Swiss Trader Gunvor Pays $661M on FCPA Fails
Our latest FCPA enforcement action is a $661 million monster against Swiss trading firm Gunvor, which has pleaded guilty to bribing Ecuadorian government officials through the 2010s in exchange for intelligence about upcoming business contracts with the state-owned oil company of Ecuador.
The Justice Department announced the settlement last Friday, along with a companion settlement announced by Swiss authorities. So far we only have the statement of facts about the case and the usual lofty press statements from prosecutors — but not the actual plea agreement itself, which contains all the juicy stuff about compliance program reforms. So today let’s review the misconduct that got Gunvor into trouble, plus whatever compliance lessons we can glean at this early juncture.
In many ways this FCPA scheme was like so many others we’ve reviewed before. A state-owned oil company, Petroecuador, needed help transporting and marketing oil to various business and government interests around the world. Executives at Gunvor wanted a piece of that action, and worked with various “consultants” to secure business contracts with Petroecuador. The third-party consultants were simply cut-outs to funnel bribes to the Petroecuador officials, and here we are.
The statement of facts in the case does provide lots of detail, because the feds already charged and convicted four individuals in connection with this scheme: brothers Antonio and Enrique Pere Ycaza, who were the third-party agents; Raymond Kohut, a former Gunvor employee who worked with the Ycaza brothers; and Nilsen Sandoval, a former Petroecuador executive (and, therefore, a foreign government official).
Essentially, Kohut and several other unnamed Gunvor executives worked with the Ycaza brothers to pay $97 million into two shell companies the Ycazas had established. The Ycazas, in turn, funneled “millions of dollars” from those shell companies into the pockets of Sandoval and other Ecuadorian officials. The illegal payments went through several U.S.-based bank accounts and at least several meetings to discuss the scheme happened on U.S. soil in Miami.
Ultimately that kickback scheme led to $384 million in ill-gotten profits. The $661 million number works out to a criminal penalty of $374.5 million, plus disgorgement of $287 million. (Gunvor will pay another $98 million to Swiss authorities; that plus the U.S. disgorgement amount adds up to the $384 million in illicit profits that Gunvor reaped in total.)
As Always, Trouble With Third Parties
Let’s start with a close look at the consulting agreement that Kohut reached with the Ycaza brothers. Why? Because, as we’ve seen since time immemorial, sloppy designed contracts with intermediaries are how FCPA violations get done.
In this case, the agreement provided for certain prepayments and success fees, but the bulk of the compensation was through per-barrel “volume fee” payments to the Ycaza brothers that depended on the amount of oil being purchased. Gunvor and the Ycaza brothers amended the services agreement several times to change the amount of the volume fees due to be paid to the Ycazas’ shell company.
What is a compliance officer or internal auditor supposed to do with an arrangement like that? Analyze it, according to the criteria set forth in the FCPA Resource Guide from the Justice Department. To wit:
- Does the compliance function understand the role of and need for the third party?
- Do the contract terms specifically describe the services to be performed?
- Are the payment terms clear, and comparable to typical payment terms in that industry and country?
- Can the company document that the third party is actually performing the work for which it was contracted, and that compensation is commensurate with the work being provided?
Those are all questions that internal audit or compliance teams should ask any time they see a significant third-party relationship. For example, the arrangement with the Ycaza brothers — $97 million, a large amount of money by any yardstick; and going to a shell company based in Panama — certainly fits the profile. Why did the agreement need a “volume fee”? Why send so much company money to a third party based in a corruption haven like Panama, rather than to an end-customer directly? And so forth.
Someone might ask where Gunvor’s management was during this sketchy third-party arrangement. Well, at least one manager (Kohut) was participating in the scheme, and he was one Gunvor executive approving the Ycaza brothers’ invoices. At least two other former Gunvor executives, both unnamed by the feds so far, also participated in the kickback scheme and approved the Ycazas’ bogus invoices.
So yet again we have an issue with the integrity of management, or the lack thereof. That’s not news in FCPA cases either.
Gunvor’s Remediation Since Then
Gunvor received no credit for voluntary self-disclosure, but it did win praise from prosecutors for fulsome cooperation after the fact and lots of remediation to its compliance program.
Most notably, Gunvor eliminated the use of third-party business origination agents. This is the latest in a string of FCPA enforcement cases where we’ve seen deep, structural change to the sale function. Albemarle eliminated its use of third-party sales agents as part of its FCPA settlement last year; SAP eliminated its third-party sales commission model globally as part of its own FCPA settlement announced in January.
Now we have a third global enterprise going that same route, reducing its FCPA risk in a deep, permanent way by restructuring its sales operations. That’s telling. Chief compliance officers might want to tell it to the board whenever they ask how your company’s corruption could be reduced.
Gunvor took numerous other remediation steps, too. We’ll explore them more deeply in future posts, but in brief, the company:
- Implemented a control framework for internal business developers, as well as additional layers of review and approval for counter-party payments;
- Enhanced the independent compliance committee with responsibility for reviewing high-risk transactions;
- Updated its compensation policy to better incentivize compliance with the law and corporate policies;
- Tested and enhanced ithe compliance program, including compliance culture reviews, testing new third-party due diligence process and payment controls, and evaluating controls around business development activities;
- Implemented a business communications policy that addresses the use of ephemeral and encrypted messaging applications.
In other words, lots of remediation for what was an egregious FCPA violation — and Gunvor’s second recent bribery violation, too! The company previously reached a resolution with Swiss authorities in 2019 for corruption that had happened in Africa in the early 2010s, where Gunvor admitted that it lacked sufficient controls for an anti-corruption program.
More to come in future posts. For now, the FCPA train rolls on as usual.