Last week, according to a Department of Justice (DOJ) Press Release, Deutsche Bank Aktiengesellschaft (DB), “agreed to pay more than $130 million to resolve the government’s investigation into violations of the Foreign Corrupt Practices Act (FCPA) and a separate investigation into a commodities fraud scheme. “The resolution includes criminal penalties of $85,186,206, criminal disgorgement of $681,480, victim compensation payments of $1,223,738 and $43,329,622 to be paid to the US Securities & Exchange Commission in a coordinated resolution.” Settlement documents include a Deferred Prosecution Agreement(DPA) and Information from the DOJ and a Cease and Desist Order (Order) entered to with the SEC. This settlement comes on the heels of another Foreign Corrupt Practices Act (FCPA) settlement in August 2019, where the Bank paid $16.2 million to settle a ‘Princeling’ charge that it corruptly hired sons and daughters of foreign officials and of employees of state-owned enterprises. Today, I discuss the overlooked red flags and failures of internal controls at the Bank.
One thing that is clear from all the settlement document is that DB had a robust written Global Anti-Corruption Policy which prohibited the payment of bribes, both directly and indirectly, in both the public and private sectors. The Policy also prohibited the offer of anything of value to influence any act or decision of a public officials. The Order makes clear that it was a paper program only, with no teeth.
When it came to third-parties, representatives such as the Business Development Consultants (BDCs) could only be retained under the following conditions:
- Documented pre-contractual due diligence;
- A written contract which set out the BDC’s role and/or services approved by the Bank’s Legal department;
- The contract contained a documented description of services to be performed, amount to be paid, and other material terms of the engagement;
- The payment was proportionate to the value of the services rendered; and
- Review and approval was obtained before the engagement began.
In addition to these requirements, a BDC “with a “political or governmental affiliation” was classified as a politically exposed person (“PEP”) and required enhanced due diligence” and such person could not be retained without additional vetting and approval by senior management, Legal, and the Bank’s compliance functions. Such third-parties were mandated to have “sufficient expertise and qualifications” to perform the services. Finally, “Payments were required to be proportionate to the services rendered and made only in circumstances where the supporting invoice contained “sufficient detail regarding the services or matters to which such invoice relates.””
The gaping hole in all of this was who actually managed the BDCs after they were approved. It was the front-line business representatives who had initially proposed the BDC in the first place. Moreover, not only were these business representatives evaluated by how the BDCs performed but their compensation was in part based on the work brought in by the BDCs. The Order stated, business sponsors, as Bank employees were “compensated, in part, based on the revenue earned by Deutsche Bank. The business sponsors recommended the engagement of the identified BDC, determined whether payments to the BDCs complied with both the terms of the BDC contract and the Bank’s policies, and maintained records concerning the services provided by the BDC, including invoices.”
Missed Red Flags
The Bank’s internal audit, in both 2009 and 2011 identified red flags around the BDCs. The 2009 Report noted identified concerns with the Bank’s use of one BDC including insufficient oversight over that BDC engagement to ensure it was not being used for corrupt purposes and a lack of documentation detailing what actual services were rendered by the BDC. The report went on to recommend that the Bank’s “global BDC Policy be revised and that the internal accounting controls around BDCs be enhanced to include centralized and thoroughly documented due diligence to demonstrate that a BDC was qualified to perform the services for which it was contracted, maintenance of detailed records of all work performed by the BDC, and a requirement that BDC engagements include books and recordkeeping provisions giving Deutsche Bank inspection rights.”
The 2011 Report went further finding “problems related to specific BDC engagements; lack of due diligence; general lack of training and awareness of Deutsche Bank’s BDC Policy and due diligence requirements among employees; failure by business sponsors to appropriately assess, document, and mitigate corruption risks and conflicts of interests; and failure to document the proportionality and justification for certain BDC payments.”
Internal Control Failures
Even with this specific information in both Reports going to the Bank’s senior management there were numerous internal control failures. Between 2009 and 2016, the Bank retained and utilized BDCs: 1) with no expertise or qualifications; 2) were foreign government officials; 3) without a contract; 4) using form agreements which had description of the services to be performed and/or provisions calling for “success fee” payments; 5) with compensation rates that were unreasonably high; and 6) in circumstances where either adequate due diligence was not performed or where due diligence was conducted more than a year after the BDC was retained and paid.
Due to these internal control failures, the Bank paid certain BDCs in circumstances where no invoices were submitted and where invoices contained insufficient documentation to detail what services were performed. These failures made “it nearly impossible to determine what, if any, services were performed or to determine the purpose for the payment.” At times, the BDCs were paid in excess of what was provided for pursuant to their contract with the Bank and some BDCs were paid even though they had no contract at the time certain of the services were purportedly performed. Finally, as the Order dryly noted, “Amongst the BDC payments made in these circumstances were those that were bribes.”
Some Examples
In China, a BDC, who was a government official, was hired and worked for the entity whom the Bank was attempting to gain business from. This third-party was ““a close friend of” a foreign government official whose approval was needed for the establishment of the investment fund.” Moreover, and with a huge red flag, “that same government official required that Deutsche Bank work through Consultant A to establish the investment fund.” This corrupt agent was paid “at least $1.6 million. This included payments for services purportedly performed before he was engaged.” The Bank gave this BDC “a partnership interest in the investment fund that required little or no upfront capital and entitled him to a large potential profit share.” This agreement was executed without Legal and Compliance having full information about the circumstances of BDC’s relationship with the government entity.
In Italy, the Bank hired an Italian Tax Court Judge, to refer high net worth clients to the Bank. Apparently little to no due diligence was performed prior to retaining the BDC. Numerous payments were made to BDC that exceeded the commission rate in his contract and included payments outside the terms of his contract. Additionally, the BDC was paid more frequently than permitted by contract and was paid despite not performing some of the services for which invoices were issued. The Order stated, “For example, he received payments for at least three purported client introductions despite not having introduced those clients to the Bank. When he made demands for payments outside the scope of his contract, he received additional payments and was paid for research reports and advisory information that were of no value to the Bank.”
Tomorrow we consider recidivism, the penalty and FCPA enforcement.
[View source.]
