Burr & Forman

06.21.2019   |   Blog Articles, Securities Litigation

Walmart FCPA Settlement Shines Light On Corporate Compliance Programs

June 20, 2019 – Walmart (NYSE: WMT) and its subsidiary, WMT Brasilia, agreed to a combined criminal penalty and disgorgement of $282M, together with WMT’s criminal guilty plea and undertakings in an NPA, to reach a global resolution of the combined DOJ, SEC, and IRS-CI FCPA investigations on-going since at least 2012.  Walmart reports spending over $900M on the investigations and defense.  Walmart agreed to criminal penalties of $138M plus disgorgement of $144M to the SEC and admissions of fact in the criminal matter.  Walmart entered a 3-year NPA and agreed to retain Louis Freeh as an independent corporate compliance monitor for 2 years.  The settlement reflects a 25% reduction from Sentencing Guideline consequences due to cooperation credit.

The criminal action is U.S. v. WMT Brasilia S.a.r.l., 1:19-cr-192 (USDC E.D. Va. June 20, 2019).

The NPA is here.

The SEC Order, In the Matter of Walmart, Inc., Rel. No. 34-86159, AP File No. 3-19207 (SEC June 20, 2019) is here.

Walmart’s Press Release is here.

The DOJ updated its guidance on corporate compliance programs just the past April.

The “Principles of Federal Prosecution of Business Organizations,” in the Justice Manual (“JM”) § 9-28.300, sets out factors for prosecutorial decisions regarding investigations, charging, fines/penalties and negotiating plea or other agreements.

Two of those ten factors relate to “the adequacy and effectiveness of the corporation’s compliance program at the time of the offense, as well as at the time of a charging decision,” together with remedial efforts.

See https://www.justice.gov/jm/jm-9-28000-principles-federal-prosecution-business-organizations

The Guidance directs federal prosecutors to ask Three Fundamental Questions about corporate compliance programs:

1. Is it well designed?

2. Is it being implemented effectively?

3. Does it work?

 1. Well Designed?

A. Risk Assessment

i.   Risk Management Processes
ii.  Risk-Tailored Resource Allocation
iii. Updates and Revisions

Periodic
Event-driven retrospectives

B. Policies and Procedures

…Code of Conduct
i.     Design:  reasonableness; consultative process;
ii.    Comprehensiveness:  tailored to risk environment(s)
iii.   Accessible:
iv.   Responsibility for Operational Integration
v.    Gatekeepers:  guidance and training

C. Training and Communications

Periodic
Certification
Downstream / vendors

i.    Risk-Based Training
ii.   Form/Content/Effectiveness of Training
iii.  Communications about Misconduct
iv.   Availability of Guidance
…including Ombudsman; overlap with whistleblower laws

D. Confidential Reporting Structure and Investigation Process

Pro-active and Reactive

i.    Effectiveness of the reporting Mechanism:  anonymity
ii.   Properly Scoped Investigations by Qualified Personnel
iii.  Investigation Response
iv.   Resource and Tracking of Results

E. Third-Party Management

i.  Risk-Based and Integrated Processes
ii.  Appropriate Controls
iii. Management of Relationships:  including contract terms (e.g., standards, audits)
iv.  Real Actions and Consequences:  including red-flag identification, escalation and response

F. Mergers and Acquisitions

i. Due Diligence
ii. Integration (of the compliance function)
iii. Process from Due Diligence to Implementation

2. Implemented Effectively?

A. Management Commitment

i. Conduct (and Tone) at the Top
ii. Shared Commitment
iii. Oversight:  including private compliance report to audit committee

B. Autonomy and Resources

i. Structure:  role definition, reporting lines, multi-tasking?
ii. Seniority and Stature
iii. Experience and Qualifications
iv. Funding and Resources
v. Autonomy
vi. Outsourcing?

C. Incentives and Disciplinary Measures

i.  HR Process
ii. Consistent Application
iii. Incentive System(s)

3. Does it Work?

…examples of timely remediation and self-reporting; evolution over time; adequate and honest root-cause analyses

A. Continuous Improvement, Periodic Testing, and Review

i.    Internal Audit
ii.   Control Testing
iii.  Evolving Updates
iv.  Culture of Compliance

…standard annual evaluation, testing and review with sign-off by senior management and/or audit committee

B. Investigation of Misconduct

i.  Properly Scoped Investigation by Qualified Personnel
ii. Response to Investigations

C. Analysis and Remediation of Any Underlying Misconduct

i.    Root Cause Analysis
ii.   Prior Weakness, including change and accountability
iii.  Payment Systems, regarding funding of misconduct
iv.   Vendor Management
v.    Prior Indications
vi.   Remediation
vii.  Accountability

The Guidance is here.

Thomas K. Potter, III (tpotter@burr.com) is a partner in the Securities Litigation Practice Group at Burr & Forman, LLP. Tom is licensed in Tennessee, Texas, and Louisiana. He has over 33 years of experience representing financial institutions in litigation, regulatory and compliance matters. See attorney profile.

© 2019 by Thomas K. Potter, III (all rights reserved).

Related Attorneys

Subscribe to our RSS Feed