The Foreign Corrupt Practices Act (“FCPA”) prohibits making payments to foreign officials for the purpose of obtaining or retaining business.1 It applies broadly to U.S. companies and individuals, companies that are listed on a U.S. exchange, employees and agents of U.S. businesses, and foreign nationals and businesses that engage in specific prohibited acts while in the territory of the U.S.
At the Securities and Exchange Commission’s (“SEC”) annual “SEC Speaks” conference last month, Cheryl Scarboro, chief of the FCPA unit, recounted a busy 2010 with more FCPA actions than ever, including more than the number brought in 2008 and 2009 combined. At this same conference, Thomas A. Sporkin, head of the Office of Market Intelligence, discussed the whistleblower program created under Section 922 of the Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank” or the “Act”)2 and noted the agency had had an “onslaught” of whistleblower tips and complaints since July, including a marked increase in high-value complaints — one or two a day — leading to more agency actions.
In light of the new whistleblower program that incentivizes employees to report apparent violations externally to government agencies rather than through corporate compliance programs, a company should implement an FCPA compliance program as part of its overall compliance strategy that encourages employee cooperation.
The Employer-Employee Relationship in a Post Dodd-Frank World
Dodd-Frank, which became law in July 2010, applies to all violations of the securities laws, but its provisions have unique implications for FCPA enforcement.3 The provisions implementing the Act offer a bounty to whistleblowers who voluntarily provide original information that leads to a successful enforcement action by the SEC.4 The whistleblower’s information must be derived from the whistleblower’s independent knowledge or analysis, must not be known to the SEC from any other source (unless the whistleblower is the original source even if the whistleblower is not the first to make the report to the SEC), and must not be exclusively derived from judicial, administrative, or government reports, hearings, audits, or investigations,5 or from the news media. Furthermore, the whistleblower cannot be the wrongdoer. Awards to whistleblowers range from 10 percent to 30 percent of the collected monetary sanctions in excess of $1 million.6
Given many recent multi-hundred-milliondollar FCPA settlements,7 the Act’s whistleblower provisions are likely to result in even more FCPA investigations and enforcement actions. Dodd-Frank’s whistleblower provisions may cause employees to circumvent their internal reporting/compliance structure and go outside to report to the government. Thus, companies have argued that the Act’s incentives undermine their internal compliance structures.8 As such, companies must carefully consider implementing a compliance program that counters the effects of the Dodd-Frank bounties. This compliance program must effectively address issues raised by whistleblowers so that the whistleblowers believe the company takes compliance seriously.9
The Purpose of a Good FCPA Compliance Program
Generally, a good FCPA compliance program serves four complementary purposes with respect to employee participation in it: (1) it provides information for employees regarding the company’s antibribery principles and recordkeeping requirements; (2) it communicates with all employees the company’s stance and commitment to antibribery initiatives, regardless of the effects of these initiatives on important sales or business relationships; (3) it provides guidance by which employees can distinguish between clear-cut areas where few FCPA concerns are present and those where involvement of experts is necessary; and (4) it provides a means of monitoring policy observance while simultaneously encouraging employees to report any concerns early and up the chain of command.
Key Elements of an Effective FCPA Compliance Program that Promote Employee Cooperation and Participation
There is no single FCPA compliance program that will work for all companies. An effective FCPA compliance program must be tailored to the particulars of the business and the industry for which it is being adopted; it must also be tailored to comply with the local laws of the countries in which the company operates and conducts business. Nevertheless, there are certain key topics that should be addressed in any FCPA compliance program to encourage employee cooperation and participation.
In the end, the goal should be to develop a culture of compliance.10 Among other things, this entails making sure that the written policies are followed and not undermined by the actions of management. A culture of compliance cannot be created overnight. An employer must take affirmative steps to foster this culture. Below are a few affirmative steps that an employer should take to encourage and foster a culture of FCPA compliance.
Corporate Policy Prohibiting Foreign Corrupt Payments
A company’s policy statement is the public assertion of its commitment to do business abroad without making corrupt payments. It also serves a dual purpose by informing employees, including new hires, of the company’s stance against corruption and compliance with federal laws. The company’s policy statement should briefly describe the applicable law and set forth the manner in which the company intends to comply with it. Furthermore, the policy should stress the importance of timely and accurate accounting for all payments, regardless of the purpose.
Standalone Anticorruption Policy
An anticorruption policy may generally include both a complete copy of the company’s policies, but also real-world examples of situations that can arise, such as payments for travel and lodging, dealing with foreign officials, the company’s policy on facilitating payments, and so forth. The policy may present detailed information about reporting requirements, company procedures for approving payments, standards for entertainment of government officials, and sample forms for proper accounting for expenditures. Even so, the policy should be written in plain, direct language easily understood by nonlawyers. An employer may wish to include a copy of this policy to all new hires, and employers may wish to consider providing updates or refresher presentations as the policy evolves or the company’s position changes.
Corporate Policy Regarding Antiretaliation
Every company is in a position to influence how employees, as potential whistleblowers, feel about whether they may suffer retaliation. Of course, retaliation for shedding light on apparent violations of legal and/or regulatory requirements is unlawful.11 Section 922 of Dodd-Frank not only confirms this but also may significantly enhance whistleblower protections. However, all employees do not necessarily believe that their employers will always follow the law. Accordingly, companies should consider how they may effectively communicate to their employees that whistleblowers will not be mistreated. Potential whistleblowers should feel confident that if they speak up, they will not face retribution. Effective communication of this message includes providing employees an antiretaliation policy and subsequent reminders of the policy, so they are aware the company encourages reporting of any actual or perceived impropriety.
Critical components of a compliance program are education and training programs and compliance seminars. A company may consider conducting these programs in a practical setting, where the issues discussed and the advice presented deal with real concerns in a real-world context. It may not be effective to provide abstract ethical standards and guidelines without relevance to the practical settings and realistic nature of their implementation. An effective method for training is to develop hypothetical case studies that mirror the factual settings that a company’s employees confront in the international marketplace, and to analyze the appropriate issues and responses that arise in these factual settings.
It is important that a corporate employee learn about FCPA compliance policy from the outset of his or her employment. Thus, a corporation should provide comprehensive training to new hires with regular supplemental training. More intensive training should be considered for key employees, such as those in sales and marketing, those who operate abroad, finance employees, and people who supervise the same.
Written Certification by Relevant Employees
Employees should be required to certify in writing they have been advised of the company’s policies regarding foreign corrupt payments and agree to abide by those policies. Likewise, foreign agents, representatives, consultants, and other business partners should be required to provide a similar written certification. A company’s policy should state whether these certifications will be required annually or only at the initiation of a relationship. In circumstances where the risk of corrupt practices is extremely high, corporate policy might also require a personal interview by counsel in addition to this written certification. To the extent that the corporate policy requires annual certifications, a company must ensure that the certifications are updated on a yearly basis. Failure to do so may send the wrong message that the company does not take FCPA compliance seriously.12
Internal Mechanisms for Reporting Violations
As a matter of law, under the Sarbanes- Oxley Act of 2002 (“Sarbanes-Oxley”), employees of certain companies must be given adequate opportunities to report violations and to do so anonymously if they wish.13 Under Sarbanes-Oxley, every company whose stock is publicly traded on the New York Stock Exchange or the publicly traded exchange, NASDAQ, is required to implement an anonymous channel for employees to report violations directly to the Audit Committee of the Board of Directors.14 Employees must be made aware of this mechanism for reporting violations and should be assured that any reports will be on an anonymous basis.15
Far too often companies focus on an anonymous reporting line, but fail to provide a helpline. What if an employee is not sure whether he or she has witnessed activity that should be reported? A helpline serves this purpose because employees who are expected to implement the company’s FCPA compliance program may need guidance from individuals knowledgeable in the law and the organization’s policies. Thus, a mechanism that puts such employees in contact with attorneys in the legal department or other individuals capable of providing well-considered and accurate advice may prove to be helpful.
As described above, employee participation in a company’s compliance program is an issue of growing significance to all employers that operate or conduct business abroad. While each company can, and should, develop its own approach to employee cooperation with internal compliance programs, certain basic principles encourage employee cooperation. The key topics described in this commentary will help shape the development of an appropriate policy, and our attorneys would be happy to assist with any questions related to FCPA compliance in general or employee cooperation with FCPA compliance programs.