The Walmart FCPA Settlement
A Reminder for Compliance Integration when Expanding Abroad
Walmart Inc. (“Walmart“) agreed to pay more than USD 280 million to settle a long-lasting U.S. enforcement investigation for violating the U.S. Foreign Corrupt Practices Act (“FCPA”) by paying intermediaries in Brazil for obtaining construction permits and having failed to roll-out appropriate anti-corruption compliance policies and implement sufficient internal controls in newly acquired subsidiaries in Brazil, China, India and Mexico. The case illustrates the importance of appropriate compliance integration measures when expanding abroad in order to avoid FCPA sanctions.
On June 20, 2019, Walmart has entered into a settlement with the U.S. Department of Justice (“DOJ”) and the U.S. Securities and Exchange Commission (“SEC”) that resolves an extensive investigation into the company’s compliance with the FCPA. Walmart agreed to settle the allegations by agreeing to pay USD 282.7 million for the violations of the books and records and internal controls provisions of the FCPA and Securities Exchange Act by its subsidiaries in Mexico, India, China, and Brazil.
According to the statement of facts, Walmart’s subsidiaries in Brazil, China, India, and Mexico from 2000 through 2011 operated without a system of adequate anti-corruption related internal controls. Walmart had failed to sufficiently investigate and mitigate existing anti-corruption risks and enabled those subsidiaries to employ third-party intermediaries (who bribed foreign government officials to obtain store permits and licenses) without ensuring that transactions were conducted in line with their stated purpose.
One of the key issues in the Walmart case was Walmart’s rapid expansion into countries susceptible to corruption without taking the necessary steps to prevent corruption. DOJ’s Assistant Attorney General Benczkowski stated that in “numerous instances, senior Walmart employees knew of failures of its anti-corruption-related internal controls involving foreign subsidiaries, and yet Walmart failed for years to implement sufficient controls comporting with U.S. criminal laws.”
In this context, it is worth emphasizing that – according to the settlement agreements – the DOJ and SEC have come to the conclusion that a decentralized compliance system may be considered as an internal control deficiency.
The Walmart DPA states: “On or about April 6, 2009, Walmart International announced the creation of a Walmart International Compliance Office that revised the existing anti-corruption standard. The concept for the new standard was “Freedom within a Framework.” Instead of taking a centralized approach to ensuring that sufficient anti-corruption related internal accounting controls were implemented throughout Walmart’s foreign subsidiaries, the new anti-corruption standard allowed individual markets to design and implement their own program as long as it met certain global standards.”
Similarly, in the Walmart administrative order the SEC concludes: “In or around April 2009, Walmart informed its foreign subsidiaries that it would soon promulgate anti-corruption standards that would be more flexible and easier and quicker to implement. Instead of taking a centralized approach, each country would be required to devise its own program based on the standards. On or around June 11, 2009, Walmart circulated to the 10 subsidiaries a one-page document entitled Global Anti-Corruption Standards that: 1) summarized the FCPA; 2) acknowledged that in certain instances Walmart may provide gifts, meals, travel, and entertainment to government officials; 3) noted that the standards applied to TPIs; and 4) provided contact information for the Company’s global ethics office. The markets were instructed to design and implement risk-based internal accounting controls, procedures, and training to ensure the standards were met.”
The Walmart case clearly shows once again that it is not sufficient to take pro forma measures when it comes to implementing compliance systems in subsidiaries. This applies both, in the case of organic expansion by establishing subsidiaries in new markets as well as in the case of acquisitions or the establishment of joint ventures with third parties.
The analysis of the existing, and as the case may be, future required components of an appropriate compliance system must be tailored to each transaction and take into the consideration the set-up and needs of the relevant business. To the extent possible, adequate compliance due diligence and integration planning should be conducted prior to completion of a transaction. However, in any case, comprehensive compliance analysis and integration must be undertaken as quickly as possible after completion.
Proper compliance integration should include, inter alia, the following measures:
- In case of an acquisition, and to the extent that access to certain documents and/or books and records was not possible prior to the acquisition due to local law restrictions or business necessities, due diligence should be completed as soon as practicable after closing. Post-completion due diligence should be planned and prepared well ahead so that remaining analytical steps can be completed as soon as possible and the implementation of appropriate remedial measures can start without undue delay.
- A compliance management structure should be implemented at the new subsidiary. Generally, this should include the roll-out of relevant policies and procedures (which should address the entity’s risks and local law concerns) and the delivery of comprehensive compliance trainings to directors and employees, in particular any government-facing or other individuals in high-risk positions.
- Internal controls capable of detecting or preventing violations of applicable anti-corruption, anti-money laundering or other relevant laws should be reviewed and/or adjusted or newly implemented at the new subsidiary.
- To the extent that the new subsidiary has relationships with intermediaries and other third parties that are authorized or engaged to act in any way on behalf of the entity, such relationships should be reviewed in depth. In case of any abnormal findings, remedial measures must be determined and taken as soon as possible, including, as the case may be, termination of these relationships.
- Following completion of all necessary ad hoc post-closing measures, a more comprehensive risk assessment and audit review of the entity should be conducted as soon as possible to ensure that all required policies and procedures have been effectively implemented and are actually in use, and to identify further weaknesses that require additional trainings or other enhancements. Going forward, relevant compliance audits and reviews should be conducted periodically, based on the risk profile of the entity.
Not only in the event of an acquisition, but also when expanding into new markets, companies must ensure that adequate and effective compliance systems are implemented at the new subsidiary. Depending on the corporate group structure and the individual risk profile of such subsidiaries, a fully decentralized, locally controlled compliance system may be regarded as insufficient and even qualify as an internal control deficiency in the view of relevant enforcement agencies.
Therefore, the planning and preparation of post-completion compliance implementation plans should be initiated as early as possible. In order to make the entry into new markets a success, not only legal and financial issues should play a role in the early planning of a transaction, but also compliance matters.
In this context, it is worth mentioning that the new guidelines of the DOJ (Evaluation of Corporate Compliance Programs (updated in April 2019 – see our article)) note that a “well-designed compliance program should include comprehensive due diligence of any acquisition targets“. In addition, it can also be assumed that the planned corporate sanctions law in Germany will make these principles and risks, which have so far been very American, increasingly important in Germany as well.
The Walmart Criminal Information can be found here.
The Walmart Judgement can be found here.
The Walmart Nonprosecution Agreement can be found here.
The Walmart Plea Agreement and Statement of Facts can be found here.
The SEC’s order can be found here.