On November 14, 2012, the DOJ and the SEC issued their long-awaited Resource Guide to the Foreign Corrupt Practices Act. The Guide explains how the DOJ and the SEC interpret the FCPA, and provides several practical pointers on how to avoid prosecution and enforcement. The Guide centralizes 25 years of previous guidance regarding the FCPA in a single location.
In particular, the Guide fleshes out FCPA basics, more advanced issues underlying the fundamentals, and key considerations underlying enforcement decisions, such as:
- Who is covered by the FCPA
- Factors for evaluating and controlling gift-giving
- Whether a foreign business is state-owned or state-controlled
- Importance of FCPA due diligence as part of foreign mergers and acquisitions
- DOJ and SEC enforcement decisions and how compliance programs factor in
- How the agencies evaluate the effectiveness of compliance programs
Who is Covered by the FCPA? The Guide notes that the FCPA reaches “issuers” (i.e. entities regulated by the SEC), “domestic concerns” (entities organized or with a principal place of business in the United States, including subsidiaries of foreign companies), and foreigners engaged in any act in the United States in furtherance of a corrupt payment. Officers, directors, employees, agents, and shareholders of issuers or domestic concerns can also face criminal penalties in enforcement actions, including fines and imprisonment.
Factors for Evaluating and Controlling Gift-Giving. Significant payments and gifts often provide the basis for FCPA enforcement actions. The Guide notes, however, that even items of nominal value may “comprise part of a systemic or long-standing course of conduct that evidences a scheme to corruptly pay foreign officials to obtain or retain business.” The Guide notes traits common to proper nominal gifts: given openly and transparently, properly recorded in books and records, provided only to reflect esteem or gratitude, and permitted under local law. The Guide favorably references gift-giving limitations including “automated gift-giving clearance processes,” “clear monetary thresholds,” “annual limitations.” These can be effective means for controlling gift-giving, deterring improper gifts, and protecting corporate assets.”1
Whether a foreign business is state-owned or state-controlled. Payments to employees of state-owned or state-controlled enterprises often qualify as “improper payments” under the FCPA.2 The Guide notes that while no one factor is determinative, as a practical matter an entity is unlikely to qualify as an instrumentality if a government does not own or control a majority of its shares. However, an entity could nevertheless qualify as a foreign government instrumentality absent 50 percent ownership if the government holds a special status or exercises control over important decisions.3
Importance of FCPA due diligence as part of foreign mergers and acquisitions. The guide suggests that acquisitions of or mergers with foreign entities can be a dangerous trap for the unwary. A company can buy itself FCPA liability if it acquires a tainted entity. However, the Guide lights the way: DOJ and SEC “have declined to take action against companies that voluntarily disclosed and remediated conduct and cooperated with DOJ and SEC in the merger and acquisition context.” Pre-acquisition due diligence is also stressed, as well as the importance of robust post-acquisition compliance programs. In short, the agencies will give “meaningful credit” to companies that: undertake thorough risk-based anti-corruption due diligence; ensure that the newly-acquired entity has a code of conduct and compliance policies and procedures as quickly as practicable; provide FCPA training to the directors, officers, and employees of the newly acquired business or entity; conduct an FCPA audit of the newly-acquired entity as soon as practicable; and voluntarily disclose any corrupt payments discovered via due diligence.
DOJ and SEC enforcement decisions and how compliance programs factor in. DOJ and SEC exercise discretion in deciding which cases “promote law enforcement priorities and justify investigation.” The Guide notes that the DOJ and the SEC consider the following factors when making enforcement decisions:
- The nature and harm of the offense;
- The pervasiveness of wrongdoing;
- Timely and voluntary disclosures to the government;
- Cooperation with the government;
- Collateral consequences.4
Especially helpful are the Guide’s accounts (including previously-unpublished examples) of when the DOJ and the SEC have declined enforcement. Common features include:
- Effective compliance programs, including proactive training;
- Internal controls that detected bribes before they took place or soon thereafter;
- Immediate remedial actions, such as internal investigations, disciplinary actions, and termination of third-party intermediaries involved in illicit conduct;
- Prompt self-reporting to the government; and
- Ongoing cooperation with the government, including assistance in individual prosecutions.
How the agencies evaluate the effectiveness of compliance programs. The agencies shine a spotlight on corporate compliance program throughout the Guide. For the DOJ, a company’s efforts to implement and improve upon an effective corporate compliance program factors heavily in prosecution decisions. For the SEC, improvements in internal controls and compliance procedures likewise affect civil outcomes. For both agencies, however, three simple principles guide assessments of corporate compliance:
- Whether a company’s compliance program is well-designed;
- Whether it is being applied in good faith; and
- Whether the compliance program works.
While providing relevant examples, the Guide sets forth the following as hallmarks of effective compliance programs:
- A code of conduct and effective compliance procedures and internal controls;
- A commitment by senior management to a clearly-articulated policy against corruption;
- Oversight of the program by one or more autonomous senior executives;
- Apportioning resources based upon associated risk;
- Conducting due diligence on third-party agents;
- Confidential reporting of incidents and integrating lessons learned from internal investigations into compliance efforts;
- Periodic testing, review and improvement of compliance programs; and
- Conducting appropriate due diligence on foreign acquisition targets and quickly integrating them into existing compliance programs.
The Guide also notes that the design of a company’s internal controls must take into account the operational realities and risks attendant to the company’s business:
- The nature of its products or services;
- How the products or services get to market;
- The nature of its work force;
- The degree of regulation and the extent of government interaction; and
- The degree to which a company has operations in countries with a high risk of corruption.
In particular, internal controls should aim to prevent payments of bribes concealed as legitimate payments.5 Past cases reveal that bribes have been mischaracterized as commissions, consulting fees, sales and marketing expenses, scientific studies, travel and entertainment expenses, rebates or discounts, service fees, supplier/vendor payments, write-offs, and “customs intervention” payments.
Overall, the Guide shows that the quality of a corporate compliance program will influence the resolution of enforcement matters, penalty amounts, the need for assigned monitors, and declination decisions.