US government guidance provides helpful collection of principles and case law, but does little to clarify areas of uncertainty in the US FCPA.
On 14 November 2012, the US Department of Justice (DOJ) and Securities and Exchange Commission (SEC) jointly published ‘A Resource Guide to the US Foreign Corrupt Practices Act’ (the Guide). The 120-page booklet includes a combination of general principles, examples from actual cases (documented in an appendix of 418 endnotes of legal citations), and hypothetical illustrations. This note provides an immediate analysis of a number of key areas covered by the guide.
The long-awaited guide, which has beenin development for the last year, provides information that will be useful for basic training on FCPA concepts. It will also be a handy reference tool for lawyers (especially the endnotes). But there is little in the guide that will be new to compliance professionals who are familiar with the FCPA.
Ultimately, the guide raises more questions than it answers. Compliance professionals seeking clear and practical answers to everyday questions from the global workforce will find little here.
However, what the guide does make clearis that the US authorities will continue to interpret the FCPA ever more expansively, building on their own prior settlement agreements (as opposed to judicial precedent) to broaden the law’s jurisdictional reach and the scope of business activity it prohibits. That approach is reflected in the highlights discussed below. Businesses will continueto confront the risk of a US enforcement regime that is active, aggressive, and rather unpredictable.
The guidance does nothing to limit the ever-expanding view of US jurisdiction.The US will continue to vigorously enforce the FCPA wherever there is a minimal nexus to the US.
Forward-thinking companies, whether operating in the US or elsewhere, should continue to consider their potential liability under the FCPA. The statute’s jurisdictional reach is broad and growing, as seen by the aggressive stance in the guide and in recent enforcement actions.
Liability does not end with US businesses and issuers of securities on US exchanges. The FCPA also applies to non-US companies and their agents, even those without any US operations, that take ‘any act’ within the US in furtherance of a corrupt payment to an official. Additionally, non-US companies and persons may also be liable if they conspire with or aid and abet an FCPA violation committed by a person who is subject to the law.
US prosecutors believe they have jurisdiction even where there is little, if any, connection to or activity within the US. The guide formalizes what the DOJ has been saying for years: placing a telephone call, or sending an email, text message, fax, or wire transfer from, to, or through the US, or any other use of the US banking system, can trigger FCPA liability. Notably, however, DOJ prosecutions of non-US companies to date have been limited to companies with American Depository Receipts on a US exchange.The guide is careful to place its expansive (even a single email) view of jurisdiction ina paragraph discussing US issuers and US companies, separate from a discussion of non-US entities.
While the guide modestly acknowledges that ‘the FCPA does not cover every type of bribe paid around the world for every purpose,’ it does not offer any practical limitations on its application. This is despite a federal judge’s recent criticism of the government’s jurisdictional position, US Congressional hearings, and repeated demands from the business sector.
This means that for non-US companies, even with very little connection to the US there are few places where corporate bribery, in any form, will escape liability or related legal costs.
Definition of foreign official instrumentalities
The guide contains a long list of non-exclusive factors to consider when determining whether a state-owned or state-controlled entity is an ‘instrumentality’ of a state and thus subject to the FCPA.
The FCPA prohibits corrupt payments to a ‘foreign official,’ which is broadly definedto include officers and employees of governments and government instrumentalities, as well as persons acting ‘on behalf of’ such entities. The DOJ has stated that this prohibition ‘applies to payments to any public official, regardlessof rank or position.’ However the DOJ has recently created confusion by condoning payments to certain de facto officials in certain circumstances (for example, a royal family member).
The guide states that the critical questionof whether a state-owned or state-controlled entity is an ‘instrumentality’ has no bright line guiding principle. Instead, it ‘requires a fact-specific analysis.’ The guide then repeats a list of eleven ‘non-exclusive’ factors used recently by three courts that have considered the issue. (The guide does not, however, recognize that one of those cases is on appeal).
The non-exhaustive list includes factors such as the foreign state’s extent of ownership of the entity and its degree of control over the entity, the purpose of the entity’s activities, the level of financial support by the foreign state and the general perception that the entity is performing official or governmental functions.
The guide struggles to keep up with the changing business environment in which state-directed capitalism has a growing role. For example, as of 2011, state-controlled companies in emerging markets comprised approximately 65% of the energy sector,55% of utilities, and 35% of the telecommunications and financial services sectors, according to The Economist.
The guide also fails to offer any new guidance on the circumstances in which a person who is not employed by a government or instrumentality but acts ‘on behalf of’ such an entity may be subject to the FCPA.
Third party vetting
The guide emphasizes the importance of due diligence on third parties and lists a number of red flags.
The guide cautions companies to ‘be aware of the risks involved in engaging third-party agents or intermediaries.’ Indeed, in many of the examples in the guide, the main FCPA offender is a third party. The US agencies leave little doubt about their skeptical view of these parties. The guide states categorically that ‘third parties, including agents, consultants, and distributors, are commonly used to conceal the payment of bribes to foreign officials in international business transactions.’
The guide states that even without actual knowledge that a bribe will be paid by a third party, persons may be liable if theyare ‘aware of a high probability’ that a bribe would be paid. However it offers no discussion of when or how a ‘red flag’ may represent a high probability of an improper payment. This remains an open issue for companies to evaluate carefully.
The guide urges companies to conduct due diligence on intermediaries. It prescribes a ‘vetting’ process which includes exploring the party’s reputation and relationships (especially with government officials), scrutinizing their payment terms, and carefully documenting the services they provide. In riskier circumstances, the guide suggests that companies should conduct FCPA training for third parties, require them to certify their compliance with anti-corruption laws, and demand the right to audit their internal records.
This approach will often involve considerable expense and commercial risk. Too much due diligence can jeopardize an important transaction and waste time and money.Too little may be viewed by the US authorities (with benefit of hindsight) as insufficient.In substantial transactions involving third-party intermediaries, it would be prudent to obtain professional advice on the appropriate level of due diligence.
No compliance program defense
The guide acknowledges that there are benefits for companies in having a robust compliance program, but it is unclear to what extent this will mitigate a company’s liability.
The SEC’s director of enforcement said the guide is intended ‘to make it clear how we reward companies to adopt compliance programs that are effective in preventing violations in the first place.’ If you were expecting the government to announce how to escape liability for the acts of rogue employees and agents, or to announce some numerical value or percentage that your penalty may be decreased by having a compliance program, prepare for disappointment.
The guide does not create any formal ‘compliance defense’ to the FCPA, despite US Congressional hearings on the merits of such an option and repeated calls from companies to consider compliance programs more seriously. While recognizing that no compliance program can be perfect, the guide merely states that a compliance program ‘may influence’ an enforcement decision and ‘will often affect’ a penalty amount.
The coveted defense could have allowed companies with pre-existing compliance policies and procedures, and a good faith commitment to FCPA compliance, to rebut criminal liability (or concretely reduce penalties) for FCPA violations committed by rogue employees and agents who act contrary to those policies and procedures in the same way as the UK Bribery Act.
However, the DOJ seems to be concerned that such a defense could lead to a ‘check-the-box’ approach being adopted by companies. The DOJ and SEC already take a company’s compliance program into account when assessing whether to prosecute, or what settlement terms to offer, and the US sentencing guidelines allow courts to credit companies’ compliance efforts at sentencing.
Without an affirmative compliance defense, companies must continue to look to the guide (which borrows heavily from the UK Bribery Act’s guidance on adequate procedures) as well as past cases of FCPA enforcement that have required peers to create or enhance compliance programs to discern what the US government considers to be compliance best practices.
Going forward companies will be expectedto focus on standards and procedures that are risk-based and industry-specific, enhanced third-party due diligence, and periodic testing and review of companies’ compliance programs.
Finally, while monitorships are on the wane in numerical terms, the guide states that they may still be appropriate where companies lack an effective compliance or internal controls.
The US has missed an opportunity to align itself with the UK and other countries that are increasingly looking to provide companies with a compliance defense.The UK Bribery Act 2010 provides a full defense to liability if a corporate entity can show it had ‘adequate procedures’ in place, proportionate to risk, and intended to detect and deter improper conduct.
In addition, at least 16 countries have some form of adequate procedures defense and such a defense is currently under discussion in Brazil. Nearly 60 other countries, though not providing for a defense, nevertheless state that compliance procedures would likely be viewed favorability as a mitigating factor. It seems apparent that if companies feel the need for an FCPA compliance defense, they should turn to the US Congress.
Gifts and hospitality
The guide describes the extremes of whatis clearly not an FCPA issue and what clearly would be but leaves companies with a wide gap between the extremes.
The guide describes the ‘patterns’ that have emerged with gifts and hospitality: enforcement involving small payments and gifts occurs ‘only when they comprise part of a systemic or long-standing course of conduct that evidences a scheme to corruptly pay foreign officials,’ or where there are ‘clear indicia of corrupt intent.’
The guide takes pains to emphasize that the FCPA does not prohibit a ‘small gift or token of esteem or gratitude,’ and does not forbid ‘moderate’ hospitality. (In this respect it is similar to a recent statement by the UK Serious Fraud Office in the context of the UK Bribery Act).
In releasing the guide, the SEC’s director of enforcement explained: ‘it is not the $5 cup of coffee, or the one off $50 giftto a public official, that companies need to be concerned about, but payments of real and substantial value that clearly represent an unambiguous intent to bribe a foreign official to obtain or retain business.’ However, the guide leaves no doubt that the US will consider gifts or hospitality illegal if it deems them too large or immoderate, on the theory that they are bribes in disguise.
The examples in the guide do little to illuminate the grey area between acceptable and plainly inappropriate gifts (like the gift of a fur coat). What the examples do make abundantly clear is that the US will continue to scrutinize payments of travel and entertainment expenses, especially in the context of training exercises and site inspections. US prosecutors will consider such factors as the airline class of service,the cost of meals, and the mix of business and social events in deciding whether the payment of expenses is an illegal bribe in disguise.
This type of scrutiny reinforces the importance of obtaining professional advice before agreeing to pay the cost of a foreign customer’s visit to a company site for training or facility inspection.
By documenting that the expense has been approved in reliance on professional advice, the company can protect itself from FCPA charges. Companies should also consider adopting monetary thresholds, annual limits and automated clearance processes for gifts, travel and entertainment expenses. The guide suggests that such measures are favored by the US authorities.