The SEC’s Settlement with Goodyear: A Cautionary Tale
Why it matters: In a settlement announced on February 24, 2015, the SEC found Goodyear to be in violation of the FCPA in connection with bribes paid by two foreign subsidiaries, one of which came into Goodyear’s ownership through acquisition. Simply put, Goodyear had an anticorruption program in place, the bribes came to its attention arguably due to the operation of that program, and Goodyear promptly undertook comprehensive remedial actions and voluntarily disclosed the improprieties to the government. Yet, because Goodyear had allegedly failed to perform adequate due diligence during the acquisition of one of the subsidiaries and to adequately create, or ensure adherence to, FCPA-compliant programs at either subsidiary, it agreed to disgorge over $16 million for “failing to prevent or detect” the bribes.
Detailed discussion: The Goodyear Tire & Rubber Company (Goodyear), headquartered in Akron, Ohio, is a publicly traded company with subsidiaries operating in 22 countries. It is the company’s subsidiaries operating in Kenya and Angola that are the subject of this settlement.
Goodyear purchased a minority stake in a Kenyan joint venture, Treadsetters Tyres Ltd. (Treadsetters) in 2002. By 2006, Goodyear had acquired a majority stake in Treadsetters and, during the time in question, Treadsetters was an indirect subsidiary of Goodyear. After the acquisition, the day-to-day operations of Treadsetters continued to be run by Treadsetters’ founders and the local general manager. From 2007 through 2011, in a “routine” practice that “appears to have been in place prior to Goodyear’s acquisition of Treadsetters,” bribes of over $1.5 million were paid to employees of local government-owned businesses and to police, tax and other local authorities for the purpose of making tire sales. Goodyear disclosed in its 2012 10-K that these bribes were brought to its attention in June 2011 through an anonymous tip left on a confidential ethics hotline. In the settlement order, which made no mention of the ethics hotline or any compliance program in place at Treadsetters of which it may have been a part, the SEC found that “Goodyear did not detect or prevent these improper payments because it failed to conduct adequate due diligence when it acquired Treadsetters, and failed to implement adequate FCPA compliance training and controls after the acquisition.”
During the time in question, the Angolan company, Trentyre Angola Lda. (Trentyre), was a wholly owned subsidiary of Goodyear. The day-to-day operations of Trentyre were handled by a local general manager. From 2007 through 2011, Trentyre similarly paid over $1.6 million in bribes to employees of local government-owned businesses and to police, tax and other local authorities for the purpose of making tire sales. Goodyear disclosed in its 2012 10-K that these bribes were brought to its attention in July 2011 by a local Trentyre employee. Again, without referencing any compliance program in place at Trentyre that the local employee may have been following in making his disclosure, the SEC found that “Goodyear did not prevent or detect these improper payments because it failed to implement adequate FCPA compliance training and controls at this subsidiary.”
The bribery payments were found to have been falsely recorded in the books and records of Treadsetters and Trentyre as legitimate business expenses, which were then consolidated into Goodyear’s books and records in violation of Sections 13(b)(2)(A) (failure to make and keep accurate books and records) and 13(b)(2)(B) (failure to devise and maintain sufficient accounting controls) of the ’34 Act (Goodyear was not charged under the FCPA antibribery provisions). Goodyear, which did not admit to or deny the SEC’s findings, consented to disgorge over $16 million (consisting of an aggregate $14 million in illicit profits plus interest) and report over a three-year period on its FCPA and anticorruption remediation efforts and implementations.
The SEC acknowledged Goodyear’s prompt voluntary disclosure and “significant” cooperation in not imposing a civil penalty. The SEC also acknowledged Goodyear’s comprehensive remedial measures, such as promptly halting the bribes and disciplining those responsible (including executives from Europe, the Middle East and Africa that had oversight responsibility); making improvements in its compliance programs in sub-Saharan Africa and globally in terms of training, audit and oversight, including updating policies regarding third-party agents/vendors and implementing new third-party due diligence software; creating a new senior oversight position at the parent company (V.P. of Compliance and Ethics); and selling the two subsidiaries (the sale of Treadsetters was completed in 2013, and the sale of Trentyre is pending).
According to the DOJ and the SEC, the FCPA requires companies to have compliance programs in place that are designed to prevent, detect and correct bribery. In this situation, although the facts are unclear about the existence of or adherence to compliance programs that may have been in place at the subsidiaries, the bribery was, in fact, detected and corrected—Goodyear learned about the bribes through an ethics hotline in Kenya and a local employee in Angola. So, what is the FCPA takeaway from this settlement? First and foremost is the reminder that, when acquiring a foreign entity, as Goodyear did in Kenya, thorough due diligence be performed so as to expose and put a stop to any “routine” corrupt payments that the existing local management made in the ordinary course. Where due diligence is not possible and the country and/or business is “high risk,” consider putting new management in place. Second, once in place, compliance programs should be vetted, revised and improved upon on an ongoing basis to keep abreast of evolving business practices and changing mores of the local territory. It must be noted, however, that not even the most diligent good faith attempts to adhere to FCPA requirements will ultimately prevent companies from having an employee engage in an FCPA violation. There is no mitigating “good faith” defense under the FCPA, nor is there a defense of having a robust compliance program in effect as there is under the U.K. Bribery Act. Given the language used in the Goodyear consent order, maybe the time is ripe to revisit the ongoing debate within Congress and the business and legal communities as to whether the FCPA should be amended to include such a defense.
Click here to read the SEC consent order In the Matter of The Goodyear Tire & Rubber Company (2/24/15).
For more on this matter, refer to the SEC press release issued on 2/24/15.
back to top
Commerzbank Agrees to Pay an Aggregate $1.45 Bilh1on to Settle Both Sanctions Violations and Money Laundering Allegations
Why it matters: Banks are increasingly under pressure by U.S. regulators to be vigilant and enhance scrutiny of their compliance and regulatory programs, to costly results when they do not. Following last year’s $8.9 billion deal between the government and French bank BNP Paribas relating to sanctions violations, the Commerzbank settlement resolves a multi-federal and state agency investigation into activities in violation of the sanctions and money laundering statutes that allegedly should have or did come to its compliance function’s attention but were not adequately addressed.
Detailed discussion: In an agreement announced on March 12, 2015, Commerzbank AG (Germany’s second largest lender) agreed to pay U.S. and state authorities (including the DOJ, the New York Department of Financial Services, the Federal Reserve Bank, and the Manhattan DA) an aggregate $1.45 billion to settle parallel investigations into the activities of its New York branch in connection with (1) sanctions violations for doing business with blacklisted countries Iran and Sudan, and (2) money laundering transactions related to the long-running investigation of Japanese camera and medical device maker Olympus Corp. (which admitted in 1991 that it had committed accounting fraud for over a decade to conceal investment losses).
The head of the NYDFS said in a March 12, 2015, press release that “[w]hen there was profit to be made, Commerzbank turned a blind eye to its anti-money laundering compliance responsibilities. Bank employees helped facilitate transactions for sanctioned clients such as Iran and Sudan, and a company engaged in accounting fraud. What is especially disturbing is that employees sought to alter the Bank’s transaction monitoring system so that it would create fewer ‘red flag’ alerts about potential misconduct, which highlights a potential broader problem in the banking industry.”
A three-year deferred prosecution agreement and accompanying criminal information filed by the DOJ on March 11, 2015, and a consent order filed by the NYDFS on March 12 detail the particulars of both the sanctions violations and money laundering allegations against Commerzbank and its New York branch. In brief, these documents relate that from at least 2002 through 2008, employees at Commerzbank’s New York branch engaged in a series of measures, including “wire-stripping,” or deleting the identity of the parties to the transaction, so as to be able to secretly conduct business with Iran and Sudan, countries subject to U.S. sanctions. During an overlapping time period starting as early as 1999 through 2013, due to deficient and lax anti-money laundering controls, employees at Commerzbank’s New York branch helped facilitate transactions of over $1.6 billion in connection with the Olympus accounting fraud scheme. The authorities found in both instances that “red-flag” warnings generated by the compliance programs in place and/or by employees were systematically ignored.
Commerzbank was found to be in violation of the relevant provisions of the International Emergency Economic Powers Act (regarding the sanctions violations) and the Bank Secrecy Act for, among other things, willfully failing to maintain effective money laundering controls, conduct adequate due diligence on its foreign correspondent accounts, and notify banking authorities of suspicious activity.
As part of the settlement, the government required Commerzbank to implement rigorous internal controls and to install an independent monitor to conduct a thorough review of the bank’s regulatory compliance programs pertaining to its New York branch. Commerzbank was also ordered to terminate the New York branch’s head of compliance as well as four additional employees in its various finance control departments.
In a March 12 press release, the DOJ Assistant Attorney General indicated that this heightened scrutiny on banks operating in the United States will continue, emphasizing that “[f]inancial institutions must heed this message: banks that operate in the United States must comply with our laws, and banks that ignore the warnings of those charged with compliance will pay a very steep price.”
Click here to see the NYDFS consent order In the Matter of Commerzbank AG, Commerzbank AG New York Branch (filed 3/12/15).
Click here to see the criminal information in U.S. v. Commerzbank AG and Commerzbank AG New York Branch (filed 3/11/15).
For more on this matter, refer to the following:
DOJ press release issued 3/12/15
NYDFS press release issued 3/12/15
Deferred Prosecution Agreement in U.S. v. Commerzbank AG and Commerzbank AG New York Branch (filed 3/11/15)
back to top
Operation Chokepoint Is Back! Quick Settlements With the DOJ for Alleged Third-Payment Processor Consumer Fraud Schemes
Why it matters: The DOJ initiative Operation Chokepoint was basically rendered DOA after congressional hearings into questions of due process and the FDIC’s declaration in January 2015 that banks should take a case-by-case “risk-based” approach when deciding to work with a particular customer rather than having a blanket prohibition on an entire category of customers. But now, with the CommerceWest Bank and Plaza Bank settlements announced on March 10 and 12, respectively, Operation Chokepoint appears to be very much alive, but perhaps only in the context of banks that fail even the most basic risk-based customer due diligence and ignore blatant red flags that particular customers are engaging in fraud. Oh, and there is a fire truck involved as well.
Detailed discussion: The CommerceWest Bank and Plaza Bank consent decrees announced on March 10 and 12, respectively, are only the second and third such settlements reached in connection with the DOJ’s 2013 initiative Operation Checkpoint, which was intended to combat mass-market consumer fraud by investigating U.S. banks and the business they do with third-party payment processors, payday lenders and other companies believed to be at a high risk for consumer fraud and money laundering. The first settlement reached in connection with Operation Chokepoint was in April 2014 with Four Oaks Bank, which provided banking services to a third-party payment processor for high-risk Internet payday lenders. Both before and after the Four Oaks Bank settlement, Operation Chokepoint was roundly criticized for its lack of due process by imposing a chilling effect on banks doing business with, or “choking off,” a blanket category of companies without first determining whether the companies comprising the blanket category are legitimate merchants or fraudsters. Operation Chokepoint was the subject of congressional hearings in May 2014, which recommended that it be “disavowed and dismantled,” and the FDIC and DOJ both launched investigations into the initiative. Just two months ago, in a Financial Institution Letter dated January 29, 2015, the FDIC urged banks to take a “risk-based” approach on a case-by-case basis in assessing whether to do business with such companies, “rather than declining to provide banking services to entire categories of customers without regard to the risks presented by an individual customer or the financial institution’s ability to manage the risk.” After the publication of the FDIC letter, Operation Chokepoint was largely seen to be dead. But, lo and behold, along came the CommerceWest Bank and Plaza Bank settlements in March:
CommerceWest Bank: On March 10, 2015, the DOJ announced that it had reached a $4.9 million criminal and civil settlement with Irvine-based CommerceWest Bank in connection with the DOJ’s investigation into alleged consumer fraud schemes perpetrated by a third-party payment processor which was a customer of the bank. In addition to the settlement, the DOJ said that the bank agreed to a deferred prosecution agreement and a permanent injunction aimed to reform the bank’s practices to prevent such fraud in the future.
The DOJ said in its press release that it had that same day filed a criminal charge and a civil complaint against CommerceWest. The criminal information charged the bank with a felony violation under the Bank Secrecy Act for failure to file Suspicious Activity Reports, and the civil complaint alleged that the bank violated both FIRREA and the civil antifraud injunction statute.
In the press release, the representative of the DOJ’s Civil Division was quoted as saying that “CommerceWest ignored a parade of red flags indicating that a third-party payment processor was defrauding hundreds of thousands of innocent victims,” and it appears that that willful ignorance is at the heart of the settlement.
The findings, as set out in the civil complaint, show a complicated scheme: from December 2011 through July 2013, CommerceWest allegedly knowingly committed consumer fraud by permitting third-party payment processor V Internet LLC, through multiple DBAs such as Altcharge and Check Process (collectively, “V Internet”), to make millions of dollars of unauthorized withdrawals from customer bank accounts on behalf of “fraudulent merchants,” including a questionable telemarketing company and a company that charged unwitting consumers unauthorized $30 payday loan referral fees (at one point in January 2013, V Internet took over the payday loan referral fee scheme and so was operating in that case as both the payment processor and the merchant).
The findings show that the bank did some spotty due diligence on the operations of V Internet and its DBAs and merchants, but what is emphasized is the bank’s willful ignorance of what was going on. The bank was found to have continuously turned a blind eye to clear warning signs that V Internet and its merchants were defrauding consumers, including an over 50% rejection rate for the transactions at issue, many of which were accompanied by sworn affidavits by customers that the withdrawals on their accounts were unauthorized. The bank also allegedly ignored complaints and inquiries from other banks and financial institutions, many of which openly questioned the V Internet transactions as fraudulent. Notwithstanding the warning signs, CommerceWest failed to file Suspicious Activity Reports as required by the Bank Secrecy Act and even is alleged to have actively worked with V Internet to block transactions against accounts held at the complaining banks but to let all others continue.
By May 2013, senior management at CommerceWest could no longer ignore the red flags and was found to have known that the activities of V Internet and its merchants were fraudulent; however, the bank did not terminate V Internet’s access to customer accounts until July 2013, and then only when it was notified that the government was seeking an emergency injunction to shut V Internet down. Over $2.9 million was seized from V Internet’s accounts at CommerceWest. Also seized was property purchased by V Internet’s owner from the fraud proceeds, including five planes, a Land Rover, a Dodge Charger, multiple tractors and all-terrain vehicles and . . . a fire truck.
Plaza Bank: On March 12, 2015, the DOJ announced that it had reached a $1.225 million settlement with another Irvine-based bank, Plaza Bank, also in connection with an alleged consumer fraud scheme perpetrated by a third-party payment processor that was a customer of the bank. In the civil complaint filed on March 12, the DOJ found that, from its formation in 2005 through its purchase in 2009, the bank knowingly permitted fraudulent merchants, through a third-party payment processor (TPPP), to illegally withdraw millions of dollars from consumer accounts. The wrinkle here is that two of the bank’s founders and senior executives (the COO and the Chairman of the Board) had a financial ownership interest in the TPPP, a fact that they did not disclose.
Again, the findings show a complicated scheme, some highlights summarized here. As was the case with CommerceWest, red flags such as a high return rate and complaints from other banks were “brushed aside,” and the compliance officer’s requests that due diligence be performed on the TPPP’s merchants were ignored. Rather than the $10 returned check fee the bank advertised to its customers, the bank only charged the TPPP $0.50 (fifty cents) so that the high return rate had a limited financial impact on its operations. By early 2009, the compliance officer reported via email to the COO that she had been receiving numerous calls from law enforcement wanting to subpoena records regarding the “fraudulent” transactions. In another email to the COO, she reiterated that she had received 37 phone calls over a 10-day period from other banks, law enforcement, and consumers claiming fraud. Also by early 2009, Plaza management was aware that the TPPP had begun to process payments not only for its own fraudulent merchants but also for other “nested” third-party processors that, in turn, had fraudulent merchants (for which no due diligence was done). These additional fraudulent transactions generated even more complaints. The Plaza COO continued to ignore the compliance officer’s repeated emails stating her concerns, but in April 2009 he assured her that the TPPP was going to move the majority of its processing activities to another bank.
Per the findings in the civil complaint, in October 2008, in danger of being closed by regulators, Plaza agreed to be sold to a private equity firm (during the course of the purchaser’s due diligence, it was disclosed that the Plaza COO was a founder of the TPPP). As a condition of receiving regulatory approval for the sale, the purchaser would be required to install a new board and management to run the bank, and it was anticipated that the sale would close by June 2009. During this window before the sale went into effect and the new management took over, knowing that its access to the banking system would soon end (and notwithstanding that it had represented that it would move to a new bank), the TPPP increased the volume of its transactions at Plaza to nearly six times higher than its norm (6,500 in June 2009; 124,000 in July 2009). Regulatory approval for the sale was granted on June 1, 2009, and a new board and management installed shortly thereafter. The Plaza COO left the bank but the Plaza Chairman remained on the board, and both continued their financial interest in and involvement with the TPPP. The findings show that, despite learning about the fraudulent nature of the TPPP’s transactions within a month of taking over, the new management of Plaza delayed a decision for six months, until December 2009, as to whether they should terminate TPPP’s processing capability in light of the revenue generated from the high returns. In December, the new management determined that the profits it was earning from the TPPP no longer justified the risks, and it was determined that the bank’s relationship with the TPPP would be wound down. This did not occur until May of 2010, however, during which time the TPPP fraudulently withdrew an additional $55 million from consumer accounts.
In the consent decree filed on March 12, 2015, Plaza was found to have violated both FIRREA and the civil antifraud injunction statute and ordered to pay the civil penalty of $1 million plus forfeiture of $225,000.
As previously stated, it remains to be seen whether Operation Chokepoint is indeed back in the DOJ’s arsenal as a tool to combat mass-market consumer fraud in the banking industry, or whether it will only be revived in particularly egregious cases of willful ignorance such as with CommerceWest Bank and Plaza Bank. As the DOJ said in the March 10 press release: “As the civil and criminal actions filed against CommerceWest Bank today demonstrate, we will hold financial institutions accountable when they choose unlawfully to look the other way while fraudsters use the bank’s accounts to steal millions of dollars from American consumers.”
Click here to see the Civil Complaint in United States of America v. CommerceWest Bank (CV 15-0039), filed 3/10/15.
Click here to see Civil Complaint in United States of America v. Plaza Bank (CV 15-00394), filed 3/12/15.
For more on these matters, refer to the following:
DOJ’s Press Release in connection with CommerceWest settlement issued on 3/10/15
Criminal Information in U.S. v. CommerceWest Bank (SA CR No. 15), filed 3/10/15
Consent Decree in U.S. v. CommerceWest Bank (CV 15-00379), filed 3/10/15
Deferred Prosecution Agreement in U.S. v. CommerceWest Bank (SA CR No. 15), filed 3/10/15
Consent Decree in U.S. v. Plaza Bank (CV 15-00394), filed 3/12/15
back to top
Criminal RICO Indictment for Pharma Execs in Alleged Second-Degree Murder for Improper Drug Production Leading to Fungal Meningitis Deaths
Why it matters: Charging corporate executives under criminal RICO in this situation where deaths occurred as a result of alleged improper drug compounding and regulatory violations is an unusual application of the racketeering statute. If the government is successful in this case, will we see an expansion of criminal RICO charges to other situations where industrial, business and commercial misconduct or lax controls result in deaths?
Detailed discussion: In 2012, there was a nationwide outbreak of fungal meningitis. Of the 751 cases reported in 20 states, 64 patients in 9 of those states died. It was determined that the outbreak was caused by contaminated vials of preservative-free methylprednisolone acetate (MPA) that were manufactured by the New England Compounding Center (NECC), a compounding pharmacy located in Massachusetts.
On December 17, 2014, the U.S. Attorney’s Office for the District of Massachusetts unsealed a 131-count indictment in the case of U.S. v. Cadden et al., 1:14 cr-10363, charging 14 individuals connected with NECC with a variety of charges, including racketeering, mail fraud and violations of the Food, Drug and Cosmetic Act (FDA). NECC’s owner, Barry J. Cadden, and its supervisory pharmacist, Glen A. Chin, were additionally charged with 25 RICO predicate acts of second-degree murder under the laws of seven states.
In a press release issued at the time the indictment was unsealed, the government said that Cadden and Chin showed an “extreme indifference to human life” when they authorized the manufacture and distribution of MPA, which they knew to be manufactured in an “unsafe manner and in insanitary conditions, and authorized it to be shipped out anyway, with fatal results.” The government alleged in the indictment that this “extreme indifference to human life” satisfies the second-degree murder laws of the seven states where the deaths took place and thus these murders constitute the necessary predicate racketeering acts under RICO.
These 25 predicate acts on the part of Cadden and Chin were further charged in the indictment to be part of a broad racketeering scheme by NECC and its marketing arm, which served as an ongoing “enterprise” that, among other things, worked together to knowingly manufacture, sell and distribute a variety of drugs in an unsafe and unsanitary manner and shield its illicit operations from FDA oversight, all for the common purpose of obtaining money through false pretenses.
This high-profile case is one to watch as it wends its way through the courts. While civil RICO has been used by the government and private litigants in a wide variety of cases where predicate acts of mail and wire fraud are alleged, criminal RICO is typically used as a tool by the government against organized crime, street gangs and other organized criminal activity. If the government is successful in this case, will we see cases where lax business and commercial controls leading to deaths are charged under criminal RICO? The government may be fighting an uphill battle in proving that the specific elements of RICO apply in this case, however. Were the alleged 25 second-degree murders “predicate acts” in furtherance of an “enterprise” that had a common purpose of engaging in a continuous course of criminal conduct? We shall watch and see.
Click here to read the indictment in U.S. v. Cadden et al., 1:14 cr-10363 (D. Mass).
For more on this matter, refer to the press release issued on 12/17/14 by the U.S. Attorney’s Office (District of Massachusetts).
back to top