On April 21, 2012, The New York Times published an exposé of an alleged bribery scheme by Walmart's largest foreign subsidiary based in Mexico. The article, based on a Times undercover investigation, contends that Walmart systematically bribed government officials in Mexico to obtain permits and other benefits to open new stores. Walmart allegedly paid $24 million in bribes to Mexican officials and covered up the payments. Not surprisingly, the article triggered a wave of shareholder suits against Walmart and its directors and officers. Walmart is not alone, though that is of little comfort; it is only the latest high-profile target of a string of D&O claims involving the Foreign Corrupt Practices Act.
Origins of the FCPA
The Foreign Corrupt Practices Act (FCPA or Act) has its roots in the Watergate era. In the early 1970s, two key events occurred that shaped FCPA legislative history. First, illegal payments to the U.S. presidential campaign were exposed. Second, following a $250 million bailout of Lockheed by the U.S. government, regulators discovered that Lockheed had been paying bribes to foreign governments to secure contracts. Foreign governments were outraged, and this episode was a political black eye for the U.S. government.
The FCPA was enacted in 1977 as a vehicle of U.S. foreign policy to demonstrate to its citizens and the rest of the world that the United States would not tolerate bribery to influence the acts of foreign officials. As reflected by the Act's legislative history, such bribery was deemed to be “unethical, and counter to the moral expectations and values of the American public.” The Act was signed into law by President Carter on December 19, 1977, and amended in 1998 by the International Anti-Bribery Act, which was designed to implement the anti-bribery conventions of the international Organisation for Economic Development and Cooperation. However, the Act was asleep on the books for decades, with very few enforcement actions being prosecuted.
Fast forward to today, and it is apparent that regulators' zealous enforcement of the FCPA is creating exposures for multinational corporations and their directors and officers
Key Provisions of the Act
The provision in the FCPA that garners the most attention is the “anti-bribery” provision, which applies to U.S. companies and citizens, foreign companies listed on a U.S. exchange, or any person acting while in the United States. This section of the Act generally prohibits a company or person from (1) corruptly paying or offering to pay, (2) money or “anything of value” (3) to a “foreign official” (4) in order to “obtain or retain business.” It is significant to note that the phrase anything of value is not limited to cash or cash equivalents. Instead, it can include discounts, gifts, use of materials, facilities, equipment, entertainment, drinks and meals, transportation, lodging, and so on. Interestingly, the Act does not specify a minimum amount to denote a bribe. Additionally, the phrase foreign official has been broadly interpreted to include employees of state-owned or state-controlled entities (SOEs), which are exceedingly common in parts of the world where the government owns or controls what would otherwise be private industries. The term obtain or retain business is not limited to procuring governing business or contracts, but can include bribes intended to secure preferential tax or customs treatment, government licenses or permits, or other competitive advantage. One notable exception to the anti-bribery provision is for so-called “facilitation payments” (i.e., “grease” payments) to expedite routine governmental action such as processing government paperwork or providing routine government services. However, (mis)characterizing a bribe as a facilitation payment can start one down a slippery slope.
Books and Records Provision
Another equally important provision in the Act is the so-called books and records provision, which solely applies to “issuers” listed on a U.S. exchange or otherwise required to file periodic reports with the U.S. Securities and Exchange Commission (SEC). This section requires a company to maintain corporate records that accurately reflect business transactions and disposition of assets. Companies are also required to create and maintain a system of internal accounting controls designed to prevent and detect FCPA violations.
FCPA Enforcement on the Rise
The FCPA is jointly enforced by the SEC and the U.S. Department of Justice (DOJ). Criminal violations of the anti-bribery provision of the FCPA may result in a corporate fine of up to $2 million per violation. Individuals may be criminally fined up to $100,000 per violation, in addition to imprisonment for up to 5 years. Willful violations of the books and records provision can result in a criminal fine of up to $25 million for a company and up to $5 million for an individual, in addition to imprisonment for up to 20 years. The SEC can also seek disgorgement of a company’s profits obtained as a result of improper payments under the Act.
SEC and DOJ enforcement actions are on the rise. In 2004, the DOJ filed only two enforcement actions while the SEC filed three actions. Then, 2010 marked a historic peak in FCPA enforcement actions when the DOJ filed 48 and the SEC filed 26 enforcement actions. Last year, in 2011, the DOJ filed 23 and the SEC filed 25 enforcement actions. This remarkable rise in the number of enforcement actions in the past few years may be attributed to a number of factors, including regulators' ramped-up enforcement activities following the sub-prpoime crisis, the global banking crisis and the Madoff Ponzi scheme. These actions have been a “cash cow” for regulators, who have recovered hundreds of millions of dollars in fines and penalties from individuals and companies for FCPA violations. There appears to be no end in sight as regulators continue their aggressive efforts to enforce under the Act.
Collateral Shareholder Litigation Against D&Os
While there is no private right of action under the FCPA, plaintiffs have filed shareholder derivative suits against corporate directors and officers for breaches of fiduciary duty in connection with purported FCPA violations.
Shareholder Derivative Actions
Once it is revealed that a company is the subject of an investigation for possible violations of the FCPA, shareholders may bring a derivative action alleging that the directors and officers breached their duties by failing to implement effective internal controls designed to prevent and detect FCPA violations, failing to investigate or stop the bribery, ignoring “red flags” or turning a blind eye toward improper payments, and/or violating internal corporate governance guidelines and codes of ethics.
Plaintiffs may allege that by breaching their fiduciary duties, the directors and officers caused damages to shareholders and the company. These purported damages may include legal fees incurred by the company in connection with (1) investigations by the company, SEC or DOJ for FCPA violations; (2) fines or penalties imposed by the SEC or DOJ; (3) costs associated with the defense and settlement of parallel enforcement actions or civil litigation; (4) disgorgement of ill-gotten gain, profits or compensation; and/or (5) costs to fix inadequate internal controls. In terms of non-monetary relief, plaintiffs may seek extensive corporate governance reforms, including new and improved internal controls to prevent future FCPA violations. Of course, as is typically the case, plaintiffs also routinely seek payment of their attorneys’ fees and costs. Historically, plaintiffs’ attorneys’ fees recovered in derivative suits were in the “low six figures.” More recently, however, these numbers have been creeping into the "low seven figures," specifically in the context of FCPA claims.
In an unusual twist, the thriving cottage industry of FCPA-based shareholder derivative actions do not typically follow or “tag along” to shareholder class actions for violations of federal securities laws. Instead, the derivative suits drive the private civil litigation. It is the classic case of the tail wagging the dog. Often, there is no parallel securities class action, since FCPA disclosures do not necessarily cause a company's stock price to decline. Absent a significant stock drop, it is more difficult for plaintiffs to establish “loss causation” as required for a typical shareholder class action alleging violation of securities laws. Also, unlike breach of fiduciary duty claims, securities fraud claims are subject to heightened pleading standards for scienter (guilty knowledge) or intent to defraud.
At first blush, it may seem easier to settle FCPA derivative suits that are not saddled with accompanying class actions. However, this is not always the case. In fact, there may be a number of barriers to settlement, including (1) the inability to reach agreement on potentially extensive and expensive corporate governance reforms to ensure FCPA compliance;(2) the amount of plaintiffs’ attorneys' fees; (3) negotiating with different groups of plaintiffs if, as is increasingly common, derivative suits are filed in different state and federal courts; and (4) the presence of “real” plaintiffs, such as pension funds, that demand real reforms.
There is also the specter of litigation related to mergers and acquisitions (M&A). Regulators have made it abundantly clear that a company may have “successor liability” for the pre-merger FCPA violations of any entity a company later acquires. This could mean a new band of M&A shareholder suits focused on FCPA violations. For instance, shareholders of the acquiring entity may sue the directors and officers for failing to conduct adequate due diligence of the acquired entity's FCPA compliance and resulting liability exposure. Shareholders could also bring a claim under section 14(a) of the Securities Exchange Act of 1934 for issuing false and misleading proxy statements seeking to solicit shareholder votes in favor of the acquisition, without disclosing the to-be-acquired entity's FCPA deficiencies. Unlike securities fraud claims for violation of section 10(b) of the Exchange Act, there is no heightened scienter requirement for section 14(a) claims. In other words, plaintiffs do not have to prove that the directors and officers intentionally or recklessly deceived shareholders by filing a false proxy statement. Damages are recoverable under section 14(a) and could theoretically include the amount paid to defend or settle the FCPA-related exposure of the acquired entity. This underscores the importance of M&A due diligence, with special attention to FCPA controls and compliance.
D&O Coverage and Underwriting Issues
From an underwriting standpoint, D&O underwriters may consider asking companies to complete a supplemental questionnaire with respect to potential FCPA exposure. For instance, underwriters may want to know (1) whether the company has foreign subsidiaries and customers; (2) how much of the company's revenue is generated outside the United States; (3) whether the company has a robust FCPA compliance program and internal controls; (4) whether the company conducts periodic FCPA audits and training for its employees; and (5) whether the company has an FCPA compliance officer.
From a coverage standpoint, one key issue is whether the D&O policy affords coverage for FCPA-related investigations by the company, SEC and/or DOJ. Historically, many D&O policies have not covered internal company investigations and informal investigations by regulators. However, there is an increasing divide among courts and carriers alike as to whether or not “formal” SEC and DOJ investigations are covered under a D&O policy. Some policies specifically afford coverage for regulatory investigations. Other policies may limit coverage to formal investigations triggered by a subpoena issued to a director or officer or a “Wells notice” issued by the SEC. There is no clear answer, since coverage depends on the precise policy wording, which varies widely from carrier to carrier. Some carriers have capitalized on this perceived gap in coverage by offering policies that are specifically intended to cover FCPA investigations. This coverage is relatively new and not widespread; therefore, it remains to be seen how successfully these FCPA-specific policies interact with traditional D&O policies, and whether the premium paid for the FCPA coverage is sufficient to offset exposure.
Of course, once a shareholder suit is filed and reported, coverage under a D&O policy is typically triggered. Most D&O policies afford A-side coverage for non-indemnifiable loss and B-side coverage for indemnifiable loss. The difference hinges on whether or not a company is permitted to indemnify its directors and officers for amounts incurred in connection with the shareholder litigation.
For example, Delaware law does not permit companies to indemnify directors and officers for judgments or settlement of a shareholder derivative suit. The rationale behind this restriction on indemnification is that it would be inappropriate for a company to indemnify the directors and officers for damages they caused to the company. This would be akin to a circular payment going from the D&Os to the company (in the form of damages or settlement), and from the company back to the D&Os (in the form of indemnification). Delaware law does, however, permit companies to indemnify or advance defense costs to directors and officers for the defense of derivative actions. Arguably, this triggers B-side coverage for defense costs along with the applicable retention.
The SEC and DOJ have shown no willingness to abate their increasingly aggressive stance on FCPA violations and enforcement actions. Meanwhile, creative plaintiffs’ attorneys have created a flourishing cottage industry of shareholder derivative actions against directors and officers related to purported FCPA violations. In the M&A context, successor liability exposure may give rise to additional D&O suits for failure to conduct adequate pre-merger due diligence and/or issuing false and misleading proxy statements. The stakes are high for companies and their directors and officers since the combined costs of fines and penalties imposed by the SEC and DOJ, the costs of internal and external FCPA investigations, and the costs associated with the defense and settlement of related shareholder suits can exceed tens or even hundreds of millions of dollars. FCPA exposure is likely to become widespread as more and more U.S. companies transact business in foreign countries. From a carrier perspective, this is both good and bad news: the demand for more D&O coverage coupled with increased risk of exposure to pay more losses.