Author: Jonathan J. Rusch

On October 3, a Bloomberg article reported that — according to figures that Eesti Pank (the Estonian Central Bank) provided to Bloomberg — between 2008 and 2015, banks doing business in Estonia handled about €900 billion ($1.04 trillion) “in cross-border transactions including non-resident flows.”  In light of Danske Bank’s recent admission that between 2007 and 2015 $234 billion in potentially suspicious transactions flowed through its Estonian branch, the article went on to state that that total “represents less than a quarter of cross-border transactions that passed through the country at the center of the dirty money saga.”

That same day, Eesti Pank issued a response stating that

Bloomberg erroneously said that 900 billion euros’ worth of non-residents’ payments passed through Estonia in 2008-2015. These 900 billion euros are actually the aggregate amount of cross-border payments received in Estonia and paid from Estonia. The sum includes import and export by Estonian companies as well as routine financial transactions such as securities purchases.

Eesti Bank also stated that “[c]ross-border payments certainly include non-resident flows, but the central bank does not collect separate statistics for these transactions,” and that “central bank statistics do not hold information on whether the person who initiated a payment in a foreign or an Estonian bank was a resident of Estonia or not.”

Note: This exchange between Bloomberg and Eesti Pank requires some close reading.  On the one hand, Eesti Pank’s assertion that Bloomberg said €900 billion “worth of non-residents’ payments” is simply incorrect.  The Bloomberg article stated that the €900 billion figure pertained to “cross-border transactions including non-resident flows.”  (Emphasis supplied)

On the other hand, the article’s reference to “cross-border transactions that passed through [Estonia] at the height of the dirty money saga” encourages readers to infer that the €900 billion figure reflects suspicious transactions.  The report of the Danske Bank investigation, however, clearly explained that the $234 billion figure pertained only to 15,000 non-resident customers or customers with non-resident characteristics.  Since Eesti Pank’s reply acknowledged that it could not break out non-resident flow statistics, it would be unreasonable to infer from the data in the article that the €900 billion is necessarily dirty money.

Yet that does not end the analysis.  The Danske Bank investigation report specifically stated (at page 5) that “[b]y the end of 2013, the Non-Resident Portfolio within Danske Bank’s Estonian branch held 44 per cent of the total deposits from non-resident customers in Estonian banks (up from 27 per cent in 2007) . . . .”  If that investigation was able to determine the total deposits from non-resident customers in all Estonian banks in 2013, there must be some source of data on which Eesti Bank or regulators can draw to delineate non-resident flows more precisely.

For the moment, compliance officers at financial institutions should take this exchange into account as an imprecise and unvalidated indicator of the volume of possible money laundering through Estonian banks.  At the same time, they should take the opportunity promptly to review any correspondent bank relationships they had with Estonian banks from 2007 to 2015.  Based on Danske Bank’s statement today that it is cooperating with U.S., Estonian, and Danish criminal investigations regarding its non-resident Estonian portfolio, financial institutions should expect that criminal and regulatory investigations into financial flows through Estonia will continue to widen in scope.

Corporate compliance officers who have only general knowledge of longstanding cybersecurity threats, such as phishing and ransomware, need to familiarize themselves with the growing threat of “cryptojacking.”  Cryptojacking, also known as malicious cryptomining, is the unauthorized installation and use of cryptocurrency mining software on computers and mobile devices.

Cryptomining, of course, is integral to the verification of cybercurrency transactions and addition of those transactions to the blockchain digital ledger.  But cryptomining “consumes processor cycles and their requisite electricity to process cryptocurrency transactions,” while earning the cryptominer using his own computer only a small amount of cryptocurrency.   Because generation of more substantial amounts of cryptocurrency require vastly greater amounts of electricity and processing power, cybercriminals increasingly seek to outsource their cryptomining operations by obtaining unauthorized access to others’ computers, where they can draw on unused processing power.

If cryptojacking was already “out of control” in 2017, as a Wired article headline declared, more recent reports from cybersecurity firms indicate that cryptojacking in 2018 is (if it is possible) even more so:

• In June, a Kaspersky Labs report stated that during the 2017-2018 period, “cryptominer encounters rose in total number, from 1.9 million to 2.7 million, as well as in share of threats detected, from 3% to 4%.”
• In August, Trend Micro reported that in the first half of 2018, it had 787,146 cryptocurrency mining detections – 1,055 percent of the detections in the first half of 2017 (74,547) and 241 percent of the detections in the second half of 2017 (326,326) – and identified 47 new cryptomining malware families.
• In September, McAfee found that total cryptomining malware samples grew by 86 percent in the second quarter of 2018, and identified more than 2.5 million new cryptojacking files.

Moreover, certain features of current cryptojacking indicate that the problem is becoming more pervasive and more sophisticated:

• Geographic Expansion: Cryptojacking malware is being detected around the world, most notably in North and South America, Europe, and Asia.
• Expansion To and Within Corporate Entities: Cryptojacking is not limited to home computer users.  In July, Kaspersky Lab analysts reported that they had observed a new cryptojacking, Power Ghost, that “is capable of stealthily establishing itself in a system and spreading across large corporate networks infecting both workstations and servers.”  According to a Forbes article, cryptojackers are increasingly targeting servers. “Running in corporate and cloud data centers, servers are both vast in number and far more powerful than PCs and mobile devices, presenting . . . a fertile field for planting cryptojacking software.”
• Infection Techniques: What makes PowerGhost more complex to detect and remove is its use of fileless techniques to embed the miner within the target system. The Kaspersky analysts noted that during the infection process, which can be done with exploits or remote administration tools, “a one-line PowerShell script is run that downloads the miner’s body and immediately launches it without writing it to the hard drive.”
• Location of Cryptojacking Malware: Cryptojacking software can be embedded in places that are atypical of other types of malware.  For example, security researchers reportedly “found cryptojacking code hidden on the Los Angeles Times’ interactive Homicide Report webpage that was quietly harnessing visitors’ CPUs to mine Monero cryptocurrency.”
• Malicious Response to Removal: 360 Total Security reported about one type of cryptomining malware that has been coded to ensure that an attempt to remove it will crash the computer. At the outset, the malware launches a system process that is part of the Windows operating system, svchost.exe, and injects malicious code into it.  It then sets svchost.exe’s attribute to “CriticalProcess.” That means that an attempt to terminate the malware will be read by the system as interference with a legitimate critical process in Windows and crash the computer.

Because cryptojacking necessarily involves unauthorized access to computers, law enforcement authorities are prepared to investigate and prosecute cryptojacking schemes as cybercrime.  During 2018, at least four countries pursued law enforcement actions against cryptojacking:

• China: 20 suspects were arrested “in a major cryptojacking case allegedly affecting over one million computers and generating 15 million yuan (about $2.2 million) in illicit profit.”
• Iceland: Police arrested 11 individuals in connection with the theft, from data centers in Iceland, of approximately 600 computers being used to mine bitcoin and other virtual currencies.
• Japan: Authorities arrested 16 men for allegedly using their websites to disseminate cryptomining malware, and a Japanese court reportedly sentenced a man who had used his blog to infect visitors with cryptomining malware, engaged in cryptomining to one year’s imprisonment (suspended for three years).
• Russia: Security officers arrested “several scientists working at a top-secret Russian nuclear warhead facility for allegedly mining crypto-currencies.”

Compliance officers and their information security counterparts therefore need to recognize that cryptojacking is a cybercrime and treat it accordingly.  That means conducting a thorough review of what their companies are doing to address cryptojacking, including ensuring that their companies are using artificial intelligence and other techniques to identify penetration of corporate networks by cryptojacking teams.  But it also means refreshing compliance training to increase employee awareness of cryptomining across the enterprise.  Employees who notice significant slowing of their computers should be encouraged to report such occurrences, as they may be indicative of cryptojacking malware at work.

Finally, cryptojacking training needs to make clear to corporate employees that using company resources for cryptomining is prohibited under all circumstances.  In one case, the cybersecurity firm Darktrace

picked up on puzzling traffic patterns within a European bank, including servers that seemed to be connecting from an IP address in the company’s data center. When they inspected it in person, by physically tracing cables, its experts realized that a rogue employee had set up a “c[r]ypto mining side business” under the floorboards.

In the past four weeks, the world-renowned Memorial Sloan Kettering Cancer Center (MSK) in New York has experienced considerable turmoil, as a result of a series of media reports focusing on substantial conflicts of interest by MSK senior leaders:

• On September 13, Dr. José Baselga, MSK’s chief medical officer, resigned his position, soon after the New York Times and ProPublica reported that Dr. Baselga had “fail[ed] to disclose millions of dollars in payments from health care companies,” including failure to disclose his outside financial ties in dozens of research articles that he had written for leading medical journals.
• On September 29, the Times and ProPublica reported that a MSK vice president, Dr. Gregory Raskin, was required to turn over to MSK nearly $1.4 million of a windfall stake in stock options he had received from a biotech company, Y-mAbs Therapeutics, for representing MSK on Y-mAbs’s board.
• On October 1, the Times and ProPublica reported that in an October 1 meeting with MSK’s staff, the chairman of MSK’s board of managers and overseers, Douglas A. Warner III, told the staff that Dr. Baselga “crossed lines that we should have done more to stop” and had gone “off the reservation” in his dealings with health-care and drug companies. Warner also acknowledged that “while we pushed back on a lot and discussed a lot, we were not as effective as we should have been,” and that Dr. Baselga “reported to me, and I wish I had done more to keep him away from the line.”

Note: MSK’s situation, even at this early stage of developments, contains four lessons that chief compliance officers in any industry should note and share with their companies’ senior executives.  First, corporate conflict-of-interest policies and associated standards and internal controls should leave no doubt about which types of outside financial interests are prohibited, which are permissible with appropriate full disclosure and prior approval, and which are permitted without the need for disclosure or prior approval.  According to ProPublica, Memorial Sloan Kettering did not have a prohibition against employees accepting personal compensation when they represent MSK on corporate boards. Other hospitals, cancer centers, and research institutions, however, have more clearly stated limitations or prohibitions on such outside ties. For example, the Cleveland Clinic reportedly prohibits employees from personally profiting when they are representing the Cleveland Clinic’s interests, and Partners HealthCare© (founded by Brigham and Women’s Hospital and Massachusetts General Hospital) has a highly detailed policy on employee interactions with industry and other outside entities.

Second, the rapid sequence of events that followed the initial reporting by the Times and ProPublica shows how quickly damage to corporate reputation and internal morale can expand when serious undisclosed intracorporate conflicts of interest are publicly reported.  In his meeting yesterday with MSK staff, Warner reportedly “acknowledged ‘widespread anger’ among staff members and that the hospital’s reputation had been harmed.”

Third, if a company needs to address an intracorporate crisis with the media, it must make sure that its key messages in public statements are consistent.  In MSK’s case, an MSK spokesperson stressed that Dr. Baselga resigned and was not fired, but also stated that in the October 1 meeting Warner and MSK’s chief executive, Dr. Craig B. Thompson, were referring not to Dr. Baselga’s ties to outside companies but to a “conflict of commitment.”  The spokesperson added, “Dr. Baselga wanted to take on more, join more boards, be involved in more outside efforts. . . . He was overextended.”  Inconsistencies in public disclosures may well invite further adverse media coverage and complicate the task of crisis management.

Finally, a company in the midst of a crisis management situation must take special pains to manage its dissemination of information about internal discussions while it is still formulating a comprehensive response to the crisis.  The October 1 report by the Times and ProPublica stated that a preliminary transcript of Warner’s meeting with the hospital staff “was inadvertently emailed by the hospital to a reporter for The New York Times.”

On September 25, the U.S. Department of Justice announced that Health Management Associates (HMA), formerly a Naples, Florida-headquartered hospital chain, had entered into an agreement with the Department requiring HMA to pay more than $260 million to resolve criminal and civil charges relating to defrauding the United States.  The Department alleged that HMA had engaged in

a corporate-driven scheme to defraud Federal health care programs by unlawfully pressuring and inducing physicians serving HMA hospitals to increase the number of emergency department patient admissions without regard to whether the admissions were medically necessary.  The scheme involved HMA hospitals billing and obtaining reimbursement for higher-paying inpatient hospital care, as opposed to observation or outpatient care, from Federal health care programs, increasing HMA’s revenue.

It also stated that HMA executives and HMA hospital administrators “executed the scheme by pressuring, coercing and inducing physicians and medical directors to meet the mandatory admission rate benchmarks and admit patients who did not need impatient admission through a variety of means, including by threatening to fire physicians and medical directors if they did not increase the number of patients admitted.”

To resolve the criminal investigation, HMA entered into a three-year Non-Prosecution Agreement (NPA) and a $35 million penalty to be paid by HMA. Under the NPA‘s terms, HMA and Community Health Services (CHS) – a hospital chain that acquired HMA after the alleged conduct at HMA occurred — agreed to cooperate with the Department’s investigation, report allegations or evidence of violations of federal health care offenses, and ensure that their compliance and ethics program satisfies the requirements of an amended and extended Corporate Integrity Agreement between CHS and the Department of Health and Human Services Office of Inspector General.  In addition, an HMA subsidiary, Carlisle HMA, LLC, agreed to plead guilty to one count of conspiracy to commit health care fraud, pertaining to a criminal information filed in the District of Columbia.

HMA also entered into a related civil settlement with the Department to resolve various claims and allegations of submission of false claims, paying remuneration to physicians in return for patient referrals, and submission of inflated claims for emergency department facility fees. As part of that settlement, HMA agreed to pay $216 million.

The allegations that the settlement resolved were originally brought in eight lawsuits filed under the qui tam (whistleblower) provisions of the False Claims Act.  Although the whistleblower shares have not been determined for all of those lawsuits,  the whistleblower in one of the cases will receive approximately $15 million as a share of the recovery, and the whistleblowers in a second case will receive approximately $12.4 million as their share of the recovery.

Note: This criminal and civil resolution with HMA is one of the most significant health care fraud-related cases that the Department of Justice (DOJ) has pursued against hospitals and hospital chains in recent memory.  The DHS – DOJ Health Care Fraud and Abuse Control Program Annual Report for Fiscal Year 2017 documents numerous instances of criminal cases against other categories of health care providers and services, such as medical providers operating “pill mills,” providers and clinics submitting false claims to Medicare, drug companies paying kickbacks to providers to prescribe their drugs, and pharmacies soliciting and receiving kickbacks from pharmaceutical companies for promoting their drugs.  In contrast, during Fiscal Year 2017, cases involving hospitals and health systems involved only civil settlements of liability under the civil False Claims Act, and the largest of those settlements was $57.5 million.

The resolution is also of interest for the breadth of alleged tactics that HMA executives and HMA hospital administrators used to increase emergency department patient admissions.  As a general proposition, federal laws such as the Anti-Kickback Statute and the Stark Law are designed, as the Department’s HMA release stated, “to ensure that physician decision-making is not compromised by improper financial incentives.”  Positive financial incentives, such as direct payments or reduced or free rent for office space, to make patient referrals are to be expected; negative financial incentives, such as threatening to fire physicians and medical directors for failure to increase patient admissions, are not.    Given the latter types of conduct mentioned in the HMA resolution, and HMA’s and CHS’s commitment to continue to cooperate with the Department, compliance officers who track health care fraud developments should not be surprised if the Department ultimately pursues cases against formerly HMA-affiliated individuals.

On September 27, the Brazilian state-owned and state-controlled oil and gas company Petróleo Brasileiro S.A. – Petrobras (Petrobras) entered into agreements with the United States Department of Justice, the Securities and Exchange Commission (SEC), and Brazilian authorities, under which Petrobras agreed to pay a combined total of more than $1.78 billion to resolve two foreign-bribery investigations: (1) the U.S. investigation into violations of the Foreign Corrupt Practices Act (FCPA) in connection with Petrobras’s role in facilitating payments to politicians and political parties in Brazil; and (2) a related Brazilian investigation.  According to the Department’s Assistant Attorney General for the Criminal Division Brian Benczkowski, “Executives at the highest levels of Petrobras—including members of its Executive Board and Board of Directors—facilitated the payment of hundreds of millions of dollars in bribes to Brazilian politicians and political parties and then cooked the books to conceal the bribe payments from investors and regulators.”

The Department’s press release summarized the admissions that Petrobras made in connection with the resolution:

[W]hile the company’s American Depository Shares traded on the New York Stock Exchange, members of the Petrobras Executive Board were involved in facilitating and directing millions of dollars in corrupt payments to politicians and political parties in Brazil, and members of Petrobras’s Board of Directors were also involved in facilitating bribes that a major Petrobras contractor was paying to Brazilian politicians.  During this period, for example, a Petrobras executive directed the payment of illicit funds to stop a parliamentary inquiry into Petrobras contracts, and the executive also directed payments received from Petrobras contractors to be corruptly used to pay millions of dollars to the campaign of a Brazilian politician who had oversight over the location where one of Petrobras’s refineries was being built.

Petrobras admitted that it failed to make and keep books, records and accounts that accurately and fairly reflected the company’s capitalization of property, plant and equipment as a result of the bribes being generated by the company’s contractors with the cooperation of certain Petrobras executives, and that certain Petrobras executives signed false Sarbanes-Oxley (SOX) 302 sub-certifications while they were involved in, and were aware that other executives at Petrobras were involved in, obtaining and facilitating the payment of millions of dollars in bribes to Brazilian politicians, to Brazilian political parties and to themselves.  Petrobras also admitted that certain executives failed to implement internal financial and accounting controls in order to continue to facilitate bribe payments to Brazilian politicians and Brazilian political parties.

The resolution consists of three agreements:

• Petrobras entered into a non-prosecution agreement (NPA) with the Department. Under that agreement, Petrobras agreed to pay an $853.2 million criminal penalty to be divided as follows: (1) the Department and the SEC would each receive 10 percent of the total penalty (i.e., $85,320,000 each); and (2)  Brazil would receive the remaining 80 percent ($682,560,000).   In addition, Petrobras “agreed to continue to cooperate with the Department in any ongoing investigations and prosecutions relating to the conduct, including of individuals, to enhance its compliance program and to report to the Department on the implementation of its enhanced compliance program.”
• Petrobras entered into an agreement with the SEC based on Petrobras’s misleading U.S. investors by filing false financial statements that concealed a massive bribery and bid-rigging scheme at Petrobras. Under that agreement, Petrobras agreed to pay the SEC disgorgement and prejudgment interest totaling $933,473,797.  That amount is to be reduced by the amount of any payment that Petrobras makes to the class action Settlement Fund in the matter of a civil case pending in the Southern District of New York.
• Petrobras agreed to reach a settlement with the Ministerio Publico Federal in Brazil, whose terms are covered above.

Note: This tripartite resolution is another significant milestone, after the 2016 guilty pleas of Odebrecht and Braskem, in the multinational enforcement efforts to root out the pervasive political and commercial corruption that has plagued Brazil.  Because Petrobras played a central role in that corruption, it is worthwhile to compare the Petrobras resolution with the Odebrecht and Braskem resolutions:

1. Justice Department Three-Part Standard for Resolution

Since the Department established its FCPA Pilot Program in 2016, it has applied a three-part standard for resolving corporate FCPA investigations: i.e., the company must (1) voluntarily self-disclose FCPA-related misconduct, (2) fully cooperate with the Department (specifically the Criminal Division’s Fraud Section); and (3) where appropriate, remediate flaws in its controls and compliance programs.  The FCPA Corporate Enforcement Policy retained that standard in modified form, stating that a company is entitled to a presumption of declination without a criminal resolution if it has voluntarily self-disclosed misconduct in an FCPA matter, fully cooperated, and timely and appropriately remediated, unless the Department finds aggravating circumstances that may warrant a criminal resolution such as (1) involvement by the company’s executive management in the misconduct; (2) a significant profit to the company from the misconduct; (3) pervasiveness of the misconduct within the company; and (4) criminal recidivism.

1. Voluntary Self-Disclosure: Petrobras, Odebrecht, and Braskem did not voluntarily self-disclose.
2. Full Cooperation: The Department credited Petrobras with “notify[ing] the government of its intent to fully cooperate after learning of the allegations of misconduct” and full cooperation in the investigation.  It added that the cooperation including, according to the “conducting a thorough internal investigation, proactively sharing in real time facts discovered during the internal investigation and sharing information that would not have been otherwise available to the Department, making regular factual presentations to the Department, facilitating interviews of and information from foreign witnesses, and voluntarily collecting, analyzing and organizing voluminous evidence and information for the Department in response to requests, including translating key documents.”  In contrast, the Department credited Odebrecht with full cooperation, and Braskem with partial cooperation, without elaboration.
3. Timely and Appropriate Remediation: The Department stated that Petrobras “also took extensive remedial measures, including replacing the Board of Directors and the Executive Board (the company’s high-level managers) and implementing governance reforms, as well as disciplining employees and ensuring that the company no longer employs or is affiliated with any of the individuals known to the company to be implicated in the conduct at issue in the case.” It stated that Odebrecht and Braskem “also engaged in remedial measures, including terminating and disciplining individuals who participated in the misconduct, adopting heightened controls and anti-corruption compliance protocols and significantly increasing the resources devoted to compliance.”
4. Aggravating Circumstances: Although the Odebrecht and Braskem resolutions occurred before the adoption of the Corporate Enforcement Policy, several aggravating circumstances can be compared and contrasted:
   1. Involvement by Executive Management: For Petrobras, the Department stated that executives “at the highest levels . . . including members of its Executive Board and Board of Directors” facilitated the payment of hundreds of millions of dollars in bribes and falsified corporate books and records to conceal the misconduct from investors and regulators. For Odebrecht and Braskem, the Department stated that the offenses “involved the highest levels of the companies.”
   2. Profit to Company: For Petrobras, the Department did not list a single bottom-line total of profit that the company obtained through its misconduct. That may well have been due to the sheer volume of contracts associated with the misconduct.  For example, the Petrobras NPA’s Statement of Facts stated that a refinery-completion project that Petrobras intended to complete “generated more than 300 contracts and more than 950 amendments.”  For Odebrecht and Braskem, the Department stated that Odebrecht’s “corrupt payments and/or profits total[ed] approximately $3.336 billion” and Braskem’s “corrupt payments and/or profits totaling approximately $465 million.”
   3. Pervasiveness of Intracorporate Misconduct: Although the Corporate Enforcement Policy does not define “pervasiveness of the misconduct,” it is reasonable to assume that the term includes the duration and geographic scope of the misconduct as well as the number and amounts of bribes paid.  By that test, all three companies engaged in pervasive misconduct.  Petrobras’s misconduct, which extended from at least 2004 to 2012, involved company executives and managers facilitating “massive bid-rigging and bribery schemes.”  Odebrecht’s “massive and unparalleled bribery and bid-rigging scheme” began in at least 2001 and lasted for more than a decade, and during that time involved payment of “approximately $788 million in bribes to government officials, their representatives and political parties in a number of countries.” So elaborate was the extent of Odebrecht’s bribery that it established a “Division of Structured Operations”, “which effectively functioned as a stand-alone bribe department within Odebrecht and its related entities.”  Braskem “acknowledged admitted to engaging in a wide-ranging bribery scheme and acknowledged the pervasiveness of its conduct,” which included, between 2006 and 2014, Braskem‘s payment of approximately $250 million into Odebrecht’s “secret, off-book bribe payment system.” Braskem used that system to authorize “the payment of bribes to politicians and political parties in Brazil.”
   4. Criminal Recidivism: If “recidivism” under the Corporate Enforcement Policy means the commission of one or more FCPA offenses after the prior commission of an FCPA offense, none of the three companies engaged in recidivist conduct, though all three certainly involved vast numbers of bribe payments.
   5. Other Factors: In Petrobras, the Department stated that the resolution was “based on a number of unique factors presented by this case, including that Petrobras is a Brazilian-owned company that entered into a resolution with Brazilian authorities and is subject to oversight by Brazilian authorities, and that, in addition to the significant misconduct engaged in by Petrobras, a number of executives of the company engaged in an embezzlement scheme that victimized the company and its shareholders.”  The first factor, as it is worded, is not unique when one considers the Odebrecht and Braskem  Odebrecht is a Brazil-based conglomerate and Braskem a Brazilian company, and both entered into separate resolutions with Brazilian authorities.  In addition, for all three companies Brazil was to receive the majority of the criminal financial penalty: 80 percent for Petrobras and Odebrecht, and 70 percent for Braskem.  The second factor, embezzlement by corporate executives, is a unique factor for Petrobras, though the Department’s statements do not
5. Discount from Sentencing Guidelines: Consistent with the Corporate Enforcement Policy, both Petrobras and Odebrecht received a 25 percent discount off the low end of the Sentencing Guidelines fine range for their cooperation and remediation, while Braskem received only a 15 percent discount because of its partial cooperation.

Ultimately, the Petrobras resolution is important for at least two reasons.  First, it represents continuing progress in the long-running pursuit of high-level corruption in Brazil.  Second, it continues to signal to foreign law enforcement authorities that U.S. authorities are prepared to cede the lion’s share of FCPA-related penalties to foreign authorities, in cases in which the level of engagement (including human and fiscal resources) and “sweat equity” that those foreign authorities have invested in the investigations make such a distribution fair and equitable.