Real Meaning of the Walmart Case

All weekend I’ve contemplated what to say about Walmart’s FCPA settlement. Quick minds in ethics and compliance have already pumped out paragraph after paragraph dissecting the case, and more minds will pump out more paragraphs still, before everything is said about this landmark case.

Except, the Walmart case isn’t a landmark, really. Read the statement of facts, or the criminal information, or the non-prosecution agreement, or the accounting enforcement release, and what stands out more than anything else is the ordinariness of this resolution.

A compliance monitor for two years. A non-prosecution agreement for three. Fines and penalties of $282 million — which at first sounds like a lot, and then you remember we’re talking about Walmart, so actually it isn’t.

The praise for everything Walmart has done right since it first disclosed its FCPA troubles in 2011. The details of everything Walmart did wrong before then, from misleading invoices to vague anti-corruption policies to internal audit action plans never followed up. Compliance officers have heard all these things before. At this point, we’ve heard them many times before.

So what lessons can we learn from the Walmart case? The same lessons we’ve been learning for the last 10 years. They’re good lessons, and important lessons. Dropping the phrase “Walmart, largest company in the world” will always help when you talk about FCPA risks to your board, employees, or third parties. I’m delighted we have Walmart to dissect and discuss for years to come.

But the Walmart settlement broke no new ground for the enforcement of ethics and compliance; so no, it’s not a landmark.

It’s a bookend.

What Walmart Means to Us

I can’t help but think of what the world was like when Walmart disclosed its FCPA trouble in November 2011. Just look at the graphic below, listing some of what dominated our conversation then, nearly eight years ago. Where were you in your career? How effective was your compliance program then? How much did your board understand what to do about FCPA compliance? How much did you?

To me, at least, the Walmart case was a drama that weaved in and out of my professional life for almost the whole decade. I remember a well-known compliance officer, supposedly well-connected in Washington, telling me in 2014: “The settlement is coming soon. The number is going to be billion, with a B.” Or the rumor circa 2016 that the settlement would wrap up before the end of the Obama Administration, for somewhere around $600 million. Or the one that Walmart was digging in its heels because a criminal plea would leave it ineligible to accept food stamps.

 

For years when I wrote my annual list of Compliance Events to Watch every January, I included the forthcoming Walmart settlement — until it never came forth, and I gave up. The compliance community gave up guessing. We moved on to chatting about other big FCPA settlements like Petrobras and Odebrecht with their huge monetary penalties, or Fresenius with that kinda whacky monitorship.

In 2013 I interviewed Jay Jorgensen, the man Walmart hired as global compliance chief to clean up its operations, who told a crowd of 500 compliance officers about his first year on the job. In 2015 I interviewed his second-in-command, Daniel Trujillo, who gave the crowd an update. I misstated the number of Walmart employees at 1.2 million, and Trujillo politely corrected that it’s 2.2 million.

The company looms that large in the business world. The case has loomed that large in corporate compliance lore.

Now the Walmart settlement is done — jarring in its plain and anticlimactic conclusion, like the Game of Thrones finale or Avengers: Endame. That’s it? We’ve talked and speculated and lived with this case for so long, and now it’s over? We can’t have one more season, one more sequel?

No. The case that gave grist to the compliance mill for almost the entire decade is done. I don’t know about you, but I’ll miss it.

Look at Us Now

I also can’t help but think about the improvements we have made since the Walmart case first streaked across everyone’s attention (most famously in that New York Times expose in 2012, which won a Pulitzer Prize).

Read the statement of facts in the Walmart case, and consider the history. The Walmart executive in Mexico who blew the whistle on the company, Sergio Cicero Zapata (because of course this story would have a whistleblower, and of course his name would be colorful), made corrupt payments for Walmart in the 1990s and early 2000s. He brought the matter to Walmart’s attention in 2005. Walmart’s joint venture in China first asked about the FCPA and anti-bribery training in 2003.

Think about how weak our understanding of corporate compliance was at that time. Walmart’s troubles in Mexico stemmed from executives passing responsibility for investigating Zapata’s complaint back and forth, from Mexico to Arkansas, from legal department to local business chief, until nothing happened.

Or consider Walmart’s first global anti-corruption plan, unveiled in 2009. It was a one-page statement of principles, where local regions could then implement their own plan as they deemed best. Or look at one internal audit after another of Walmart’s internal controls, which inevitably found weaknesses that inevitably didn’t get attention.

That was corporate compliance in the 2000s. Today we’d call it inept, ineffective, and imprecise; but it passed for normal at the time.

Everything is different today. We should give a lot of credit to Jorgensen, who spent seven years at Walmart building a world-class compliance program. He gave a few comments to an article in Corporate Counsel over the weekend and captured the evolution of things perfectly.

What the Justice Department wanted to know as it negotiated with Walmart, he said, was how the company would handle whistleblower allegations and other red flags. Prosecutors wanted to know that the company had a strong process that could escalate concerns from anywhere in the world, to the right ethics and compliance people, who were empowered to address those allegations seriously.

“But if you have a professional process, and monitor it and test it,” Jorgensen told Corporate Counsel, “then you can have credibility with the government that you are doing everything you can.”

That’s the change, really. Today corporate ethics and compliance programs think constantly about how to build processes that find, escalate, and resolve compliance concerns. Not every company may be good at it, but that’s what we’re doing. Corporate ethics and compliance has been elevated to a boardroom concern, and a huge apparatus has come into being that works to make companies behave better.

Walmart circa 2011 was one bookend. The settlement last week was the other. That’s the significance of this case.

Into the Future

My sense is that this is the last large FCPA settlement we might ever see. (At least, I can’t recall any other large cases still outstanding. Can you?) From Baker Huges to Siemens, to Hewlett-Packard to Polycom, to Petrobras to MTE Systems, to Fresenius and now finally Walmart. I think we’re done.

The huge cases with billion-dollar fines and sweeping corporate reforms — we’ll still see them, but they’re all for Big Tech now. We’ll have antitrust settlements and GDPR fines, and conferences about data breach responses or how corporate boards will need to ponder market dominance. The new frontiers of corporate governance, ethics, and compliance will still feel wild, woolly, and busy in the 2020s and beyond.

Plus, it’s not like companies won’t continue to violate the FCPA or struggle with effective anticorruption compliance. They will, and will again. But the Walmart settlement strikes me as the last shudder of an older FCPA enforcement era.

The first howl of the new enforcement era might be more like what we saw with Cognizant earlier this year. That was a shameful case of executive misconduct and liability, but it still concluded with a small fine and no charges against the company, because Cognizant’s board behaved so admirably.

That’s what everyone — compliance officers, board directors, prosecutors, shareholders, employees, and victims of corruption — should aim to achieve. We’re not there yet, and we’ll never achieve it perfectly. But we’re a lot better at it today than we were when the Walmart case began.