On July 31, the U.S. Securities and Exchange Commission filed a settled enforcement action against Nature’s Sunshine Products Inc., a nutritional supplement manufacturer in Utah, after its subsidiary in Brazil allegedly bribed customs officials in 2000 and 2001 with more than $1 million in cash to get its unregistered products into the country, where regulations had classified many of its products as medicines.
The SEC, which claimed that the conduct violated the anti-bribery provision of the Foreign Corrupt Practices Act and federal securities laws, also charged the company’s chief executive officer, Douglas Faggioli, and chief financial officer, Craig D. Huff, alleging liability based on the ground that they were in “control” of the violators under Section 20(a) of the Securities Exchange Act of 1934.
Under the proposed settlement, none of the defendants admitted liability but the company agreed to pay a civil penalty of $600,000 and each officer to pay $25,000.
The case was the first FCPA action in which the SEC has charged individuals under the Exchange Act’s control liability theory, according to Philip Urofsky, a former federal prosecutor of FCPA claims who now is a partner in the Washington office of New York’s Shearman & Sterling. Urofsky, who recently issued a client memorandum about the case, talked to The National Law Journal about how the SEC’s interpretation broadens the scope of potential liability of corporate officers to FCPA claims.
NLJ: The U.S. government has increasingly focused on FCPA violations in recent years. How involved has the SEC been in these types of actions?
PU: In the past, the SEC was not very active in this area. Beginning in the late ’90s, it became much more active, but I would still say that the lead enforcement agency is the U.S. Department of Justice. There’s been an expansion of the SEC’s theories. The SEC has a different standard of proof than the DOJ, a lesser standard of proof. So they can allege actions and the company doesn’t have to admit to the offense, doesn’t have to admit to the facts, to settle. They can proceed by neither admitting nor denying. This gives [the SEC] leverage in cases where the DOJ cannot proceed because it will not be able to establish every element of the crime beyond a reasonable doubt. The SEC still has the ability to bring a pure books-and-records action.
NLJ: Why is this case significant?
PU: Both agencies over the past couple of years have increased the number of cases they’ve brought against individuals but, to date, these allegations have been accompanied by direct allegations that the individuals they charged were involved in the action, in creating the false books and records or creating controls or authorizing payment of the bribes. What seems to be unique and unprecedented in the FCPA context is the SEC’s invocation of Section 20A of the Exchange Act, which provides for control person liability. What they allege is that the current CEO, who was at the time the COO, had overall responsibility for the international operations of the company, including the export of products to Brazil. And the people who would know about these issues were under his control, and that the former CEO had authority and responsibility for the internal controls and books and records. This is a departure from the former practice. It’s consistent with Section 20A as it’s used in private litigation, but I’ve never seen the SEC use it in an FCPA case.
NLJ: Where do you usually see control person liability?
PU: It came up in Tyco, Enron — pretty much most of the recent corporate scandals. It’s one of the theories used to go against executives, directors and even, in some cases, the accountants. The statute does not define control, so there are a lot of different definitions out there and a split in the circuits of what needs to be played and proven against an executive or any other person — a director, for instance — to establish that that person is a controlling person.
There are a couple of different tests. One is essentially by status: Look at the title. There’s the other side, which says you actually have to control the specific transactions at issue in a culpable way. That’s the test in the 2nd and 4th circuits. But there’s the middle way, which is the majority way now, which is that you have to have exercised actual control over the corporation, not be a passive player, and have the ability to have controlled the specific areas of transactions under review but not necessarily have specific culpability for that transaction.
Within the same week the Nature Sunshine case came out of the Utah office of the SEC, the SEC’s New York office charged Maurice Greenberg and Howard Smith in the AIG case under control person liability. In that case, they did largely charge that as culpable knowledge. The SEC is operating here in Utah, which is the 10th Circuit. The standard in the 10th Circuit would be the middle of the road one — the ability to control.
NLJ: What does this mean for corporate officers who might face FCPA charges?
PU: It’s an indication of the SEC’s willingness to use all the tools at its disposal to hold individuals liable for acts within the corporation. Up until now, they usually would allege some knowledge, direct knowledge, and involvement of an individual. That is limiting because sometimes they don’t have the evidence, don’t have the last link. Also, in this case it’s the CEO and CFO. But Section 20A has been used against a much wider variety of corporate officers and even directors in civil litigation. So there’s potential where the directors are very active and involved in the operations of the company. In those circumstances, the SEC might very well look and see if there are facts to justify holding that person responsible.
NLJ: This case settled before a defense theory was introduced. What could be an individual’s defense against such control liability claims in an FCPA case?
PU: The defense would take an argument [that] the board does not micromanage and does not have authority to micromanage operations of the company at that level. The second defense is [that] the person acted in good faith and did not induce or direct the conduct. Certainly, a member at the director level could take the position that they operated within the scope of their committee, they received regular reports from the appropriate senior management and there was nothing in these reports, which they probed, to indicate there were problems.
In Nature’s Sunshine, for instance, one of the things the SEC noted that should have caught people’s attention was that a major subsidiary’s revenues and performance were dropping precipitously because of issues in Brazil involving import difficulties of their products. And then there were reports in the company about which someone should have inquired: “Why were the payments to customs officials so high?” There were a number of red flags that rose to a sufficient level that created recklessness on behalf of senior officers that they didn’t follow up on.