Government Contracting Abroad: Beware Compliance Risks
On June 16, 2015, IAP Worldwide Services Inc., a private defense and government contracting company, agreed to pay $7.1 million to settle criminal charges of the U.S. Foreign Corrupt Practices Act (FCPA) related to bribing Kuwaiti government officials to secure a Kuwaiti government contract. On the same day, James Michael Rama, IAP’s Former Vice President of Special Projects and Programs also pleaded guilty to FCPA charges. For U.S. government contractors, the opportunities to provide services and expertise to foreign governments are lucrative, but this enforcement action also highlights the risks associated with obtaining such contracts.
In 2004, Kuwait’s Ministry of Interior (MOI) initiated a project called the Kuwait Security Program to develop a national surveillance program using closed-circuit television. The program was divided into two phases. Phase I was the planning and feasibility phase preceding the more lucrative Phase II installation phase. The MOI was responsible for selecting the contractors that would help implement the program.
IAP is a small Florida-based company that provides facilities management, technical services, and contingency support to the U.S. military and other governmental agencies around the world. IAP has several contracts with the U.S. Government, including the U.S. Navy, U.S. Marine Corps and Air Force.
IAP entered into a Non-prosecution Agreement (NPA) with the U.S. Department of Justice, agreeing to a criminal monetary penalty, enhancement of its compliance policy and procedures, and reporting obligations because of FCPA allegations. Rama will face sentencing on September 11 pursuant to his guilty plea.
According to the NPA, in 2004, Rama was introduced to a Kuwaiti consultant while Rama was working for another defense contractor. Rama learned about MOI’s impending security project from the Kuwaiti consultant. In 2005, Rama joined IAP and pursued the contract for Phase I of the Kuwait Security Program. In order to best position itself to win the more lucrative Phase II contract, IAP determined that if it became a consultant to MOI in Phase I, the company could tailor the Phase II requirements to cater to IAP’s capabilities, thus giving IAP a distinct advantage to win the Phase II contract. With direction from the MOI and Kuwaiti consultant, IAP set up a shell company called “Ramaco” to bid on the Phase I contract to hide IAP’s involvement in Phase I, and conceal any potential conflict of interest in participating in Phase II. Ramaco acted as IAP’s agent in Phase I of the KSP.
Of the $4 million that IAP received for Phase I of the project, IAP diverted half to the Kuwaiti consultant, which was kicked back to Kuwaiti government officials. According to the NPA, in order to conceal the payments, IAP, Rama and others devised a scheme in which a Kuwaiti company that was performing work on the Phase I contract on behalf of IAP would inflate its invoices on legitimate services. After the MOI paid Ramaco for Phase I of the contract, Ramaco would transfer the money to IAP, who would in turn pay the Kuwaiti company. The Kuwaiti company then funneled a portion of those funds to the Kuwaiti consultant to pay bribes to Kuwaiti officials.
The IAP action – DOJ’s first corporate FCPA enforcement action in 2015 – is based on conduct that occurred seven to ten years ago, mostly involving one individual who has not worked at the company for more than seven years. This enforcement action highlights the fact that conduct from years past by one bad apple can still cost a company millions in penalties. It is important for companies to train and educate their management about the costs of non-compliance for their employer and for them as individuals.
While the domestic government contracting sector is laden with regulations and oversight, foreign government contracting is much more ripe with corruption risks. As U.S. government contractors explore this relatively new territory of obtaining contracts from foreign governments, companies should consider reviewing and enhancing their compliance policies and procedures to protect themselves from FCPA risks.
The NPA requires that IAP review and revise its existing compliance policy and procedures, ensuring that, at a minimum, the following elements are met:
High-Level Commitment: IAP will ensure that its senior directors and management provide strong tone-at-the-top for anti-corruption compliance.
Policies and Procedures: IAP will develop a clear anti-corruption policy covering the FCPA and applicable foreign laws, and a written compliance code to effectuate that policy.
Risk-Based Reviews: IAP will periodically perform reviews to assess corruption risk and tailor its policies and procedures based on those risks.
Oversight and Independence: IAP will assign compliance responsibilities to a senior executive who has autonomy to report to independent monitoring bodies, including the Board of Directors.
Training: IAP will implement mechanisms to effectively train its directors, officers, employees, and business partners on IAP’s compliance policies and procedures.
Reporting and Investigations: IAP will ensure that it has a system to confidentially report violations of anti-corruption laws and IAP’s policies and procedures, as well as a reliable process for investigating potential violations.
Discipline: IAP will implement appropriate procedures to address and discipline violations of applicable anti-corruption laws and IAP’s compliance policies, remedy harm from misconduct, and prevent similar misconduct.
Relationships with Third Parties: IAP will adopt risk-based due diligence procedures related to the retention and monitoring of agents and business partners.
Mergers and Acquisitions: IAP will develop policies and procedures to conduct risk-based due diligence when acquiring business entities.
Monitoring: IAP will conduct periodic reviews of its compliance policies and procedures designed to evaluate the effectiveness of preventing and detecting violations of anti-corruption laws and the company’s compliance code.
The IAP action should put government contractors on notice of the corruption risks and the potentially severe consequences of FCPA violations. Notably, many of the elements of the NPA articulate DOJ’s expectation for risk-based policies, procedures, and due diligence. Those elements provide a roadmap for companies to develop and enhance their anti-corruption compliance policies and procedures. As always, prevention is better than cure.