Betting/Bitcoin Biz Settles FCPA Charges

Federal prosecutors have sanctioned a one-time Chinese online lottery business turned bitcoin mining operation for violations of the Foreign Corrupt Practices Act, where senior executives bribed Japanese lawmakers in the late 2010s to win permissions to open a casino there — and good lord, writing that sentence feels like hitting some sort of corruption risk bingo. 

The Justice Department and the Securities and Exchange Commission announced the charges Monday afternoon. Essentially, the feds indicted a Chinese national who had been CEO of an online lottery operating as 500.com; and also announced settled charges against the company itself, which these days is known as BIT Mining Ltd. and operates from U.S. headquarters in Ohio. The company agreed to pay a total of $10 million in civil and criminal penalties for the FCPA violations and entered into a three-year deferred prosecution agreement.

The accusations against Bit Mining are nothing we haven’t heard before. The tale begins in 2015, when Chinese authorities changed the rules for online sports betting and 500.com’s revenues plummeted. The company spent the better part of 18 months scrambling for some new business model. Then, at the end of 2016, Japan legalized gambling and lifted its longtime ban on casinos. 

Salvation! The leadership at 500.com decided that the company would go into the casino business, and set its sights on building an “integrated resort” somewhere in Japan. At the head of this idea was Zhengming Pan, chief executive officer of 500.com in the 2010s and the one prosecutors indicted on Monday.

Then came all the usual FCPA shenanigans. 500.com hired sham consultants in China, Japan, and Singapore, all working to funnel more than $2.5 million in bribes to members of the Japanese Parliament. The company also paid for Japanese officials to visit the Chinese city of Shenzhen, 500.com’s headquarters; followed by a stay in the gambling mecca of Macau. On another occasion, 500.com covered the costs for a Japanese official and his family to visit a ski resort in Hokkaido, Japan.

Eventually the bribery scheme came to light (court documents don’t say exactly how, but Japanese prosecutors filed charges against the company and members of Parliament in 2019), and 500.com never did open any resorts. Instead, the company was reborn in April 2021 as BIT Mining, which performs its own crypto mining and provides goods and services to other crypto outfits, too. The company is now little more than a penny stock that publishes financial reports once a year.

Internal Control Analysis

To a certain extent, the lessons other compliance and internal control professionals can draw from this case are limited — because, really, how many of us are working at penny-stock online lottery businesses in highly corrupt markets like China? One shudders to think about the poor internal controls 500.com had at the time.

Still, we might as well consider those internal control failures anyway, simply to help you think through the strong internal controls and segregation of duties you’d want in place at your own organization.

For example, consider this paragraph from the SEC settlement order:

During the relevant period, 500.com failed to properly verify that payments to consultants were used for their stated purposes, and it failed to have mitigating controls to verify that services were properly rendered before paying the consultants and corresponding expense reimbursements. Executives at 500.com were able to direct employees to pay invoices without having supporting documented deliverables and to pay cash bribes. 

We’ve talked in these pages many times before about the importance of documentation policies for the use of consultants and similar third parties. You need policies and controls that essentially force the consultant (and whomever at your business owns the relationship with that consultant) to prove that the consultant serves a valid business purpose and is delivering promised services. 

fcpaIdeally those documentation controls are integrated into the accounts payable function on some automated basis, so that you have less dependency on humans who might overlook incomplete documentation. The true goal is to make those payments that don’t have proper documentation stick out like a sore thumb, so that auditors, boards, and other senior management can’t simply turn a blind eye to suspicious deals.

For example, the SEC includes that line, “Executives at 500.com were able to direct employees to pay invoices without having supporting documented deliverables.” Well, exactly. That’s what poor documentation policies and controls allow: improper management override of internal controls, so improper managers (see Pan, above, under indictment) can force corrupt transactions through the system. 

I always stress that the threat here is improper management override of internal controls, because there are many occasions where management override of internal controls is a perfectly wise and proper step to take. An ethical manager, however, will have no issue with documenting his or her decision to override internal controls. It’s the unethical ones who will embrace an internal control environment full of ambiguity. Incomplete documentation allows such ambiguity to flourish, and FCPA violations can soon follow.

So as you’re thinking about approval processes and control design at your own company, those are the questions that should be rolling around in your brain: What documentation do you want to enforce as a routine matter? Under what circumstances should management be allowed to override certain payment policies? What new documentation do you want to make mandatory, to document the thinking behind those override decisions? 

FCPA Enforcement Analysis

BIT Mining had a mixed compliance response once U.S. regulators learned of the FCPA violations and came knocking. 

First, the company didn’t voluntarily self-disclose its misconduct, so it won no credit on that point. BIT Mining then did cooperate with U.S. regulators in the ensuing investigation, although the Justice Department described that cooperation as “reactive and limited in degree and impact.” That reactive and limited cooperation included providing documents and financial data, translating documents, and sharing facts that BIT Mining learned during the course of its own internal investigation.

Then came BIT Mining’s remediation. The Justice Department listed numerous steps the company took, including:

  • Ending all contracts with all of the third-party intermediaries involved in the scheme; 
  • Increasing the board’s oversight of compliance risks and audit findings; 
  • Incorporating compliance criteria in performance evaluations for senior management; 
  • Creating an anti-corruption policy and engaging in company-wide training and communications to promote it; and 
  • Shifting its business model to an industry that presents a lower corruption risk and reducing its presence in high risk regions. 

That last bullet point is worth expanding. Pan, 500.com’s former CEO, ran the business from 2014 until 2020. Japanese authorities brought his corruption scheme to light in late 2019 when they began charging people, including members of Parliament. 500.com’s board then ousted Pan in 2020, and in April 2021 announced that the business had transformed from an online sports betting outfit to the crypto mining outfit that it is today.

Well, that’s one way to reduce your FCPA risk. It just seems like a mighty convoluted and expensive way to do so.

Leave a Comment

You must be logged in to post a comment.