Juniper Network has agreed to pay $11.7 million to settle FCPA charges with the Securities and Exchange Commission, the latest in a string of cases where a company’s overseas subsidiaries exploited weak oversight of accounting policy to create slush funds for bribes. Let’s take a look.
According to the SEC settlement order, the bribery happened from 2008 to 2013. Juniper’s subsidiary in Russia, JNN Development Corp., worked with local partners in that country to increase discounts those partners would supposedly offer to customers — except, of course, those discounts never actually reached Juniper’s customers.
Instead, the local partners diverted that money into a slush fund to cover travel and marketing expenses for customers, including foreign government officials. Those customers received free trips which, to use the SEC’s words, “were predominantly leisure in nature and had little to no educational or business purpose.” That would include trips to places where there were no Juniper facilities, nor any industry conferences related to Juniper’s line of work.
At least some of these trips were directed by JNN executives, which is not surprising. More alarming is that executives at Juniper headquarters got wind of these shenanigans as early as 2009, and told JNN to knock it off — but the slush funds and the improper trips continued into 2013.
Meanwhile, during roughly the same four years, sales executives at Juniper’s Chinese subsidiaries were busy falsifying trip and meeting agendas for customer events. Again, covering up travel and entertainment spending was the goal.
The China employees submitted the bogus documents to Juniper’s legal department for approval, and said legal department did indeed approve numerous trips without adequate review and after the event had taken place, rather than before.
All of this violated Juniper’s accounting policies, and the books-and-records provisions of the FCPA. So here we are, six years later, with an $11.7 million SEC settlement to discuss. (Juniper reported in 2017 that the Justice Department had decided against any criminal prosecution.)
FCPA Lessons to Learn
The big question here is why JNN continued its slush funds and leisure trips for four years after Juniper’s senior executives discovered the misconduct and called for it to stop.
The SEC’s settlement order doesn’t provide much on that point. The order only says, “Although Juniper instructed JNN employees to discontinue these practices, Juniper’s overall remedial efforts were ineffective, and JNN employees continued these practices through 2013,” and mentions that JNN employees started orchestrating their misconduct through personal email rather than company-owned devices.
Hmmm. First, we should ponder questions about personnel. If JNN were given clear instructions not to continue with this misconduct, and it continued anyway — that’s when a parent company should start firing subsidiary executives, to demonstrate the point. (Or, more precisely, begin with a wave of anti-bribery training for all employees, so they understand what’s prohibited. Then start firing persistent wrongdoers to demonstrate the point.)
The SEC’s complaint doesn’t say whether Juniper sacked any JNN employees or not. Juniper also published a statement about the settlement that remains silent on that point. One hopes the company did.
Second, we should ponder questions about the structure of the compliance function. It seems like back then, Juniper’s compliance function was structured in a less than ideal manner. As part of Juniper’s remedial efforts, the SEC says, it “realigned its compliance function into an integrated unit, all reporting into a newly created and empowered chief compliance officer.” (Mike Ward has been chief compliance officer at Juniper since 2015.)
That implies that Juniper once had a more fractured compliance function. Whatever that structure might have been, it didn’t work. For example, if you have local compliance officers reporting to local operating managers rather than a chief compliance officer at corporate headquarters — that’s a great way for headquarters not to understand what’s really happening, while local units keep doing whatever misconduct they’re doing.
Decentralized compliance functions are a big gamble, because they can obstruct senior executives’ visibility into the organization’s true risks.
For any company with a significant compliance risk, or with multiple compliance risks that can evolve quickly — a strong compliance function, rolling into a single chief compliance officer, is paramount. That structure lets the board get a true picture of corporate activity. As we’ve seen elsewhere, a top fear among boards is that they don’t get such information. Screwy reporting structures shouldn’t be the reason that happens.
Third, we should ponder whether corporate policies and procedures support a strong compliance function. Sometimes they might not, and if they don’t, then your supposedly strong compliance function still faces an uphill battle to do its job.
For example, Juniper didn’t have a clear escalation policy so the board could quickly hear about serious compliance issues; now it does. Juniper also implemented policies that require pre-approval of non-standard discounts and of third-party gifts, travel, and entertainment. Heck, the company now even requires compliance review of certain operating expenses in some high-risk markets.
That’s all sensible. One might even be exceptionally generous and say that perhaps at the time of these offenses, not everyone understood how the lack of such policies could be so risky. I’m not one of those people, but I can see how others might be.
In today’s compliance world, however — lack of those policies would be quite dumb. They separate the compliance officer from his or her most important resources, which are power and information.
So compliance officers might want to ask themselves: OK, I have a lovely structure and reporting lines. But do company policies and procedures let me put those things to good use to reduce compliance risk?
If not, change them. Or risk taking your turn in the barrel of SEC enforcement.