I’m reading the SEC’s complaint in the Biomet case. [After that, it’s on to the Coutts settlement (due diligence is due diligence, whether it’s AML or anti-corruption.)]
One thing that struck me—and I’m not all the way through it—was the involvement, again, of internal auditors as part of the problem. According to the SEC’s complaint, at least as far as I’ve read in it (I’m only 7 pages in), Biomet’s auditors in the US knew of the payments to surgeons, and their only suggestion was to change the description of the account into which the payments were recorded.
Normally, you’d expect me here to be chomping at the bit to criticize, right? And I admit, that was my first reaction. But right on the heels of that came a more measured idea: sometimes, things are just too obvious.
I was looking at a situation once where someone’s conduct was, to my mind, clearly in violation of law. But it was a technical sort of law, and unless you were trained as a lawyer, to look at things in a certain way, it just seemed like good customer service. And part of the problem was, it was totally open. People talked about it, suggested it to each other as a way to help serve the customer better. It seemed like such a great solution to a particular problem.
Except it was totally illegal. Like, “go to jail” illegal.
But it was so open and apparent, with no attempt to hide what was being done, that it didn’t raise any audit flags. I could totally see someone just saying the equivalent of, “well, that account description is wrong, so let’s correct it. There’s nothing hidden about this.”
It’s just “we’re making monthly payments to doctors, and we’re calling them royalties to get around the tax code. ‘Cause it’s not like the Argentinean tax code is exactly fair. Well, you can’t do that…pay the tax.” And that would be the end of it, from an audit perspective. Challenging the underlying payment, openly made, totally transparent, probably never occurred to anyone. They fixed the problem in front of them. Audit’s worldview is to find the anomaly. To ensure that payments are made according to policy. But what if the policy itself is for a system of payments that violate the FCPA? Audit is ill-prepared to handle something like that.
And to be fair, it’s a truly difficult sequence of events to control for. You need really good auditors.
So don’t think too badly of Biomet. Figure, “there but for the grace of G-d….”
I’ll probably have more on Biomet once I finish reading all the source material.