On June 16, the U.S. Justice Department (DOJ) announced that it had concluded a non-prosecution agreement (NPA) with IAP Worldwide Services, Inc., a Florida-based government contractor, related to apparent violations of the Foreign Corrupt Practices Act (FCPA). DOJ also announced that a former vice president of IAP pleaded guilty to conspiracy to violate the FCPA. IAP agreed to pay more than $7 million to resolve the matter; sentencing for the former vice president is scheduled for September 2015.

Background. IAP provides facilities management, contingency operations, and professional and technical services in contracting capacities to U.S. and non-U.S. governments. According to DOJ, the violations occurred in connection with a surveillance program the government of Kuwait sought to develop. An agent of IAP contracted with the Kuwaiti government to perform services under the first phase of the program. DOJ alleged that, when the agent was paid for its services, it transferred money to IAP, which in turn steered funds to a Kuwaiti company to kickback to Kuwaiti government officials.

Terms of the NPA. The NPA extends for three years, during which time IAP is required to take an assortment of compliance steps. IAP is also obligated to report on those steps, as well as the company’s compliance program more generally, at least annually. What DOJ expects the compliance program to include is outlined in useful detail in Attachment B to the NPA; the reporting requirements are summarized in Attachment C.

Observations/Recommendations. Enforcement documents issued by DOJ often provide useful guidance for the regulated community. For example, the NPA includes a comprehensive – and helpful – summary of what DOJ expects in a robust compliance program.

We also think the facts of this matter and the terms of the NPA underscore several key compliance points:

  • Appropriate diligence and training for third parties is critical. As with the vast majority of FCPA enforcement matters, these violations were facilitated by a non-U.S. third party.
  • Target key risk areas in compliance reviews. The DOJ identified a number of such risks: where the company operates, the industry it is in, its volume of interaction with government officials, its involvement in joint ventures, its reliance on operating licenses and permits, the extent to which it is regulated by the government, and the volume and importance to the company of clearing customs and immigration hurdles.
  • If needed, throw employees / agents under the bus. This statement is only partly to get readers’ attention. DOJ may have opted for an NPA over a more onerous deferred prosecution agreement at least in part because IAP helped DOJ act against the former vice president.
  • Proceed very carefully when contracting with a non-U.S. government. The government contracting community pays (rightly) much attention to protecting against fraud and other corruption in transactions with U.S. government customers. As contractors look further afield for business opportunities, it is critical to recognize the risks presented by interactions with non-U.S. government officials. Be careful out there.