Recent FCPA Action Highlights Corruption Risks in Customer Relationships

Third-party due diligence is a central pillar of any anti-corruption compliance program under standards set forth in the United States or elsewhere. Often — and rightfully so — corporations prioritize due diligence on third parties involved in sales or business generation roles, such as agents, consultants and distributors. 

These categories of third parties account for a majority of the enforcement actions under the Foreign Corrupt Practices Act (FCPA) during its 40-plus years. However, as compliance programs mature and address the most obvious risks, a question may emerge whether a third-party due diligence process should include customers, and if so, to what extent. 

Of course, many companies review customers for sanctions and money-laundering risks. Usually, companies do not face corruption risks via customers and conduct only basic screenings. But the recent enforcement action against Freepoint Commodities highlights some factors that should lead to deeper reviews of some customer relationships. While this was not the first such enforcement action, it serves as a reminder that customer relationships can be a blind spot for anti-corruption compliance efforts that can lead to significant risk. 

Freepoint’s DOJ resolution

On Dec. 14, 2023, the DOJ announced it had reached a deferred prosecution agreement (DPA) with Freepoint, a commodities trading company based in Connecticut, regarding a bribery scheme targeting business with Petrobras, the Brazilian state-owned oil company. In the announcement, the DOJ stated that Freepoint agreed to resolve parallel investigations by the DOJ and the Commodity Futures Trading Commission (CFTC) and indicated that a related resolution with authorities in Brazil may be forthcoming. To set the stage for the DPA, the DOJ’s criminal information document charged the company with one count of conspiracy to violate the FCPA’s anti-bribery provisions. The company also accepted an order by the CFTC for violating the anti-manipulation and anti-fraud provisions of the Commodity Exchange Act.

Freepoint agreed to substantial financial penalties for this scheme, essentially agreeing to pay more than three times its profits from the scheme, based on public papers. Specifically, Freepoint agreed to forfeit its profits from the scheme, totaling $31 million, and pay a criminal penalty of $68 million. The company also agreed to disgorge about $8 million to the CFTC, which the DOJ agreed to credit toward the forfeiture amount; in other words, it did not add to the overall total for Freepoint. In addition, the DOJ agreed to require an immediate payment of only two-thirds of the criminal penalty (about $46 million), and the DOJ agreed to offset the remaining amount in the event Freepoint subsequently agrees to an anticipated resolution with Brazilian authorities related to the same bribery scheme within a year of the DPA’s effective date.

Bribery schemes and payment channels

The DPA and CFTC order reveal a bribery scheme reportedly orchestrated by Freepoint’s employees, a third-party consultant and in some instances, a customer who was affiliated with one of Freepoint’s employees. A trial is expected later this year for one Freepoint employee (Glenn Oztemel), the owner of the customer company (Gary Oztemel, Glenn’s brother) and the third-party consultant (Eduardo Innecco). 

More information may become public during the trial, but in the meantime, the DPA and the related criminal information summarize the facts. According to the DPA, Freepoint executed the bribery scheme in two ways, as we detail below: (1) paying commissions to offshores entities using a contract and invoices that hid the true nature of the payments; and (2) orchestrating back-to-back transactions with the ultimate customer Petrobras and an entity owned by Gary Oztemel, creating a slush fund at Gary Oztemel’s entity (Freepoint’s customer) that could, in turn, be used for payments to offshore entities and public officials, without any trace on Freepoint’s financial statements.

The usual scheme: third-party commissions to offshore entities

According to the DPA, once Glenn Oztemel joined Freepoint in 2012, he set up a traditional third-party scheme whereby companies owned and controlled by Innecco were paid commissions for little or no services. According to public documents, Glenn Oztemel caused Freepoint to enter a purported service provision agreement with a company named Albatross Shipping Consultants; if the name itself was not a red flag, the entity was incorporated in Liberia for business related to Brazil. Innecco further caused other entities to issue sham invoices to Freepoint for consulting or commissions fees, with one entity incorporated in the British Virgin Islands and the other in Uruguay. Freepoint made payments to these entities that totaled about $4 million between 2012 and 2018. Once received, Innecco, in turn, used a portion of those funds to make improper payments to Petrobras officials. 

Today, our expectation is that a standard third-party due diligence program likely would flag these relationships and payments as high risk (if not problematic), hopefully preventing the scheme in the first place. 

The advanced scheme: back-to-back transactions with ultimate customer

As noted, this reported bribery scheme also involved the use of a customer relationship. Specifically, Freepoint established Oil Trade & Transport S.A. (OTT) as a customer to create slush funds with the latter under the direction of Gary Oztemel. OTT was incorporated in Panama, but it had its principal place of business in Connecticut. 

To execute the scheme, the involved individuals utilized OTT to engage in “back-to-back” transactions with Freepoint and Petrobras “to obtain and retain business for Freepoint,” which were reflected in Excel spreadsheets. According to the DPA, in coordination with Freepoint, OTT purchased oil cargoes from Petrobras, then sold the same cargoes to Freepoint at a value higher than the purchase price. Upon receipt of payment by Freepoint, OTT made “profit sharing” payments to Innecco based on sham invoices sent from Innecco’s companies to OTT. 

The DOJ states that Innecco used a portion of the “profit sharing” funds to make improper payments to Petrobras employees “to obtain and retain business for Freepoint and OTT.” The DPA notes that Innecco paid the bribes through an account held at a Uruguayan shell company or in cash. The DPA provides details regarding transactions between OTT, Freepoint and Innecco’s entities, but the DPA does not include a total amount of payments that OTT made to Innecco through this channel. Under most anti-corruption due diligence programs focused on third parties (and not customers), this scheme would likely go undetected, unless the conflict of interest was identified and addressed. Moreover, it also may be difficult to identify the scheme in a risk assessment or audit, unless employees raised concerns in interviews about OTT. 

Conclusion and lessons learned: Sometimes customers require anti-corruption due diligence

For legal and compliance professionals, the scheme to make commission payments to offshore entities outlined in the Freepoint enforcement action should, first and foremost, reinforce the importance of conducting due diligence on sales-related third parties. But the Freepoint resolution is unusual in that it also reveals two critical takeaways for when customer relationships should be reviewed. One being that customer relationships involving potential conflicts of interest should be subject to additional scrutiny. Here, Freepoint‘s customer, OTT, was owned and controlled by Gary Oztemel, the brother of Freepoint employee Glenn Oztemel. There is no information on whether Freepoint had a conflicts of interest policy or whether this relationship was disclosed or reviewed, but certainly the DPA is a reminder of the importance of conflict-of-interest basics: a policy requiring disclosure, and a process for reviewing and deciding whether a conflict of interest exists. For third-party due diligence programs, it also invites a policy for additional scrutiny of customer relationships if and when there are potential conflicts-of-interest, to ensure arm’s-length transactions.

Another takeaway is the importance of conducting due diligence on customer relationships in back-to-back transactions or any instance in which a company and its direct customer may be coordinating together to obtain business from an ultimate customer. In other words, a customer may in some instances be helping to get business, even if they are not paid in commissions or consultancy fees (but instead collect the equivalent through their margin in the back-to-back transactions). 

This arrangement utilized by Freepoint employees and its customer to execute a bribery scheme underscores how customers can, indeed, pose a risk for corporations in terms of FCPA compliance, and it is not the first such enforcement action. For example, Legg Mason had a resolution in 2018 that involved business its subsidiary (Pernal) had with Societe General, which, in turn, was soliciting business from Libyan state investment agencies. 

While customer relationships themselves are not often directly included in a corporation’s due diligence process, organizations may want to consider screening them to better understand the customer’s background, business practices and any potential risks they may pose in terms of compliance with anti-corruption laws like the FCPA. This is critical especially when the customer may be involved in a sales-development role and pursuing business that will benefit all companies involved. In our experience, in addition to the commodities sector (for Freepoint), these relationships are relatively common in the insurance and financial industries, but may also exist in others, such as telecommunications, software and other technology segments.