Last month, United Continental Holdings entered into a settlement agreement with the Securities and Exchange Commission regarding alleged violations of the books and records and internal accounting controls provisions of the securities laws. While that may not sound exciting, the facts and events underlying the settlement are far from boring.
Indeed, the case is right off the front page of newspapers and involved the former CEO of United implementing a new flight route requested by the chairman of the Board of Commissioners of the Port Authority of New York and New Jersey, so that he had convenient travel to and from his home.
Of significance, the decision to implement the new flight occurred at a time when the chairman had significant influence over United receiving rights for a new hangar at Newark Liberty International Airport — in other words, a special flight benefiting a quasi-government official and a benefit in return to United, with no detection from the company’s system of internal controls, and apparently not even a call to United’s ethics hotline.
For legal counsel advising public registrants, there are several important subjects and lessons to be gleaned from the SEC’s accounting and auditing release that discusses the case.
A summary of the key facts from the SEC release are as follows:
- Prior to the merger that created United Continental Holdings, Continental Airlines had flown a route from Newark, New Jersey, to Columbia, South Carolina, but canceled the route in 2009 due to business reasons, including, among other things, poor financial performance.
- During the same time period in 2011 that the Port Authority was evaluating the approval of United’s new hangar, the chairman inquired about reinstating the flight.
- After the inquiry, United’s Network Planning Group performed a “preliminary financial analysis” of the flight and concluded that it would “likely lose money.” Interestingly, when an individual in the Network Planning Group was informed that the route was intended to help “advance our biz objectives,” the person responded that he was “open if we see an oppty.”
- United didn’t have any formal written policies or procedures for new route initiation. It did have what the SEC’s auditing release termed a “standard process.”
- Per the SEC, under pressure from the chairman, United’s then-CEO approved the flight “outside of United’s normal processes,” and even scheduled the flight based on the chairman’s preferred times. The flight was referred to within United as the “Chairman’s Flight.”
- On the same day in 2011 as the CEO’s approval of the initiation of the flight, the Port Authority’s board approved the lease agreement relating to United’s new hangar.
- The internal communication regarding the route said United was “testing the market”; however, the message also added that “they want it all soft, so no proactive communications.”
- Per the SEC, United lost approximately $945,000, including opportunity costs, for the approximately 20 months that the twice-weekly flight was in service. For comparison, the estimated annual financial benefit for the Newark Liberty hanger approximated $47.5 million.
- Importantly, on July 14, 2016, the chairman pleaded guilty to bribery in connection with the flight.
According to the SEC, United violated Section 13(b)(2)(B) of the Exchange Act because it failed to design and maintain a system of internal accounting controls that was sufficient to prevent its officers from approving the use of United’s assets in violation of United’s Code of Business Conduct and Continental’s Ethics and Compliance Guidelines, both which, per the SEC release, prohibited the use of assets for corrupt purposes and were in place in 2011.
In particular, the SEC alleged that United lacked controls to monitor and detect violations of United’s Code of Business Conduct and Continental’s Ethics and Compliance Guidelines, which provided that:
“company policy prohibits United employees from directly or indirectly making bribes, kickbacks or other improper payments to government officials, civil servants or anyone else to influence their acts or decisions” and that “[n]o gift may be offered or accepted if it will create a feeling of obligation, compromise judgment or appear to improperly influence the recipient.”
“[employees] cannot entertain, provide hospitality to or give gifts, loans, and services to a supplier, customer or other person doing business with Continental that under the circumstances are reasonably considered lavish or excessive.”
Continental’s policy further provided that “[a]ny gift or entertainment that could reasonably be viewed as an attempt to influence a business decision” is considered lavish or excessive.
A bribe is money or favor given or promised in order to influence the judgment or conduct of a person in a position of trust. The thing of value does not need to include cash, and often does not. Bribes or kickbacks to government officials are often mischaracterized as various expenses within a company.
After reviewing the United release, there are several lessons and internal control environment questions for in-house and outside counsel to raise with registrants to avoid similar problems.
Without question, United’s actions to appease a public official, especially while seeking the public official’s approval for a project, are hard to defend as ethical. However, simply blaming United’s Network Planning Group’s inactions as internal control failures is much less obvious under the circumstances.
To begin with, business planning processes are not generally considered part of a company’s internal controls. Instead, such functions are geared toward helping make business judgments regarding operations and profitability.
That said, an alleged problem went undetected at United, and a review of typical controls to detect bribes and kickbacks plus other control environment procedures would benefit all registrants to help avoid similar shortcomings.
Per the Criminal Division of the Department of Justice, “[t]he payment of bribes often occurs in companies that have weak internal control environments.”
Internal control procedures to monitor and detect for bribes, kickbacks or other improper payments and for gifts and loans are most often connected to vendor and cash disbursement approvals. These types of controls for non-cash transactions, such as the flight, would be of no use.
The delivery of a service, which the flight would be, are most often tested based on a review of invoices (or the lack thereof) for the delivery of what would typically be revenue-generating events.
Unusual to this situation, there is no evidence indicating that the chairman, or anyone connected to him, didn’t pay fair value for flight tickets. Therefore, controls related to invoicing would be of little value. These shortcomings to classic internal control mechanisms are why ethics hotlines and other disclosure channels are critical to a well-functioning control environment.
Importantly, Section 301 of the Sarbanes Oxley Act states that public company audit committees have the responsibility to “establish procedures for the receipt, retention, and treatment of complaints received by the issuer regarding accounting, internal accounting controls, or auditing matters; and the confidential, anonymous submission by employees of the issuer of concerns regarding questionable accounting or auditing matters.”
Many public registrants meet that obligation through the use of an ethics hotline.
In fact, when a company uses such a process to adhere to Section 301 of SOX, it is generally considered a part of the internal control system for the company. In contrast, as described earlier, the business planning and analyses functions such as the Network Planning Group are not generally considered within the internal control system.
There is no mention of any employee calling United’s ethics hotline related to the “Chairman’s Flight.” Assuming this isn’t an oversight by the SEC, the lack of a report by any of the many employees who knew about the flight raises significant questions.
Is it possible that everyone involved viewed the implementation of the flight as acceptable, and not a kickback, bribe or gift? There is no mention that the chairman or anyone else who flew on the flight didn’t pay fair value for the flight. Or is it possible the employees lacked proper ethics training and/or a major cultural problem existed within United?
Without more information, these are open questions. However, after reviewing the United release, there are several lessons and internal control environment questions for in-house and outside counsel to raise with registrants to avoid similar problems, including:
- If a situation similar to what happened at United happened at your company, would it be detected and reported to the board?
- Does your ethics policy consider cash and non-cash transactions, as well as discounted or free products and services?
- Do employees have regular training of the code of ethics, including how to report concerns?
- How often is the training updated and provided to employees?
- Are employees trained regarding the importance of transparency when dealing with government and public agency officials?
- If there are any complaints or concerns, how are they handled?
- Who has the ultimate responsibility for the enforcement of your code of ethics?
In fact, consistent with the inability of mechanical internal controls to detect all problems, per the Association of Certified Fraud Examiners, organizations with hotlines reported that approximately 47 percent of their fraud schemes were detected by tips.
In closing, the weight of the available evidence appears to indicate that United’s employees viewed the new flight as part of a business deal and not a bribe.
If so, that elevates the importance of ethics training and the need for people to raise or disclose concerns through an ethics hotline or another disclosure channel. Such avenues are an essential element to a well-functioning control environment, as purely mechanical internal controls may not always be adequate.
Joseph J. Floyd, an attorney, is president of Floyd Advisory, a consulting firm in Boston that provides financial and accounting expertise in the areas of business strategy, valuation, SEC reporting and transaction analysis. Marni J. Loewenstern is a senior associate at Floyd Advisory.