On November 14th, the U.S. Department of Justice (DOJ) and U.S. Securities and Exchange Commission (SEC) jointly published “A Resource Guide to the U.S. Foreign Corrupt Practices Act” (the “Guide”), their long-awaited and highly anticipated guidance on the Foreign Corrupt Practices Act (FCPA). Although the Guide is not revolutionary — the DOJ and SEC did not announce a new “adequate procedures” defense, as some predicted, or radically reinterpret any of the FCPA’s provisions — it does provide useful insights into the government’s enforcement considerations. The Guide dedicates several pages to describing the “Hallmarks of Effective Compliance Programs,” and it sheds light on how the government defines the scope of acceptable gifts, entertainment, and travel; the definition of a “foreign official” and “instrumentality”; successor liability in mergers and acquisitions; and the government’s jurisdiction to enforce the FCPA. The Guide illustrates each of these topics through helpful hints, examples, and hypotheticals.
The DOJ and SEC’s “industry sweeps” of medical device and pharmaceutical companies, financial services firms, energy companies, freight forwarders, and retail companies over the past several years demonstrate that the FCPA remains a top priority for government enforcement in the United States. The scope and meaning of many of the FCPA’s provisions have been rigorously debated over the years, and although the FCPA Guide does not end the debate — in fact, it is explicitly “non-binding” and, in some cases, adopts unsettled or untested law — it provides some clarity in several important areas, and should serve as a measuring stick for compliance officers to evaluate their own companies’ compliance programs.
The Hallmarks of Effective Compliance Programs
The FCPA Guide encourages comprehensive, tailored compliance policies and thorough, risk-based due diligence on third parties and potential merger and acquisition targets. Chapter 5 of the FCPA Guide describes the value of an effective compliance program and clearly states that the DOJ and SEC will consider the adequacy of a company’s compliance program when deciding what, if any, enforcement action to take after an FCPA violation has occurred.
Although the Guide acknowledges that each compliance program should be tailored to an organization’s specific needs, risks, and challenges, it also generously provides ten “hallmarks” of effective compliance programs:
- Strong commitment from senior management and a clearly articulated policy against corruption;
- A code of conduct and compliance policies and procedures that are current and effective, outline responsibilities for compliance within the company, and detail proper internal controls, auditing practices documentation policies, and disciplinary procedures;
- Oversight by a member of senior management with sufficient autonomy and resources to be effective;
- Risk assessment and internal audit procedures;
- Continuing advice and regular training for both new and current employees and third parties;
- Enforced disciplinary measures for employees who violate the policy and incentives for employees who follow it;
- Comprehensive, risk-based due diligence on third parties and transactions;
- Mechanisms for employees to confidentially report potential infractions and for an efficient, thorough internal investigation;
- Updating the compliance policy through periodic testing and review; and
- Pre-acquisition due diligence and post-acquisition integration for mergers and acquisitions.
Compliance officers should use the ten hallmarks of an effective compliance policy outlined in the FCPA Guide to reevaluate and, if necessary, revise their own compliance policies according to their company’s specific risk profile.
The Scope of Acceptable Gifts, Entertainment, and Travel
The FCPA prohibits the corrupt “offer, payment, promise to pay, or authorization of the payment of any money, or offer, gift, promise to give, or authorization of the giving of anything of value to” a foreign official. Gifts, entertainment and travel expenses for customers, potential customers, investors, conference guests, and third-party representatives are common practices in many industries, including the health care and financial services industries, and the FCPA Guide provides helpful insight into exactly what actions the DOJ and SEC consider improper.
The FCPA Guide emphasizes that it is the payor’s intent — not a threshold monetary value — that is the critical factor in determining whether a gift, entertainment, or travel expense for a foreign official violates the FCPA. As the guidance states, “[t]he corrupt intent requirement protects companies that engage in the ordinary and legitimate promotion of their business while targeting conduct that seeks to improperly induce officials into misusing their positions.” Consequently, “cups of coffee, taxi fare, or company promotional items of nominal value” would almost never violate the FCPA.
Moreover, the Guide recognizes that a “small gift or token of esteem or gratitude is often an appropriate way for business people to display respect for each other,” and states that items of “nominal value … are unlikely to improperly influence an official.” Some hallmarks of appropriate gift-giving are when the gift is (1) given openly and transparently; (2) properly recorded in the giver’s books and records; (3) provided only to reflect esteem or gratitude; and (4) permitted under local law. The FCPA Guide recommends that companies “should have clear and easily accessible guidelines and processes in place for gift-giving by the company’s directors, officers, employees, and agents,” including, for example, “automated gift-giving clearances processes” and “clear monetary thresholds for gifts along with annual limitations.” The Guide also provides examples of what would not be appropriate, such as fur coats and trips for a government official and his wife to Europe for non-business purposes.
The Definition of “Foreign Official” and “Instrumentality” Under the FCPA
The FCPA’s anti-bribery provisions apply to corrupt payments to “foreign officials,” which includes officers or employees of a department, agency, or instrumentality of a foreign government. What constitutes an “instrumentality,” however, is an unsettled question, and consequently, companies are often uncertain as to when, exactly, they might be dealing with a foreign official. It can be a challenge for companies to design comprehensive compliance programs without knowing the extent of their exposure to foreign officials.
The FCPA Guide states that the term “instrumentality” is “broad” and “requires a fact-specific analysis of an entity’s ownership, control, status, and function.” Citing final court-approved jury instructions in several cases, the Guide lists several non-exclusive factors that companies should consider when evaluating the risk of FCPA violations and designing compliance programs. Although the Guide states that “no one factor is dispositive or necessarily more important than another, as a practical matter, an entity is unlikely to qualify as an instrumentality if a government does not own or control a majority of its shares.” The Guide cautions, however, that “there are circumstances in which an entity would qualify as an instrumentality absent 50% or greater foreign government ownership.” Even though these are the guidelines that the FCPA legal community has broadly adopted based on previous FCPA enforcement actions, this appears to be the first time that the DOJ and SEC have publicly acknowledged an ownership threshold to determine whether an entity constitutes an “instrumentality” under the FCPA. Ultimately, however, it is still a fact-based analysis and the degree of a foreign government’s control over a company will always trump a 50% ownership threshold.
In order to evaluate and avoid successor liability, all companies should engage in pre-acquisition due diligence in a potential merger and acquisition deal, and that is no different for FCPA concerns. If a successor company inherits FCPA liability, “contracts obtained through bribes may be legally unenforceable, business obtained illegally may be lost when bribe payments are stopped, and the prior corrupt acts may harm the acquiring company’s reputation and future business prospects.” In addition to pre-acquisition due diligence, however, the DOJ and SEC encourage the acquiring company to swiftly integrate its compliance policy, internal controls, training program, and code of ethics into the acquired entity. As the Guide notes, “DOJ and SEC have only taken action against successor companies in limited circumstances, generally in cases involving egregious and sustained violations or where the successor company directly participated in the violations or failed to stop the misconduct from continuing after the acquisition.”
The Government’s Jurisdiction to Enforce the FCPA
In addition to the statutory jurisdiction that the FCPA confers on the government, the DOJ and SEC have taken the sweeping — and legally untested — position that the mere act of “placing a telephone call or sending an e-mail message, text message, or fax from, to, or through the United States involves interstate commerce — as does sending a wire transfer from or to a U.S. bank or otherwise using the U.S. banking system.” The Guide also states that any person or issuer that is not a U.S. citizen or company may be prosecuted if they “directly, or through an agent, engage in any act in furtherance of a corrupt payment while in the territory of the United States, regardless of whether they utilize the U.S. mails or a means or instrumentality of interstate commerce.” For example, “a foreign national who attends a meeting in the United States that furthers a foreign bribery scheme may be subject to prosecution, as may any co-conspirators, even if they did not themselves attend the meeting.” A company employing the foreign national might also be liable under this scenario.
* * *
The FCPA Guide is a benchmark against which compliance officers can and should compare their own compliance programs. Throughout the Guide, the DOJ and SEC repeatedly emphasize that each company should tailor its compliance program and third-party due diligence to its own individual circumstances, and that all companies should continually reevaluate, update, and strive to improve their compliance programs. The Guide makes clear that if a company has invested time and thought into creating and enforcing a robust, effective, and tailored compliance program, then the DOJ and SEC will give that company considerable credit when making its charging decision, including the declination of prosecution altogether. Although the Guide is non-binding and leaves many issues open to a fact-based interpretation, it provides insight into the government’s thinking and should serve as a minimum standard upon which compliance officers can rely.