The U.S. Foreign Corrupt Practices Act (FCPA) remains one of the most important legal and compliance risks for companies engaged in international business. Holland & Hart is often asked by our internationally-based clients and prospective clients the extent to which the FCPA applies to them, if their only touch-point with the U.S. is through listing on an exchange or the trading of American Depository Receipts (ADRs).

The FCPA can and has been applied to entities whose ADRs are listed in the U.S. Companies with U.S.-listed ADRs should refresh their foreign bribery compliance policies, procedures, and training; proactively assess and address potential foreign bribery risks; and promptly and appropriately investigate and address potential FCPA concerns.

Overview of the FCPA

The FCPA prohibits the actual or attempted bribery of non-U.S. government officials in order to assist in obtaining or retaining business. Payments that may cause violations include cash, gifts, charitable donations, travel, meals, entertainment, grants, speaking fees, honoraria, and consulting arrangements. The FCPA does not contain a materiality threshold as to the size of the violating payment or the amount of business obtained. Although there are some safe harbors for certain payments to foreign officials, these exceptions are narrowly construed and apply rarely.

The FCPA additionally requires “issuers” (defined below) to maintain accurate books and records that reasonably and accurately describe transactions and dispositions of assets, as well as a system of internal accounting controls sufficient to assure management’s control, authority, and responsibility over the firm’s assets.

The U.S. Department of Justice (DOJ) and U.S. Securities and Exchange Commission (SEC) jointly enforce the FCPA through criminal and civil actions directed at entities, their personnel, and other involved individuals.

Internationally-Based Companies May Be Subject to U.S. FCPA Enforcement

Companies that are located and doing business outside of the U.S. may still be subject to FCPA enforcement in the event of alleged foreign bribery. There are two basic theories under which the SEC and DOJ may act in these instances.

(1) Enforcement against “issuers,” includes many companies with ADRs

All provisions of the FCPA apply to “issuers.” Companies are “issuers” if they are listed on a U.S. exchange or if they make periodic filings with the SEC.

Foreign companies directly listed on U.S. exchanges are “issuers” subject to the FCPA. For example, in early 2016, Amsterdam-based VimpleCom Ltd. – one of the world’s largest telecom companies listed on the NASDAQ, and previously on the NYSE – and its wholly-owned Uzbek subsidiary settled FCPA allegations levied by the SEC, DOJ, and Dutch authorities. The government alleged that the company paid $114 million in bribes to Uzbek officials, in part through payments to a shell company owned by a Uzbek foreign official, to obtain business that generated more than $2.5 billion in revenue.

Hailed as a “landmark FCPA resolution,” VimpleCom’s total sanctions paid to U.S. authorities makes this one of the largest FCPA enforcement actions ever. The company agreed to pay a $230.1 million criminal penalty to the DOJ, disgorgement and prejudgment interest totaling $167.5 million to the SEC, and another $397.5 million to Dutch authorities. The company also agreed to engage an independent FCPA compliance monitor for at least three years.

Foreign companies also may be deemed “issuers” when their ADRs are sponsored (that is, they involve the foreign company’s involvement with a U.S. bank that issues the ADRs, and the company must file with the SEC) and they are listed on a U.S. exchange. (For simplicity, in this article we use the terms ADRs and American Depository Shares (ADSs) interchangeably.)

The SEC and DOJ have enforced the FCPA numerous times against companies with listed ADRs. Indeed, the largest-ever global foreign bribery resolution – a combined total of at least $3.5 billion – involved Braskem S.A., a Brazilian petrochemical company with ADRs listed on the NYSE. Announced in December 2016, the DOJ, SEC, Brazilian, and Swiss authorities alleged that Braskem, through intermediaries and off-book accounts managed by Odebrecht (a privately-held engineering company based in Brazil, which also settled with authorities), paid bribes of at least $250 million to a Brazilian government official at a state-controlled petroleum company, as well as to Brazilian legislators and political party officials. Braskem agreed to retain an independent compliance monitor for at least three years and to pay a total of $957 million in criminal and regulatory penalties to U.S., Brazilian, and Swiss authorities. The total of criminal penalties imposed against Odebrecht ranged from $2.6 billion to $4.5 billion.

Many other of the largest FCPA enforcement actions by the SEC and/or DOJ likewise have involved internationally-based companies with U.S.-listed ADRs: Siemens Aktiengesellschaft (a German company with ADSs listed on the NYSE); Teva Pharmaceutical Industries, Ltd. (an Israeli company with ADRs listed on the NASDAQ and then the NYSE); Total SA (a French company with ADSs listed on the NYSE); Alcatel-Lucent, S.A. (a French company with ADRs listed on the NYSE); ABB, Ltd. (a Swiss company with ADSs listed on the NYSE); and Statoil, ASA (a Norwegian company with ADSs listed on the NYSE).

And the DOJ and SEC show no signs of slowing FCPA enforcement in matters involving listed ADRs. As recent as January 2017, the DOJ and SEC charged Sociedad Quimica y Minera de Chile, S.A. (SQM), a Chilean mining and chemical company with ADSs listed on the NYSE, alleging that SQM made over $14 million of improper payments to Chilean politicians, political candidates, and others connected to them by paying individuals and entities that falsely posed as legitimate third-party vendors.

Companies with sponsored ADRs that are not listed on an exchange but trade on the over-the-counter (OTC) markets (called Level I ADRs) likewise could be forced to defend claims alleging violations of the U.S. securities laws, including the FCPA. For example, a federal district court recently declined to dismiss securities fraud claims filed against Volkswagen, because its Level I ADRs entailed significant enough U.S. involvement to establish jurisdiction over the company.

(2) Enforcement based on conduct occurring in or directed at the U.S.

Not surprisingly, the SEC and DOJ also will not hesitate to enforce the FCPA against domestic concerns – U.S.-based subsidiaries, affiliates, and personnel somehow involved in alleged wrongdoing. And the SEC and DOJ may also take action against foreign entities and individuals if acts in furtherance of the alleged bribe occurred within the U.S. The government may assert these types of jurisdiction in FCPA matters irrespective of a company’s ADRs. Every case differs, of course, so foreign nationals faced with SEC or DOJ inquiries about potential FCPA concerns should carefully explore their particular facts and circumstances with their legal counsel to fully assess potential defenses, including jurisdictional defenses.

Indeed, U.S. authorities may reach here. For example, the SEC and DOJ procured a $365 million settlement from a Dutch company and its former parent, an Italian company, despite their limited contacts with the U.S. The DOJ and SEC appears to have primarily asserted jurisdiction over the companies because they were involved in a joint venture – with a French company (with ADSs listed on the NYSE) and a Texas company – that allegedly paid bribes to Nigerian officials to obtain energy contracts.

International Cooperation in Foreign Bribery Enforcement Flourishes

International entities may also face parallel anti-bribery enforcement by foreign governments, as apparent in the VimpleCom and Braskem/Odebrecht matters discussed above. The DOJ and SEC have often touted their international cooperation efforts. A senior DOJ official, for example, recently stated that companies should assume information disclosed to the DOJ will be shared with foreign regulators. And senior SEC officials have stated that international collaboration, cooperation, and assistance is critical to the agency’s success in FCPA matters. Companies thus may want to assume that the local authorities are, or soon will be, involved in most foreign bribery matters.

Whistleblower Program Increases Potential for FCPA Investigations

The SEC heavily incentivizes insiders and others with knowledge of potential wrongdoing to proactively provide that information to the SEC early. Under the SEC’s whistleblower program, individuals who provide information that leads to a successful enforcement action involving sanctions of more than $1 million may receive an award of 10 percent to 30 percent of the amount collected by the SEC.

The SEC receives hundreds of FCPA-related tips every year, including myriad tips from individuals living in foreign countries. Indeed, one the SEC’s largest whistleblower rewards – over $30 million – was awarded to an individual living abroad.

Moreover, the SEC has vigorously protected individuals’ ability to access the whistleblower program. In one recent matter against a foreign-based company with U.S.-listed ADRs, for example, the SEC also charged the company with violating a rule that prohibits companies from impeding whistleblower reports. The SEC alleged that the company’s separation agreements contained a clause penalizing former employees from violating non-disclosure provisions, which the SEC alleged impeded its FCPA investigation.

The SEC’s former Chair stated that the whistleblower awards have “created a powerful incentive for companies to self-report wrongdoing to the SEC—companies now know that if they do not, we may hear about the conduct from someone else.” As a practical matter, the announcements provide important reminders that companies should appropriately and promptly address reports of potential wrongdoing, typically by engaging independent counsel to thoroughly investigate the issues.

Cooperation May Yield Benefits

The DOJ and SEC have long provided credit to entities that cooperate with the agencies during investigations. And it is not unusual for companies, upon learning of potential issues, to promptly investigate and self-report the investigatory results to the government, in the hopes of securing a more beneficial outcome.

In April 2016, the DOJ announced a new FCPA Pilot Program, which “is designed to motivate companies to voluntarily self-disclose FCPA-related misconduct, fully cooperate with the Fraud Section, and, where appropriate, remediate flaws in their controls and compliance programs.” Under the program, a company may receive up to a 50% reduction off the bottom of the range recommended under the sentencing guidelines, or even a full declination to prosecute, if the company: (a) voluntarily self-reports; (b) fully cooperates with the DOJ’s investigation; (c) remediates as appropriate; and (d) disgorges ill-gotten gains. Companies that cooperate and remediate without voluntary self-reporting may be eligible for reduced benefits. In March 2017, the DOJ announced extension of the program as it continues to evaluate its effectiveness.

The DOJ and SEC expect much from companies who seek to cooperate. On September 9, 2015, then-Deputy Attorney General Sally Q. Yates issued a memorandum stating that, going forward the DOJ intends to scrutinize individuals, not just companies, involved in potential wrongdoing. The Yates Memo explained that “[b]oth criminal and civil attorneys should focus on individual wrongdoing from the very beginning of any investigation of corporate misconduct.” The DOJ said that, “in order to qualify for any cooperation credit, corporations must provide to the Department all relevant facts relating to the individuals responsible for the misconduct.” The SEC has been in lockstep, with multiple senior officials publicly emphasizing the agency’s similar focus on individual culpability.

Proactively Minimize FCPA Enforcement Risks

Every FCPA case entails its own factual circumstances, but they generally lead to the same important lessons:

  1. The FCPA Should Not Be Ignored. Foreign-based companies can gain many advantages through access to the U.S. capital markets by listed ADRs or direct listing on an exchange. As discussed in this article, though, these companies cannot ignore the FCPA. And even unlisted foreign companies with business dealings that touch the U.S. might be open to FCPA enforcement.
  2. Assess Potentially-Risky Practices. Certain business practices, such as using local third party agents and doing business in certain regions, may lead to increased FCPA risks. Companies should take a global view, assessing their subsidiaries’ and joint ventures’ practices as well as headquarters. For example, the SEC recently charged a Belgian beer company, with ADRs listed on the NYSE, because its wholly-owned subsidiary in India allegedly reimbursed a distributor (a joint venture that the beer company partly owned) for bribes that the distributors’ agents paid to Indian government officials to obtain beer orders and to increase brewery hours. Companies should proactively identify, or engage outside counsel experienced with the FCPA to identify, their potential FCPA risks so that the matters can be appropriately addressed.
  3. Proactive Compliance Measures Help. Rigorous due diligence, policies, training, and controls focused on containing FCPA risks provide critical safeguards that may help avoid or minimize a potential FCPA enforcement issue. And in the event issues arise, up-front compliance efforts may help reduce potential sanctions. Indeed, regulators have high expectations in this regard, and they have not hesitated to charge companies that implemented ineffectual efforts.
  4. Appropriately Investigate and Address Potential Red Flags. Self-discovery of potential red flags, promptly followed by appropriate investigation and remediation, may yield benefits with the SEC and DOJ, not to mention the benefits to the company and shareholders. Given the proliferation of potential FCPA risks, companies are well advised to engage counsel to conduct an efficient, cost-effective, and reliable investigation of potential issues.
  5. Consider Self-Reporting. The government touts the benefits of self-reporting FCPA issues. VimpleCom, for example, received “significant credit” from the DOJ for their “prompt acknowledgement of wrongdoing after being informed of the DOJ's investigation, for their willingness to promptly resolve their criminal liability on an expedited basis, and for their extensive cooperation with the DOJ's investigation.” They did not receive “more significant mitigation credit,” however, because the company did not self-report to the government after an internal investigation revealed misconduct. Companies and their counsel should analyze the facts and circumstances of each matter to determine whether self-reporting is appropriate.
  6. Consider Individual Counsel. Individuals may face personal exposure for FCPA violations, so consider individual counsel early. For example, in December 2011 the SEC alleged that executives from a Hungarian telecommunications company with ADRs listed on the NYSE, orchestrated a scheme wherein subsidiaries paid bribes to government and political party officials to win business and shut out competition. The SEC charged three former executives – all Hungarian citizens residing in Hungary. The long-running cases only recently concluded, with the SEC ultimately procuring settlements with all of the executives.
  7. Update and Upgrade Insurance Coverage. Not all insurance policies provide coverage for internal investigations or for pre-charging investigations by the SEC or DOJ. Entities and their personnel should review existing policies to ensure satisfactory coverage, particularly if individuals may seek their own counsel. FCPA matters can be lengthy and expensive. Adequate insurance may help soften this blow.

International-based companies with U.S. listed shares or ADRs should promptly take steps to address potential FCPA risks, lest they or their executives become another case study.