New York-based hedge fund Och-Ziff Capital Management Group (the “Hedge Fund”) agreed to pay approximately $412 million to resolve charges brought by the U.S. Securities and Exchange Commission (“SEC”) and Department of Justice (“DOJ”) on September 29, 2016. The charges related to the company and its subsidiaries violating the anti-bribery, record-keeping and internal accounting controls provisions of the U.S. Foreign Corrupt Practices Act ("FCPA") in connection with illicit payments made to government officials in various countries in Africa. This action highlights for companies the importance of implementing and monitoring effective compliance programs.

This is the first major FCPA enforcement action against a financial services company, and the total penalty represents the fourth-largest FCPA action to date. It also demonstrates the focus of the U.S. Government on holding accountable both companies and individual executives, as well as the importance of not only conducting due diligence on third parties, but also following up on corruption-related red flags identified during diligence.

The Action Against the Hedge Fund

According to the settlement documents, the bulk of the activities leading to the enforcement action against the Hedge Fund related to bribes paid in the Democratic Republic of Congo (“DRC”) and Libya, though corrupt activities also occurred in Guinea, Niger and Chad. In the DRC, the Hedge Fund paid over $100 million in bribes to DRC officials through a local joint venture partner to gain access to mining ventures and concessions in the country worth approximately $340 million, resulting in profits of over $90 million to the Hedge Fund. Due diligence conducted on the local partner identified numerous red flags and corruption concerns, but nonetheless the Hedge Fund's CEO authorized the relationship and the CFO approved payments to the partner despite knowing of the corruption concerns.

In Libya, the Hedge Fund paid up to $3.75 million in bribes to Libyan officials through a local intermediary in order to secure approximately $300 million in investments from the Libyan Investment Authority ("LIA"), Libya’s sovereign wealth fund. No due diligence was conducted on the intermediary despite known connections to Libyan government officials, and the Hedge Fund's legal and compliance personnel were not made aware that the intermediary was helping arrange meetings with LIA officials – instead, only the Hedge Fund's CEO was made aware. In most cases, OZ Management LLP, a registered investment adviser that managed funds on the Hedge Fund's behalf, authorized the use of funds to bribe foreign officials. These payments were falsely described as investments or convertible loans in the Hedge Fund's books.

As a result of the charges brought by the U.S. Government:

• The Hedge Fund entered into a deferred prosecution agreement with the DOJ under which it agreed to pay a criminal penalty of $213 million and be subject to an outside compliance monitor for a three year period;
• The SEC issued an administrative order requiring the Hedge Fund to pay $199 million in disgorgement and prejudgment interest and retain an independent monitor;
• The Hedge Fund's CEO was ordered by the SEC to pay $2.1 million in disgorgement and prejudgment interest for his role in the bribery schemes, while the CFO also agreed to settle similar SEC charges (the amount of the penalty remains pending).

Key Takeaways

Financial Services Industry Under Scrutiny

This action has significant implications for private equity funds, hedge funds and other financial institutions. It is the first major FCPA enforcement against a financial services institution. Notably, the Och-Ziff action appears to have resulted from a well-publicized SEC-led inquiry of the financial services industry launched in 2011 related to interactions with sovereign wealth funds. Now that this matter has been resolved, U.S. officials may turn their attention to other financial services institutions – similar to prior FCPA enforcement sweeps of the oil/gas and pharmaceutical industries.

Continued Focus on Individuals

In recent years, U.S. enforcement authorities have repeatedly insisted that they are focused on prosecuting not only companies but also individuals involved in prohibited bribery schemes. In September 2015, Deputy Attorney General Sally Yates issued a memorandum intended to strengthen the DOJ’s pursuit of individual corporate wrongdoing. Statements by various SEC officials also demonstrate the importance placed by the SEC on holding individual bad actors accountable for their participation in schemes prohibited by the FCPA.

This action demonstrates the focus of the government on individual accountability – it is the first time that the SEC has charged a sitting CEO and CFO with FCPA violations. While the CEO and CFO were not alleged to have specific knowledge that bribes were paid to foreign officials, they were charged with ignoring red flags and corruption risks related to the activities under investigation and with permitting illegal transactions to proceed in violation of the FCPA’s internal controls provisions. In announcing the action, the Director of the SEC Enforcement Division, Andrew J. Ceresney, stated that “senior executives cannot turn a blind eye to the acts of their employees or agents when they became aware of suspicious transactions with high-risk partners in foreign countries.”

Value of Cooperation in FCPA Investigations

Both the DOJ and SEC formally offer potentially significant mitigation of penalties in FCPA investigations for companies and individuals that cooperate with government inquiries. In April 2016, the DOJ launched its FCPA Enforcement Pilot Program setting forth specific parameters for when and how companies can receive credit for self-disclosure, cooperation and remediation in connection with FCPA investigations – which can result in a reduction of up to 50 percent in penalties. While the Hedge Fund investigation began before the Pilot Program was launched, many of the criteria set forth in the program were considered by the government in determining the penalties to be imposed against the company.

Importantly, the action demonstrates that the government will reward cooperation even in the absence of voluntary self-disclosure. While the Hedge Fund did not voluntarily disclose the activities at issue, the company nonetheless received partial mitigation credit for its comprehensive investigation of the issues and for implementing significant remedial measures to improve compliance and internal controls. However, the company did not receive additional credit due to delays in the initial phase of the investigation, including a failure to produce important documents on a timely basis (in some cases providing relevant documents only after they had been identified and requested by the DOJ). Despite not voluntarily disclosing the activities and the additional failures and delays described, the Hedge Fund still received a 20% reduction – worth tens of millions of dollars – from the bottom of the range of criminal penalties available under the U.S. Sentencing Guidelines.

Importance of Implementing and Monitoring Effective Compliance Programs

This action also demonstrates the risk for companies that fail to effectively enforce pre-existing FCPA compliance policies and procedures. The U.S. Government determined that the Hedge Fund failed to follow its own due diligence processes for third parties – in some cases, diligence was conducted but red flags were ignored, while in others no diligence was conducted at all. The Hedge Fund also failed to conduct enhanced due diligence for high-risk activities involving state-owned entities and did not conduct sufficient due diligence on recipients of funds.

The action demonstrates that financial services institutions (including private equity and hedge funds, among others) should consider many factors, including the following, in assessing whether their compliance programs are effective:

1. As an initial matter, financial services institutions should review business practices in high-risk jurisdictions and implement enhanced policies to protect against improper conduct.
2. Compliance programs maintained at the fund level should apply to, and be implemented at, portfolio companies and joint ventures.
3. Due diligence should be conducted regarding placement agents and other intermediaries used to identify and develop business abroad. When red flags are raised in the diligence process, they should be investigated and resolved in a manner that mitigates potential bribery risks.
4. Legal and compliance personnel should be authorized and empowered to play an active role in monitoring transactions and relationships that raise FCPA risks, and recommendations from such personnel should not be ignored by executives and other decision makers lest they run the risk of being held individually liable under the FCPA.
5. When entering into joint ventures, particularly in countries that pose high corruption risks, financial services institutions should confirm the beneficial ownership of all parties involved, justify expenditures related to such ventures and confirm the recipients of payments through the ventures.