The implications of Total S.A.’s recent resolution with the U.S. Department of Justice and Securities and Exchange Commission (SEC) are particularly instructive with respect to providing guidance as to what is required in order for an issuers’ internal controls obligations under the FCPA. Total is a French company with American Depository Receipts listed in the United States. As a result, Total is an issuer fully subject to the FCPA’s accounting and record-keeping provisions as well as its anti-bribery provisions.
The resolution entered into with the Department of Justice and SEC included nearly $400 million in fines, disgorgement, and interest for violations of the FCPA’s anti-bribery, record-keeping, and internal controls provisions for improper payments to intermediaries to influence Iranian officials in acquiring oil rights in Iran. In the information filed by the Department of Justice in conjunction with the deferred prosecution agreement with Total, the internal controls violations were alleged to be based on a number of deficiencies and, in particular, Total’s failure to:
(1) implement adequate anti-bribery compliance policies and procedures;
(2) “maintain an adequate system for the selection and approval of consultants”;
(3) “conduct adequate audits of payments to purported consultants”;
(4) “establish a sufficiently employed and competent compliance office”;
(5) “take reasonable steps to ensure the company’s compliance and ethics program was followed”;
(6) “evaluate regularly the effectiveness of the company’s compliance and ethics program”;
(7) “provide appropriate incentives to perform in accordance with the compliance and ethics program”;
(8) “determine the consulting agreements’ true nature and true participants”;
(9) “perform due diligence concerning the named or unnamed parties to the consulting agreements”;
(10) and have “controls sufficient to provide reasonable assurances that the consulting agreements complied with applicable laws.”1
The deficiencies identified in the information provide a useful checklist of considerations that must be considered in implementing adequate internal controls for an issuer, especially in higher risk situations where bribery may be involved. Even for an entity not subject to the FCPA’s internal controls provisions, the deficiencies identified in the information should be among the factors considered in ensuring the effectiveness of an anti-bribery compliance program.