In our increasingly global economy, many previously regional companies find themselves—whether by design or necessity—doing business in the international arena and thus (perhaps unexpectedly) subject to the Foreign Corrupt Practices Act (“FCPA”) (15 U.S.C. §§ 78dd-1, et seq.) and other international anti-corruption laws.

Click here to view the image.

Smaller and midsized businesses have become used to seeing reports of major corporations being called to account for alleged corruption under the FCPA. There’s been a substantial increase in both the size and frequency of “resolutions” (as fines, settlements and deferred prosecution agreements under the FCPA are termed); since 2009, the Justice Department alone has had approximately 150 investigations ongoing at any one time. In 2013-14, the average “closing cost” of an FCPA settlement was over $80 million, with none of the announced resolutions for less than $1 million. Most were significantly higher. But the companies involved usually have been large firms in defense, oil and oil services or medical devices (and more recently, software, pharmaceutical and even apparel).

So it may come as an unpleasant surprise for smaller and midsized companies engaged in international commerce to learn of two other enforcement trends: an intended enforcement focus on them and a dramatic increase in the prosecution of individual persons as well as companies. U.S. Assistant Attorney General Leslie Caldwell has twice mentioned in recent speeches an intention to bring FCPA cases as “wake-up calls” to smaller and midsized enterprises. The resolution In re Smith & Wesson Holding Corp., Release No. 34-72678, 2014 WL 3706548 (July 28, 2014) appears in keeping with that purpose. Likewise, the growing focus on individual liability is borne out by the fact that while in 2010 only 4 percent of prosecutions were against individuals, by 2013 that number had leapt to 37 percent.

The FCPA prohibits the payment (or promise to pay) of anything of value to a foreign official — including anyone from a customs officer to an employee of a government-controlled enterprise — to improperly obtain or retain business. Civil penalties may be $16,000 per “violation,” criminal fines run to $2 million for companies and five years in prison and fines up to $250,000 for individuals. Accounting violations by SEC-registered companies trigger criminal fines of up to $25 million, plus disgorgement, and up to $5 million plus 20 years in prison for individuals. Significantly, there is no “materiality” requirement — even the smallest bribe can be grounds for liability. In addition, depending on where business is done and with whom, companies may be subject to the EU Anti-Corruption Laws as well as the more draconian, but not yet widely enforced, U.K. Bribery Act.

What are the major sources of compliance risk for smaller or midsized companies? The leading ones include:

  1. Agency risk: Especially for smaller and medium-sized companies, working through a knowledgeable local distributor or agent is often the only practical and effective way to do business in a foreign country. However, such third parties are the primary source of compliance risk — whether bribing customs officials, channeling improper funds via discounts, high commissions or excessive “gifts and entertainment” and the like. The U.S. Department of Justice and the U.S. Securities and Exchange Commission’s (SEC) own Resource Guide to the Foreign Corrupt Practices Act notes that 90 percent of enforcement actions arise out of the acts of third parties. It is essential that U.S. companies’ agreements with such intermediaries do the following: contain detailed and express anti-corruption language; provide for periodic compliance and accounting audits; and impose serious penalties for breach.
  2. Regional risk: Certain countries are seen as inherently greater risks for business corruption, requiring greater care and diligence in vetting and auditing intermediaries. The authoritative Transparency InternationalCorruption Perceptions Index cites its greatest corruption risks as Pakistan, China, India, Russia, Vietnam and Brazil.
  3. Accounting/books & records: Companies must maintain thorough, fair and honest accounting records accurately reflecting expenditures and transfers, as well as internal controls adequate to ensure that all payments are only as authorized, and authorizations transparent and documented. Maintenance of such records and controls can constitute a good-faith defense to criminal charges; for an SEC-registered company, their absence may in itself be prosecutable.
  4. Legacy/joint venture: In the case of foreign acquisition, merger or entry into a joint venture agreement, a U.S. company may find itself vicariously liable for actions and practices predating its involvement with the other entity if the conduct is continuing or the U.S. company knew or should have known of it. All such instances call for intensive pre-deal diligence, with a particular eye toward compliance issues (which the non-U.S. company may not have had to face).

Amplifying the risk, especially for smaller companies, are the non-legal costs of an FCPA enforcement action — the damage to business reputation, possible debarment from government business and the diversion of management time and focus, not to mention large sums in legal and accounting fees expended in defense.

How can a smaller or midsized company mitigate the risk of prosecution under the FCPA and the consequences of a violation if prosecution is pursued?

  • Adopt a compliance program tailored to the actual risks the company faces where it operates, binding on all officers, employees and agents, and consisting, at the least, of: (i) a detailed risk assessment; (ii) mandatory compliance training for all officers, directors, relevant employees and agents; and (iii) a written compliance policy, read and signed by all of the above.
  • Appoint a compliance officer with assured access to senior management to “flag” risks and monitor and enforce the compliance policy.
  • Establish a mechanism where information regarding risks is confidentially brought to the attention of management or the compliance officer, with protection for the source.
  • Implement internal controls to assure that expenditures are only as authorized and fully documented, with careful controls over commissions, discounts, T&E, promotional expenses, charitable contributions and similar payments.
  • Do (and thoroughly document) extensive diligence about, with and through whom you are doing business in a foreign country.

The international marketplace can be challenging and rewarding for smaller to medium-sized enterprises. Be aware, however, that such companies will be held to the same standards of diligence and integrity as the Fortune 100 — with consequences for noncompliance potentially devastating for companies with less resources. Proper compliance measures are well worth the trouble in warding off the tremendous potential damage from a corruption investigation or enforcement action.