Companies that choose to inform shareholders of their Foreign Corrupt Practices Act compliance procedures should be increasingly cautious of the language they employ in publicly available ethics codes or corporate responsibility reports. Although the FCPA encourages the adoption of rigorous internal compliance controls, recent federal court decisions suggest that companies that publicize details of their compliance commitments could actually increase their risk of civil liability in shareholder lawsuits that follow FCPA investigations. Courts are allowing cases to proceed on the basis that pretty general statements about compliance policies and goals can mislead investors. In other words, the scope of what is mere puffery is shrinking before our eyes. Your company’s public pronouncements need to be inventoried and considered against evolving standards now.

Shareholder litigation following an FCPA investigation has long been commonplace, and much attention has been given to this July’s ruling by US District Judge Jed Rakoff in the Petrobras case: “While some of the alleged statements, viewed in isolation, may be mere puffery, nonetheless, when (as here alleged) the statements were made repeatedly in an effort to reassure the investing public about the issuer’s integrity, a reasonable investor could rely on them as reflective of the true state of affairs at the Company.” In re Petrobras Securities Litigation, Opinion of July 30, 2015, Case No. 1:14-cv-09662-JSR (S.D.N.Y. 2014).

However, last September’s decision in City of Brockton v. Avon Products Inc(S.D.N.Y. Sept. 29, 2014) (Brockton; the defendant will be referred to as the “Issuer”) may be looked on as “patient zero” in the current waning vitality of the puffery defense to these cases, arming private plaintiffs with a new weapon in class action securities fraud litigation. Moreover, for compliance professionals and corporate counsel looking to understand where the line between puffery and actionable lies, Brockton has much to teach and in fact much more to teach than Petrobras, as the Brockton court distinguished between compliance pronouncements that were and were not actionable.

Ordinarily, shareholder plaintiffs bring a suit against a company and its officers following the revelation of a federal FCPA investigation or enforcement action. The shareholders typically allege that company officials consciously failed to disclose ongoing FCPA violations to shareholders, and by doing so made “untrue statement[s] of a material fact” or “omit[ted] to state a material fact necessary in order to make the statements made ... not misleading” in violation of Section 10(b) of the Securities Exchange Act, 15 U.S.C.A. § 78j (West 2014), and US Securities and Exchange Commission Rule 10b-5, 17 C.F.R. § 240.10b-5 (2011).

In Brockton, US District Judge Paul G. Gardephe of the US District Court for the Southern District of New York identified another way in which companies could make an “untrue statement of material fact.” He distinguished between “generalized” and “concrete” statements about a company’s FCPA compliance procedures, and declared that language conveying “concrete steps” about FCPA compliance procedures — even vague, seemingly innocuous language in glossy corporate responsibility reports that use few quantitative terms — can rise to the level of a “statement of material fact” and become the basis of an FCPA-based securities fraud lawsuit. Brockton at *16.

The FCPA-related statements that Judge Gardephe found to be material were made prior to the beginning of the 2006-2011 class period, and so they may not be of particular significance in the final resolution of this particular lawsuit.[1] However, companies should be wary of this precedent in future FCPA-based litigation: Private plaintiffs will undoubtedly be able to track down an FCPA-related claim in an ethics code or corporate responsibility statement publishedduring the class period, and wield it as evidence of an “untrue statement of material fact” in a securities fraud class action.

Brockton Litigation

In 2011, shareholders brought a putative securities fraud class action, in which they alleged that the Issuer had made false and misleading statements to shareholders regarding FCPA compliance by the Issuer’s China subsidiary between 2006 and 2011. Complaint,Brockton (S.D.N.Y. July 6, 2011) (No. 11-CIV-4665). This lawsuit came on the heels of revelations that the Issuer had been conducting an internal investigation of potential FCPA violations in China, and that federal prosecutors had also begun a related criminal investigation. Brockton at *6-*11 The shareholder plaintiffs argued that the Issuer’s leadership made materially false and misleading statements by distributing ethics codes and corporate responsibility reports to shareholders that suggested the firm was complying with the FCPA, despite the leadership being aware of ongoing FCPA violations in China. Amended Complaint,Brockton (S.D.N.Y. Mar. 16, 2012) (No. 11-CIV-4665), at ¶ 423-429.

These ethics codes and corporate responsibility reports were available on the Issuer’s website during the time at which the FCPA violations were occurring. Amended Complaint,Brockton (S.D.N.Y. Mar. 16, 2012) (No. 11-CIV-4665), at ¶ 56-64, 86-104. The ethics codes were referenced in annual 10-K filing, but the corporate responsibility reports were not referenced in SEC filings.

Although Judge Gardephe dismissed the suit on other grounds, he found that a passage from the 2004 corporate responsibility report (2004 CRR) articulated “concrete steps” that the Issuer was taking to comply with the FCPA, and consequently could have been the basis of a securities fraud class action. Brockton at *16.

SDNY’S "Generalized" vs. "Concrete" Distinction for FCPA Compliance-Related Statements

Judge Gardephe found that most of the language in the various ethics codes and corporate responsibility reports were “no more than ‘puffery’ and generalizations which do not give rise to securities violations,” as “the statements are too general to cause a reasonable investor to rely upon them.” Brockton at *15 (internal quotation marks omitted) (citing ECA, Local 134 IBEW Joint Pension Trust of Chicago v. JP Morgan Chase Co., 553 F.3d 187, 206 (2d Cir. 2009)).

However, one statement from the 2004 CRR about an “allegedly elaborate internal controls regime” “[went] beyond generalized expressions of commitment to high corporate standards, and address[ed] concrete steps that the Issuer has taken to ensure the integrity of its financial reporting.” Brockton at *16. A “reasonable investor,” argued Judge Gardephe, might “rely upon these statements as a guarantee that such steps had, in fact, been implemented,” and such statements are material and actionable in a securities fraud suit. Id. The 2004 CRR first discusses the Issuer’s commitment to rigorous internal controls, including annual financial reporting self-assessments:

a comprehensive and well-documented set of internal controls that provides reasonable assurance that [its] financial transactions are recorded accurately and completely, and [its] assets are safeguarded. It is management's responsibility to monitor the control environment through quarterly and annual self-assessments and independent monitoring from internal audit. In fact, every single financial reporting location participates in an annual internal control self-assessment and is asked to certify that their control environment is designed and operating efficiently.

Id. (quoting 2004 Corporate Social Responsibility Report 12 (2005).

The 2004 CRR proceeds to discuss the Issuer’s procedures for complying with Sarbanes-Oxley Act regulations:

Sarbanes-Oxley legislation in the US requires that CEOs and [chief financial officers] of publicly traded companies certify annually as to the effectiveness of their internal control over financial reporting. To fulfill this task, [the Issuer] created an internal team of global accounting and auditing professionals to work together to coordinate and assist [the Issuer’s] worldwide associates in the identification, documentation, and review of over 12,000 internal controls across all markets and key functions. This first annual certification of 2004 controls was successfully completed in early 2005Id.

The 2009 corporate responsibility report, which Judge Gardephe found to be nonactionable “puffery,” is comparatively less specific in its description of compliance processes. The report emphasizes the Issuer’s commitment to: “compl[y] with all applicable laws, rules and regulations in every country in which we do business, including but not limited to those related to labor and employment; direct selling; product labeling; advertising; improper payments and bribery; and antitrust and competition.” Id. at *14 (quoting 2009 Corporate Social Responsibility Report 79 (2009). It continues to state that “[l]aws affecting the operation of our business in every country have grown in number and complexity,” and “[i]t is expected that associates will have a working knowledge of permissible activities involved in their work.” Id.

Judge Gardephe also found the Issuer’s 2004 and 2008 ethics codes to be immaterial for fraud purposes, despite the fact that both ethics codes were mentioned in SEC filings and address the FCPA by name — unlike the actionable 2004 corporate responsibility act. Id. Both ethics codes go on to state that “[b]ribes, kickbacks and payoffs to government officials, suppliers and other[s] are strictly prohibited” and that “[n]o gift, entertainment or favor of any kind may be given to any government employee without the prior approval of the Legal Department or officer in charge of legal affairs in your country.” Id.

Also important is that a corporate responsibility report need not be filed with the SEC in order to be “material” in FCPA-based securities litigation. The 2004 CRR that the court found to be actionable was never referenced in any filing with the SEC, but nonetheless, Judge Gardephe found the statements in the report referencing an “elaborate internal control regime” to be material.

Impact of the "Generalized/Concrete" Distinction for FCPA Compliance

With few details about this newly emerging doctrine available, companies should be especially cautious about the language they use to discuss their FCPA compliance procedures. This is the first time that a court has used such a “generalized” vs. “concrete” distinction, and Judge Gardephe did not create a bright-line test to determine when a statement articulates “concrete steps” that constitute a material fact. The Brockton plaintiffs continued to emphasize the importance of the ethics codes in their amended complaint and other briefs, but the case is now settled and so Judge Gardephe will not in this case have another opportunity to elaborate on the factors that make an FCPA-related statement material.

Other courts and litigants have not yet adopted SDNY’s “generalized” vs. “concrete” compliance program distinction in FCPA-based shareholder litigation. In the months since Judge Gardephe’s decision, plaintiffs in other FCPA-based shareholder suits have continued to cite ethics codes as evidence of “untrue statements of material fact” without reference to the “general” vs. “concrete distinction, but this could potentially change. Like the famous Footnote Four, it is rarely the case that an opening will not be exploited in the ongoing chess game between class and defense counsel of the securities bar.

What Can Companies Do Now?

We believe it is essential that companies carefully inventory their statements, substitute aspirational for concrete (we “strive” for compliance, we do not “ensure”) and carefully consider whether there is any real upside to detailed compliance procedure disclosure in light of the significant potential downside. We have undertaken such a review for several clients and found there is substantial room for improvement and tightening of the compliance message.