On November 14, 2012, the Foreign Corrupt Practices Act “Resource Guide” (the “Guidance”) was finally published, and at well over 100 pages, it consti-tutes a “non-binding informal summary” of various statutes, U.S. Department of Justice pronouncements and opinion releases, enforcement actions and settlements. While the Guidance offers no new substantive statutory interpre-tations, procedural reforms or formal policy statements, it does offer insights into how the government assesses corporate behavior, compliance and liability, as well what mitigation factors can influence the enforcement decision process.

As FCPA enforcement has dramatically expanded over the last ten years, the business community and the U.S. Chamber of Commerce have been increasingly vocal in calls for legislative reform. Although the FCPA has been the basis for dozens of enforcement actions, billions of dollars in criminal and civil fines, and several jail terms, trials have been few, and unlike other prominent criminal statutes (e.g., Sherman Act, Clean Air Act), there is very little case law, and no formal agency regulations, interpreting the Act. As a result, many corporate citizens have felt unsure as to how to conform their conduct to the law, and unclear as to the government’s perspectives on consistent application and enforcement, as well as the proper exercise of its prosecutorial discretion. Movement towards legislative reform was accelerating, although very public allegations against Wal-Mart earlier this year, combined with election year politics, largely stalled that effort. In what was widely seen as an attempt to stave off action from Congress, the U.S. Department of Justice (DOJ) and Securities and Exchange Commission (SEC) promised written guidance, which was published late last week.

Before discussing what the FCPA Guidance is, one must note what it is not. The FCPA Guidance does not represent formal rulemaking or regulatory pronouncement. It is not binding on the DOJ or the SEC, and it does not create substantive legal rights (or obligations) for businesses. Instead, it is merely advisory. Nevertheless, the FCPA Guidance does reflect the first instance in which the DOJ and SEC have formally articulated their collective views on how the FCPA should be applied, and it therefore must be analyzed and understood. While much of the Guidance restates prior government positions on statutory construction and enforcement, and addresses areas of little controversy (e.g., excessive travel entertainment for government officials), it does offer some helpful insights into the government’s current FCPA views in a few critical areas. In fact, for the very first time, DOJ, through the Guidance, has disclosed that it has declined to prosecute “several dozen cases against companies where potential FCPA violations were alleged.” (Guidance, p. 75) The Guidance provides six examples of declination decisions, each of which included a comprehensive internal investigation, immediate corrective action upon detection, cooperation, and self-disclosure.

DOJ and SEC Are Embracing Compliance Efforts as a Possible Mitigating Factor

The single greatest criticism of the way the FCPA has been enforced has been reluctance of the government to accept a formal compliance defense, under which corporate criminal and civil liability could be reduced or negated by virtue of the existence of a vigorous—and strictly enforced—compliance program. Compliance defenses are common in other areas of U.S. law (e.g., Title VII of the Civil Rights Act of 1964), as well as other international anti-bribery regimes (e.g., the U.K. Bribery Act 2010). Not surprisingly, the recognition of such a “compliance defense” has long been a cornerstone of the FCPA reform agenda touted by the U.S. Chamber of Commerce and others. The Guidance failed to deliver the kind of substantive, objective, defense the business community was hoping for. Instead, DOJ has announced that the existence of an effective compliance program is one factor it may consider when evaluating a charging decision. In the recent Morgan Stanley case, the DOJ, for the first time, appeared to publicly link the Department’s decision not to pursue any FCPA-related charges against Morgan Stanley to the company’s maintenance of an effective compliance program, which detected the wrongdoing at issue and led to a voluntary disclosure. In the aftermath of Morgan Stanley, many FCPA practitioners speculated that the government was moving towards recognizing the long-sought compliance defense. In the FCPA Guidance, the DOJ and SEC underscored this lesson by repeatedly citing the Morgan Stanley case, stating as follows:

These considerations reflect the recognition that a company’s failure to prevent every single violation does not necessarily mean that a particular company’s compliance program was not generally effective. DOJ and SEC understand that “no compliance program can ever prevent all criminal activity by a corporation’s employees,” and they do not hold companies to a standard of perfection. An assessment of a company’s compliance program, including its design and good faith implementation and enforcement, is an important part of the government’s assessment of whether a violation occurred, and if so, what action should be taken. In appropriate circumstances, DOJ and SEC may decline to pursue charges against a company based on the company’s effective compliance program, or may otherwise seek to reward a company for its program, even when that program did not prevent the particular underlying FCPA violation that gave rise to the investigation. (FCPA Guidance at 56.)

We have long counseled our clients that an effective FCPA compliance program is the best defense against FCPA liability—a position which the new Guidance validates. The government recognizes that not all businesses are the same and a single “boilerplate” approach to compliance across the economy is unlikely to be effective. In fact, the Guidance rejects a one-size fits all approach. The “compliance defense” is thus more akin to a performance standard. The government asks if the program is 1) well designed and tailored to the risks, 2) applied in good faith, and 3) effective. It is largely up to the individual company to design its own program to meet those standards taking specifically into account where and how it does business. Notably, the FCPA Guidance embraces a risk-based approach to compliance and encourages multinational companies to devote their compliance resources to areas where problems are both most likely to be found and most likely to be significant. While no part of compliance can be ignored, the Guidance warns against “devoting a disproportionate amount of time [to] policing modest entertainment and gift-giving instead of focusing on large government bids [and] questionable payments to third-party consultants.”

DOJ and SEC Are Serious About Due Diligence and Post-Acquisition Liability

The FCPA Guidance addresses the importance of FCPA due diligence at two stages of the merger and acquisition process. First, at the pre-closing stage, the Guidance emphasizes the need for effective FCPA due diligence in understanding the target’s business and value. Depending on the industry and region in which the target operates, and especially when the target is not presently subject to rigorous anti-corruption enforcement, there may be risks that the target’s business model relies on improper activities to drive revenue. In our experience, acquirers are becoming more focused on this aspect of complete due diligence.

Second, and equally important, is the need to quickly and fully implement the acquiring company’s anti-corruption compliance program at the target. Going forward, businesses are on notice that their newly acquired subsidiaries, as well as joint ventures and related entities, need to be brought under the anti-corruption compliance program quickly and completely. Failure to do so may allow improper conduct to continue, lead to the conclusion that the compliance program was not effective, and expose the acquirer to direct liability, as was the case in Watts Water. As merger and acquisition activity increases in the coming years, we expect this to be an active area for government enforcement.

The Travel Act Is Here to Stay

The Travel Act, 18 U.S.C. § 1952, is a longstanding prohibition against using interstate travel or the instrumentalities of commerce to facilitate commercial bribery. DOJ has recently used the Travel Act to “backstop” FCPA charges by allowing the Department to bring bribery cases even where some element of the FCPA was not satisfied. In several cases, such as Control Components Inc., DOJ charged both Travel Act and FCPA counts as part of one conspiracy charge under 18 U.S.C. § 371. This practice affords prosecutors tremendous charging flexibility. Not surprisingly, the FCPA Guidance reinforces the role played by the Travel Act, mentioning it first among all “other related U.S. laws” and emphasizing that the Travel Act can be used to reach even commercial bribery that does not involve foreign government officials.

The Travel Act will continue to backstop DOJ’s anti-corruption enforcement. Every company subject to U.S. jurisdiction should ensure that its anti-corruption policy contains suitable protections against commercial bribery. Further, such companies should confirm whether their internal controls are keyed to potential red flags for commercial bribery as well as government official bribery.

Insights Into How the Guidance May Affect a Voluntary Disclosure Analysis

While many commentators have suggested that the resolution in the Morgan Stanley case, as well as the new Guidance, will support more voluntary disclosures, we remain unconvinced. At the recent 28th National Conference on the Foreign Corrupt Practices Act, when describing the lessons of Morgan Stanley and how the Guidance reflects those lessons, Charles Duross, head of the DOJ’s FCPA unit, said that if an FCPA violation is “a one-off situation, companies should not be punished” as long as they maintained “a robust compliance program and internal controls.” To be sure, there are cases where the traditional voluntary disclosure analysis, including evidence of intent, issuer status, risk of detection (including whistleblower risk), statute of limitations and other factors, will favor disclosure in any event, even without an expectation for a zero-dollar fine based on an effective compliance program. And for smaller cases, where corrupt conduct was isolated to a limited number of individuals acting without general corporate endorsement and contrary to the requirements of a quality compliance program, perhaps the prospect of a declination may influence the analysis. It remains to be seen, however, whether major corruption activity could ever be reconciled with the government’s view of what constitutes an “effective compliance program.” Mr. Duross’s comments suggest that they cannot. Almost by definition the two are inconsistent, and the Guidance is clear that the government is reserving all of its discretion and flexibility in this area. And, of course, the putative defendant will not know how the government views its compliance program until the disclosure is made. We take little comfort from the result obtained in the Morgan Stanley case where the facts suggest that a rogue employee acting in his own pure self-interest misappropriated company assets and split the loot with a government official. Those facts, we believe, may not have warranted FCPA prosecution of the corporation in any event.

Conclusion

Ultimately, the Guidance could not answer every fact-specific question and did not offer anything beyond a general description of what (in the government’s view) constitutes effective compliance. While providing a useful compendium of FCPA precedent, the Guidance effectively leaves the business community largely where it was—to evaluate each case on an individual fact-specific basis.