What The US Enforcement Action Against Tysers And H.W. Wood Limited Teaches Us About Bribery And Corruption Enforcement (Part II)

On 23 November 2023, the United States Department of Justice (“DOJ”) unsealed the deferred prosecution agreements (‘DPA’) of the cases from the United States v. Tysers Insurance Brokers Limited and H.W. Wood Limited. Tysers and Wood, two UK reinsurance companies, were accused of bribing Ecuadorian government officials. The DPA’s provide valuable insights about bribery and corruption enforcement. We have analysed the agreements for you and summarised the bribery and enforcement lessons that can be learned form these cases.

For a detailed description of the actual bribery and corruption scheme we refer to our previous blog on the Tysers and H.W. Wood case. This blog will focus on the bribery and corruption enforcement action and the way in which the DOJ grants cooperation credit.

Background to the bribery and corruption enforcement

Before we dive in the specifics of what and why Tysers and Wood agreed to pay, we briefly explain the background to the bribery and corruption enforcement and applicable sentencing guidelines. As we described earlier, the DOJ is on a mission to make companies take responsibility for misconduct and, as part of that mission, disclose irregularities to the DOJ as early as possible. To encourage such behaviour, the DOJ has published several guidance notes so that transparency exists about what organisations can expect after self-disclosure. This includes minimum compliance requirements, sentencing guidelines and conditions for cooperation credit.

Important (and recently updated) documents are The Resource Guide to the FCPA, the Sentencing Guidelines and the Enforcement and Voluntary Self-Disclosure Policy. Factors that impact the overall financial burden include the nature and extent of the offense, the level of involvement and the role of high-ranking officials or a large number of employees in the misconduct, how much and how effectively an organisation cooperates with the investigation by authorities, whether or not an effective compliance and ethics program was implemented in the period of the misconduct, as well as matters such as voluntary and timely self-disclosure.

To further strengthen bribery and corruption enforcement, all published enforcement actions include relevant considerations and the composition of the penalty. Below an example of the set-up of Tysers’ penalty.

Source: https://www.justice.gov/media/1325816/dl?inline

Penalty and cooperation credit

According to the DPA, Tysers receives a criminal penalty of USD 36 million. This reflects a 25 percent discount off the bottom of the applicable Sentencing Guidelines fine range (USD 48 million). This range, in this instance between USD 48 and USD 96 million, is based on the seriousness of the offense (the offense level score) and the culpability of the organisation (the culpability score).

The culpability is determined by a number of factors that can either increase or decrease the penalty. The factors that lead to an increase are: (i) the involvement in or tolerance of criminal activity; (ii) the prior history of the organisation; (iii) the violation of an order; and (iv) the obstruction of justice. The factors that mitigate the penalty are: (i) the existence of an effective compliance and ethics program; and (ii) self-reporting, cooperation, or acceptance of responsibility.

As disclosed in the information sheet, Tysers did not receive credit for voluntary disclosure credit because it did not timely disclosed their (possible) involvement in a bribery scheme to the DOJ. However, Tysers earned credit for its cooperation with the investigation by promptly responding to government requests, providing access to foreign employees for interviews, sharing relevant documents (including those from outside the United States), making detailed factual presentations, analysing financial transactions, and accepting responsibility quickly.

In response to the misconduct, Tysers implemented remedial measures. These included placing involved employees on paid leave, ending relationships with the intermediary company involved in the misconduct, and significantly enhancing its compliance program. This program improvement involved adding expert resources, improving governance, hiring new compliance personnel, updating anti-bribery and anti-corruption policies, refining third-party onboarding and payment procedures, and enhancing training programs. Notably, an independent compliance monitor was deemed unnecessary based on the company’s remediation efforts and the state of its compliance program. Tysers committed to ongoing enhancements and cooperation with the DOJ in any ongoing investigation.

As noted, the effectiveness of the implemented compliance program is an important factor in the determination of a penalty. Further insight into this element is provided in attachment C of the DPA. We highly recommend you to not skip this attachment when reading a DPA, as it provides valuable insight into how the DOJ views ‘effective compliance’. In other words, what is to be expected from organisations.

Attachment C

Over time, the DOJ revised the requirements of what they consider is an effective corporate compliance program based on the different ‘Attachments C’s’ we analysed. Among others the revisions relate to; commitment to compliance, independent, autonomous, and empowered oversight, training and guidance, confidential reporting structure and investigation of misconduct, compensation structures and consequence management, third party risk management, monitoring and testing, analysis and remediation of misconduct. The requirements provide clarity and valuable insights for compliance professionals and auditors on how to build an compliance program and test its effectiveness.

Every DPA entered into by the DOJ and a defendant follows a similar and consistent structure. Specifically, the DPA’s main body outlines relevant considerations and the corresponding penalty. Attachment A provides the statement of facts, while attachment C, titled “Corporate Compliance Program,” outlines the DOJ’s expectations regarding the minimum elements for a defendant to build and maintain an effective compliance program.

For example, attachment C of the Tysers’ DPA states that, to address deficiencies in internal controls and compliance policies, Tysers must commit to ongoing reviews and modifications of their compliance programs, ensuring effective internal accounting controls and a robust anti-corruption compliance program. The minimum compliance program elements include a commitment to compliance from directors and senior management, periodic risk assessments, development of anti-corruption policies and procedures, independent oversight, training mechanisms, confidential reporting structures, investigation protocols, compensation structures aligned with compliance, and third-party management procedures.

Tysers’ program must also include specific mergers and acquisitions policies, monitoring and testing procedures, and analysis and remediation of misconduct through root cause analysis and timely remediation measures. Moreover, Tysers is required to continually enhance their compliance program, ensuring its effectiveness and alignment with changing international standards.

As mentioned in the introduction, the requirements include in attachment C have evolved into standards. Consequently, a revision of the requirements by the DOJ means a significant development for organisations, compliance professionals and auditors.

As an example, the DOJ has always emphasised the importance of management commitment in compliance, specifically the ‘tone at the top’. However, Tysers and H.W. Wood DPA’s, as well as other recent cases, shows that the DOJ broadened the focus on management commitment, see excerpt from the Tysers DPA below. In addition to top management, mid-level management also plays a crucial role in creating and maintaining an ethical culture and compliance. Furthermore, commitment should be in words and deeds, highlighting the importance of tangible and visible actions.

We highly recommend compliance professionals and auditors to analyse the DPA’s published by the DOJ to inform themselves on what effective compliance looks like. Or just keep following our blogs were we will do this analysis for you.

Curiosity Leads, Amazement Follows – Continue reading the Green Hyena