This prior post went in-depth into the SEC’s $13.9 million Foreign Corrupt Practices Act enforcement action against United Technologies Corp. and this post continues the analysis by highlighting additional issues to consider.TimelineAs highlighted in this prior post, UTC’s FCPA scrutiny began in late 2013/early 2014. Thus, from start to finish its scrutiny lasted approximately 4.5 years.At the risk of sounding like a broken record to regular readers … if the FCPA enforcement agencies want the public to have confidence in their FCPA enforcement programs, they must resolve instances of FCPA scrutiny much quicker. The validity and credibility of FCPA enforcement depends on this. Having FCPA scrutiny linger for over four years is inexcusable particularly since UTC in the words of the SEC:“[T]imely provided facts developed during its internal investigation. UTC also cooperated with the Commission investigation by timely producing documents, including key document binders and translations of key documents as needed, providing the facts developed in its internal investigation, and making current or former employees available to the Commission staff, including those who needed to travel to the United States.”Where ElseIt has been highlighted many times on these pages. One reason, among others, to pause before making a voluntary disclosure is that the government will very likely ask the “where else” question (see here for a prior post) and the original point of entry into the company will greatly expand.UTC’s initial disclosure and the subsequent enforcement action demonstrate this point.As highlighted in this prior post, UTC’s initial voluntary disclosure was as follows:“In December 2013 and January 2014, UTC made voluntary disclosures to the United States Department of Justice, the Securities and Exchange Commission Division of Enforcement and the United Kingdom’s Serious Fraud Office to report the status of its internal investigation regarding a non-employee sales representative retained by United Technologies International Operations, Inc. (UTIO) and International Aero Engines (IAE) for the sale of Pratt & Whitney and IAE engines and aftermarket services, respectively, in China. On April 7, 2014, the SEC notified UTC that it is conducting a formal investigation and issued a subpoena to UTC seeking production of documents related to the disclosures. UTC is cooperating fully with the investigation. Because the investigation is at an early stage, we cannot predict its outcome or the consequences thereof at this time. At the outset of the internal investigation, UTIO and IAE suspended all commission payments to the sales representative, and UTIO and IAE have not resumed making any payments. This led to two claims by the sales representative for unpaid commissions: a civil lawsuit filed against UTIO and UTC and an arbitration claim against IAE. We are contesting the lawsuit and the arbitration claim. We do not believe that the resolution of the lawsuit or the arbitration will have a material adverse effect on our competitive position, results of operations, cash flows or financial condition.”A portion of the conduct in the SEC’s order did indeed involve China, but other conduct addressed in the enforcement action focused on Azerbaijani, Kuwait, South Korea, Pakistan, Thailand, and Indonesia.No Relevant FindingsA close read of the SEC’s order indicates that the anti-bribery findings related only to the Azerbaijani bribery scheme and the conduct of Otis Elevator Co. (a wholly-owned UTC subsidiary).There is literally no specific relevant findings in the SEC’s order as to UTC – the company that resolved the enforcement action. Specifically, there is no finding or suggestion that UTC was involved in or had knowledge of the alleged improper conduct at its subsidiary. All the SEC order states is that “UTC failed to detect the conduct …”.A parent company like UTC is a separate and distinct entity from its subsidiaries and is not automatically liable for subsidiary conduct – including potential anti-bribery violations – absent knowledge, approval, or participation in the bribery scheme. In other words, legal liability does not ordinary hop, skip and jump around a multinational corporation absent an alter ego analysis or control / participation in the underlying conduct.But then again, this black letter legal principal appears to matter very little in actual FCPA enforcement actions as the SEC found that UTC was liable for anti-bribery violations based on a seeming strict liability theory.Internal ControlsThe SEC’s order acknowledges that UTC:had a corporate policy that prohibited improper payments;had policies that required the Legal Department to review and approve all leisure travel and entertainment and gifts to a foreign official;had a corporate policy that required due diligence of third parties;required legal personnel to review relevant contracts with third parties; andhad a corporate policy directing an employee who received proprietary information from outside the company to consult the Legal Department;You can be sure that if UTC did not have any of the above, the SEC would have found the company in breach of the FCPA’s internal controls provisions.However, certain subsidiary employees ignored the policies or “frequently circumvented” the policies by omitting certain relevant information.The end result was that the SEC still found UTC in breach of the internal controls provisions because the company failed to “prevent” certain of the improper conduct and with the perfect benefit of hindsight UTC personnel could have done things differently.Pardon me for being the law guy, but the FCPA’s internal controls provisions do not speak of preventing conduct. Rather, the FCPA’s internal controls provisions state that an issuer shall “devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that” certain financial objectives are met. The FCPA then defines “reasonable assurances” and “reasonable detail” to “mean such level of detail and degree of assurance as would satisfy prudent officials in the conduct of their own affairs.”In the SEC’s release Tracy Price (Deputy Chief of the SEC’s FCPA Unit) stated “U.S. companies with global operations must implement policies and procedures that prevent bribery …”. This is a completely inaccurate statement of law and it is troubling hearing this from an SEC official.Normal ActivityThis recent post responded to the question: “why do ‘normal’ employees violate the FCPA?”A partial answer is because enforcement actions often involve “normal” activity.As related to the UTC enforcement action, a meaningful component of the enforcement action involved sponsoring of a golf event. Learn More & Register FCPA Institute – Boston (Oct. 3-4) A unique two-day learning experience ideal for a diverse group of professionals seeking to elevate their FCPA knowledge and practical skills through active learning. Learn more, spend less. CLE credit is available.