November 17th, 2015

By Lisa Mays and Scott Maberry

Like a needle to a balloon, the Schrems decision has drastically altered the data privacy landscape. Who is affected? Everyone – consumers, corporations, employees. But who needs to take action? Any company with offices in the European Union and the United States, any European company that outsources work to the United States (do you know where your cloud is?), and any company that sends information from the EU to the United States.

The European Court of Justice’s Decision in Schrems v. Data Protection Commissioner

Maximillian Schrems

Before diving into the meat of the Schrems case, you may be asking yourself – who is Schrems? Who is behind this monumental shift in privacy law affecting businesses across the globe? Maximillian Schrems is an Austrian law student (never underestimate the power of a motivated law student), who is completing his Ph.D in law at Vienna University.

Also never underestimate the impact of some Silicon Valley exposure. Schrems’ interest in privacy law developed while spending a semester abroad at Santa Clara University in California. Concerned about the privacy of social media users messaging online, Schrems filed 23 complaints against Facebook in Ireland, targeting the activities of the company’s European headquarters. While the Irish Data Protection Commissioner wrote off the first 22 complaints, the 23rd complaint reached the European Court of Justice, which gave us the Schrems decision.

The Schrems Decision

On October 6, 2015, the European Court of Justice issued the Schrems decision declaring the European Commission’s 15-year-old “U.S. Safe Harbor decision” invalid. That earlier decision enabled U.S. companies to self-certify that company practices ensured an adequate level of protection for personal data under the EU Data Protection Directive, thus permitting the company to transfer data from the EU to the United States. The ECJ’s Schrems decision holds that U.S. law does not afford adequate protection to personal data. As a result, the safeguards of the U.S. Safe Harbor have been thrown to the wayside.

The Effect of the Schrems Case on Business Transactions

Where does this leave us?

First, it is necessary to determine where your company stores, transmits, and uses its data. Any company that has offices in both the EU and United States, any European company that outsources work to the United States, and any company that sends information from the EU to the United States, must reevaluate its policies and make necessary adjustments. Data transfers from the EU to the United States trigger the provisions of the EU Data Protection Directive and may come under scrutiny. Many companies utilize U.S.-based cloud services, so although you may assume that your company keeps all personal data outside of U.S. jurisdiction, now is the time to double-check.

Second, companies can no longer rely on Safe Harbor self-certification. Now companies need to independently verify that company transfers of personal data from the EU to the United States meet the level of data privacy protection considered adequate by the EU Data Protection Directive.

Solutions in a Post-Schrems Landscape

There are a variety of customizable solutions to fill the void created by the Schrems decision ranging from implementation of contract clauses, to adding encryption to data, to moving data centers to the EU. In a November 6, 2021 press release, the European Commission recommends that companies consider using the EU-approved standard contractual clauses, the EU-approved Binding Corporate Rules, or the enumerated derogations under which data can be transferred. While there are several possible solutions, what is certain is that immediate action is necessary as data regulators have indicated that we should expect more investigations in a post-Schrems world.

Enter: The Foreign Corrupt Practices Act (FCPA)

Complicating matters further, we must consider the impact of the Schrems decision on FCPA compliance and investigations. In broad summary, the FCPA comprises two components. First, the anti-bribery provisions prohibit paying foreign officials to obtain or retain business. Second, the recordkeeping and internal control provisions require accurate accounting and adequate internal controls. The jurisdiction of the FCPA is far-reaching and hinges on the use of interstate commerce by a U.S. or foreign person. As a result of the broad reach of the FCPA and its recent aggressive enforcement, companies need compliance policies to maintain watch over company actors to avoid inadvertently violating the FCPA.

Read more

June 29th, 2015

By Fatema Merchant

On June 16, 2015, IAP Worldwide Services Inc., a private defense and government contracting company, agreed to pay $7.1 million to settle criminal charges of the U.S. Foreign Corrupt Practices Act (FCPA) related to bribing Kuwaiti government officials to secure a Kuwaiti government contract.  On the same day, James Michael Rama, IAP’s Former Vice President of Special Projects and Programs also pleaded guilty to FCPA charges.  For U.S. government contractors, the opportunities to provide services and expertise to foreign governments are lucrative, but this enforcement action also highlights the risks associated with obtaining such contracts.


In 2004, Kuwait’s Ministry of Interior (MOI) initiated a project called the Kuwait Security Program to develop a national surveillance program using closed-circuit television. The program was divided into two phases.  Phase I was the planning and feasibility phase preceding the more lucrative Phase II installation phase.  The MOI was responsible for selecting the contractors that would help implement the program.

IAP is a small Florida-based company that provides facilities management, technical services, and contingency support to the U.S. military and other governmental agencies around the world. IAP has several contracts with the U.S. Government, including the U.S. Navy, U.S. Marine Corps and Air Force.

IAP entered into a Non-prosecution Agreement (NPA) with the U.S. Department of Justice, agreeing to a criminal monetary penalty, enhancement of its compliance policy and procedures, and reporting obligations because of FCPA allegations.  Rama will face sentencing on September 11 pursuant to his guilty plea.

The Scheme

According to the NPA, in 2004, Rama was introduced to a Kuwaiti consultant while Rama was working for another defense contractor.  Rama learned about MOI’s impending security project from the Kuwaiti consultant.  In 2005, Rama joined IAP and pursued the contract for Phase I of the Kuwait Security Program.  In order to best position itself to win the more lucrative Phase II contract, IAP determined that if it became a consultant to MOI in Phase I, the company could tailor the Phase II requirements to cater to IAP’s capabilities, thus giving IAP a distinct advantage to win the Phase II contract.  With direction from the MOI and Kuwaiti consultant, IAP set up a shell company called “Ramaco” to bid on the Phase I contract to hide IAP’s involvement in Phase I, and conceal any potential conflict of interest in participating in Phase II. Ramaco acted as IAP’s agent in Phase I of the KSP.

Of the $4 million that IAP received for Phase I of the project, IAP diverted half to the Kuwaiti consultant, which was kicked back to Kuwaiti government officials.  According to the NPA, in order to conceal the payments, IAP, Rama and others devised a scheme in which a Kuwaiti company that was performing work on the Phase I contract on behalf of IAP would inflate its invoices on legitimate services.  After the MOI paid Ramaco for Phase I of the contract, Ramaco would transfer the money to IAP, who would in turn pay the Kuwaiti company.  The Kuwaiti company then funneled a portion of those funds to the Kuwaiti consultant to pay bribes to Kuwaiti officials.

Read more

January 29th, 2015

By Juan Castañeda

“So you are the great lawyer I’ve been told about!  But, you are so young!  I was expecting an old lawyer.”

With those words, the silver-haired senior-level executive of the customs broker I was investigating for bribery let me know that his guard was down.  In fact, he seemed relieved and almost eager to help me, a young lawyer that reminded him of his nephew.

This was exactly the reaction I wanted.  We exchanged pleasantries in Spanish over a cup of coffee and proceeded to have a friendly free-flowing conversation.  That conversation revealed that his company was bribing government officials in Latin America, he was a liar, and he had no idea that he had just given me the evidence I needed when I went up the chain to confront his boss.  He never saw it coming.

There are many articles on best practices for conducting internal investigations related to bribery or fraud.  However, at the core of any internal investigation—whether it be domestic or cross-border is—people.  The people at the center of the investigation (employees, former employees, third party vendors, government officials or lawyers) are the key to unlocking the real story behind what has really happened.  Faced with a whistleblower tip of bribery or fraud, a company will undoubtedly look at the underlying documents that paint a scattered picture of events, but it is the people that weave the documents together to tell the story.

Here are some tips on the best ways to set-up witnesses interviews during an internal investigation for optimal effect.

1. Start with the Low-Hanging Fruit.

Any good investigation looks like a pyramid.  Ideally, start your internal interviews on the ground floor with lower-level personnel.  Why?  First, they will most likely be further removed from the fraud being perpetrated by senior management and thus, more forthcoming about facts.  Second, the ground troops may be actual witnesses to executive-level fraud and more than willing to blow the whistle on management if given an opportunity.  Third, line employees possess great real-time information of the daily happenings within the company, where data is located, as well as a more  accurate view of the “real” heirarcy in a company.  Interviewing these witnesses will be useful in recreating who may be behind the fraud, the centers of power within a company that could have known of the fraud, and where the web of deceit extends.

Read more

November 7th, 2014

By Fatema Merchant

On October 10, 2014, the U.S. Department of Justice announced a civil settlement with Teodoro (“Teddy”) Nguema Obiang, Vice President of Equatorial Guinea and eldest son of the country’s current President, under the DOJ’s Kleptocracy Asset Recovery Initiative. Through a combination of forfeiture and divestment, Obiang agreed to turn over $30 million in U.S.-based assets purchased in a “corruption-fueled spending spree,” according to the DOJ. Those assets include a Malibu mansion, Ferrari, and $1 million for life-size Michael Jackson statues Obiang had expatriated from the United States to Equatorial Guinea. He gets to keep a Gulfstream jet and most of his other Michael Jackson paraphernalia, however, including the red leather jacket MJ wore in “Thriller” and the white crystal-covered glove from the king of pop’s “Bad” tour. The settlement dollar-value represents less than half of what the DOJ sought; Obiang managed to send a bulk of his U.S.-based assets outside the United States, including several luxury cars. But the case still represents significant progress in the U.S. government’s anti-corruption efforts, particularly because this action was brought against an official still in power, and most of the settlement amount will be used for the benefit of the people of Equatorial Guinea.


The Obiang settlement comes at the end of a decade-long probe into the crooked leader’s corruption and money-laundering activities. Obiang “shamelessly looted his government and shook down businesses in his country to support his lavish lifestyle, while many of his fellow citizens lived in extreme poverty,” said Assistant Attorney General Leslie Caldwell. According to the DOJ, Obiang’s annual government salary was around $100,000, but he amassed over $300 million through bribes, kickbacks, embezzlement, and extortion. Obiang acquired significant assets in the United States through corporate entities and third parties. The settlement terms require that Obiang disclose other assets he owns in the United States, and provide that certain assets now outside the United States will be subject to seizure and forfeiture if they return to the United States. Obiang will probably be advised not to plan a trip to Las Vegas in his Gulfstream jet any time soon.

The United States is not alone in its pursuit of Obiang. The French government had filed money-laundering charges against Obiang pursuant to its own investigation. France has already seized a multi-million dollar Paris mansion and a fleet of expensive cars.

In the Obiang action, DOJ paired with Immigration and Customs Enforcement (ICE) to conduct the investigation and bring Obiang to justice. Specifically, Homeland Security Investigation’s (HSI) Foreign Corruption Investigations Group (FCIG) and HSI Asset Identification and Removal Group in Miami conducted the investigation with assistance from several HSI attachés stationed in Rome, Madrid, London and Paris. The FCIG works with representatives of victimized foreign governments to prevent corrupt proceeds from entering the United States, seize assets secured through ill-gotten gains, and repatriate those funds to the victimized governments.

Read more

October 29th, 2014

By Juan Castañeda

They come without notice and under the cover of night.  They are sometimes in unmarked envelopes or conveyed through whispered phones calls and very often from your very own employees.  They are allegations of corruption, fraud and criminal conduct.

In an ever more vigilant and connected business climate, multinational businesses and organizations are faced with ever increasing claims of corruption, fraud, bribery, or price fixing that span the globe.

Case in point, during the full throws of this summer’s World Cup in Brazil, soccer’s governing body, FIFA, continued to take heat as allegations submitted to the U.K.’s Sunday Times revealed “millions of secret documents – emails, letters and bank transfers – which it alleges are proof that the disgraced Qatari football official Mohamed Bin Hammam made payments totalling US$5m (£3m) to football officials in return for their support for the Qatar bid.”

As a multinational company, how do you even begin to deal with such claims?  Here are some proactive steps companies use to deal with allegations of fraud or criminal conduct before they even arise.  Following these steps are the secret to preventing surprise allegations and starting a cross-border investigation on the right path.

Get the bad news fast. Particular communication problems arise if the company is based in the U.S. and receives the claim in a foreign jurisdiction.  In a sub-optimal situation, a foreign employee makes an allegation of fraud to a foreign outpost of the U.S. based company which gets lost or worse yet, covered up.  To avoid the criminal and civil ramifications of such a failure of communication, having a rapid response communication plan with customized reporting channels will help tremendously.

Set-up worldwide reporting channels. A proactive plan should include setting up internal reporting channels for foreign and U.S. based employees to report wrongdoing and ensuring proper and periodic training on such reporting.  Reporting channels would include in-person reporting as well as a company whistleblower or hotline number that ensures claims and allegations are routed to one central location.  Make sure that any such in-person reporting or hotline adheres to country specific employment and data privacy laws.  For example, some foreign countries prohibit anonymous calls, and others require government and/or employee approval.

Read more

October 16th, 2014

By Thad McBride and Mark Jensen

Anti-corruption due diligence can be vexing even in the best of conditions; it is often made more complicated by time and business pressures that arise in the context of a merger or acquisition or an urgent sales opportunity.  Anti-corruption compliance is always fact-intensive, and due diligence is no exception, requiring many judgment calls about what issues to prioritize and how to deploy limited resources.  This article aims to provide a basic outline of seven key steps to consider in anti-corruption due diligence.

Background. As many readers know, the Foreign Corrupt Practices Act (“FCPA”) is a U.S. anti-corruption statute that prohibits U.S. persons from bribing or offering to bribe non-U.S. government officials.  The law contains anti-bribery provisions and, for Issuers on U.S. stock exchanges, books and records and internal controls provisions.  The FCPA is aggressively enforced by both the U.S. Securities and Exchange Commission (“SEC”) (for “Issuers”) and the U.S. Department of Justice (“DOJ”).  In recent years, monetary penalties for FCPA violations have been severe, regularly exceeding $100 million.

In this environment, it is essential to consider elements like the following:

1.  Pursue a Risk-Based Strategy

The U.S. government has explicitly recognized (for example, in the FCPA Resource Guide (the “Guide”) that the DOJ and SEC published jointly in November 2012) that companies have finite time and resources to expend on anti-corruption compliance due diligence. Thus, as a first step – and before commencing the actual diligence review – companies should think critically and holistically about factors such as general corruption risk in the relevant geographic area; the types and frequency of interactions the proposed transaction partner has / has had with government officials; the extent of the compliance program maintained by the potential transaction partner; and the importance of the prospective partner to the company’s bottom line or future development plans.  The due diligence plan and team – more on that below – should reflect those risks.

2.  Establish a Team

In many cases, companies that have a well-developed legal and/or compliance department can conduct due diligence internally.  In certain situations, however, outside counsel can play an important role in, or even manage, the diligence exercise.  For example, outside counsel can help overcome resource limitations or provide support such as geographic expertise.  In addition, outside counsel can serve as independent, impartial reviewers, which can give the review additional credibility if it ever is questioned, and cloak the diligence review in the attorney-client privilege.

3.  Make a Plan

A plan should be clear about the steps needed, with the understanding that additional steps may be warranted depending on what is learned during the diligence.  The plan establishes what is expected of team members and provides evidence that the company followed a well-defined, risk-driven process to conduct the diligence.  That evidence may be the best defense the company has if the U.S. government ever asks about why a particular diligence step was or was not taken.

Read more

September 18th, 2014

By Fatema Merchant

On August 14, 2014, Joel Esquenazi and Carlos Rodriguez filed a Petition for a writ of certiorari in the U.S. Supreme Court seeking clarification of a key term in the Foreign Corrupt Practices Act.  Among other arguments, Esquenazi and Rodriguez (the “Petitioners”) state that the FCPA “leaves open the pivotal question of who qualifies as a ‘foreign official’” because the law does not define what it means to be an “instrumentality” of a foreign government.  The Department of Justice has waived its right to respond to the Petition, possibly signaling that the government believes the issue does not warrant the Court’s review.  Last week, the Washington Legal Foundation and the Independence Institute, a pro-business policy group and think-tank respectively, filed a friend-of-the-court brief in support of the Petition, arguing that the case is of exceptional importance to the business community.

If granted, the case would be the first time the Supreme Court has addressed the substance of the FCPA.  While the odds of the Supreme Court granting cert are not great – the Court grants less than one percent of petitions filed – Petitioners argue that the current state of affairs, in which business and individuals cannot determine whether certain business activity is criminal, is unacceptable.


The FCPA prohibits individuals and companies from offering or making corrupt payments to foreign officials to obtain or retain business.  A “foreign official” is “any officer or employee of a foreign government or any department, agency, or instrumentality thereof.”  But the term “instrumentality” is not further defined.

In August 2011, Esquenazi and Rodriguez, co-owners and executives of Terra Telecommunications Company, were convicted under the FCPA for providing kick-backs to two employees of Telecommunications D’Haiti S.A. (Haiti Teleco), a Haitian telecommunications company.  Terra Telecommunications purchased minutes from communications companies, including Haiti Teleco, and resold them for a profit to U.S. customers.  In exchange for the alleged improper payments, Terra Telecommunications received reduced rates and unearned credits.  Esquenazi was sentenced to 15 years, the longest prison-term in FCPA history; Rodriguez was sentenced to a 7-year term.  In May 2014, the Eleventh Circuit affirmed the convictions and confirmed a broad interpretation of “instrumentality,” defining the term as “an entity controlled by the government of a foreign country that performs a function the controlling government treats as its own.”  The Court then laid out a two-pronged test with a broad set of non-exhaustive, non-exclusive factors to consider when determining whether a foreign government controls an entity.  For businesses trying to navigate FCPA compliance concerns, the waters were left decidedly murky.

Why The Court Should Take This Case

Petitioners argue that the Eleventh Circuit’s interpretation of the term “instrumentality” is unacceptably broad, and allows the U.S. government to “take a ‘we-know-it-when-we-see-it’ approach” to enforcement of the FCPA that violates constitutional protections.  To illustrate the expansive scope of individuals who may qualify as “foreign officials” under the current definitional ambiguity, the Petition quotes former Assistant Attorney General Lanny Breuer discussing the pharmaceutical industry of certain countries, asserting that “nearly every aspect of the approval, manufacture, import, export, pricing, sale and marketing of a drug product in a foreign country will involve a ‘foreign official’ within the meaning of the FCPA.”

Read more

July 17th, 2014

By Reid WhittenScott Maberry and Lisa Mays

A red sky at morning is the traditional harbinger of ill weather. From our vantage point in Brussels, we’ve scanned the horizon for signs of the future of anti-bribery enforcement activity in Europe. We’ve identified four factors that are starting small, but may build into heavy seas.

In particular, there are signs that companies that sell to governments in Europe may be well advised to shore up compliance procedures so they can remain dry if a wave of anti-corruption sentiment breaks over the public procurement sector.

1.     Corruption Reports: The Issue Surfaces

In February 2014, the European Commission published its first detailed report on public corruption in the EU. The European Commission Anti-Corruption Report states that corruption may be adding 20-25% to the cost of public procurement in Europe. The Report describes corruption vulnerabilities generally, but it is vaguely worded in an apparent effort not to disparage any particular country. Importantly, it appears that the Commission omitted any specific reporting on corruption within EU institutions. In fact, a “29th Chapter” on European Government corruption was reportedly drafted, but was later dropped from the final version of the report.

Shortly thereafter, Transparency International, a non-governmental organization that monitors and publicizes corporate and political corruption in international development, published its own report on EU institutions. The report concludes that EU institutions generally have good policies, but that foundation is undermined by poor practices, a lack of political leadership, a failure to allocate sufficient staff and funding, and a general lack of clarity about who is governed by EU policies.

These reports bring to light a fact that may have been known to some, but is now publicly on view: corruption in Europe may be wasting public funds at the national and European levels.

Read more

June 17th, 2014

By Reid Whitten and Scott Maberry

We will start by saying we are proud Francophiles. We love many things about French culture; from the just-right draw of their espresso (sorry, Italy, that ristretto is just too short and bitter) to the sacrosanct treatment of time for leisure and family. Indeed, most attempts by the country to preserve la vie Française are idealistic efforts to protect what we see as a beautiful way of life (perhaps excluding some of the Académie Française’s more laughable efforts to provide French alternatives to borrowed English words). And some of the country’s biggest companies represent not only the economic engines of France but also embody national pride in global market power.

However, as news breaks on the unprecedented sanctions penalty currently under discussion for BNP Paribas, there is a risk that the reaction from the country and the company may set a tone that will be counterproductive for French business. French politicians have scrambled to defend the bank, threatening to scrap TTIP negotiations with the United States. French headlines and many conversations we ad in Paris last week ring with indignation.  BNP Paribas is the national team of the French economy. Justifiable national pride in the company has clearly been injured by U.S. enforcement actions.

Leaving aside whether the penalty is too big, politically motivated, or a slight to sovereignty, let us look at the allegations underlying the penalty.

The Alleged Violations

Details of the allegations are not public, but reports indicate that BNP Paribas is accused of stripping identifying information from wire transfers from Sudan, Iran, and other sanctioned countries so that the transfers could pass through the U.S. financial system without raising red flags. If these allegations are true, they mean that BNP Paribas took active steps to subvert U.S. law, hide the violations, and profit by the unlawful use of the U.S. financial system.  Rhetoric that the company was unaware of the violations, that the enforcement is some sort of “gotcha” moment created by the U.S. authorities, is much deflated if the bank made affirmative efforts to thwart U.S. shields against sanctioned transfers.

The Reaction

Instead of – or along with, outrage – let us propose another reaction for French companies: Compliance. Specifically, we propose that French business leaders equip their companies to succeed in the international economy.  French companies involved in cross-border transactions know, and have now seen, that they will have to play by rules set by parties outside of l’Hexagone. The U.S. sanctions regime, overreaching or not, is a reality. Sophisticated sanctions such as prohibiting U.S. Dollar clearing on sanctioned country transfers, are a reality. French companies, like all others reaching into the global marketplace, can greatly benefit by understanding and preparing for such foreign regulations. By looking outward, understanding the terrain, and planning to navigate within the applicable legal framework, companies can continue to grow and prosper without risking violations – particularly violations that are so enormously costly to company and country.

Read more

March 28th, 2014

By Ling Zhang

Stricter Blacklist Regime

On December 25, 2013, the National Health and Family Planning Commission of China (“National Health Commission”, former Ministry of Health) issued the amended Provisions Regarding the Establishment of Commercial Bribery Blacklist in the Pharmaceutical Purchase and Sales Industries (“Blacklist Provisions”), which came into effect on March 1, 2014.

According to the Blacklist Provisions, each provincial health commission shall establish and publish a blacklist recording the bribery in the pharmaceutical industry, while the official website of the National Health Commission is required to forward the bribery records published by provincial health commissions for wider range of audiences. Pursuant to the Blacklist Provisions, a bribery record shall, subject to the severity of the circumstances, be listed in the blacklist when the pharmaceutical producers, business operators or their agents (“Pharmaceutical Enterprises”) offer monetary or other interests to persons in charge of the medical organization, pharmaceutical purchasers or medical staff for their purchase or usage of relevant medicines, medical equipment or consumables. Once the Pharmaceutical Enterprises have records listed in the bribery blacklist (“Blacklisted Enterprises”), the products of the Blacklisted Enterprises shall be restricted in the bidding and purchasing process of public and government funded medical institutions (“Applicable Institutions”).

If one Blacklisted Enterprise has one record in certain provincial blacklist, the Applicable Institutions in the provincial territory shall not purchase its medicines, medical equipment or consumables for two years, while the Applicable Institutions out of the provincial territory shall lower the evaluation of the Blacklisted Enterprise during the bidding and purchasing process. If one Blacklisted Enterprise has more than one blacklist record within five years, all the Applicable Institutions nationwide shall not purchase its medicines, medical equipment or consumables for two years.

Other than the “blacklist regime”, the Blacklist Provisions also requires an integrity sales agreement to be signed along with the master sales agreement, in which the names of the sales representatives shall be clearly listed and anti-bribery clauses shall be included.

Read more

About Sheppard, Mullin, Richter & Hampton LLP

ANALYSIS: The Schrems Decision: How the End of Safe Harbor Affects Your FCPA Compliance Plan

USDOJ: Criminal Division News  
An error has occurred, which probably means the feed is down. Try again later.