Transcript: Mike Volkov and Julie DiMauro podcast

Our senior reporter Carmen Cracknell spoke to Mike Volkov and Julie DiMauro about the FCPA.

This is a transcript of the podcast Mike Volkov and Julie DiMauro talk about the FCPA’s evolution between GRIP senior reporter Carmen Cracknell, lawyer Mike Volkov, and GRIP’s US content manager Julie DiMauro.

[INTRO]

Carmen Cracknell: Great. So we are here to talk about the Foreign Corrupt Practices Act. I am today joined by legal expert Michael Volkov and our very own Julie DiMauro. It’s great to have you both here. Michael, can you start by introducing yourself and your background a bit?

Michael Volkov: Sure. Well, thank you very much. And Julie, thank you for the invitation to join you here. It’s always a pleasure to speak to you and to catch up. I am based in the United States in Washington, D.C. and California. And then I have an outpost sometimes in Sicily. And we have a practice of about seven attorneys and we provide ethics and compliance services to companies as well as enforcement defense. We do a lot of work in the FCPA space as well as antitrust defense work. And for 25 years I was and I have a lot of gray hair and I was a federal prosecutor in the United States at the Department of Justice in Washington, D.C. And then I worked on Capitol Hill with Congress for five years and then started my own firm. So having a great time enjoying it, getting to meet people like Julie is just a pleasure and enjoy the work around the FCPA. It’s a fascinating law and staying on top of that.

Carmen Cracknell: And Julie, can you tell us about you and your background, please?

Julie DiMauro: Thanks, Carmen. I’m the U.S. content manager for the U.S. for global really intelligence and practice. And before this job, I was at Thomson Reuters for 10 years in their regulatory intelligence division and I served as a compliance officer in the marketing department of fidelity investments in Boston. Thanks, Carmen.

Carmen Cracknell: Great. So I mean, with such a diverse array of experience, I guess it would be good to start talking about what you’re seeing more of lately in terms of the FCPA, what sort of fields, what kind of cases are you encountering more of lately, what countries are involved, what’s changed in the landscape in the last year or so?

Michael Volkov: Well, I think your last reference there is probably most important. The FCPA has been on the books for close to 50 years and its aggressive enforcement really started, I would say, in the last 10 to 20 years, maybe 15 years. And what has really become pronounced is something you just referenced, Carmen, and that is that there’s greater international cooperation. So the U.S. has always worked very closely with the Brits and the serious fraud office, but that has expanded now to other relationships in Brazil, even in Switzerland and in parts of Europe, even in France and around the world. The U.S. is developing relationships with law enforcement and prosecutors across around the globe. And so we see sort of settlements or enforcement actions that involve joint international collaboration. So that’s one very big thing. There also is, because of that, greater detection. What do I mean by that? There’s a greater risk of being found and caught because you now have, let’s say, leads that come into a foreign international law enforcement agency, a foreign law enforcement agency, and then they will provide a tip or contact the U.S. and then boom, you have a joint investigation started. So that really raises risks for global companies because of sort of this international network that has started. One of the closest relationships, I like to say they came by dishonestly because it was through the car wash investigation, which is very well known in Brazil. But one of the closest relationships we see is between the U.S. and Brazil. They work almost hand in glove very closely. They have a multilateral cooperation arrangement treaty and they share information and bring a lot of joint cases together as a result of that.

Now, in terms of the types of cases and numbers of cases, this has been a slow year because we’ve only seen one from the Department of Justice and they usually have anywhere from 10 to 20 a year. And they’re usually pretty major cases. And here we’ve only had one this year, which just was recently announced. And that’s the Corfico Columbiana case. Now, before that, there was it’s, you know, whether you call it a case or not, there was an enforcement action on the enforcement of a the deferred prosecution agreement against Ericsson which we can go into a little bit more. On the other hand, the SEC side, which is the civil side, we have the DOJ doing a criminal prosecution with the Department of Justice. And on the civil side with the SEC, they’ve been busy. We’ve had six cases that have been brought by them and resolved this year. So it’s, you know, the enforcement goes up and down. I actually expected the numbers to be higher this year. And I can’t, it’s hard to figure out exactly why they are where they are. But a lot of it has to do with, you know, it’s kind of a pipeline that goes through a processing system that takes a while, particularly when you have these coordinated international actions.

Carmen Cracknell: Yeah, Julie, I know we talked a bit yesterday about Brazil, you mentioned Brazil specifically as as a country, like Mike said, that’s doing a lot of cooperation with the US. Have you noticed any other trends besides what we’ve just talked about?

Julie DiMauro: Yeah, there’s some cooperation also with the CFTC. So within the US, regulatory agencies are sharing information and actually helping coordinate investigations, which I think is very interesting as well. The other thing is that, you know, monitorships are definitely back. They have been imposed, there was a two year one, at Stericycle, a three year one at Glencore, those cases and as part of deferred prosecution agreements. And in Glencore, there was even the first certification requirement where the CCO had to also weigh in. So it was CEO and CCO had to sign off, saying that their compliance program had been remediated to such an extent that, you know, the same FCPA violation could not occur because the compliance program was far more, far more strong, you know, and the weaknesses had been cleared up. So those were interesting developments. And, you know, it’s not like they go in the DOJ or SEC and say that, you know, monitor ships are, you know, always imposed and that that’s a de facto kind of, you know, result for within these settlement agreements.

But it is on the table and they have imposed them in the last couple of years. So that has been interesting. And they keep mentioning cooperation, how important it is. So they keep bringing up, of course, their corporate enforcement policy, which outlines exactly what good cooperation looks like, placing a lot of emphasis on voluntary disclosure. So, you know, telling the agency proactively and early that you have found instances of misconduct, FCPA violations within your organization. That’s a huge prong. And then taking steps to remediate your compliance program proactively and early as well, even before, you know, someone, an agency goes in and actually makes you do it. So they are giving cooperation credit. They will mention it in their settlement agreements. You know, we took 25 percent off, 35 percent off on the penalty that they could have imposed because of the, you know, the robust cooperation that was demonstrated by the company. So those are some of the trends that I’ve seen, some emphasis on monitor ships, cooperation agreements and more interagency activity.

Carmen Cracknell: Yeah. How successful are monitor ships? Because I know you said they’re very costly for companies.

Julie DiMauro: They are. They are intrusive. They are costly. They can be a burden on companies. They definitely can. And, you know, companies can push back on them. And there was, you know, during the Trump administration, there was they were disfavored. They were not taken off the table entirely. But the DOJ specifically had said, you know, like, we’d rather use it as a very, very last option. But at the same time, you know, they have proven to be pretty effective getting an outside consultant to come in and with an independent eye, you know, shake things up a little bit and look specifically at internal controls and other areas that might have been weak points for the company.

Michael Volkov: Let me follow up on that. Julie raises a really good point about the monitorships. They’re definitely very keen on appointing monitors. And they actually have raised, you know, made the standard, I think, a little bit more difficult for companies to meet so that they will get a monitor ship. Because in the remediation process, what DOJ has used to say is, look, you got to remediate and you got to, you know, show us that you have a new program. Well, now it’s not only do you have to show us that you have a new program, they change the requirement to require a testing, specific testing of the program and you have to demonstrate that it works. And by raising the standard, raising the bar that much more, they’ve made it more likely to impose a monitor ship. The monitor ship and sterile cycle was put in in the case that Julie referred to, was put in because they hadn’t completed the testing process. And so they made it a little bit shorter. Usually they put it in for three years, but they said two years because we know you’re in the process of testing.

Now, let me also comment on Julie raised a really good point, which is monitorships absolutely improve a compliance program. If you gave truth serum to a chief compliance officer, they’ll tell you, hey, I love having a monitor. Why? Because I get anything I need for my budget will get approved. Okay. And everything that I’ve been asking for for the last five years is all of a sudden moved up and is approved. And I have various clients through the years who have gone through monitor ships. And while they got, they go through it, they belly-ache they belly-ache they complain, they’re belly-ache they do things. And then at the end of it, they’ll say, and years later, they’ll say, well, we have this kind of program here and we have this, we do this for third party due diligence, and we’re really proud of it. Well, before, if I, you know, sort of showed them a videotape of their past, they’d be complaining about it. Now they’re proud of it.

So monitorships absolutely work. I think it’s a good thing that they’re re-imposing them. And Julie’s point about how, you know, that we’re going to see more of these is absolutely true. There’s almost a question of why not? Why should we not impose a monitor as opposed to why should we?

Carmen Cracknell: Yeah. And Julie, we talked a bit before also about CEO and CCO compliance certifications, and how these go hand in hand with monitor ships. Can you just elaborate a bit on that and explain how they fit in?

Julie DiMauro: Yeah, so it got the attention when Kenneth Polite at the Department of Justice proposed the whole idea of a concept behind having the CCO involved in certifications. It used to be the remit of the CEO, you know, like this is the compliance program is from remediated, you know, and the same problem shouldn’t reoccur because the changes that we put in place. But Kenneth Polite who used to be a chief compliance officer before he went to the DOJ, and he just left to actually go to a law firm, but recently left. But when he articulated the policy, he said, we want CCOs to have a seat at the table. We want them to be able to weigh in on this is their environment, right, compliance programs and how they’re run. We want them to say that the program has been remediated substantially to meet the four corners of the settlement agreement. So so there was some pushback on it. Some people were critical of the fact and some good compliance officers were critical of the fact that he was asking them to have this new responsibility because they were fearful of their own personal liability and they were fearful that, you know, something would go wrong, they would be blamed.

The CEO is very highly compensated for their work, much more so than the traditional CCOs. And they are normally compensated for taking that type of risk, right, and having that kind of skin in the game. The CCOs were a little bit afraid and they asked the Department of Justice like, can you please clarify what that requirement is? And Kenneth Polite Lisa Monaco, and a number of different officials at the DOJ further clarified that they were not trying to, you know, put a target on CCOs backs. They expected collaboration among departments within the institution itself to help them get to the point of certification that they weren’t doing it alone, the CEO and CCO, and that they didn’t mean it to be, you know, a gotcha type situation. So that might have, you know, eased some concerns, but they are using it. And the certifications are really important in so far as saying, you know, like, listen, we are much stronger because we’ve had a monitor look at these things, or we ourselves without a monitor imposed brought in some outside expertise. We, you know, changed accounting protocols. We had instituted new training. We have third party risk management tools that are much better technology even that is helping us enhance our TPRM programs. And those types of certifications and look backs and affirmations that you’ve made these changes are very important. Mike, would you like to add to that?

Michael Volkov: Yeah, no, I was going to say it’s really, it’s more controversial than the DOJ would like. And I think, look, what it requires if I’m a CCO, I’ve got to really do my own due diligence and document exactly what my certification is based on and the information that I have. And, you know, Julie hit the nail on the head in terms of, hey, it’s easy for a CEO to do this, but they do it all the time. They certify the financial statements every year. And they are subject to criminal prosecution if it’s a broad one. So, CCOs are not used to being in this hot seat. I think the intent was right. The execution here, I think, is a little bit more controversial. And, you know, they tried to reassure and hold hands in sing Kumbaya with the chief compliance officer community. But I think, you know, chief compliance officers are very, you know, ethical people. And when they put their name on something and signs off something, they want to make sure it’s accurate. So we’ll see how it plays out. I mean, it’s really in the Glencore Stericycle situation, those cases that, and it comes up at the end of the deferred prosecution agreement. So in three years, you know, they’re going to have to sign. And the question is, will they or will they not? And, you know, they better be sure about what they’re attesting to, as my bio-advising. We’ll see how that plays out. I mean, I think the fact is, and we’ll get to this topic a little bit, but DOJ has raised the bar probably the most significant thing besides the changes to the corporate enforcement policy that Julie mentioned earlier.

And I think Julie would probably agree with me on this, is that they’ve raised the bar on a lot of compliance issues, ethics and compliance programs and expectations that they have for companies now. If you come in, for example, let’s just say, unfortunately, you have to deal with DOJ and you come in and you say, we don’t have an automated platform for our third party risk management. The response you’re going to get is in credulity. They’re going to look at you like you got to be kidding me. You’re still doing this on paper. And I think the expectation across the board, and we can talk a little bit more about where in particular, is that DOJ is going to expect companies to improve their compliance game. And if you don’t, you’re really taking a huge risk with regard to that because the expectations are higher, but there are other stakeholders in the global economy these days, including customers, shareholders, whatever that are demanding more ethical and compliance resources. And people want to see a company that is ethically operated. And I think the DOJ is taking advantage of that attitude right now to say, here’s what we expect when you claim to have an effective ethics and compliance program. And they’ve definitely raised the bar. And this is a history of DOJ in this area from the 90s on has been to raise the expectations game with regard to compliance.

Carmen Cracknell: Yeah. So regarding third party risk management, what are businesses still getting so wrong with that, especially given that we now have better technology, regulators have higher expectations in that area. What’s going wrong?

Michael Volkov: Well, I mean, I could say there’s still companies and I just, I was just at a conference talking about this. And I still would meet companies where they are, don’t have an automated platform and automation is just critical. You have to have it nowadays. There’s so much information that’s generated by a compliance program that you better have automated tools to help you to manage those. And the second point I would make with regard to third party risk is there’s also a sort of false comfort that occurs these days where let’s say you subject your third parties to some kind of due diligence scrutiny, you know, based upon risk and that they’re onboarded. And then you think to yourself, okay, I don’t have to see these people again, or worry about this until they’re up for renewal three years from now. And that’s exactly the wrong attitude to take. And what I think where people are finally putting more resources in, and there’s a lot of cutting edge sort of techniques being used is how do you monitor your third party? How do you make sure that your third parties aren’t veering off and engaged in bribery? And, you know, 90% of all FCPA enforcement actions settlements involve third party misconduct.

Well, if that’s true, take your high risk third parties in the most in the high risk jurisdictions and watch over them. Look at the transactions that are being conducted. Make sure you’re testing and monitoring these for adequate justifications for what money is passing through the system. And here’s a profound grasp of the obvious bribery takes money. And you got to get money, you steal it from the company for improper purposes to pay bribes. Well, though you have to have controls in place for that. And for that reason, I don’t see companies spending enough time in terms of the monitoring and auditing process and ongoing activities. I’ve seen some companies come up with some actually really cutting edge stuff on sort of high risk management of your high risk partnerships with the business where compliance in the business will regularly review the third party and the third party activity. So I think it’s becoming a more proactive game. And number two, there’s now, because you’re getting more data, there’s going to be more data analytics expectations from the Department of Justice and from the SEC. And so companies have to raise their game in that area as well. But that what do you think, Julie, in terms of third party risk?

No, that was excellent. Thank you. I…much the same. And a lot of what I saw in these cases and we were reviewing them was the companies are not going back to the risk management protocols and testing and programs as their business evolves. And that’s a problem. The government had said when bringing the action against Rio Tinto that a third party vendor had just been hired. His only ostensible qualification was a personal relationship with a senior government official. So no other qualifications for the job, just had that relationship. So that was such an obvious red flag. I mean, either you have the incentive to do right and to hire qualified people who know how to stay clear of the FCPA violations or you don’t. And that was just an obvious problem. So either your training is lacking or you just have the wrong incentives. And then in another case, in this Phillips case, it was a medical device manufacturer. They said that their third party risk management program was not designed to scale with the business going back to my point that as your business evolves, its risks involved its size and who they’re doing business with and to what extent as that evolves over time. So do your programs such as third party risk management program. So that all still involves a lot of training, communication, updating the policies and procedures. And then what was the last point I was going to make? And then oh, I just wanted to mention that deterrence. The government has mentioned a couple of times that through their evaluation of compliance programs, corporate compliance programs, the ECCP as they call it, they’ve updated that a couple of times in the past few years as well. And they keep talking about incentives that are tied to performance goals and to compensation. So if you are incentivizing executives the right way to do the right thing to baking compliance into compensation schemes for top executives. And they mentioned that in the last kind of changes to the evaluation of corporate compliance programs document and the DOJ and I thought that was very interesting too. So maybe that will make people and companies go back and think about how these programs are evolving over time.

Carmen Cracknell: Yeah. So in terms of going back to the Department of Justice, the DOJ has updated its evaluation of corporate compliance programs as we discussed yesterday, Julie. It did this again in March with the compensation incentives and clawbacks pilot program. What else is coming up in the near future?

Michael Volkov: Well, let me address the evaluation of corporate compliance programs because Julie already mentioned probably the top headline for that was that companies now have to create what is called a compliance compensation system. And they have to look at sort of how compensation is […] incentives and what incentives are being created, what kind of sales goals are used. And then they also need to put in place some kind of disincentive program, which by disincentive I mean punishments. And by that I mean clawbacks where bonuses are taken back or any kind of deferred compensation type of arrangement, be it stock units, RSU’s, those types of things. There has to be some way to punish not only the wrongdoer, and this is the important point and DOJ is broadening this sort of initiative. They recently used this in the Danske bank money laundering case involving Estonia late last year where it’s not just being used against the person who engaged in the misconduct, but the supervisor or the supervisory person who failed to react to red flags or even to verify that people were complying with the law. And so if you have a sleepy supervisor, that sleepy supervisor is going to be subject to clawbacks. And the way department, they set up a pilot program, which we’ve mentioned, and the pilot program works in a way that to the extent you clawback funds, those funds will be reduced or be applied to reduce whatever fine or penalty the company has.

So there’s an incentive again for you to have such a program and to use it. I think the other head…well, the two other headlines from the evaluation and revisions. The other is that prosecutors have been incredibly frustrated by the absence of communications data, particularly when we get overseas, we see people using WhatsApp, WeChat, other types of programs where the company does not maintain the data. In other words, when we are doing an investigation, we got to look at WhatsApp communications. The only way we get those is by getting the person’s phone, which may be a personal device, and downloading the WhatsApp communications messages. Oftentimes, people companies can’t get access to that phone, or there may be data privacy restrictions on that. And the department has said we are fed up, we are fed up with these missing communications. So now they have required companies to figure out a system under which they’re going to maintain this data. And they have got to make sure that people aren’t using encrypted technologies, or if they are, that they obtain the data themselves. And they specifically have cited WhatsApp, they’ve cited Signal, they’ve cited WeChat, and other platforms that employees are using for their, you know, on their personal devices, and using to engage in nefarious conduct.

So here’s what is going to have to happen. In the future, you have to do a risk analysis as to your communication systems and all the systems that you’re using, and whether or not you have personal devices, or whether or not these are business devices, but people are going to have to on a monthly basis, this is what I think practically is going to occur, bring in their phone, have it downloaded, and into a central repository that the company is going to maintain. And this is going to be fascinating to see how this occurs. Because companies, if you go into an investigation type of context with the department and you say, hey, we lost all this communications, because it was all […] and, you know, it vanished, or we couldn’t get access to it, that’s going to directly affect your ability to get a settlement and the amount of money you’re going to pay. So that’s a big, big deal that reflects the prosecutor’s frustration. And now companies have to come up with creative and seek help from technologies, and from consulting and from other operations from vendors out there to try to preserve their communications, and make sure that they have it and it’s maintained and kept up to date.

And they’re going to have to keep it for at least a five-year period. And that means your storage costs are going to go up, there’s going to be some resistance from the company, from individuals, but they’re just going to have to, you know, bite the bullet here, and we’re going to see more and more sort of reform in this area. One other issue that I did want to highlight as well is DOJ’s growing frustration with human resources and CCO cooperation.

The DOJ’s hearing often that chief compliance officers have difficulty getting information from human resources and getting their cooperation. Now, I’m not saying, I’m not trying to condemn the HR departments here, but what I’m saying is there are some HR professionals that sort of drag their heels in terms of working with compliance. To me, I just don’t understand it because HR is like the natural partner for compliance. How do you stay on top of your culture? How do you know the mood of your employees? How do you know when things start to go wrong in an office? There usually are HR issues that come up first, and usually they’re a, you know, leading indicator that future bribery problems or fraud or something may occur. And I think what the first step that DOJ did several years ago in 2020 was to mandate the sharing of information with compliance across the organization because HR was not necessarily sharing as much as they should, and DOJ grew frustrated with that and they mandated that.

Well, now they’re also mandating tracking of all HR issues through your hotlines and the sharing of that information across the organization, including with compliance and including with regard to investigations, including with regard to resolutions and making sure that there’s consistent discipline that’s handed out across the organization. And I think this is another big issue that there has to be sort of a, I would like to say a remarriage or let’s call it a renewal of their vows to be close and to work closely with each other between HR and compliance. But those are the big issues I think that we saw out of the evaluation of corporate compliance program.

Julie DiMauro: You also need internal processes in place. And these are hard conversations for compliance officers to have, right? Because you’re talking to people about how they’re using their personal devices. You’re talking to them about how they’re working from home, because a lot of times they are at least on a temporary basis or part-time basis, hybrid arrangements, working from home. And you’re reminding them of what to do with conversations that they’re having with people. Again, these are not the type of compliance topics that might have been top of mind 10 years ago and how to use your personal device. But now we need to discuss these things. How are you storing these things? This is not, I mean, you have a three-minute conversation with someone. You might not think that it’s that substantive that thinking about record-keeping obligations, but you need to. And a little text message that you sent on the fly, we’re having a Zoom conversation and these things are recorded.

So it’s extremely important. I was really impressed that not only have they done a sweep in terms of enforcement activity in this area, several different sweeps involving multiple companies, but regulators are now just expressing pure exasperation. Commissioner Romero at the CFTC, she just was like, “I don’t understand why it’s still happening.” So they baked it right into their evaluation of corporate compliance programs when they updated it in spring. And they said, “Listen, this is a federal messaging for business communications. This is what you need to get on top of this. Large, medium-sized, small businesses, you’re all subject to it.”

Michael Volkov: Let me, if I can make a point here, and I don’t want to veer off a topic on the FCPA, but Julie’s point is so important because recently, the business surveys that are being done with regard to risks right now, top of mind, FCPA, anti-corruption is always in the top three. But right now, the number one is cybersecurity, ransomware and data privacy. And corporate boards are increasingly focused on this. Everybody has to get on top of this issue because corporate boards are, they recognize that this is their number one risk. Now look what just happened, for example, with the MGM brand, data breach. That thing, they shut down the business. I mean, the casinos were shut down. People couldn’t check into their rooms. And all I’m saying is everybody knows that this is top of mind. So when DOJ comes in and says, “Look, you got to preserve these records. You got to know where your data is. What kinds of data? Where is it? Where is it being stored? And where are vulnerabilities here?”

So this ties into a bigger issue, which is basically, in this high-tech world, you better up your game with regard to high-tech resources and high-tech capabilities in terms of vulnerabilities, risks, and how you’re operating. We’re not operating anymore in a paper economy. We are now operating in a different economy. And I think prosecutors are pushing. And so are regulators, as Julie really pointed out. And I’m just saying stakeholders across the board are saying, “You guys better be up on this stuff.” So DOJ is just playing a small part in this. But across the administration, there’s no doubt that demands and expectations with regard to cybersecurity and the ability to fight off ransomware is just critical these days.

Carmen Cracknell: Yeah. Did you want to, Julie, talk a bit about what counts as voluntary self-disclosure? Have we addressed that at all? I don’t think we’ve done it.

Julie DiMauro: Yeah. I mean, all I’ll say is that there’s just this expectation that you’re going to have prompt disclosure as soon as you have substantive evidence within your organization that misconduct has occurred. So they obviously understand that you have to do a little bit of an internal investigation to truly uncover it and verify that that has occurred and when it occurred and who’s involved. But that you make a prompt disclosure. It is probably the hardest prong for companies in terms of the different prongs within the Cooperation Agreement framework. And it’s controversial and it’s hard to decide when to do it, when to volunteer this information and how much. But I have to say, DOJ is prepared to reward you for it. And it is also the case too that later on, if you have not disclosed it, a lot of other problems can arise such that quite possibly the right people have not been disciplined very promptly, that maybe there was a delay in remediating the compliance program and its weaknesses. So it is in companies interest, but I don’t take it lightly that it is very hard for businesses to do it in a prompt method, to be proactive about it and fess up when they’re trying to deal with certain things on their own. But they have proven, the DOJ that they will reward a company for being prompt and proactive in that area. Mike, would you like to add to that?

Michael Volkov: Yeah, no, I agree with what Julie is saying because I want to address it in two ways. The first is your only ability to get a declination, meaning nothing, to get a slap on the wrist and don’t do it again, is to meet the voluntary disclosure requirement. And then you have to meet the other two prongs being remediation and cooperation, which usually people can meet those no matter what. It’s the voluntary disclosure requirement when the government doesn’t know about it and you have to walk in and say, hey, we want to confess. Now, that sometimes is hard for businesses and some businesses will make the calculation of, you know what, let’s fix it, let’s address it, let’s do the other two prongs and don’t tell the department about it. And if we get caught, we’re going to come in and say, hey, look, we did two parts of this, we didn’t do all three.

I think that’s penny wise and pound foolish. Oftentimes if you’ve uncovered a problem, tell the department and get the most you can from it. But let’s talk about the sublime and the ridiculous for a second. In the ABB case last year, ABB at the end of last year was the third, they were three time losers. There was their third time they got caught. Well, they uncovered for the third time a bribery scheme. So they call up, and this is the true facts here, they call up the department, the lawyer says, hey, we’d like to come in and talk to you. They don’t tell them what it’s about. They don’t tell them who it’s for, but they said, we want to come in and talk to you. And they plan to make it say, hey, we’re ABB and we have a disclosure we want to make. And in the meantime, prior to the meeting occurring all of a sudden it leaks into the press that ABB has a bribery problem. Well, guess what? They didn’t get voluntary disclosure credit technically, because the investigation was publicly known, in quotes at that point, when the misconduct was disclosed by the press. And that seems to me like a little bit ridiculous, because they intended to, and they gave them almost in practice the same treatment.

But, you know, lawyers like to read rules and, you know, find distinctions that are meaningless, in my view, because the intent was there. But nonetheless, that shows you how ridiculous the voluntary disclosure, you know, sort of definition can come into play. But DOJ tried to practically apply it anyways and gave them, you know, people were incredibly surprised with the result that ABB got because they were a three time loser, the first three time loser with regard to FCPA violation.

Carmen Cracknell: Are there any other cases, notable cases that you want to discuss? I know we’ve gone through a few, but is there any you want to talk about in more detail?

Michael Volkov: Yeah, I there was a lot of controversy surrounding the Ericsson case. Ericsson was fined, agreed to a settlement, you know, of a billion dollars with a B, big B, and a billion dollars. And it was global bribery, you know, to get Ericsson’s phone systems and equipment used in various countries. Well, the issue became much more serious when after the investigation had been completed, after the resolution had occurred, the DOJ found out that there were issues that had not been investigated nor disclosed, including the most incendiary one was the allegation that they paidEricsson paid bribes to ISIS, the terrorist organization, in order to move their equipment throughout some of the regions, areas controlled by ISIS. They had to pay bribes sort of like to get protection to move their equipment and bring it into places without being subject to terrorist attacks. And that was resolved this year in the beginning of the year. And it was kind of equivocal as to whether or notEricsson was going to admit that they Ericsson always denied it for obvious reasons. The last thing a company wants to do is pay bribes to a terrorist organization.

And it was resolved. And in the end, I think that the point was, there were not only the issue with regard to ISIS, but there were other issues where that were not investigated properly, or the internal investigation did not review various documents. And it called out the conduct of the law firm involved. And that law firm is now sort of under the gun for sort of malpractice, and for not doing the right job or the right thing byEricsson and with its relationship with the Department of Justice. So it’s really, that’s an interesting case, because it’s sort of off the beaten track, in terms of how we normally sort of monitor these FCPA enforcement actions. So that one is worth a good read if you ever get a chance.

Carmen Cracknell: Yeah, I was just gonna…go ahead, Julie, sorry.

Julie DiMauro: there’s no one more case in Conrad electric utility, and something that was interesting about that case was there was no foreign bribery. There was bribery, but it wasn’t foreign. Four former executives and associates were found guilty of FCPA and conspiracy charges for trying to influence the former Speaker of the Illinois House of Representatives to help pass legislation that would be favorable to the electric utility company. So no allegations of corruption involving foreign officials there. Just Illinois State ones, which is interesting. But the authorities got them on the fact that FCPA accounting provisions that they had changed the books and records of the firm, the accounting of the firm, the ledgers, saying that you could still be liable under those, even in the absence of foreign official being involved.

So it was just a reminder of the risks associated with payments to lobbyists and consultants who are closely connected with elected officials or their family members.

Carmen Cracknell: And what are your both of you, in which ever order you prefer, what are your predictions for the coming year?

Julie DiMauro: Take it away, Mike.

Michael Volkov: Okay, well, for the next year, what I think we’re going to see continued aggressive enforcement. I do think it’s been a slow year for DOJ, but they will probably close out the rest of this year in a strong fashion, October and November and December. I think we’ll see several enforcement actions and settlements. For next year, I think it’s going to continue into that. I also, we’ll see more and more individuals prosecuted, and I think we’ll get up over the number of 40 a year or so who are prosecuted. We also have a big trial coming up, which is the CEO and General Counsel, Cognizant Technologies. It’s coming up for a bribery FCPA trial in New Jersey. That’s going to be an interesting case to watch because it’s coming to the trial itself. And the SEC is going to continue its aggressive enforcement as well. And I think you’re going to see some big cases coming down the road because I think there are, DOJ has a lot going on. I know they’re busy because they’ve hired more attorneys and that’s always a good sign that they are busy. And they’ve gotten very good at moving these cases and sort of focusing on the right ones. So we’re going to see this environment isn’t going to change. If anything, it’ll be even more focused on it in the next year.

Carmen Cracknell: Julie?

Julie DiMauro: I was just going to mention money laundering charges are often tacked on to FCPA ones. I think we’ll continue to see that. It is a very decent way of going after individuals. It’s a way to make it possible for the DOJ to go after the takers and recipients of bribes because the FCPA of course penalizes the giver of bribes. So Congress hopes to address that latter point about the taker of bribes issue at some point. But for now, the fallback position is to use money laundering. So I think we’ll continue to see that. I agree with Mike about the enforcement activity amount of fines. I think that we’re still in an aggressive standpoint there, stance there. And then the other thing is that a continued focus on cooperation and what good cooperation looks like, incentivizing cooperation and making the life of the regulator easier in terms of their investigation through robust cooperation. And then as Mike has pointed out throughout this conversation too, that there is the expectation that companies are using technology because the regulator is and is advertising the fact that they are. And that they expect businesses to use technology, make sure that their legacy programs are working well with newer programs and that those things are tested and people know how to use them correctly, that type of thing.

And something that Mike also just hinted at at the DOJ about how they’re prioritizing compliance within in their units themselves and talking about compliance programs a lot. In their fraud unit, they brought in a couple of very high level experienced CCOs to be in the fraud section and one of them with deep data analytics capabilities skill sets. So there’s just this growing emphasis on corporate compliance experience within regulatory agencies themselves and focusing on compliance programs within businesses as they investigate them, examine them and bring enforcement activity.

Carmen Cracknell: Awesome. Well, I have covered all the talking points that you gave me, Julie. Is there anything else that you want to talk about I’ve missed? Mike, do you have any?

Michael Volkov:: No, no, no, I think we covered everything. Nice. Yeah, those are great talking points. And I think we covered all of them. So we did everything.

Carmen Cracknell: Pretty much, I think. Great. Well, thank you both very much.

Michael Volkov: Thanks so much, Carmen.

Carmen Cracknell: Take care.

Michael Volkov: Have a great weekend, you guys. Julie, thanks as always. It’s an absolute pleasure to work with you.

Listen to the audio.