With the award to Rio de Janeiro of two of the highest profile sports events in the world—the 2014 World Cup and the 2016 Summer Olympics—many U.S. and multinational corporations will be looking for investment opportunities in Brazil. If the 2008 Olympics in China are to be any kind of guide, foreign investment in Brazil will dramatically increase over the next several years and Brazil will become an increasingly attractive market. Companies looking to do business or invest in Brazil, however, should also be aware of the risks they face under the Foreign Corrupt Practices Act (“FCPA”) and should ensure that they have a strong compliance program in place.  

The FCPA is a federal law that prohibits offering, promising, or giving anything of value—as well as authorizing such an offer, promise, or gift—to a foreign official for the purpose of obtaining, retaining, or directing business to a person or entity. The FCPA has a very broad reach in comparison to many other U.S. laws. U.S. corporations can be liable for conduct that occurs entirely outside the United States and multinational corporations can be liable for conduct that bears only a tenuous connection to the United States, such as where a corrupt payment is routed through a U.S. bank account or an employee in the United States receives an email regarding a corrupt transaction.

Companies and individuals who violate the FCPA can face devastating consequences. In 2008, Siemens AG paid a record high fine totaling $800 million to settle charges with the DOJ and SEC. Individuals accused of FCPA violations can face jail time as well as high fines. Even being under investigation for alleged FCPA violations can tarnish the reputation of a company or individual and have long-lasting effects on a company’s business and on an individual’s career.

Any company doing business in Brazil faces an elevated risk of running afoul of the FCPA. In 2009, Brazil received a score of 3.7 on Transparency International’s Corruption Perceptions Index—signaling a serious corruption problem. Brazil is also clearly on the radar of U.S. law enforcement. Several recent, high-profile investigations under the FCPA have involved bribes paid to Brazilian officials. Furthermore, because of the board array of public officials in Brazil, many business interactions may be fraught with risk. In Brazil, anyone who carries out a public function, job, or office, even on a temporary basis or without compensation, is considered a public employee. This includes doctors in public hospitals, professors at public universities, anyone performing outsourced government jobs, as well as officials of state-owned companies. In fact, one recent FCPA case involved payments made to officials of Petrobras, Brazil’s state-owned oil company.

While there are risks associated with doing business in Brazil, this by no means should discourage companies from seeking out business opportunities in Brazil. A company interested in doing business in Brazil simply needs to be proactive regarding compliance with the FCPA and be alert to red flags that would require investigation. Implementing a strong compliance program can help prevent violations of the FCPA from occurring and is likely to reduce potential fines and penalties, particularly if the compliance program is initiated before beginning operations in a moderate or high risk country.

The first step in establishing a compliance program is drafting and disseminating a strong Code of Conduct that prohibits employees from engaging in illegal and unethical behavior. In addition, a robust employee training program should be established to educate employees on the FCPA, as well as any other relevant laws. To follow up on the training element of the compliance program, companies should have their employees sign periodic certifications that they are aware of and have complied with company policies and all relevant laws. In addition, new employees should be required to pass background checks prior to being hired by the company.

The next step is establishing the proper mechanisms to deal with actual or suspected violations. This includes setting up a hotline or some other kind of confidential reporting mechanism that enables employees to report conduct they feel violates company policies or the law, as well as establishing protocols for investigating any reports of improper conduct. Employees who are found to have engaged in conduct that violates company policies or the law must be disciplined.

A proper compliance program will also address third party service providers. Companies face significant exposure when using third parties, especially because under the FCPA “knowledge” of corrupt payments can be established on the basis of conscious avoidance. This means that an individual could be held liable where he or she was aware there was a high probability a corrupt payment was being offered or made but consciously avoided confirming whether or not that was the case. Because of the risk inherent in working with third parties, it is important to create comprehensive protocols for establishing, continuing, and terminating the business relationship. As with employees, companies should ensure that they thoroughly vet third party service providers prior to beginning the relationship. Furthermore, when negotiating agreements with third parties, companies should protect themselves by including provisions that, among other things, provide for audit rights and termination at will. Once the relationship has begun, companies should provide training as appropriate on the FCPA and other laws to the appropriate employees of the third party. Companies should also investigate all red flags, such as extra-contractual payments or other unusual expenditures that are incurred through a third party and should obtain periodic certifications of compliance with U.S. and local laws.

U.S. and multinational corporations should not shy away from doing business in countries such as Brazil. Rather, they should ensure that they have protected themselves from liability to the greatest extent possible by instituting a strong compliance program as early as possible.