On November 14, 2012, the U.S. Department of Justice ("DOJ") and the U.S. Securities and Exchange Commission ("SEC") jointly issued A Resource Guide to the U.S. Foreign Corrupt Practices Act (the "Guide" or "Resource Guide"), the much-anticipated guidance regarding the FCPA. In the spirit of helping businesses of all shapes and sizes to "better understand the FCPA," the Resource Guide assembles, in one convenient place, DOJ's and the SEC's "guiding principles of [FCPA] enforcement," with references to the FCPA's legal context, including past enforcement actions and opinion procedure releases, fact-bound hypotheticals, and "hallmarks of effective compliance programs."[1]

In remarks at the American Conference Institute's ("ACI") 28th National Conference on the FCPA on November 16, 2012, Assistant Attorney General Lanny Breuer stated that he regards the Resource Guide as "perhaps the boldest manifestation of our transparent approach to enforcement." DOJ and the SEC prepared the Guide because they "want U.S. businesses, foreign officials, non-governmental organizations and others to understand why we prosecute FCPA cases as vigorously as we do, and also how and why we make our charging decisions." In this way, Mr. Breuer expressed hope that the Guide would "help businesses that are unsure of their obligations, and . . . therefore improve compliance."

The Resource Guide weaves oft-debated positions into an orderly summary of, among other sources, national and international legal anti-corruption efforts, the limited body of judicial precedent regarding the FCPA, the U.S. Sentencing Guidelines, and internal DOJ and SEC documents that guide enforcement decisions. In a well-organized and easy-to-use format, the Guide aggregates the combined views of DOJ and the SEC, while emphasizing that it is "non-binding, informal, and summary in nature," and "does not in any way limit the enforcement intentions or litigating positions" of U.S. enforcement authorities.

The Resource Guide is organized into ten chapters. It gathers in a single compendium the collective thinking of the FCPA enforcement community, thus providing a valuable resource tool for compliance professionals around the world. Within its 120 pages and 418 footnotes, the Guide discusses, among other things, the components of the FCPA's anti-bribery and accounting provisions, the Government's guiding principles of enforcement, potential FCPA penalties, sanctions and remedies, and possible resolutions to FCPA prosecutions and enforcement actions. The Guide also addresses other overlapping ways in which companies or individuals can face possible charges, even if all the elements of an FCPA violation are not present, such as through Travel Act, anti-money laundering, and mail and wire fraud charges. Below, we have distilled from these various chapters key takeaways and further context regarding a number of challenging issues for corporate executives, compliance officers, and attorneys.

The Business Purpose Test

Liability attaches under the FCPA if a payment or offer to pay anything of value is made to a foreign official with a corrupt intent to "assist in obtaining or retaining business." Evaluation of this final element is commonly known as the "business purpose test" and, as the Guide correctly states, has been "broadly interpreted."[2]

In United States v. Kay, the Fifth Circuit read the "obtain or retain" language broadly, rejecting the lower court's holding that payments made to Haitian officials to induce them to understate customs duties and sales taxes on rice shipments could not fall within the scope of the FCPA.[3] Relying on the legislative history, Kay expanded the understanding of activities that could satisfy the business purpose test.[4] The Resource Guide espouses a broad interpretation of the business purpose test and relies on Kay; more than half of the Guide's discussion of the business purpose test is dedicated to discussing Kay.[5]

The Resource Guide further illustrates, by highlighting conduct that led to nearly a quarter of a billion dollars in penalties and disgorgement in the 2010 Panalpina-related settlements, how payments allowing a company to "carry out its existing business" may, under the Fifth Circuit's interpretation, be found to contravene the FCPA. By teasing out specific examples of the benefits exchanged for improper payments to customs officials in the Panalpina cases, the Guide provides a useful and efficient tool for a company to evaluate whether a payment made in the course of its business operations could be found by regulators to run afoul of the FCPA. Allegedly improper benefits in the Panalpina-related cases, as articulated in the Guide, included

  • evading customs duties on imported goods,
  • "improperly expediting" the importation of goods and equipment,
  • extending drilling contracts and lowering tax assessments,
  • obtaining false documentation related to temporary import permits for drilling rigs, and
  • enabling the release of drilling rigs and other equipment from customs officials.

Despite this broad interpretation of the business purpose test, the Resource Guide acknowledges that "the FCPA does not cover every type of bribe paid around the world for every purpose."[6] As the Fifth Circuit in Kay articulated: Payments for evasion of customs duties or taxes "could fall within the purview of the FCPA's proscription. We hasten to add, however, that this conduct does not automatically constitute a violation of the FCPA: It still must be shown that the bribery . . . would 'assist in obtaining or retaining business.'"[7]

Gifts, Travel, Entertainment, and Charitable Contributions

One item on the wish lists of those awaiting the new FCPA guidance was additional clarity on the provision of travel, gifts, and hospitality. Such business courtesies are an everyday fixture of normal business conduct, but can present challenges, particularly in countries like China, where relationship building drives successful business development.[8] Because of a dearth of judicial decisions in this area, companies have looked to enforcement actions[9] and DOJ opinion procedure releases[10] for guidance on reducing the risks associated with gift, travel, and hospitality expenditures. The Resource Guide is consistent with lessons gleaned from these sources, and gathers and organizes these principles into a useful format.

For gift-giving, the basic guideline is straightforward: "The FCPA does not prohibit gift-giving. Rather, just like its domestic bribery counterparts, the FCPA prohibits the payments of bribes, including those disguised as gifts."[11] Determining whether a particular business courtesy crosses the line often turns on the giver's intent, an analysis that does not lend itself to bright-line rules. The Resource Guide confirms, however, that DOJ's and the SEC's enforcement priorities do not include pursuing modest gift, travel, and entertainment expenditures. Framing the discussion in terms of corrupt intent, the Resource Guide states that, at one end of the spectrum, "it is difficult to envision any scenario in which the provision of cups of coffee, taxi fare, or company promotional items of nominal value would ever evidence corrupt intent, and neither DOJ nor SEC has ever pursued an investigation on the basis of such conduct."[12] Rather, the Resource Guide states that "DOJ's and SEC's anti-bribery enforcement actions have focused on small payments and gifts only when they comprise part of a systemic or long-standing course of conduct that evidences a scheme to corruptly pay foreign officials to obtain or retain business."[13] Similarly, the Resource Guide observes that DOJ and the SEC have brought enforcement actions involving travel and entertainment expenses where they "occurred in conjunction with other conduct reflecting systemic bribery or other clear indicia of corrupt intent."[14] These assurances, as the Guide itself suggests, may help companies to avoid "[d]evoting a disproportionate amount of time [to] policing modest entertainment and gift-giving."[15] At the ACI's 28th National Conference on the FCPA on November 15-16, 2012, which was co-chaired by Gibson Dunn's F. Joseph Warin, DOJ and SEC officials repeatedly emphasized that they are directing their resources to serious investigations and not routine gift-giving and modest entertainment.

The Resource Guide also lists four "hallmarks" of appropriate gift-giving to help those seeking guidance on the permissibility of business courtesies that fall somewhere between buying a cup of coffee, on the one hand, and providing a sports car, fur coat, $12,000 birthday trip, or $10,000 for food, drinks, and entertainment, on the other hand (all of which the Resource Guide includes as examples of improper benefits)[16]: (1) the gift "is given openly and transparently," (2) the gift is "properly recorded in the giver's books and records," (3) the gift is "provided only to reflect esteem or gratitude," and (4) the gift is "permitted under local law."[17]

In terms of business travel and entertainment, the Resource Guide builds on existing guidance by providing practical examples that illustrate the fact-bound nature of the analysis. For example, the Resource Guide distinguishes between a legitimate trip to inspect facilities in Michigan, for which business-class travel, moderate entertainment, and meals are provided, and an illicit trip in which senior officials travel first class with their spouses on an all-expenses-paid, week-long trip to Las Vegas, where the company has no facilities. As described in the Resource Guide, the latter trip "almost certainly violates the FCPA because it evinces a corrupt intent."[18] These examples are consistent with DOJ's 2007 FCPA opinion procedure release in which it approved payment of domestic expenses for a four-day trip (including a short sight-seeing excursion) for a six-person delegation to an operation site in the United States.[19] At the ACI Conference, the prosecutors and regulators emphasized that providing business- or first-class travel is appropriate if it is consistent with the sponsoring corporation's policies for its executives.

Furthermore, the Resource Guide suggests that the applicability of the affirmative defense for reasonable and bona fide expenditures "necessarily requires a fact-specific analysis."[20] The Resource Guide distills existing guidelines from FCPA opinion procedure releases[21] and, by identifying certain potential safeguards from those sources, provides a useful foundation for companies evaluating such expenditures:

  • the organization should not select the officials who will participate in the proposed trip or program or should select them based on pre-determined, merit-based criteria;
  • the organization should pay all costs directly to travel and lodging vendors and/or should pay reimbursements only upon presentation of a receipt;
  • the organization should not advance funds or pay for reimbursements in cash;
  • the organization should ensure that any stipends are reasonable approximations of costs likely to be incurred and/or that expenses are limited to those that are necessary and reasonable;
  • the organization should ensure that the expenditures are transparent, both within the company and to the foreign government;
  • the organization should not condition payment of expenses on any action by the foreign official;
  • the organization should obtain written confirmation that payment of the expenses is not contrary to local law;
  • the organization should not provide additional compensation, stipends, or spending money beyond what is necessary to pay for actual expenses incurred; and
  • the organization must accurately record the costs and expenses in its books and records.[22]

The Resource Guide concludes its discussion of this affirmative defense by listing the elements set forth in the statute: expenditures "will not give rise to prosecution if they are (1) reasonable, (2) bona fide, and (3) directly related to (4) the promotion, demonstration, or explanation of products or services or the execution or performance of a contract."[23]

The Guide affirms that an effective compliance program (discussed below) should include "clear and easily accessible guidelines and processes in place for gift-giving by the company's directors, officers, employees, and agents."[24] While noting that such procedures may not be appropriate for all businesses, the Guide approvingly cites automated approval procedures and thresholds used by many larger companies.[25]

In sum, through practical examples and by collecting guidance in a single place, the Resource Guide provides companies (large and small) and practitioners with a useful summary of DOJ's and the SEC's thinking on this important and recurring issue.

Charitable contributions have not historically been an area of aggressive enforcement: we are aware of only one enforcement action concerning the subject.[26] However, recent SEC scrutiny of charitable contributions, a detailed 2010 FCPA opinion procedure release on the issue,[27] and the Resource Guide's extensive discussion of this topic may signal that U.S. authorities will subject corporate charitable contributions to closer scrutiny in coming years.

As with gift-giving, the basic guideline for charitable contributions is simple: "Legitimate charitable giving does not violate the FCPA. Compliance with the FCPA merely requires that charitable giving not be used as a vehicle to conceal payments made to corruptly influence foreign officials."[28] In determining whether charitable contributions are legitimate and not a ruse for bribery, the Resource Guide suggests that U.S. authorities expect companies to subject the expenditure to due diligence and controls. The adequacy of such measures, according to the Resource Guide, "will depend on a risk-based analysis and the specific facts at hand."[29] By compiling in one source the relevant opinion procedure releases, the Resource Guide provides a thorough list of suggested controls, which together suggest parameters that companies should consider in evaluating charitable contributions:

  • existing internal company policies on charitable giving that include consideration of potential FCPA implications;
  • due diligence to confirm whether the recipient's officers are affiliated with the foreign government at issue;
  • certifications by the recipient regarding compliance with the FCPA;
  • a requirement that the recipient provide audited financial statements;
  • a written agreement with the recipient restricting the use of funds and/or earmarking funds for particular uses;
  • confirmation that the charity's commitments are met before funds are disbursed;
  • steps to ensure that the funds are transferred to a valid bank account;
  • policies or certifications prohibiting compensation of board members and implementing anti-corruption compliance provisions; and
  • ongoing monitoring of the efficacy of the program.

The Resource Guide also includes a sidebar with five basic "questions to consider when making charitable contributions in a foreign country": (1) What is the purpose of the payment?, (2) Is the payment consistent with the company's internal guidelines on charitable giving?, (3) Is the payment at the request of a foreign official?, (4) Is a foreign official associated with the charity and, if so, can the foreign official make decisions regarding your business in that country?, and (5) Is the payment conditioned upon receiving business or other benefits?

The Guide clearly outlines the U.S. Government's expectation that companies subject charitable contributions to due diligence and controls to ensure that they are not being made for an improper purpose.

Who Is a Foreign Official?

The FCPA's anti-bribery provisions apply to corrupt payments made to any "foreign official," which the statute defines to include "any officer or employee of a foreign government or any department, agency, or instrumentality thereof, or of a public international organization, or any person acting in an official capacity for or on behalf of any such government or department, agency, or instrumentality, or for or on behalf of any such public international organization."[30] Consistent with the Government's longstanding view, the Resource Guide states that the FCPA "covers corrupt payments to low-ranking employees and high-level officials alike."[31]

Determining whether an entity is a "department, agency, or instrumentality" of a foreign government is an issue of key importance. The Resource Guide endorses a list of nonexclusive factors that courts have considered when determining whether an individual or entity should be considered a state actor. These include

  • the foreign state's extent of ownership of the entity;
  • the foreign state's degree of control over the entity (including whether key officers and directors of the entity are, or are appointed by, government officials);
  • the foreign state's characterization of the entity and its employees;
  • the circumstances surrounding the entity's creation;
  • the purpose of the entity's activities;
  • the entity's obligations and privileges under the foreign state's law;
  • the exclusive or controlling power vested in the entity to administer its designated functions;
  • the level of financial support by the foreign state (including subsidies, special tax treatment, government-mandated fees, and loans);
  • the entity's provision of services to the jurisdiction's residents;
  • whether the governmental end or purpose sought to be achieved is expressed in the policies of the foreign government; and
  • the general perception that the entity is performing official or governmental functions.

In a notable development, while endorsing this totality-of-the-circumstances approach rather than a set of hard rules, the Resource Guide states that, "as a practical matter, an entity is unlikely to qualify as an instrumentality if a government does not own or control a majority of its shares." As an example of a situation in which an entity would qualify as an instrumentality absent majority ownership, the Guide discusses the recent conviction of a French issuer's three subsidiaries for paying bribes to employees of a Malaysian telecommunications company that was only 43%-owned by Malaysia's Ministry of Finance.[32] In this way, the Resource Guide affirms that a number of oft-unique factual considerations inform the Government's view of the applicability of the FCPA to a given situation. However, the Government acknowledges that minority-state-owned entities are "instrumentalities" only in exceptional circumstances.

Overall, the Guide suggests that although the Government continues to interpret the definition of "foreign official" broadly, it will do so within the confines of recent judicial interpretations.

Liability for the Acts of Third Parties and Due Diligence Expectations

Corrupt payments by third parties form perhaps the most common basis for prosecutions and enforcement actions. In the last two-and-a-half years, many cases have involved third parties. The Guide relies principally on the statutory text and legislative history and does not alter the landscape of liability for the acts of third parties, confirming that conscious avoidance, willful blindness, and deliberate ignorance are sufficient to satisfy the third-party payment provision's knowledge requirement. Citing United States v. Kozeny,[33] the Guide acknowledges that mere negligence is insufficient to impose liability under the statute's third-party payment provision.

Recognizing that third parties are "commonly used to conceal the payment of bribes to foreign officials in international business transactions," the Resource Guide underscores the importance of due diligence on prospective third parties, highlighting that that the Government will continue to use due diligence procedures to assess the adequacy of a company's compliance program. The Government's emphasis on due diligence procedures is not new. Previously, in its Lay Person's Guide to the FCPA, DOJ "encouraged [companies] to exercise due diligence and to take all necessary precautions to ensure they have formed a business relationship with reputable and qualified partners and representatives." Similarly, in its opinion procedure releases, DOJ has emphasized the significance of rigorous due diligence.[34] Although the Guide does not differ dramatically from that advice, it does offer a helpful outline of the Government's expectations.

At the outset, the Guide defines third-party due diligence as a fact-based inquiry, the extent of which should turn on a variety of factors, including the market, industry, size and type of transaction, and the company's historical relationship with the third party. The Guide makes clear that the requisite level of scrutiny of a prospective third party depends on the red flags identified through the due diligence process. For example, reliance "on due diligence questionnaires and anti-corruption representations is insufficient, particularly when the risks are readily apparent." The Guide provides a list of common red flags, including excessive consultant commissions and unreasonably large distributor discounts, agreements with vague descriptions of services, the engagement of a third party for services outside its line of business, a close relationship between a third party and a foreign official, a foreign official's request that a third party be engaged, the status of a third party as an offshore shell company, and requests by the third party to be paid in offshore accounts.

The Guide then sets forth three guiding principles for conducting due diligence. First, diligence should explore the third party's qualifications and associations, including its reputation and relationships with foreign officials. Second, the company must understand the business rationale for engaging the third party. Due diligence must include a review of the underlying contract to ensure that the payment terms are appropriate for the market, industry, and services provided. For example, in one of the hypotheticals set forth in the Guide, DOJ and the SEC highlight a success fee as grounds for heightened due diligence. Moreover, the third party should document the services rendered, prior to payment. Third, the company should continuously monitor the relationship, including updating due diligence, exercising contractual audit rights, periodically training the third party, and requiring annual compliance certifications.

The Local Law Defense

The prevailing view has been that the statute's affirmative defense for payments that were "lawful under the written laws and regulations" of the host country will seldom be available. First, the written laws of countries rarely expressly permit payments that would otherwise be subject to the FCPA's anti-bribery provisions. In addition, court decisions considering this defense have interpreted it narrowly. As we reported in our 2008 Year-End FCPA Update, in his prosecution for FCPA violations, Frederic Bourke filed a motion to dismiss one charge on the ground that the payments were lawful under the written laws of Azerbaijan, and thus fell within the local law defense. Bourke argued that Azeri law relieves from criminal liability those who self-report their bribes to Azeri authorities, which Bourke claimed applied to him.[35] In United States v. Kozeny, Judge Scheindlin of the U.S. District Court for the Southern District of New York rejected Bourke's argument, reasoning that the FCPA focuses on the legality of the payment, not the foreign government's ability to prosecute the payer.[36] The court concluded that "[a]n individual may be prosecuted under the FCPA for a payment that violates foreign law even if the individual is relieved of criminal responsibility for his actions by a provision of the foreign law."[37]

Within the confines of these well-known constraints, the Resource Guide acknowledges that a defendant who can establish that payments were legal under the foreign country's written laws and regulations will have a defense to prosecution. The Resource Guide explains that "the fact that bribes may not be prosecuted under local law is insufficient to establish the defense," citing the legislative history for the proposition that Congress, in adding this defense, sought "to make clear that the absence of written laws in a foreign official's country would not by itself be sufficient to satisfy this defense."[38] In addition, the Resource Guide states that, "[i]n practice, the local law defense arises infrequently, as the written laws and regulations of countries rarely, if ever, permit corrupt payments."[39] Finally, the Resource Guide summarizes the Kozeny decision, but without providing any editorial remarks.[40]

In sum, the Resource Guide recaps existing limitations on the local law defense but does not provide any new viewpoints for companies or individuals to consider regarding its scope.

Facilitating Payments

Compliance professionals have long debated the contours of the FCPA's facilitating payments exception, which provides an exception for payments made to further "routine governmental action."[41] "Routine governmental action" typically has been defined in terms of "non-discretionary acts," but court decisions and the statute's terms have left significant ambiguity as to what qualifies. Moreover, in light of a continuing trend in enforcement actions toward narrowing the facilitating payments exception, the explicit omission of such an exception in several foreign anti-bribery statutes, and a growing view among compliance professionals that companies should prohibit facilitating payments regardless of the law's requirements, the continuing existence of the exception seemed threatened.[42]

But the Resource Guide affirms the exception's viability and summarizes its terms, even including a sidebar that lays out the statutory exceptions verbatim as "Examples of 'Routine Government Action.'"[43] The Resource Guide also indicates that "[w]hether a payment falls within the exception is not dependent on the size of the payment, though size can be telling."[44]

Although the Resource Guide clearly underscores that facilitating and expediting payments are fully legal under U.S. law, it furthers the enforcement agencies' continuing endorsement of a limited exception, citing instances in which the facilitating payments provision has been narrowly construed. For example, the Resource Guide quotes the Fifth Circuit's decision in Kay,[45] which describes facilitating payments as "very narrow categories of largely non-discretionary, ministerial activities performed by mid- or low-level foreign functionaries."[46] Further, the Resource Guide cautions that facilitating payments may violate foreign bribery laws and the OECD's recommended best practices, even if they do not contravene the FCPA.[47]

The Resource Guide suggests several relevant considerations to determine if a payment qualifies for the exception, through a hypothetical distinguishing between a payment to a clerk for stamping an application, where the clerk has "no discretion about whether to file and stamp the permit applications once the requisite filing fee has been paid,"[48] and a payment to an official to influence the issuance of a permit in an environmentally sensitive area. The Resource Guide concludes that the former is a facilitating payment and the latter is not, from which at least three relevant considerations can be drawn.

First, the discussion underscores the continuing relevance of the discretionary/non-discretionary distinction in the eyes of U.S. enforcement authorities. Second, by dealing extensively with the fact that the payer in the second hypothetical scenario had alternatives to obtaining the permit (i.e., building the road in another way), the Guide suggests that, where there are legal alternatives to making facilitating payments, companies may be expected to at least explore those options, although the Guide certainly does not make such a requirement explicit. Finally, the discussion focuses at length on the fact that the permit was improperly approved and that "Company A should not have received it,"[49] suggesting that entitlement to an action and the legality of the action are at the core of the Government's facilitating payments analysis. This last factor is reinforced by the Guide's extensive discussion of customs clearance cases as paradigmatic examples of non-facilitating payments,[50] including the illegality or impropriety of the customs treatment obtained through improper payments.

Put together, these factors reinforce the U.S. authorities' narrow formulation of the facilitating payments exception.

Extortion Defense

With the new guidance, DOJ and the SEC reassert the validity and scope of the extortion defense. The Resource Guide affirms that no FCPA liability arises in instances of "true extortionate demands under imminent threat of physical harm" because payments made in those circumstances are not made "with corrupt intent or for the purpose of obtaining or retaining business."[51]

Economic threats to a company's business, however, do not constitute extortion sufficient for protection from liability. The distinction remains between imminent threats to health and safety, on the one hand, and "[m]ere economic coercion"--i.e., threats that will impair a company's business prospects--on the other hand.[52] The Resource Guide seeks to account for, as Congress did when enacting the FCPA, "real-world situations . . . in which a business is compelled to pay an official in order to avoid threats to health and safety."[53]

Drawing from model jury instructions, the Resource Guide provides that, to establish the defense, a defendant must demonstrate that (1) the defendant was subject to "unlawful, present, immediate, and impending threat of death or serious bodily injury"; (2) the defendant did not, through negligence or recklessness, create the situation requiring the payment (such as previous payments in an ongoing bribery scheme); (3) the defendant had "no reasonable legal alternative" to the payment; and (4) the extorted payment directly avoided the threatened harm.[54]

The bottom line for the extortion defense is that if an individual could walk away from a threat without paying the bribe and is not at risk of imminent physical harm, the threat is unlikely to constitute extortion in the opinion of DOJ and the SEC. If an individual is at risk of immediate harm, however, no FCPA liability will arise.[55]

Parent-Subsidiary Liability

Foreign subsidiaries are a frequent source of concern for companies subject to the FCPA. In recent years an increasing number of companies have zeroed in on the risks posed by their foreign operations, particularly with regard to distant or minority-owned foreign entities that have yet to embrace the more sophisticated compliance protocols of their U.S. brethren. The Guide explains the conditions that give rise to liability for majority-owned or -controlled entities, but does little to clarify the murkier issues of liability for minority-owned entities in which a parent may have a substantial stake but no ostensible control.

In its discussion of parent-subsidiary liability under the anti-bribery provisions, the Guide notes that there are two ways in which a parent company may be held liable for bribes paid by a subsidiary: (1) by participating "sufficiently" in the activity so as to be directly liable for the conduct, and (2) under traditional agency principles.[56] The "fundamental characteristic of agency is control,"[57] and, in evaluating whether a parent exercises control, DOJ and the SEC will consider the formal relationship between the two entities as well as the "practical realities of how the parent and subsidiary actually interact."[58]

The Resource Guide points to one SEC administrative action to illustrate the "practical realities" that give rise to an inference of control.[59] In that case, the president of an indirect, wholly owned subsidiary "reported directly to the CEO of the parent issuer," the parent "routinely identified the president as a member of its senior management in its annual filing with SEC and in annual reports," "the parent's legal department approved the retention of the third-party agent through whom the bribes were arranged despite a lack of documented due diligence and an agency agreement that violated corporate policy," and "an official of the parent approved one of the payments to the third-party agent."[60] This example, while comprehensive, does not address the question of control in more ambiguous circumstances, such as where a parent company owns a substantial portion, but not a majority, of a subsidiary and exercises a significant, but not absolute, degree of influence.

An increasingly common issue concerns the appropriate degree of oversight that a parent issuer is required to exercise over a minority-owned subsidiary under the FCPA's accounting provisions. In 1988, Congress added a "good faith" exception for minority-owned subsidiaries and affiliates under the FCPA's accounting provisions, noting that it was "unrealistic to expect a minority owner to exert a disproportionate degree of influence over the accounting practices of a subsidiary" and that the "amount of influence which an issuer may exercise necessarily varies from case to case."[61] This exception has long been a source of confusion for U.S. parent companies attempting to discern the nature and extent of appropriate efforts required to prevent liability under the FCPA.

The Resource Guide explains the good-faith standard, noting that a parent issuer must use its "best efforts" to cause minority-owned subsidiaries and affiliates to devise and maintain a system of internal accounting controls consistent with the issuer's own obligations under the FCPA.[62] In evaluating those efforts, the Resource Guide indicates that "all the circumstances--including 'the relative degree of the issuer's ownership of the domestic or foreign firm and the laws and practices governing the business operations of the country in which such firm is located'--are taken into account."[63] This explanation offers little in the way of comfort to the increasing number of U.S. companies that own some minority stake in a foreign enterprise.

The Resource Guide may be more interesting for the cautionary tale that it offers to foreign subsidiaries of U.S. companies subject to the FCPA. In recent years, a number of foreign subsidiaries of U.S. issuers have been charged with conspiring to violate or aiding and abetting violations of the FCPA.[64] Almost all of these subsidiaries engaged in some act in furtherance of an FCPA violation on U.S. soil. As the Resource Guide explains, however, foreign subsidiaries, partners, and affiliates that engage in corollary criminal conduct may be liable under U.S. law even if they take no act in furtherance of the corrupt payment while in the territory of the United States.[65] Companies and individuals can also be held civilly liable for aiding and abetting FCPA anti-bribery violations if they knowingly or recklessly provide substantial assistance to a violator.[66] Similarly, in the administrative proceeding context, companies and individuals may be held liable for causing FCPA violations.[67] The Resource Guide explains that this liability extends to the subsidiaries and agents of U.S. issuers.[68]

Joint Venture Liability

Joint ventures are a common vehicle for U.S. corporations operating in a foreign country, and they are notoriously nettlesome under the FCPA.[69] DOJ's prior guidance addressed joint ventures in the context of indirect corrupt payments made through intermediaries, and encouraged U.S. companies to "exercise due diligence and to take all necessary precautions" in regard to joint venture partners.[70] The Resource Guide goes further, exploring the implications of joint ventures under the accounting provisions and in light of the additional principles of criminal liability that may ensnare foreign companies.

The Resource Guide notes that an issuer's responsibility extends to ensuring that subsidiaries or affiliates under its control, including foreign subsidiaries and joint venture partners, comply with the accounting provisions.[71] By way of example, the Resource Guide points to DOJ's and the SEC's enforcement action against RAE Systems Inc. ("RAE") in 2010.[72] RAE allegedly violated the FCPA's accounting provisions when two Chinese joint ventures in which it was a partner paid more than $400,000 in bribes over a four-year period to obtain business in China.[73] Although the payments were made exclusively in China by Chinese employees of the joint venture, RAE "failed to have adequate internal controls and failed to act on red flags indicating that its affiliates were engaged in bribery."[74]

As with potential foreign targets of U.S. firms, the Resource Guide is particularly relevant to companies that may form a joint venture partnership with an entity that is subject to the FCPA. Under U.S. federal law, a foreign partner may be liable for aiding and abetting or conspiring to violate the FCPA even if it takes no act in furtherance of the corrupt payment while in the territory of the United States.[75] In conspiracy cases, the United States generally has jurisdiction over all the conspirators where at least one conspirator is an issuer or domestic concern, or commits a reasonably foreseeable overt act within the United States.[76] Under this theory, Japanese and British agents employed by a joint venture that included a U.S. company were charged with conspiracy and aiding and abetting a domestic concern's FCPA violation even though they took no action in the United States.[77]

Successor Liability and M&A Due Diligence

The Guide contains a detailed discussion of successor liability and the appropriate level of due diligence required, from an FCPA perspective, prior to the acquisition of or merger with a target company. The Guide echoes the messages we have seen in recent settlements and deferred prosecution agreements involving successor liability. Namely, DOJ and the SEC continue to expect companies to engage in robust pre- and post-acquisition due diligence to uncover potential corruption issues and to voluntarily disclose any corrupt payments discovered immediately following the merger or acquisition. The Resource Guide also makes it clear that the value of target companies may be adversely affected by failure to attend to FCPA-related risks.

Echoing statements made by DOJ and SEC officials over the past few years, the Guide explicitly states that companies may receive "meaningful credit"--including a possible declination decision--when they undertake five actions in connection with merger and acquisition transactions.

Specifically, the Guide encourages companies to

(1) conduct thorough risk-based FCPA and anti-corruption due diligence on potential new business acquisitions; (2) ensure that the acquiring company's code of conduct and compliance policies and procedures regarding the FCPA and other anti-corruption laws apply as quickly as is practicable to newly acquired businesses or merged entities; (3) train the directors, officers, and employees of newly acquired businesses or merged entities, and when appropriate, train agents and business partners, on the FCPA and other relevant anti-corruption laws and the company's code of conduct and compliance policies and procedures; (4) conduct an FCPA-specific audit of all newly acquired or merged businesses as quickly as practicable; and (5) disclose any corrupt payments discovered as part of its due diligence of newly acquired entities or merged entities.[78]

Entities that follow this advice put themselves in the best possible position to avoid prosecution or, at the very least, minimize any potential penalty for the FCPA violations of the target company.

Although the Resource Guide also offers the option of seeking an opinion from DOJ in advance of a potential M&A transaction, it candidly notes that such an opinion will likely impose more stringent requirements than may be necessary in all circumstances. Thus, seeking an opinion release would likely not make sense for most companies, absent truly unusual or difficult due diligence issues.

Through the use of two hypotheticals, the Guide also clarifies the Government's jurisdictional limitations with respect to mergers or acquisitions involving foreign companies. Specifically, the guidance makes clear that DOJ and the SEC have no jurisdiction over a foreign company's pre-acquisition misconduct where that foreign company was neither an issuer or domestic concern, nor otherwise subject to U.S. territorial jurisdiction. This pronouncement of no springing jurisdiction is quite important and helpful, and clarifies enforcement policy. But any misconduct that occurs following the merger or acquisition would fall within the purview of the FCPA and constitute grounds for prosecution by DOJ and the SEC. Likewise, misconduct by a target company that is subject to the FCPA may be prosecuted, and the acquiring company opens itself up to potential prosecution if it fails to put a stop to this activity post acquisition.[79]

As repeatedly stated by DOJ and SEC officials, and as seen in numerous settlements and deferred prosecution agreements, an acquiring company's performance of rigorous and extensive pre-acquisition due diligence and implementation of a robust compliance program are key to the Government's decision not to prosecute. The Guide considers "extensive due diligence" to include the following steps:

  • having the acquiring company's legal, accounting, and compliance departments review the target company's sales and financial data, its customer contracts, and its third-party and distributor agreements;
  • performing a risk-based analysis of the target company's customer base;
  • performing an audit of selected transactions engaged in by the target company; and
  • engaging in discussions with the target company's general counsel, vice president of sales, and head of internal audit regarding all corruption risks, compliance efforts, and any other major corruption-related issues that have surfaced at the target company over the past ten years.[80]

Overall, the Guide provides an excellent roadmap in the M&A context and should be shared with corporate boards and acquisition teams who can tailor their due diligence templates accordingly.

Books and Records Provision

In addition to its anti-bribery provisions, the FCPA's books and records provision requires issuers of securities in the United States to make and keep accurate books, records, and accounts, which, in reasonable detail, accurately and fairly reflect the issuer's transactions and disposition of assets.[81] Where companies pay bribes, they often mask these payments in their books and records using terms such as "commissions" or "consulting fees." As a result, DOJ and the SEC often bring cases against issuers charging violations of both the FCPA's anti-bribery and books and records provisions. In addition, DOJ and the SEC have utilized the books and records provision to bring both civil and criminal charges against companies where certain elements of the anti-bribery provision were not satisfied. The Guide acknowledges this use of the books and records provision, along with the FCPA's internal controls provision, to bring cases relating to the "cover up" of corrupt conduct, even if it is not a violation of the FCPA, explaining, "[i]n instances where all the elements of a violation of the first anti-bribery provisions are not met--where, for example, there was no use of interstate commerce--companies nonetheless may be liable if the improper payments are inaccurately recorded."[82]

The Guide sheds light on the circumstances in which DOJ and the SEC are more likely to bring charges for books and records violations. The Resource Guide begins by explaining that companies are only required to keep books and records that, in reasonable detail, accurately and fairly reflect the issuer's transactions. The FCPA defines "reasonable detail" as that level of detail which would "satisfy prudent officials in the conduct of their own affairs."[83] Congress adopted this qualification to dispel the notion that the books and records provision required that the issuer's books maintain an "unrealistic" degree of perfection.[84] However, the Guide cautions that, "[a]lthough the standard is one of reasonable detail, it is never appropriate to mischaracterize transactions in a company's books and records" and "there is no materiality threshold under the books and records provision."[85] In other words, attempts to mischaracterize a corrupt payment, no matter how small, in an issuer's books and records will result in a violation of the provision.

Although it interprets the books and records provision so that any mischaracterization will result in a violation, the Guide suggests that DOJ and the SEC will take a narrower approach in prosecuting violations. The Guide states, "[a]s with the anti-bribery provisions, DOJ's and SEC's enforcement of the books and records provision has typically involved misreporting of either large bribe payments or widespread inaccurate recording of smaller payments made as part of a systemic pattern of bribery."[86] DOJ and the SEC thus imply that minor mistakes in recording small transactions are unlikely to result in an enforcement action. However, as the size and frequency of the mischaracterized payments increase, so does the likelihood that charges will be brought for violation of the FCPA's books and records provision.

Self-Disclosure Credit

In the course of summarizing the Government's existing guidance, the Resource Guide reiterates DOJ's and the SEC's longstanding position that self-reporting--also known as voluntary disclosure--is a relevant factor in the Government's decision of how to resolve an FCPA case. In numerous examples and case studies, the Resource Guide advocates that self-disclosure, among other factors, may lead to a more favorable FCPA settlement. The Resource Guide explains that the Government "place[s] a high premium on self-reporting, along with cooperation and remedial efforts, in determining the appropriate resolution of FCPA matters."[87] But that exact premium remains largely unquantified in the Resource Guide.

On the criminal side, the Guide reminds the reader that FCPA prosecutions operate within the rubric of federal criminal law enforcement by identifying and conveniently summarizing relevant portions of existing guidance for prosecutors and judges, including DOJ's Principles of Federal Prosecution,[88] the Principles of Federal Prosecution of Business Organizations,[89] and the U.S. Sentencing Guidelines. DOJ explains that its prosecutors will consider a voluntary and timely self-disclosure by a company as one aspect of its cooperation with federal authorities. Other aspects of a company's cooperation include its willingness to provide evidence related to culpable individuals and undertake meaningful remedial actions, including improving its compliance program and disciplining wrongdoers, to "establish an awareness among employees that criminal conduct will not be tolerated."[90] The Resource Guide further explains that Chapter Eight of the Sentencing Guidelines, relating to the sentencing of organizations, quantifies the amount of credit a company can expect from self-disclosure by affecting its culpability score. The culpability score--a multifactor multiplier that seeks to reflect the ethical culture within a company--can either increase the recommended base fine by four times or reduce it to five percent of the original amount.[91] In this analysis, the effectiveness of a company's compliance and ethics program is first evaluated, and a finding that a company has an effective program can yield a three-point reduction in an organization's culpability score, thereby reducing the criminal fine calculation.[92] The Resource Guide reiterates that a company may receive a further five-point reduction in its culpability score if it (i) self-discloses before an imminent threat of disclosure or government investigation, (ii) within a reasonably prompt time after becoming aware of the offense, and (iii) provides substantial cooperation.[93] On the other hand, a company may be ineligible for either departure if it does not disclose or is "unreasonably delayed" in reporting the offense.[94]

On the civil side, the Guide makes clear that, for companies, the SEC's self-disclosure and cooperation credit analysis remains anchored by the 2001 Seaboard Report. The four broad factors articulated by the Seaboard Report include (1) self-policing before the discovery of the misconduct, (2) self-reporting of misconduct when it is discovered, (3) remediation, and (4) cooperation with the SEC and law enforcement. For individuals, the SEC explains that its enforcement actions are guided by the SEC's Cooperation Initiative[95] announced in January 2010, in which the SEC's Division of Enforcement adopted a range of tools to reward individual cooperation. One of the four factors identified by the SEC as relevant to providing credit to individuals is "the value and timeliness of the cooperation, including whether the individual was the first to report the misconduct to [the] SEC or to offer his or her cooperation."[96]

Overall, the Guide reminds companies (small and large alike) that charging decisions occur in the larger context of criminal and civil cases brought by DOJ or the SEC and, by aggregating and distilling several sources, provides a useful tool to help companies and individuals determine how DOJ or the SEC might apply this guidance when making charging decisions in an FCPA case.

Elements of an Effective Compliance Program

Because "an effective compliance program is a critical component of a company's internal controls," the Resource Guide discusses the elements of such a program. Like past guidance from U.S. enforcement agencies, the Resource Guide does not prescribe compulsory elements of an effective compliance program. Nor does the Guide recast the now familiar building blocks of an effective compliance and ethics program. Rather than simply setting forth such "formulaic requirements," the Guide offers "information regarding some of the basic elements DOJ and SEC consider when evaluating compliance programs."[97] Seasoned compliance officers and attorneys will recognize much of the Resource Guide's analysis regarding the elements of an effective compliance and ethics program, which echoes guidance found in Chapter Eight of the U.S. Sentencing Guidelines,[98] DOJ Opinion Procedure Release No. 04-02,[99] and previous deferred prosecution agreements[100]--guidance which we have reviewed in many previous publications.[101]

As detailed below, the Guide provides companies, compliance officers, and attorneys with a useful resource for evaluating an effective compliance program. It emphasizes a risk-based approach to designing and implementing a program and provides specific examples of how various companies have implemented the recommended components of an effective compliance program.

The Guide also stresses that there are "no formulaic requirements regarding compliance programs"; instead, regulators will use a "common-sense and pragmatic approach to evaluating compliance programs."[102] This approach will focus on three basic questions: (1) Is the company's compliance program well designed? A well-designed compliance program is "tailored to the company's specific business and to the risks associated with that business" and also will "evolve as the business and the markets change."[103] (2) Is the compliance program being applied in good faith? And (3) does the compliance program work? Compliance programs encourage "ethical conduct and a commitment to compliance with the law" and help "prevent, detect, remediate, and report misconduct."[104] Effective compliance programs, however, are not held to "a standard of perfection."[105] The Guide notes that a company's "failure to prevent every single violation does not necessarily mean that a particular company's compliance program was not generally effective."[106]

  1. A Risk-Based Approach

Rather than replacing or revising the elements set forth in prior guidance, the Resource Guide stresses that companies should tailor their compliance programs to the risks they face and allocate their compliance resources accordingly. "When it comes to compliance," the Guide explains, "there is no one-size-fits-all program." Instead, the Resource Guide recommends that each company design and implement an FCPA compliance program commensurate with the company's corruptions risks. In this way, companies can avoid creating a compliance program that is "ill-conceived and ineffective because resources . . . are spread too thin."[107]

Risk assessment is "fundamental" not only to the overall design of a company's compliance program, but also to the evaluation of individual transactions and relationships with third parties.[108] Rather than devote resources to "low-risk markets and transactions," the Resource Guide pragmatically focuses on high-risk situations.[109] For example, the Guide states that "performing identical due diligence on all third-party agents, irrespective of risk factors, is often counter-productive" because it may "divert[] attention and resources away" from high-risk third parties.[110] Similarly, companies should avoid "[d]evoting a disproportionate amount of time [to] policing modest entertainment and gift-giving" if that effort will lessen the company's focus on "large government bids, questionable payments to third-party consultants, or excessive discounts to resellers and distributors."[111] Among other risk factors, companies should consider "the country and industry sector, the business opportunity, potential business partners, level of involvement with governments, amount of government regulation and oversight, and exposure to customs and immigration in conducting business affairs."[112]

  1. Commitment from Management

Echoing § 8B2.1 of the Sentencing Guidelines, the Resource Guide explains that an effective compliance program hinges on an organizational "culture of compliance," which senior managers and the board of directors foster and communicate, middle managers implement and reinforce, and all employees embrace and follow.[113] "[C]ompliance with the FCPA and ethical rules must start at the top," and senior management must therefore "clearly articulate[] company standards, communicate[] them in unambiguous terms, adhere[] to them scrupulously, and disseminate[] them throughout the organization."[114] Whereas § 8B2.1, Opinion Procedure Release No. 04-02, and past deferred prosecution agreements suggest that corporate entities should cultivate a culture of compliance and communicate the entities' standards and procedures periodically to stakeholders, the Resource Guide explicitly assigns to senior management and the board of directors the duty of instilling and communicating that culture.[115] Indeed, the Guide specifically obligates senior management to set a strong, ethical culture, "inspire" their colleagues to adhere to that culture, and articulate the procedures and standards that underlie that culture.[116]

  1. Code of Conduct and Compliance Policies and Procedures

It will come as no surprise to compliance officers and attorneys that the Resource Guide recommends that corporate entities maintain "clear, concise, and accessible" codes of conduct. The Guide further counsels that companies maintain policies and procedures that "outline responsibilities" for the compliance program, "detail proper internal controls, auditing practices, and documentation policies, and set forth disciplinary procedures."[117] Consistent with previous statements in which DOJ or the SEC have articulated the view that an effective compliance program is one that is appropriately tailored to meet the needs of the company, DOJ and the SEC stop short of prescribing particular policies, but the Resource Guide does note the importance of periodically reviewing and, as appropriate, updating the code of conduct and compliance policies.[118] Further, the Guide underscores that many companies have embraced technological solutions to recurring compliance issues, such as web-based approval tools for expenditures on things such as gifts and hospitality.[119]

  1. Oversight, Autonomy, and Resources

Just as § 8B2.1 of the Sentencing Guidelines sets the expectation that companies will assign specific "high-level personnel . . . overall responsibility for the compliance program" and also assign "[s]pecific individual(s) . . . day-to-day operational responsibility,"[120] the Resource Guide recommends that companies assign such responsibilities to "one or more specific senior executives" and, "[d]epending on the size and structure" of the company, other employees.[121] Without offering any benchmarks for the size or budget of a compliance department, the Guide explains that the adequacy of a company's compliance "staffing and resources" depends on the "size, structure, and risk profile of the business."[122]

  1. Compliance Training

Like compliance programs generally, anti-corruption training programs should be tailored to the specific needs of a company. The Resource Guide does not purport to specify how companies should train their employees or what employees should know. Rather, a company must take into account a number of factors--including the company's size, industry, culture, geographic scope, growth rate, and employee demographics[123]--and implement a training program that will "ensure that relevant policies and procedures have been communicated throughout the organization."[124]

Although DOJ and the SEC declined to detail compulsory aspects of an effective compliance training program, the Resource Guide nevertheless provides a useful starting place for how companies should approach the issue. First, the Guide notes that compliance training often "covers company policies and procedures, instruction on applicable laws, practical advice to address real-life scenarios, and case studies."[125] Although the Guide notes that "many larger companies" mix web-based and in-person training, the Resource Guide does not specifically recommend that companies employ any particular method to train employees.[126]

Second, the Guide suggests that companies should tailor training materials to "targeted audience[s]" within the company, through the use of local languages and function-specific materials.[127] For example, a company might consider one set of hypotheticals for accounting personnel and a different set for sales personnel.[128] Third, to supplement formal training, companies "should develop appropriate measures, depending on the size and sophistication of the particular company, to provide guidance and advice on complying" with the company's policies and applicable laws.[129] DOJ and the SEC likely have in mind compliance "help desks" or other similar methods for company employees to seek clarification or guidance regarding how they should proceed in the face of a compliance question.

Apart from mentioning periodic training and certification, the Resource Guide does not prescribe specific intervals at which training should be provided. Companies seeking guidance on this point should consider a recent enforcement action involving a Morgan Stanley managing director (discussed in Gibson Dunn's 2012 Mid-Year FCPA Update). Morgan Stanley avoided charges in part because of the strength of its compliance program, under which the director received FCPA training seven times over the course of seven years and was reminded to comply with the law at least thirty-five times.[130]

  1. Incentives and Disciplinary Measures

Amplifying the Sentencing Guidelines' statement that companies should promote compliance through "appropriate incentives" and "appropriate disciplinary measures,"[131] the Resource Guide describes various measures companies have taken to "drive compliant behavior."[132] For instance, "[s]ome organizations . . . have made adherence to compliance a significant metric for management's bonuses," whereas others have "made working in the company's compliance organization a way to advance an employee's career."[133] Again foregoing specific requirements, the Guide simply notes that "[r]ewarding good behavior and sanctioning bad behavior reinforces a culture of compliance."[134]

  1. Third-Party Due Diligence and Payments

As the Resource Guide recognizes, risk-based due diligence allows a company to earmark scarce compliance resources to higher-risk transactions and relationships.[135] For many large companies and anti-corruption professionals, this risk-based approach is a familiar method for marshaling compliance resources.[136] By embracing this approach, the Resource Guide encourages companies to consider their corruption risks and allocate adequate resources to high-risk areas and situations. Importantly, the Guide states that DOJ and the SEC will give "meaningful credit" to those companies that implement risk-based compliance programs, "even if that program does not prevent an infraction in a low risk area because greater attention and resources had been devoted to a higher risk area."[137]

Cautioning that "the degree of appropriate due diligence may vary based on industry, country, size and nature of the transaction, and historical relationship with the third-party," the Resource Guide nevertheless provides three overarching principles.[138] First, a company should seek to understand the qualifications and associations of each potential third-party business partner.[139] Second, a company should evaluate the business rationale for retaining the third party, the services that the third party will provide, and the documentation that will establish that the third party is "actually performing the work for which it is being paid."[140] Third, a company should monitor the third party after retention by, for example, updating its due diligence, exercising any contractual audit rights, "providing periodic training, and requesting annual compliance certifications."[141]

  1. Confidential Reporting and Internal Investigation

In a slight shift from § 8B2.1 of the Sentencing Guidelines, the Resource Guide states that "an effective compliance program should include a mechanism for [employees] and others to report suspected or actual misconduct . . . on a confidential basis and without fear of retaliation."[142] (Section 8B2.1 notes only that reporting options "may" include a mechanism that permits confidential reporting.[143]) The Resource Guide underscores that companies "should have in place an efficient, reliable and properly funded process for investigating" allegations relating to misconduct and "documenting the company's response."[144] Most companies have implemented such a mechanism.

  1. Continuous Improvement

Because a company's risk profile may change over time, a "good compliance program should constantly evolve."[145] By periodically evaluating the effectiveness of its compliance program,[146] a company may identify areas for improvement and controls that are not sustainable as implemented. The Resource Guide discusses a few methods for gathering information regarding the effectiveness of the program. As the Guide notes, certain companies survey employees regarding the operation of the organization's internal controls and risk areas.[147] Further, the Resource Guide emphasizes that a company's reporting mechanisms may provide valuable data regarding the success of the company's compliance controls.[148] Accordingly, a company should consider reported violations when evaluating and improving its compliance program. Whereas reporting portals may provide intermittent insight regarding deficiencies in the company's control system, the company should periodically audit the performance of its compliance program. Although the Resource Guide reinforces the importance of such "proactive evaluations," it does not prescribe "the nature and frequency" of such efforts.[149]

Benefits of an Effective Compliance Program

Leading up to the release of the guidance, companies and FCPA practitioners hoped that it would shed additional light on the tangible benefits bestowed upon companies that have established effective FCPA compliance programs but find themselves in the FCPA crosshairs of DOJ and the SEC. Although the Guide does not delineate specific compliance program prerequisites for obtaining specific tangible benefits, it does confirm that regulators take into account the effectiveness of a company's compliance program when deciding whether to pursue an enforcement action or the terms under which to settle an enforcement action. These general principles, coupled with the Guide's practical discussion of the hallmarks of an effective compliance program (summarized above), provide companies with additional insight regarding the role of an effective compliance program in enforcement decisions.

Prior to the Resource Guide, the U.S. Sentencing Guidelines for organizations provided the most concrete example of a benefit for an effective compliance program. Under the framework for sentencing organizations created by the Guidelines, a corporate defendant--by having an effective compliance and ethics program in place at the time of the offense--can receive a reduction in its culpability score,[150] which is used to calculate the fine component of a corporate defendant's sentence. Most FCPA practitioners believe that, beyond sentencing, satisfying the requirements in the Guidelines for an effective compliance and ethics program provides benefits in the form of (1) avoiding an enforcement action altogether, (2) resolving an enforcement action through a deferred prosecution agreement or non-prosecution agreement, or (3) settling an action on more favorable nonmonetary terms, such as avoiding an independent compliance monitor[151] or self-reporting requirements. Officials at DOJ and the SEC have made similar pronouncements. For instance, DOJ Fraud Section Chief Denis J. McInerney explained during a panel discussion at ACI's 2011 National Conference on the FCPA that the adequacy of a company's compliance program is one of three general factors on which DOJ bases decisions regarding the appropriateness of corporate declinations.[152] Morgan Stanley & Co. realized this benefit firsthand in April 2012 when DOJ and the SEC both declined to prosecute Morgan Stanley in connection with enforcement actions against Morgan Stanley Managing Director Garth Peterson, who evaded Morgan Stanley's system of internal controls to make corrupt payments to an official of a government-owned real estate company in Shanghai, China. Both DOJ and the SEC announced publicly that each agency declined to bring an enforcement action against Morgan Stanley because of Morgan Stanley's strong compliance program, which included a robust compliance department with direct reporting lines to Morgan Stanley's Board of Directors; significant compliance training for Asia-based personnel; regular monitoring and auditing of particular transactions, employees, and business units; extensive due diligence for all new business partners; annual employee certifications regarding adherence to Morgan Stanley's code of conduct; and a regular review and update of the compliance program.[153] For additional information regarding the Morgan Stanley declinations, see our 2012 Mid-Year FCPA Update.

Through the Resource Guide, DOJ and the SEC have confirmed that an effective compliance program can provide companies facing FCPA enforcement actions with tangible benefits in the form of more favorable settlement terms, in addition to a declination, as the Morgan Stanley case illustrates.[154] As the Guide articulates, DOJ and the SEC consider the strength of a company's FCPA compliance program when evaluating whether an action should be resolved through a deferred prosecution agreement or non-prosecution agreement, the appropriate length of any deferred prosecution agreement or non-prosecution agreement, the need for an independent compliance monitor or self-reporting requirements, as well as the calculated fine under the Sentencing Guidelines[155] (which often serves as a natural starting point in negotiating the monetary penalties associated with the settlement).

The Guide also highlights potential benefits not associated with enforcement decisions. For instance, it observes that an effective compliance program will prevent violations of the FCPA in the first place, obviating the need for enforcement considerations.[156] Additionally, a strong compliance program that features pre-acquisition due diligence for proposed M&A activity will allow companies to evaluate a target's value more accurately and negotiate for the costs of bribery to reside with the target.[157]

In highlighting the potential benefits of implementing an effective compliance program, the Resource Guide gathers the general principles regarding effective compliance programs contained in DOJ and SEC charging documents and various pronouncements from DOJ and SEC officials. The Guide cites the Seaboard Report, which details the many factors that the SEC considers in bringing an enforcement action, including whether the company had "established effective compliance procedures."[158] Similarly, the Guide notes that three of the nine factors in DOJ's Principles of Federal Prosecution of Business Organizations relate to the strength of a company's compliance program; namely, (1) the "pervasiveness of wrongdoing within the company," (2) "the existence and effectiveness" of the compliance program, and (3) "the company's remedial actions."[159]

Through its summary of the landscape regarding the tangible benefits of an effective FCPA compliance program, the Guide provides reassurances to companies and FCPA practitioners by stating definitively that such programs can potentially avoid enforcement actions, or lessen the impact in the event of a DOJ or SEC action.

Conclusion

With the new Resource Guide, DOJ and the SEC have done a service to FCPA practitioners and corporate compliance officers alike by providing a well-organized synthesis of their prior enforcement actions and pronouncements. Although the Resource Guide offers few unqualified answers, arguably in no other area of U.S. criminal law is such detailed guidance from the U.S. Government available.