On November 14, 2012, the U.S. Department of Justice and the Securities and Exchange Commission issued A Resource Guide to the U.S. Foreign Corrupt Practices Act, which provides extensive and long-awaited guidance on the interpretation and enforcement of the FCPA. This landmark document (the “Guidance”) presents the views of the U.S. enforcement agencies on a wide range of FCPA issues of significant concern to the global business community, including the jurisdictional reach of the FCPA; the meaning of “foreign official” and “government instrumentality;” the treatment of business hospitality and gifts; successor liability in mergers and acquisitions; the principles that govern enforcement decisions, including self-reporting, cooperation and remediation; the elements of effective compliance programs; and reporting obligations under the Sarbanes-Oxley Act. The discussion of these topics is accompanied by illustrative examples and hypothetical scenarios. Although the Guidance is non-binding, prosecutors and regulators likely will rely heavily on it when making decisions regarding the application of the FCPA, and companies should consider the Guidance when reviewing and implementing their anti-corruption policies, internal controls and compliance programs.
While the statutory requirements of the FCPA at first may appear straightforward, their interpretation has proven vexing. The FCPA’s anti-bribery provisions make it unlawful to give or offer anything of value to a foreign official in order to obtain or retain business or to secure an improper advantage. The FCPA’s accounting provisions require each issuer of securities to maintain books and records that accurately reflect, in reasonable detail, the issuer’s transactions, and to maintain a system of internal accounting controls sufficient to ensure authority over the issuer’s assets. The Guidance attempts to explain how the Department of Justice (“DOJ”) and the Securities and Exchange Commission (“SEC”) apply these provisions when investigating potential violations and making enforcement decisions, including with regard to the following topics.
Jurisdiction: The Guidance reaffirms the position of the DOJ and the SEC that the antibribery provisions of the FCPA may be triggered even by conduct that has only a fleeting connection to the United States. Any use of interstate commerce in furtherance of a corrupt payment to a foreign official will suffice – including “placing a telephone call or sending an e-mail, text message, or fax from, to, or through the United States” or “sending a wire transfer from or to a U.S. bank or otherwise using the U.S. banking system.” Similarly, acts within the U.S. may ensnare co-conspirators who remain outside the U.S.: “a foreign national who attends a meeting in the United States that furthers a foreign bribery scheme may be subject to prosecution, as may any co-conspirators, even if they did not themselves attend the meeting.” These far-reaching theories of jurisdiction have formed the basis of settled enforcement actions under the FCPA, but have yet to be tested fully in the U.S. courts.
Meaning of “Foreign Official” and “Government Instrumentality”: Under the FCPA, “foreign official” is defined to include any officer or employee of any “instrumentality” of a foreign government, but the statute does not define “instrumentality.” As a result, it can be challenging for companies to determine when they are dealing with “foreign officials,” particularly in markets in which many businesses are partially state-owned. The meaning of these terms is the subject of ongoing litigation, including in the U.S. Court of Appeals for the Eleventh Circuit, where a potentially significant appeal currently is pending. In the Guidance, the DOJ and the SEC follow the lead of the handful of federal district courts that have considered this issue, stating that “[w]hether a particular entity constitutes an ‘instrumentality’ under the FCPA requires a fact-specific analysis of an entity’s ownership, control, status, and function,” then providing a long but non-exclusive list of factors to be considered. The Guidance offers the welcome clarification that “as a practical matter, an entity is unlikely to qualify as an instrumentality if a government does not own or control a majority of its shares” but absent further judicial clarification, the fact-specific nature of the analysis is likely to continue to make the meaning of these terms a source of uncertainty.
Business Hospitality and Gifts: The FCPA’s anti-bribery provisions contain no explicit exception for de minimus gifts or business hospitality provided to foreign officials, though they do contain an affirmative defense for reasonable and bona fide business expenditures. The Guidance emphasizes that the FCPA requires proof of corrupt intent, which “protects companies that engage in the ordinary and legitimate promotion of their businesses” and makes it “difficult to envision any scenario in which the provision of cups of coffee, taxi fare, or company promotional items of nominal value” would be deemed to violate the FCPA. The Guidance also acknowledges that moderately priced gifts that are “tokens of esteem or gratitude” are unlikely to be given with corrupt intent. Likewise, the payment of travel and entertainment expenses for foreign officials has resulted in enforcement action only where such hospitality was extravagant or “occurred in conjunction with other conduct reflecting systemic bribery or other clear indicia of corrupt intent.” The Guidance provides concrete examples of gifts and hospitality that would violate the FCPA and others that would not. For example, “a trip to Paris for a government official and his wife that consisted primarily of touring activities via a chauffeur-driven vehicle” would be improper, while in the context of providing training to employees of a state-owned company in connection with a long-term contract, it would be permissible to pay for international business-class airfare, hotel expenses, a moderately priced dinner, a baseball game and a play.
Successor Liability: Although the successor company in any acquisition or merger runs the risk of inheriting the FCPA liabilities of the acquired company or predecessor entity, the Guidance provides advice on how best to minimize those risks. In essence, if a company conducts appropriate pre-transaction FCPA diligence (or post-transaction diligence, if pre-transaction diligence is impractical), voluntarily reports any discovered violations to the DOJ and the SEC, and takes prompt remedial actions, including implementing robust compliance programs and internal controls, the likelihood of any enforcement action against the successor company is low: “DOJ and SEC have only taken action against successor companies in limited circumstances, generally in cases involving egregious and sustained violations or where the successor company directly participated in the violations or failed to stop the misconduct from continuing after the acquisition.” Even after being acquired, a predecessor company previously subject to the FCPA – whose past conduct constituted a violation – will remain subject to DOJ and SEC enforcement action.
Principles Governing Enforcement Decisions: The Guidance summarizes the policies of the DOJ and the SEC on whether and how they will initiate investigations of potential FCPA violations, bring charges or commence enforcement proceedings, and resolve such matters. After reciting the DOJ’s well-established Principles of Federal Prosecution of Business Organizations and relevant provisions from the SEC’s Enforcement Manual, the Guidance emphasizes that “both DOJ and SEC place a high premium on self-reporting, along with cooperation and remedial efforts, in determining the appropriate resolution of FCPA matters.” Also, the Guidance provides examples of actual “declinations,” matters involving evidence of FCPA violations in which the DOJ and SEC declined to pursue any enforcement action. In each instance, without identifying the company involved, the Guidance describes the factors that led to the declination.
Compliance Programs: While noting that the DOJ and the SEC “have no formulaic requirements regarding compliance programs,” the Guidance describes the elements of what the enforcement agencies consider an effective compliance program: (1) a commitment from senior management and a clear anti-corruption policy; (2) a concise, accessible code of conduct as well as “policies and procedures that outline responsibilities for compliance within the company, detail proper internal controls, auditing practices, and documentation policies, and set forth disciplinary procedures;” (3) oversight responsibility vested with senior executives who have sufficient authority, autonomy and resources; (4) strong risk assessment and internal audit procedures; (5) periodic training and advice on FCPA compliance; (6) appropriate disciplinary procedures and positive incentives; (7) risk-based due diligence on third parties; (8) mechanisms for confidential reporting and efficient, reliable internal investigation; (9) periodic testing and review of compliance procedures; and (10) for mergers and acquisitions, thorough pre-acquisition due diligence and post-acquisition integration. The particular application of these elements should “be tailored to an organization’s specific needs, risks, and challenges” based upon a “company’s own assessment.” The Guidance on this topic does not break new ground, but the detailed recitation of what the DOJ and the SEC consider “best practices” in compliance programs will be useful to companies seeking to ensure that their anticorruption procedures and controls are robust.
Sarbanes-Oxley Reporting Obligations: Under Section 404 of the Sarbanes-Oxley Act, an issuer must report on management’s assessment of the effectiveness of the company’s internal controls over financial reporting, and the company’s auditor must evaluate the effectiveness of those controls. The Guidance makes clear that the internal controls to be assessed “include those related to illegal acts and fraud – including acts of bribery – that could result in a material misstatement of the company’s financial statements.” While Section 404 focuses on material weaknesses in internal controls, the FCPA contains no materiality requirement. Accordingly, while the Guidance stops short of suggesting any new Section 404 obligations, it does make clear for companies that anti-bribery controls should be considered an integral part of their internal controls over financial reporting and thus should be tested as part of companies’ annual 404 procedures.
With regard to these issues, among others, the Guidance is an important and valuable resource for companies and their legal and compliance advisors in developing effective compliance programs and preventing violations of the FCPA. However, as a non-binding compilation of the views of the U.S. enforcement agencies, the Guidance leaves tremendous latitude for prosecutorial discretion in enforcement decisions and is no substitute for greater clarity in the statutory language of the FCPA. We expect that the perspectives offered by the DOJ and the SEC, like the FCPA itself, will now be subject to considerable debate and interpretation.