Gunvor, Part II: Monitor Questions
Today let’s return to that mammoth FCPA settlement the other week against Swiss trading giant Gunvor, because one detail about the case seems quite puzzling. How does a recidivist offender with egregious FCPA violations avoid a compliance monitor?
We didn’t get to explore that issue in our original post about Gunvor, but I’ve been reading the plea agreement with the Justice Department and this question about no monitor lingers. If the Justice Department wants to put the fear of God in corporate offenders — and saddling them with a monitor is certainly a fearful (read: expensive) outcome — then we need more clarity on what happened here.
First, a recap of the case itself. Throughout the 2010s, multiple Gunvor employees conspired with third-party intermediaries to pour $97 million into two shell companies based in Panama. The money in those shell companies then went to pay bribes to executives of Petroecuador, the state-owned oil company in Ecuador.
Somehow the Justice Department opened an investigation into Gunvor. We don’t know exactly how, but the company did not voluntarily self-disclose its misconduct. Gunvor ultimately pleaded guilty to one count of violating the FCPA and paid $661 million to settle the case, including a criminal penalty of $374 million. Four individuals, including a former Gunvor employee, have also pleaded guilty in relation to the scheme.
Worse, this is Gunvor’s second corruption scheme in recent years. In 2019 the company reached a settlement with Swiss authorities, admitting to bribery payments in Africa in the early 2010s. As part of that settlement, Gunvor admitted that it had weak internal controls and failed to take “all the reasonable organizational measures” to prevent Gunvor’s employees and agents from engaging in bribery.
The Criteria for a Monitor
Based on the above facts, it’s at least plausible that Gunvor should get a monitor; it’s also plausible that Gunvor shouldn’t. Let’s go through some of the criteria the Justice Department uses to decide whether a monitor is necessary, based on the department’s own guidance.
Did the corporation voluntarily self-disclosed the underlying misconduct? No, Gunvor did not. It received no credit for voluntary self-disclosure, and there’s no mention of voluntary self-disclosure anywhere in the plea agreement.
Has the company, at the time of the resolution and after a thorough risk assessment, implemented an effective compliance program? Apparently yes. The plea agreement includes a long description of what the company’s compliance program should achieve (“Attachment C” in the plea agreement, and a routine part of FCPA corporate resolutions), and it also says that Gunvor had implemented such a program as of March 1, when the settlement was announced.
Has the company, at the time of the resolution, adequately tested its compliance program and internal controls? The Justice Department seems to think so. The plea agreement says Gunvor is “engaging resources” to test its compliance program and is “testing” its new controls now. Textualists might wonder whether that means the compliance program has already been fully tested, and this is ongoing stuff; or means that the company is still testing the program to smooth out lingering kinks. Maybe that’s hair-splitting, but we are talking about lawyers here.
Was the underlying criminal conduct long-lasting or pervasive across the business organization? Well, the Ecuador misconduct unfolded for at least the decade of the 2010s, and it overlapped with misconduct that happened in Africa. Multiple Gunvor employees were involved in the Ecuador scheme, although the one employee who pleaded guilty did not seem to be a senior executive. One remedial measure Gunvor undertook was an audit of its corporate culture, which suggests to me that the culture was previously problematic.
And perhaps the criteria that matters most when deciding whether to appoint a monitor:
Has the company’s risk profile substantially changed, such that the risk of recurrence of the misconduct is minimal or nonexistent? Gunvor did eliminate the use of third-party business origination agents as part of its business model; that is a permanent, enterprise-wide change to its operations that reduces FCPA risk. The company also “updated its compensation policy to better incentivize compliance with the law and corporate policies,” although we don’t know exactly what that means.
Monitors vs. Enhanced Reporting
The Justice Department said in the plea agreement that a monitor wasn’t necessary in the Gunvor case because in addition to the monetary penalties and the compliance program reforms, Gunvor also agreed to provide three years of annual progress reports to the department. Those reports (plus follow-up meetings to discuss each one) are supposed to substitute for the independent oversight of the compliance program that an independent compliance monitor would normally provide.
This is where I wonder about the wisdom of Justice Department policy, and position that it puts compliance officers in.
Let’s remember that in this Gunvor settlement, plus just about every other FCPA settlements we’ve seen lately, the chief compliance officer must also certify the effectiveness of the compliance program. So that certification requirement, along with these annual progress reports on the compliance program’s effectiveness — can they be an adequate alternative to a compliance monitor? Is that wise? Do we fully understand the potential consequences for the compliance officer making these certifications and progress reports?
As luck would have it, a Justice Department official kinda sorta alluded to this issue in a speech last week at the American Bar Association’s annual conference on white collar crime. Nicole Argentieri, acting assistant attorney general for the Criminal Division, was talking about recent enforcement actions, and rattled off a list of trading companies (Gunvor among them) recently sanctioned for FCPA violations.
“Each of these trading companies was required to make critical enhancements to their compliance programs to prevent future violations of the FCPA,” she said. “Companies that take forward-leaning steps on compliance will be better-positioned to certify that they have met their compliance obligations at the end of the term of their agreements, as is now required in corporate resolutions with the Criminal Division.”
OK, but that puts lots of pressure on the company to commit to a better culture of compliance, and it commits the compliance officer to playing a critical role in achieving that culture. You literally sign your name to that promise.
An independent compliance monitor, as burdensome as he or she might be, can be a useful asset for a compliance officer making that commitment. A bad report from the monitor to the Justice Department can be disastrous for a company under a plea agreement — a risk that tends to focus the attention of senior management. When no monitor is present, the compliance officer needs to make that argument for strong compliance without the implicit threat of a bad monitor report.
I am not saying that compliance monitors should be a routine part of every settlement. On the other hand, Gunvor did pay a criminal penalty of $374 million. Would a more productive, cost-effective solution be the appointment of a compliance monitor and a lower criminal penalty? The monitor is more likely to bring about the long-lasting change that the Justice Department wants to see — and as expensive as they are, monitors aren’t going to cost $374 million. The lower penalty then lets investors keep more money in their pockets, since they weren’t responsible for the misconduct anyway.
I don’t know what the right answer is here. I’m just not convinced that what we see in the Gunvor case is it.