It’s long been a tenet of this site that the reason to discuss the compliance failures of various government contractors is to learn what went wrong so as to aid in preventing similar problems at your company. There is a maxim that’s been attributed to many authors (most commonly Otto von Bismarck): “Only a fool learns from his own mistakes. The wise man learns from the mistakes of others.” An old Forbes article stated it this way (without attribution)—"In Russian there is an expression: The wise man learns from someone else’s mistakes, the smart man learns from his own, and the stupid one never learns.”

We post this article so that others can learn from the mistakes of Bradken, Inc.

We wrote about Bradken in a very recent article, in which we discussed the company’s resolution of a 30 year-long fraud (allegedly) perpetrated by a senior quality testing employee. (As noted in the original article, we use the term “allegedly” because, while the company has apparently resolved the civil and criminal complaints it was facing, as far as we know the (now former) employee still faces charges—and people are innocent until proven guilty in a court of law.)

Before you read any further, we suggest you follow the link in the paragraph above and familiarize youself with the story of the fraud and how Bradken resolved its legal woes. In that article, you’ll find additional links to Bradken’s civil False Claims Act settlement agreement and its criminal fraud deferred prosecution agreement. Those latter two documents are well worth reading.

Anyway, Bradken apparently resolved its legal problems; a part of the resolution was to publish a public statement regarding what happened and what Bradken learned from its problems, so that others could learn from Bradken’s mistakes. Here’s a link to that public statement. We strongly recommend you read it in full and even consider saving it for future reference.

Here are some quotes from Bradken’s public statement that caught our eye. We have italicized certain words for emphasis and removed some words for length (as indicated by use of ellipses), but otherwise have changed nothing.

• The impact of these startling admissions from a trusted employee would reverberate for years to come. Three years later, and after a process that encompassed a massive internal review, a full-blown Government investigation, and thousands of hours of time from employees and consultants, Bradken has come to understand that, between 1985 and 2017, the employee falsified hundreds of test results, resulting in the installation of substandard steel on numerous Navy submarines.

• Bradken failed to detect the senior metallurgist’s falsified test results for years because it lacked sufficient internal controls, and instead relied too heavily on the integrity of a single employee. For example, test results were typically handwritten on notecards and later entered into multiple databases. The senior metallurgist generally maintained the accurate results in one database, and recorded fraudulent, passing, results in a second database, which the senior metallurgist used in Bradken’s certifications to the customer. If these activities had been subject to oversight, or if Bradken had engaged in periodic internal audits of the various recordkeeping systems, it would have discovered the fraud many years earlier.

• Following its initial disclosures, Bradken commenced a records review to ferret out other instances of potentially discrepant test results. Bradken undertook a review of test result records covering the prior ten-year period and reported all data discrepancies it discovered. … unfortunately, Bradken’s review did not identify … all of the falsifications. Those falsifications were discovered only when the Government reinitiated and expanded its own investigation, analyzing records going back to the 1980s. The Government’s investigation detected many more instances of fraudulent alterations by the senior metallurgist that Bradken had previously failed to identify through its limited review. The government also discovered patterns in Bradken’s internal data … that demonstrated that the discrepancies were the result of deliberate fraud. Over the last 18 months, Bradken has cooperated with the Government’s investigation, making employee witnesses available for interviews, producing hundreds of thousands of pages of documents, responding to all requests for information, and hosting site visits and equipment demonstrations for Government investigators. … But Bradken has learned that true cooperation means more than just responding to requests as they are received. It also means independently seeking evidence of wrongdoing within the company, rather than making the Government find it for you. In other words, true cooperation means not just being reactive, but being proactive.

• Both the Government's investigation and Bradken's internal review revealed no evidence that any member of Bradken's management was aware of or involved in the fraudulent conduct of its senior metallurgist at the time it occurred. … Bradken recognizes that its own lack of internal controls allowed this fraud to go undetected. Bradken also recognizes and accepts that as a corporation it is criminally and civilly liable for the actions of its employees—even if the employee's conduct violates corporate policies.

This is one of those situations where everybody in the compliance profession can learn something from the mistakes of others. This could have happened to any company who chose not to invest in internal control systems because risk analysis failed to properly evaluate risk, probability, and consequence. We cannot let our companies “pooh-pooh” compliance risks and therefore put themselves into a similar situation.

Only fools will fail to learn from Bradken’s mistakes.

Don’t let your company be foolish.