I don’t know about the rest of you, but I spent the long weekend very much relaxed and far from the news. So let’s ease back into the workweek with the most pipsqueak FCPA enforcement action the compliance community has seen in a long while.
At least, I think it’s pipsqueak. Read the breakdown of penalties at the end of this post and tell me whether I’m wrong.
The offender in question is Gartner, the business research group that provides analysis on many subjects, including — wait for it — advice on running corporate compliance and audit programs. The company settled civil charges with the Securities and Exchange Commission on Friday, paying $2.45 million for FCPA violations that happened in South Africa in the mid-2010s.
What happened here? As described in Gartner’s settlement order with the SEC, in late 2014 the company had been trying to land some business with the South Africa Revenue Service. Officials at the South African tax agency told Gartner that it didn’t meet the requirements of South Africa’s Broad-Based Black Economic Empowerment laws, and therefore should hire a certain local private company in South Africa (unnamed in the settlement order) as a sub-contractor.
You know where this is going, right? The managing director of the private company was BFFs with a top official at the South Africa Revenue Service.
Specifically, the South Africa Revenue Service informed Gartner in early 2015 that it should hire the private company to qualify for the contract under South Africa’s black empowerment legislation. The Gartner executive in charge of the deal wrote an email to senior executives back in the United States, saying, “Both the client and the [private company] are quite savvy … The [private company] knows that we cannot bid without them.”
The contract, worth about $1 million, was signed in the first quarter of 2015 — but made no mention of the private company itself. Instead, one of Gartner’s local agents in South Africa hired four people associated with the private company as “consultants.”
By summer 2015, Gartner was bidding on an expanded project with the tax agency worth an estimated $10 million. The head of the private company worked hard “to set the expectations” with the tax agency, and ultimately Gartner won the larger contract with the understanding that 40 percent of the total would be allocated to the private company. Again, however — rather than name the private company in the actual contract, Gartner’s local agent simply hired a few people connected to the private company.
All the while, Gartner’s invoices for the project reflected none of these dealings. Instead, its local agent billed Gartner monthly through a single invoice, containing two line entries with different hourly rates. Gartner paid the local agent, who then paid the private company.
Gartner’s consulting manager — the one who described the tax agency and the private company as “quite savvy,” and who told senior management they had no choice but to hire this shadowy private business — approved all the bare-bones invoices from the agent.
Lessons to Be Learned
This case seems so pedestrian by FCPA standards that I’m not sure how many fresh lessons there are here. I suppose it demonstrates, yet again, that documentation policies matter, because those invoices from the local agent were devoid of useful detail about what that private company was doing. That is definitely not what the SEC and the Justice Department want to see for documentation of third-party services, especially in a country as corrupt as South Africa.
We can also say, yet again, that embracing the tenets of the FCPA Corporate Enforcement Policy brings benefits.
In this case, Gartner received some credit for voluntary self-disclosure, although the misconduct was first disclosed by South African media. Gartner also received credit for cooperating with the SEC’s ensuing investigation (sharing facts identified during its own internal investigation, making foreign-based employees available for interviews in the United States, encouraging cooperation by former employees); and for revamping its compliance program with enhanced procedures for training (training specific for both finance and HR teams) and for due diligence.
On the other hand, Gartner’s total fine is $2.45 million — and $1.6 million of that amount is a monetary penalty, against only $800,000 in disgorgement of ill-gotten profits. We rarely see an SEC enforcement action with such a large (in relative terms) monetary penalty.
Maybe the facts here irked the SEC in some way that’s not clear, or maybe the profit disgorgement was so piddly that the SEC had to ladle on a large penalty to make Gartner feel the sting of things. (Then again, Gartner made $5.4 billion in annual revenue in 2022, so that’s still not much of a sting.)
Either way, welcome back to the workweek, everyone. The FCPA compliance train rolls onward.