On November 14, the U.S. Department of Justice (DOJ) and the Securities and Exchange Commission (SEC) released “A Resource Guide to the U.S. Foreign Corrupt Practices Act” (Guidance)—the regulators’ long anticipated guide to the Foreign Corrupt Practices Act’s (FCPA’s) criminal and civil enforcement provisions.1 The purpose of the Guidance is “to provide helpful information about the FCPA and [the DOJ’s and SEC’s] FCPA enforcement efforts to businesses that want to compete fairly in foreign markets, so that those businesses can maximize their ability to comply with the FCPA in the most effective and efficient way suitable to their business and the markets in which they operate.”2 Although the Guidance is essentially a nonbinding compilation of past positions taken by the regulators,3 it appears to have achieved its goal: the Guidance blends statutory interpretation, case analysis, and practice recommendations in a comprehensive and teachable manner. It offers advice regarding the definition of “foreign official,” the payment of expenses and provision of gifts, the availability of affirmative defenses, and the risk of subsidiary liability, all of which are discussed herein. The Guidance also offers a variety of hypothetical case studies that serve as de facto opinion procedure releases.
This summary presents key takeaways from the Guidance, assesses ongoing FCPA reform efforts, analyzes recently resolved FCPA enforcement actions, and summarizes the key provisions of the act.
Key Takeaways from the Guidance
Definition of “Foreign Official” – Focus on Ownership and Control for “Instrumentalities”
The focus of the Guidance’s section on “foreign officials” concerns when a government “instrumentality” constitutes a foreign official for the purposes of the FCPA. Regulators offer a nonexhaustive list of factors used in determining an instrumentality’s status, including the foreign state’s extent of ownership or control of the entity; the foreign state’s characterization of the entity and its employees; the circumstances surrounding the entity’s creation; and the level of financial support by the foreign state.4 While no single factor is dispositive, an entity is unlikely to qualify as an instrumentality if a foreign government does not own or control a majority of its shares, unless there are indicia of substantial control. This clarification is important because it marks the first time that regulators have provided an ownership threshold for assessing an instrumentality’s status. The Guidance cautions, however, that there are circumstances in which an entity would qualify as an instrumentality absent 50% or greater foreign government ownership due to indicia of substantial control, as reflected by past enforcement actions.5
While the Guidance presents regulators’ position on the instrumentality threshold, businesses can expect judicial insight on the matter from a forthcoming decision in the case of United States v. Esquenazi.6 In Esquenazi, the U.S. Court of Appeals for the Eleventh Circuit will determine whether a telecommunications company that is 97% owned by the Haitian government through its national bank is a state-owned entity for the purposes of the FCPA.7
Gifts and Expenses – Focus on Intent
The FCPA prohibits the corrupt “offer, payment, promise to pay, or authorization of the payment of any money, or offer, gift, promise to give, or authorization of the giving of anything of value to” a foreign official. While an “improper benefit” can take many forms, including “payments of cash” and “travel expenses,” and there is no “minimum threshold amount for corrupt gifts or payments,” the Guidance makes clear that there must be a finding of corrupt intent—the intent to improperly influence a government official.8 The Guidance notes that “it is difficult to envision any scenario in which the provision of cups of coffee, taxi fare, or company promotional items of nominal value would ever evidence corrupt intent, and neither DOJ nor SEC has ever pursued an investigation on the basis of such conduct.”9
A significant portion of the “Gifts” section is devoted to the topic of charitable donations. While the FCPA does not prohibit charitable contributions, the Guidance makes clear that businesses “cannot use the pretense of charitable contributions as a way to funnel bribes to government officials.”10 As a result, such contributions may be scrutinized for, and result in, FCPA violations. As explained by the Guidance, “Proper due diligence and controls are critical for charitable giving. In general, the adequacy of measures taken to prevent misuse of charitable donations will depend on a risk-based analysis and the specific facts at hand.”11
Affirmative Defenses – Bona Fide Expenditures
While certain expenditures are likely to raise red flags, the Guidance states that expenditures “will not give rise to prosecution if they are (1) reasonable, (2) bona fide, and (3) directly related to (4) the promotion, demonstration, or explanation of products or services or the execution or performance of a contract.”12 The Guidance also provides a nonexhaustive list of safeguards for evaluating whether a particular expenditure risks violating the FCPA. Such safeguards include whether the particular officials who will participate in the party’s proposed trip/program were selected by the company in question; whether all costs were paid directly to travel and lodging vendors and/or reimbursed only upon presentation of a receipt; and whether funds were advanced and reimbursements paid in cash.13
Corporate Liability – Parents, Successors, and Agents
The Guidance presents a lengthy discussion of corporate liability that reaffirms regulators’ long-held positions that (1) “a company is liable when its directors, officers, employees, or agents, acting within the scope of their employment, commit FCPA violations intended, at least in part, to benefit the company”;14 and (2) “[a]s a general legal matter, when a company merges with or acquires another company, the successor company assumes the predecessor company’s liabilities,” including FCPA violations.15 Despite these principles, the Guidance observes that regulators have declined to take action against companies in a “significant number of instances” in the merger and acquisition context where the companies have “voluntarily disclosed and remediated conduct and cooperated with DOJ and SEC.”16 According to the Guidance, regulators “have only taken action against successor companies in limited circumstances, generally in cases involving egregious and sustained violations or where the successor company directly participated in the violations or failed to stop the misconduct from continuing after the acquisition.”17 Instead, regulators have tended to pursue “enforcement actions against the predecessor company (rather than the acquiring company), particularly when the acquiring company uncovered and timely remedied the violations or when the government’s investigation of the predecessor company preceded the acquisition.”18
The Guidance suggests that, above all else, preacquisition due diligence is key to regulators’ assessment of successor liability.19 This is due in part to regulators’ belief that “[c]omprehensive due diligence demonstrates a genuine commitment to uncovering and preventing FCPA violations.”20 That said, “when pre-acquisition due diligence is not possible . . . a successor company’s voluntary disclosure, appropriate [post-acquisition] due diligence, and implementation of an effective compliance program may decrease the likelihood of an enforcement action regarding an acquired company’s post-acquisition conduct.”21
Hallmarks of Effective Programs
The Guidance emphasizes the importance of effective anticorruption compliance programs. Regulators often “consider the adequacy of a company’s compliance program when deciding what, if any, action to take,” and such programs “may influence whether or not charges should be resolved through a deferred prosecution agreement (DPA) or non-prosecution agreement (NPA), as well as the appropriate length of any DPA or NPA, or the term of corporate probation.”22 While recognizing there is no “one size fits all” approach,23 a message that was recently reinforced by Kara Brockmeyer, the chief of the SEC’s FCPA Unit, and Charles Duross, the deputy chief of the DOJ’s Fraud Section,24 the Guidance promotes the following “Hallmarks of Effective Compliance Programs”:
- Commitment from Senior Management and a Clearly Articulated Policy Against Corruption. Regulators consider whether an appropriate tone is set at the top and whether the program is implemented and enforced in good faith. Specific considerations include whether senior management has clearly articulated standards that are communicated unambiguously, adhered to scrupulously, and disseminated throughout the organization.25
- Code of Conduct and Compliance Policies and Procedures. Regulators review whether the company has taken steps to ensure that the code of conduct is updated regularly and remains both current and effective. The Guidance makes clear that regulators consider whether the company has policies in place that outline internal controls requirements, auditing practices, and disciplinary procedures for violations.26
- Oversight, Autonomy, and Resources. Regulators consider whether responsibility and implementation of the program have been vested with specific senior-level executives within an organization. These individuals must have sufficient authority, autonomy (including direct access to the board of directors and audit committee), and resources to ensure that the program is implemented effectively.27
- Risk Assessment. The Guidance allows for tailored compliance programs based on the relative risk of a given transaction so that unnecessary resources are not devoted to low-risk ventures. However, if a company fails to prevent a violation in an “economically significant, high-risk transaction” because it failed to perform adequate due diligence, it will likely receive reduced credit.28
- Training and Continuing Advice. Regulators will evaluate whether steps have been taken to ensure that relevant policies and procedures have been communicated, including through periodic training and certification for directors, officers, “relevant employees,” agents, and business partners.29
- Incentives and Disciplinary Measures. Regulators will evaluate the extent to which a compliance program has been implemented by considering the company’s disciplinary procedures and incentives for ethical and lawful behavior, such as by making compliance a metric for management bonuses, and the consistency with which such procedures are applied.30
- Third-Party Due Diligence and Payments. Regulators consider not only the diligence applied to vetting third parties and agents, but also the extent to which third parties are informed of the company’s compliance program and commitment to ethical conduct and whether the company has sought assurances from third parties of reciprocal commitments.31
- Confidential Reporting and Internal Investigation. The Guidance provides that an effective compliance program will include both a means by which employees can report misconduct internally as well as an effective and well-funded procedure for investigating whistleblower tips when made.32
- Continuous Improvement: Periodic Testing and Review. Effective programs should evolve and be updated based on the company’s business model, the environment in which it operates, and its industry.33
The Guidance also endorses compliance program guidance issued by other federal agencies, such as the Departments of Commerce and State, as well as those published by international agencies and multinational organizations, such as the Organisation for Economic Co-operation and Development, Asia-Pacific Economic Cooperation, International Chamber of Commerce, Transparency International, and the World Bank.34
Declinations Decisions – Real-World Examples
One of the Guidance’s distinctive features is its presentation of six anonymized cases in which regulators declined to take enforcement action.35 In each of those cases, the companies in question either self-reported the offending conduct or voluntarily disclosed that the conduct had occurred. In addition, all of the companies conducted thorough internal investigations, revised their compliance programs, and proactively remediated the violations by terminating employees, severing third-party relationships, and/or withdrawing bid proposals. In several of the cases, declinations were attributed in part to existing robust compliance programs and effective internal controls.
Criticisms of the Guidance and Calls for Reform
Early responses to the Guidance have been mixed. Proponents have praised the Guidance as a comprehensive, user-friendly tool that offers critical insight on the principles of prosecution and enforcement policies. These commentators have noted the Guidance’s pragmatic advice, including recommendations for avoiding successor liability, spotting red flags in third-party relationships, and assessing whether particular expenditures will be treated as reasonable and bona fide. Detractors, on the other hand, have criticized the Guidance as a “cheat sheet for playing fair” that merely restates the regulators’ previous positions and offers little clarity about the legal ramifications of conducting business abroad.
The U.S. Chamber of Commerce issued a statement on November 14, commending regulators for including helpful hypothetical and case-study scenarios, offering greater clarity to the meaning of “instrumentality” as a component of the foreign official requirement, and providing more details on the mens rea requirement for corporate criminal liability.36 While remaining hopeful that the Guidance will help businesses seeking to comply in good faith with the FCPA, the U.S. Chamber of Commerce observed that general guidance is not an adequate substitute for an affirmative statute.
In the past, the U.S. Chamber of Commerce has proposed amendments to the FCPA that would allow affirmative defenses for corporate defendants that can prove by a preponderance of the evidence that they had in place adequate plans to comply with the FCPA when the violations were committed. The U.S. Chamber of Commerce’s Institute for Legal Reform (Institute) has claimed that “[t]he adoption of such a compliance defense [would] not only increase compliance with the FCPA by providing businesses with an incentive to deter, identify, and selfreport potential and existing violations, but [would] also protect corporations from employees who commit crimes despite a corporation’s diligence.”37 The Institute has also argued that “it [would] give corporations some measure of protection from aggressive or misinformed prosecutors, who can exploit the power imbalance inherent in the current FCPA statute—which permits indictment of a corporation even for the acts of a single, low-level rogue employee—to force corporations into deferred prosecution agreements.”38 Regulators did not address this proposal in the Guidance.
Other proposed reforms that were not addressed by the Guidance include a period of repose in which companies acquiring subsidiaries would be permitted to conduct postacquisition due diligence to root out and terminate improper conduct, limitations on civil liability for actions by a subsidiary without the parent company’s knowledge, and the addition of a “willfulness” requirement for corporate culpability to prevent the government from criminally charging a corporation for acts it did not know were illegal. The Guidance instead reiterates the government’s positions that parent corporations are liable under agency principles and that proof of “willful conduct” is not required in order to sustain criminal or civil liability against corporations.
Despite the setbacks, some proposals for reform have gained traction. For example, in a White Paper authored by Morgan Lewis attorneys George J. Terwilliger, III and Matthew S. Miner on behalf of the U.S. Chamber Institute for Legal Reform and presented at last month’s annual Legal Reform Summit, the Institute called upon the DOJ to provide additional guidance as to the specific factors that have led to decisions to decline criminal prosecutions.39 The Guidance answers that call in part by providing six historical examples of situations where regulators have declined to pursue FCPA enforcement actions based on specific factors. The enforcement agencies appear willing to decline where three general categories of factors are present: (1) immediate termination of the offending conduct; (2) prompt initiation of an internal investigation including voluntary disclosure of factual findings to the enforcement agencies; and (3) comprehensive remedial action, including termination of offending employees and/or agents and improved training efforts, compliance programs, and internal controls. In other cases, the small size of the offending transaction combined with other factors also played a role in the declination decision.
FCPA Enforcement Actions in 2012
During the first nine months of 2012, the DOJ resolved nine corporate enforcement actions resulting in a cumulative $142.2 million in fines and penalties. Most of the enforcement actions—including actions brought against Pfizer, Orthofix International, Biomet, BizJet International Sales and Support/Lufthansa Technik, Smith & Nephew, and Data Systems & Solutions, among others—were resolved through deferred prosecution agreements. The remaining two enforcement actions, concerning NORDAM Group and Tyco International, were resolved by non-prosecution agreements. It should be noted, however, that Tyco International also entered into a plea agreement with the DOJ involving a subsidiary as part of the resolution of the enforcement action.
For its part, the SEC filed 15 FCPA enforcement actions in FY 2012, including actions brought jointly with the DOJ—against Pfizer, Tyco International, Biomet, and Smith & Nephew.40 Emphasizing cross-agency cooperation, Kara Brockmeyer, the chief of the FCPA unit at the SEC, noted during her panel discussion at the FCPA Conference that her office has “forged a close and unique relationship with the [DOJ],” and that “the SEC has better coordination in the FCPA space than in almost any other area.”
The SEC too has made use of pretrial diversion agreements in resolving FCPA matters. As reported in a White Paper authored by Morgan Lewis attorneys,41 in 2010, the SEC announced a new cooperation initiative authorizing its staff to execute formal written cooperation agreements, deferred prosecution agreements, and nonprosecution agreements. The SEC entered into its first FCPA-related deferred prosecution agreement in 2011 with Tenaris S.A.
In announcing the Tenaris DPA, SEC Enforcement Director Robert Khuzami stated in the SEC’s press release that the commission agreed to a deferred prosecution agreement because “Tenaris’ immediate self-reporting, thorough internal investigation, full cooperation with the SEC staff, enhanced anti-corruption procedures, and enhanced training made it an appropriate candidate for the Enforcement Divisions’ first deferred prosecution agreement.”42
Assistant Attorney General Lanny Breuer recently defended the DOJ’s frequent use of deferred prosecution agreements and non-prosecution agreements in a speech to the New York City Bar Association.43 As stated by Breuer:
[Deferred prosecution agreements] have had a truly transformative effect on particular companies and, more generally, on corporate culture across the globe. . . . One of the reasons why deferred prosecution agreements are such a powerful tool is that, in many ways, a [deferred prosecution agreement] has the same punitive, deterrent, and rehabilitative effect as a guilty plea: when a company enters into a [deferred prosecution agreement] with the government, or [a nonprosecution agreement] for that matter, it almost always must acknowledge wrongdoing, agree to cooperate with the government’s investigation, pay a fine, agree to improve its compliance program, and agree to face prosecution if it fails to satisfy the terms of the agreement. All of these components of [deferred prosecution agreements] are critical for accountability. Perhaps most important, whether or not a corporation pleads guilty . . . or enters into a [deferred prosecution agreement] with the government, the company must virtually always publicly acknowledge its wrongdoing. And it must do so in detail. This often has significant consequences for the corporation, and it prevents companies from explaining away their resolutions by continuing to deny that they did anything wrong.44
Most of the DOJ enforcement actions noted above appear to involve voluntary disclosures. On the other hand, records suggest that disclosures in the Data Systems & Solutions action, according to the company’s deferred prosecution agreement, appear to have resulted from “the receipt of subpoenas in connection with the government’s investigation.”
The FCPA, 15 U.S.C. §§ 78dd-1, et seq., broadly prohibits improper payments to foreign government officials through its antibribery, recordkeeping, and internal controls provisions. The FCPA’s antibribery provisions make it illegal to corruptly offer or provide anything of value to foreign government officials with the intent to obtain or retain business. The provisions apply to “issuers,” “domestic concerns,” and third-party “agents” acting on behalf of issuers and domestic concerns, as well as to “any person” who violates the FCPA while “in the territory of the United States.” The term “issuer” covers business entities that are registered under 15 U.S.C. § 78l or required to file reports under 15 U.S.C. § 78o(d). The term “domestic concern” encompasses any U.S. citizen, national, or resident, as well as any business entity that “is organized under the laws of a State of the United States or a territory, possession, or commonwealth of the United States,” or “has its principal place of business in the United States.”
The FCPA’s recordkeeping provision requires issuers to “make and keep books, records, and accounts, which, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the[ir] assets.” The FCPA’s internal controls provision, on the other hand, requires that issuers “devise and maintain a system of internal accounting controls” aimed at preventing and detecting FCPA violations. A payment that does not constitute a violation of the antibribery provisions can lead to prosecution under the accounting provisions if it was inaccurately recorded or could be attributed to an internal controls deficiency.
Since there is no requirement that a false record or deficient control be linked to an improper payment, even a payment that does not constitute a violation of the antibribery provisions can lead to prosecution under the accounting provisions if it was inaccurately recorded or could be attributed to an internal controls deficiency.