Last week Airbus settled its multi-year bribery investigation for $4 billion dollars. That’s billion with a “b”. This settlement is extraordinary, as was the cooperation between the US, French and UK authorities. What can we, as compliance officers, learn from this case? And how can we apply it to our programs to make them stronger? Here are five lessons we can learn from the Airbus case to help us to build a better program.
Lesson 1: Third-Party Risk Continues to Trump Everything Else
The Airbus case reinforces what we already know: third-parties are the main conduit for bribes. It is estimated the 90% of FCPA cases involve third-parties.[i] In the Airbus case, numerous third-parties were used as conduits. We have the usual suspects: “consultants” that were used to funnel money to obtain an improper business advantage, as well as “business partners” that were used to move money to government officials.
Airbus’ case is interesting in that the company created a whole separate department to pay bribes. According to prosecutors, Airbus created the “Strategy and Marketing Organization” to arrange the illicit payments. It used an elaborate string of shell companies to conceal the funds funneled to intermediaries, according to the allegations. The “business partners” engaged by the Strategy and Marketing Organization allegedly promised airline officials luxury trips and apartments.
Third-Party risk must be at the top of any compliance officer’s agenda. To manage the risks these third-parties pose, Compliance Officers should:
Update and/or revisit your risk assessment to ensure you’ve properly accounted for the risk that third-parties cause for the company.
Review your third-party risk management program with a critical eye to see if it is truly risk-based.
Audit high-risk third-parties.
Ensure that high-risk third-parties receive mandatory anti-bribery training.
Ensure that all contracts with third-parties include anti-bribery terms.
Ensure that all contracts with high-risk third-parties include stricter anti-bribery terms than those in all contracts (ideally with audit and termination clauses).
While no third-party program can remove all risk, a well-designed program employing a risk-based approach is critical to managing third-party risk. (To find out how we can help you to review and benchmark your third-party risk management program, click HERE.)
Lesson 2: Gifts and Hospitality Remain a Major Problem
In the Airbus case, “business partners” promised airline officials luxury trips and apartments. Airbus also sponsored a sports team jointly owned by two executives of an airline in Malaysia. The Deferred Prosecution Agreement included details of lavish trips to Hawaii for executives of China’s state-controlled airlines. Airbus even created an “educational fund” that was used to host golf invitations and other leisure events for government officials.
Many companies struggle with the types of gifts and entertainment to allow. Without a doubt, trips to Hawaii and sponsoring sports teams should be flagged as “lavish.” To avoid issues like those that arose in the Airbus case, it is imperative that a company have a written gifts and hospitality policy, and that it is implemented in a consistent and effective way. This includes:
Have reasonable limits for gift giving and receiving. A survey of Fortune 500 companies showed that more than 80 percent of respondents have spending limits of $250 or less for entertainment or hospitality, with approximately 35 percent of respondents limiting entertainment expenses to less than $100.
Require pre-approval for gifts or entertainment to government officials. Refuse to reimburse gifts or hospitality for non-pre-approved gifts or entertainment.
Have internal audit spot-check receipts to ensure that the gifts and hospitality policy is being followed.
Have a process for keeping track of gifts and hospitality to ensure that multiple payments aren’t made in close succession to avoid spending limits.
To read our definitive guide to gifts and hospitality policies, click HERE.
Lesson 3: No One Uses the Word “Bribe”
The folks at Airbus got creative with their bribery names. In one instance, “Medications and dosages prescribed by Dr. Brown” were ordered. “Dr. Brown” was the alias of an Airbus executive and the “dosages” referred to invoices. Prosecutors allege that at different times, a senior airline executive was referred to as “Van Gogh,” and the details of the deal were referenced as his “paintings.” Richard Bistrong has said that the word “tolls” was a favorite euphemism for a bribe.
It is imperative that you know the typical vernacular at your company, and are able to flag words that may be euphemisms for the word bribe. To avoid these problems:
Spend time with the business to understand the language that is commonly used. If you hear or read strange words used in unusual ways, ask questions.
Where allowed by privacy law, spot-check correspondence between high-risk third-parties (like sales agents in high-risk countries) and people at the business to see if the correspondence is related to standard business dealings.
Lesson 4: Whistle-blowers Should Be Treated with the Utmost Respect
The investigation into Airbus began in the UK when whistle-blower Lieutenant Colonel Ian Foxley contacted UK investigators about middlemen giving Saudi Arabian officials “luxury cars, jewelry and briefcases of cash” in an apparent attempt to obtain a £2 billion contract. Here we have all three lessons: inappropriate gifts, dangerous third-parties, and a whistle-blower.
Whistle-blowers need to be treated with the utmost respect. To ensure whistle-blower comfort:
Make investigations as confidential as possible.
Ensure good communication with the whistle-blower so they ar
e kept abreast of what is happening. This will help them to feel listened to.
Follow up with the whistle-blower three months, six months, and one year after the investigation is closed to ensure that no retaliation has taken place.
To read more about dealing effectively with whistle-blowers, click HERE.
Lesson 5: The FCPA Has Teeth and Prosecutors Aren’t Afraid to Impose Bigger and Bigger Fines
Lately, there seem to be some companies that have relaxed their approach to compliance, or cut budgets. This is a mistake. As Gibson Dunn noted in its year-end FCPA Year-End Update, “2019 was, by many measures, the most significant year ever in FCPA enforcement. More than $2.6 billion in corporate fines sets a new high-water mark, driven by the two largest corporate resolutions in the statute’s history.” As high as 2019 enforcement fines were, Airbus dwarfs all other actions before it. Prosecutors have teeth and they aren’t afraid to use them.
Airbus will be required to have a compliance monitor for at least two years, and the company will be subject to at least two compliance-related audits. Additionally, as part of the settlement, the U.S. State Department is requiring the company to pay $10 million. However, the State Department will suspend $5 million of that penalty if Airbus spends that amount on compliance program improvements.
To capitalize on this:
Be sure to tell your senior management about the Airbus case and its importance.
Remind management about the gravity of the fines.
Be specific about the parts of the case that have the most bearing on your program. For instance, if you need more budget for your third-party program, highlight the failures, and reiterate that you need to protect the company from similar outcomes.
Tell management about the compliance monitor. Remind them how much these monitors normally cost the company. Some monitorships have cost up to $130 million![i]
Note that Airbus is expected to spend up to $5 million on compliance improvements to put your budget requests in perspective.
The Airbus case is a watershed moment in compliance. Be sure to learn the lessons of this case, so that your company isn’t the next in the cross-hairs.