV paid the consulting company more than $130 million to bribe high-ranking Nigerian government officials, including top-level executive branch officials.2
The second agent was a global trading company headquartered in Tokyo and also was hired by the JV to help it obtain business in Nigeria, including by paying bribes to Nigerian officials. The information charges that the JV paid the consulting company more than $50 million to bribe lower-level Nigerian government officials, including employees of the government-owned entity tasked with developing LNG facilities.
According to the criminal information, the payments to these agents were largely orchestrated and coordinated by Mr. Stanley, and certain of the payments were made to the officials in cash-stuffed briefcases or left in vehicles parked in hotel parking lots. The information charges that these and other payments assisted the JV in securing four contracts valued at more than $6 billion.
Based on the same core conduct charged in the DOJ’s criminal information, the SEC filed a settled civil complaint against Halliburton and alleged that Halliburton (as the parent company of the KBR entities) failed to devise adequate FCPA internal controls relating to foreign sales agents and failed to maintain and enforce even the internal controls it had. The SEC alleged that Halliburton exercised control and supervision over KBR and that during the relevant time period: (i) KBR’s board of directors consisted solely of senior Halliburton officials; (ii) the senior Halliburton officials hired and replaced KBR’s senior officials, determined salaries, and set performance goals; (iii) Halliburton consolidated KBR’s financial statements into its own, and all of KBR’s profits flowed directly to Halliburton and were reported to investors as Halliburton profits; and (iv) Mr. Stanley discussed the Nigerian LNG projects with senior Halliburton officials, who were aware of the JV’s use of the U.K. agent. The SEC does not allege, however, that Mr. Stanley or anyone else at KBR told Halliburton officials that the U.K. agent would use money obtained from the JV to bribe Nigerian officials.
The SEC acknowledged that Halliburton’s legal department conducted a due diligence investigation of the U.K. agent, but it alleged that the due diligence was inadequate because Halliburton’s policies did not require a specific description of the agent’s duties and because the agent did not agree to any accounting or audit of fees received. Further, the SEC alleged that Halliburton and KBR attorneys never learned the identity of the owners of the Gibraltar-based consulting company used by the U.K. agent and did not check all of the agent’s references, some of which turned out to be false. According to the SEC, Halliburton approved use of the U.K. agent even though a senior Halliburton legal officer knew that the due diligence investigation had failed to uncover “significant information” about the agent. Although the SEC complaint does not detail the specific information not uncovered, it appears that the term refers to Halliburton’s failure to learn the identity of the owners of the agent’s consulting company and its failure to check the agent’s references. As to the Japanese agent, the SEC alleged that Halliburton conducted no due diligence and that Halliburton’s policies and procedures were deficient because the agreement with the agent was not properly scrutinized. The SEC further alleged that payments to the U.K. and Japanese agents were falsely characterized as legitimate “consulting” or “services” fees in numerous Halliburton and KBR records when, in fact, they were bribes.
In the same action, the SEC also charged KBR, Inc. with violating the FCPA’s antibribery provisions and its books and records and internal control provisions, and with aiding and abetting Halliburton’s FCPA violations. Together, Halliburton and KBR, Inc. agreed to disgorge approximately $177 million in profits obtained as a result of the bribery scheme. Combined with the $402 million criminal fine paid by Kellogg Brown & Root LLC in the DOJ enforcement action, the combined $579 million in DOJ and SEC fines and penalties against the Halliburton entities represent the second-largest FCPA settlement to date and the largest-ever against a U.S. company.
Due Diligence Standards for Engaging a Foreign Agent
It is noteworthy that the SEC’s complaint makes no mention of Halliburton having any knowledge that the U.K. agent would use money obtained from the JV to bribe Nigerian officials. Rather, Halliburton’s FCPA books and records and internal controls liability was premised on the following:
An additional striking feature of the enforcement action is that Halliburton did conduct some due diligence on the U.K. agent. This contrasts with several FCPA enforcement actions where the factual basis for the internal controls violation was the company’s complete lack of any FCPA due diligence on a foreign third party.3 Yet according to the SEC, the due diligence undertaken by Halliburton was not enough, and the enforcement action demonstrates that FCPA due diligence standards have been raised. It is not enough just to conduct “some” due diligence on foreign agents. Rather, the due diligence must be thorough, comprehensive, and designed to uncover FCPA issues. The Halliburton matter and other recent FCPA enforcement actions provide a road map for companies engaging foreign third-party agents to minimize FCPA risks.
Pre-Engagement Due Diligence of a Third Party
Prior to engaging a foreign agent, a company should: (i) require the agent to complete a detailed FCPA questionnaire; (ii) have the agent execute an FCPA acknowledgment letter; and (iii) use these materials and other information to assemble a complete and thorough due diligence file on the agent.
The FCPA questionnaire should be designed to identify any FCPA “red flags.” At a minimum, the agent should provide: (i) contact information of its owners/principals and board of directors, including percentage of ownership by each, and other businesses in which each might have an interest; (ii) information on related companies (i.e., parent or subsidiary); (iii) business, banking, and credit references; and (iv) relationships with current or former foreign officials or political parties. The Halliburton enforcement action instructs that effective due diligence does not end upon gathering this information. Rather, it requires analyzing the information and conducting appropriate follow-up inquiries. Specifically, the SEC was critical of Halliburton for not learning the identity of the owners of the Gibraltar-based company used by the U.K. agent and for not checking all of the agent’s references. In other words, half-hearted due diligence will not pass regulatory scrutiny.
The FCPA acknowledgement letter from prospective foreign agents should explain the FCPA’s requirements and the company’s commitment to FCPA compliance. Its purpose is to make clear to the prospective agent during the initial negotiation phase that the company takes FCPA compliance seriously and that it will expect the same from the agent.
In addition to a completed FCPA questionnaire and an executed FCPA acknowledgement letter, thorough FCPA due diligence should be conducted and a complete file should be created and maintained. The file should include a report summarizing the company’s due diligence efforts, the resolution of any red flags raised during the due diligence process, and a list of company personnel or counsel who performed specific due diligence activities.
At a minimum, the due diligence report should discuss: (i) why the agent’s services are necessary and whether its fees are reasonable; (ii) the agent’s business experience and qualifications; (iii) a summary of the agent’s business, banking, and credit references; and (iv) the identification and resolution of any FCPA red flags. Common FCPA red flags include: the agent is related or otherwise connected to a foreign official; the agent places reliance on political/government contacts as opposed to knowledgeable staff and investment of time to promote company interests; the agent is unwilling to agree in writing to abide by the FCPA and other relevant laws and company policies; the agent is unwilling to agree in writing to subject its fee payments to audit by the company; or the agent wants to keep the representation secret.
Engagement of a Third Party
All relationships with third parties should be memorialized in a written agreement; however, deficient FCPA due diligence is not remedied solely by contractual language prohibiting the agent from violating the FCPA. DOJ and SEC enforcement officials have suggested that a company should consider including the following provisions in its written contract with an agent: (i) agent representations and warranties that it is not owned or controlled by a foreign government and that no foreign official holds an ownership interest in it, and that it will abide by the company’s FCPA compliance policies and procedures; (ii) the right of the company to audit, at its discretion, the agent’s books and records4; (iii) the right of the company to terminate the agreement if it has a good-faith belief that the agent has made improper payments; and (iv) the right of the company to disclose the agent’s conduct to U.S. enforcement agencies. In the Halliburton enforcement action, the SEC was critical of the company because it did not have audit rights over the agent and, more generally, the company did not require a specific description of the agent’s duties.
Post-Engagement Monitoring of a Third Party
Monitoring and supervision of the agent should continue during the period the agent is engaged by the company. At a minimum, a company should have each of its agents certify, on an annual basis, that it is in compliance and will continue to comply with the company’s FCPA policies and procedures. Any red flags identified by the agent’s activities should be fully investigated and the relationship reevaluated based on the results.
The key FCPA compliance lesson from the Halliburton enforcement action is that a parent company should employ best practices due diligence not just to its own agents, but also to agents engaged by all subsidiaries and affiliates over which the parent company exercises control and supervision. In cascading FCPA due diligence policies down throughout the corporate organization, a parent company should not be guided by traditional notions of corporate law (i.e., When are the acts of a subsidiary or affiliate attributable to the parent company for liability purposes?). This is true because, when it comes to enforcement of the FCPA’s books and records and internal controls provisions, the SEC seems to have adopted a “substance over form” enforcement approach. This approach is illustrated by the Halliburton enforcement action, where the involvement of KBR (itself a subsidiary of Halliburton) in the company used by the JV to engage agents was indirect rather than direct.
Indeed, the SEC, in pursuing FCPA books and records and internal controls violations, will likely not view itself as being bound by corporate formalities and hierarchies, but rather will focus, as it did in the Halliburton action, on whether the parent company: (i) exercised control and supervision over the related entity; (ii) performed adequate due diligence over the entity’s agents; and (iii) obtained an economic benefit from the improper payments made by the entity’s agents. For this reason, parent companies with foreign subsidiaries or affiliates should particularly heed the lessons of the Halliburton enforcement action, because the due diligence standards discussed above will likely apply not only to agents it engages, but also to agents engaged by all entities over which the parent company exercises control and supervision.
1 In September 2008, Mr. Stanley pleaded guilty to conspiracy to violate the FCPA in connection with the bribery scheme. Pursuant to the plea agreement accepted by the court, Mr. Stanley will pay a $10.8 million criminal fine and faces a seven-year federal prison sentence.
2 In March 2009, the U.K. agent, Jeffrey Tesler, was criminally indicted for his role in the bribery scheme. The 11-count indictment (one count of conspiracy to violate the FCPA and 10 counts of violating the FCPA’s antibribery provisions) alleges that Mr. Tesler willfully and knowingly conspired and agreed with Mr. Stanley, the JV, and the individual JV companies, including KBR, to bribe the Nigerian officials in an effort to obtain and retain business for KBR and the JV.
3 While conducting effective due diligence is not a legal defense to an FCPA violation, a company’s failure to conduct due diligence on a foreign agent can expose a company to a “willful blindness” finding, which is sufficient knowledge under the FCPA to hold a company liable for FCPA antibribery violations based on the conduct of its agents.
4 While the enforcement agencies have long suggested that audit rights should be included in third-party contracts, they have nevertheless recognized that there may be “non-red flag” business reasons for why such provisions may not be practicable.
David W. Simon
Scott L. Fredericksen
Ivonne Mena King
Palo Alto, California
Pamela L. Johnston
Los Angeles, California