In October 2013, SEC Chairwoman Mary Jo White announced a broken windows enforcement policy to “pursue even the smallest infractions” of U.S. securities laws, including the FCPA, as a means of deterrence.

As White stated in announcing the policy, “minor violations” that a company fails to address “feed bigger ones, and, perhaps more importantly, can foster a culture where laws are increasingly treated as toothless guidelines.”

A review of SEC FCPA enforcement actions to date in 2015 seems to demonstrate that the SEC is truly committed to policing the beat, and vigorously pursuing infractions large and small regardless of the potential settlement payout.

For context, in 2005, the average cost to resolve an FCPA enforcement action with the DOJ or SEC was just over $7 million. By 2010, that average was an order of magnitude higher ($78 million), and topped out at $156 million in 2014. For its part, the SEC settled eight FCPA cases in 2014, three of which involved total settlement payments in excess of $100 million.

But 2015 has looked markedly different, with the SEC as of September 30 having settled nine FCPA enforcement actions, at an average cost of just under $9.7 million per settlement, with a high-water mark of $25 million. This spate of a higher volume of smaller value settlements seems to be accelerating, with five SEC FCPA cases having resolved during the third calendar quarter.

The resolution involving Hyperdynamics Corporation (September 29, 2015) is a poster child for the broken windows enforcement philosophy. The oil and gas exploration company, with primary operations in West Africa, agreed to entry of a no-admit-or-deny administrative cease-and-desist order by the SEC to resolve books and records and internal control violations, along with a payment of just $75,000 in penalties to the SEC.

Hyperdynamics — which had received a declination of prosecution by the DOJ in May 2015 — benefited from having taken swift and significant remedial actions after discovering that its Guinean subsidiary had paid $130,000 for services by third parties controlled by a company employee, for which there was inadequate supporting documentation to determine whether the services were actually provided and to identify the ultimate recipient of the funds.

The remedial actions included termination of the company’s senior management and replacement of its entire board of directors, revision to policies and procedures, training, increases to compliance-responsible resources, and improvements to internal controls.

The cease-and-desist order does not include any allegation of bribes having been paid, focusing instead on weak internal controls and lack of third-party due diligence and monitoring. And that seems to be one of the biggest messages broken windows enforcement is meant to convey — that a company can violate the FCPA even without paying bribes, and can best insulate itself from a potentially disastrous enforcement action by ensuring that its internal controls and compliance program are up to snuff.

This article was originally published on the FCPA Blog