Nomad_Soul - Fotolia


FCPA compliance: Lessons learned from Bio-Rad

Bio-Rad is paying huge fines for FCPA violations, but the fallout could have been much worse if the company had not blown the whistle on itself.

Bio-Rad Laboratories Inc., a California-based clinical diagnostic and life science research company, reeled in an extra $35 million in profits over the course of five years by paying millions of dollars in bribes to government officials in Russia, Vietnam and Thailand. As punishment for these transgressions, the company ended up owing the U.S. government $55 million for violating the Foreign Corrupt Practices Act -- a penalty that would have been much steeper had Bio-Rad not blown the whistle on itself.

The Bio-Rad case highlights how important internal controls are to FCPA compliance: Bio-Rad's compliance program was decentralized and left it up to overseas offices to implement controls. To settle the case, the company agreed to pay the Securities and Exchange Commission $40.7 million in disgorgement, and the Department of Justice a $14.35 million criminal fine. For the next two years, it also must report its FCPA compliance measures to the SEC.

This FAQ is part of SearchCompliance's IT Compliance FAQ series.

What did Bio-Rad Laboratories Inc. do to earn a $55 million penalty for FCPA compliance violations?

Overseas subsidiaries of Bio-Rad Laboratories Inc. engaged in elaborate schemes to bribe foreign government officials in exchange for business. A subsidiary based in France, for example, contracted with three Russian agents to help make sales by completing tasks such as creating promotional materials, installing equipment and training customers. The agents were paid 15%-30% commissions even though they did not have any employees or offices in Russia, making it unlikely they could complete the tasks.

Bio-Rad managers knew the Russian agents were mere shell entities and showed "a conscious disregard for the high probability" that some of the commission payments were being used to bribe officials, according to the SEC. Bio-Rad paid the agents $4.6 million on sales of $38.6 million. As soon as Bio-Rad fired the agents, the company lost its first government contract in Russia.

In Vietnam, government officials were paid cash bribes if they agreed to buy Bio-Rad's products. After the regional sales manager found out about these bribes, the country manager told her via email that Bio-Rad would lose 80% of its sales if it stopped bribing and suggested hiring an intermediary to channel bribes to Vietnam government officials. The intermediary would buy products at a deep discount and then resell them at full price to government customers, passing along some of the profit as bribes. Between 2005 and the end of 2009, Bio-Rad's Vietnam office paid $2.2 million in bribes to agents or distributors that was funneled to Vietnamese government officials.

In Thailand, a locally managed subsidiary acquired through the 2007 purchase of Diamed AG had "an established bribery scheme" for selling to government customers, the SEC found. It paid a 13% commission to a distributor, with 9% of the commission passed to government officials. Bio-Rad's general manager for Asia Pacific found out about the scheme in 2008 and directed the regional controller to investigate. The scheme was confirmed, but the general manager did not order the subsidiary to end it. From 2007 to 2010, the subsidiary paid more than $700,000 to the distributor, generating sales of $5.5 million.

Related content
SEC charges Bio-Rad with FCPA compliance violations
Bio-Rad pays $55 million to settle bribery charges

What red flags indicated Bio-Rad's FCPA compliance violations?

As the Bio-Rad case illustrates, FCPA compliance violations are not always complicated or hard to recognize. Bio-Rad's Russian agents all had bank accounts in Latvia or Lithuania, and one of them used a fake office address in Moscow. The country manager for Russia often asked that the agents' commissions be paid in installments of less than $200,000, and sometimes he asked that the agents be compensated before the company had been paid for the sales. The country manager also went to extensive lengths to hide matters related to the agents, keeping no records about them and using at least 10 different personal email addresses with bogus names when communicating about them.

As the SEC points out, these were all pretty obvious signs of compliance violations. "These managers should have recognized that this was an attempt to bypass an additional approval tier by Bio-Rad's corporate controller, as required by Bio-Rad's internal controls," the agency stated in its findings. "The Emerging Markets managers should have known that pre-paying the commission was not normal, and it suggested the possibility of a bribe payment."

Related content
Year by year listing of SEC Foreign Corrupt Practices Act enforcement
U.S. Department of Justice outlines FCPA rules

How was Bio-Rad's compliance program deficient?

Bio-Rad posted its business ethics policy and code of conduct on the company's intranet, but that did not constitute a sufficient compliance program in the view of the Department of Justice. The company also did not train employees on Foreign Corrupt Practices Act best practices or make sure they were aware of the code of conduct prohibiting bribery. The code was also only written in English, making it difficult overseas employees to understand.

Overseas offices were responsible for ensuring compliance with the business ethics policy and code of conduct, but the company itself did not do enough to monitor the offices. From the Justice Department's perspective, this amounted to a failure to take appropriate risk-based due diligence measures regarding Bio-Rad's business partners. The company also did not conduct periodic risk assessments of its compliance program.

Following the investigations, the company took numerous remedial measures. In addition to strengthening internal controls and implementing compliance procedures, Bio-Rad fired employees who were involved in the bribes, re-evaluated relationships with intermediaries, ended questionable practices and held extensive anti-corruption training. It also closed its Vietnam office.

Related content
SEC official: FCPA compliance limits risk
FCPA and internal controls lacking in pharmaceutical industry

Does it pay for a company to blow the whistle on itself if it suspects FCPA compliance violations?

Bio-Rad faced charges by the Department of Justice for failing to implement adequate internal controls and for knowingly falsifying records, but the company was able to strike a non-prosecution deal largely because it blew the whistle on itself. The Justice Department gave Bio-Rad credit for volunteering information about the suspected FCPA compliance violations, for cooperating extensively during the investigation and for taking remedial actions.

Bio-Rad officials realized that internal controls at some of its international operations were weak beginning around 2009. The head of operations for international sales looked into these issues, and discovered minimal controls in the emerging markets division and few processes or systems to ensure compliance. He initiated reforms, but managers overseas resisted.

In 2010, the company took the information to the Justice Department and the SEC. The company's audit committee immediately hired an independent attorney to investigate. Investigations involved the collection of millions of documents, the production of tens of thousands of documents and forensic auditing. Bio-Rad cooperated with the government by voluntarily producing documents, translating them and producing witnesses.

Bio-Rad also saved itself millions of dollars by coming forward on its own. Typically, when the Justice Department imposes a criminal fine in these cases, it equals the disgorgement amount owed. In this case, the criminal fine was greatly reduced and totaled about 40% of the disgorgement penalty.

Related content
Bio-Rad's settlement with SEC reinforces Foreign Corrupt Practices Act trends
Justice Department will not prosecute Bio-Rad for FCPA violations

Let us know what you think about the story; email Ben Cole, site editor. For more regulatory compliance news and updates throughout the week, follow us on Twitter @ITCompliance.

Next Steps

Learn how Bank of America's huge settlement with the DoJ exposed numerous fraudulent lending practices in the years leading up to the 2008 financial crisis, and the about the changes Target Corp. made in the months following its massive 2013 data breach in previous SearchCompliance FAQs.

Dig Deeper on Vulnerability assessment for compliance