On November 14, 2012, the Department of Justice and the Securities and Exchange Commission released their much-anticipated joint non-binding guidance “A Resource Guide to the U.S. Foreign Corrupt Practices Act” (the Guide). In short, the Guide collects and summarizes past cases, opinions, interpretations, and guidance on the FCPA. Although the information in the Guide is, therefore, not new, it provides a useful overview of the FCPA and a single reference point on several topics. In addition, the Guide attempts to provide clarification on several FCPA issues, such as the limits on appropriate gifts and hospitality and liability in the merger and acquisition context.
Highlights from the Guide are summarized below. The full Guide may be downloaded here: http://www.justice.gov/criminal/fraud/fcpa/guidance/. The week of the Guide’s release, several DOJ and SEC officials (speaking on their own behalf and not for the government) provided some commentary at the ACI National Conference on the FCPA (FCPA Conference), which is noted below where relevant.
- Respecting the FCPA’s Jurisdictional Reach – The Guide highlights DOJ’s and SEC’s expansive interpretation of FCPA jurisdiction. For example, the Guide presents a hypothetical involving a foreign company that conspires with a U.S. issuer to pay bribes to a foreign official. The Guide explains that even if the foreign company does not take any actions within the United States, based on an application of conspiracy law, the foreign company could still be held liable for substantive violations of the FCPA’s provisions related to issuers and domestic concerns.
- Determining “Corrupt Intent” for Gifts, Travel, and Entertainment – The Guide emphasizes that whether “corrupt intent” exists is the key to determining what types of gifts, travel, or entertainment may be considered reasonable and appropriate. Government officials at the FCPA Conference stated that one of their goals was to counteract “ultra-conservative” advice companies receive that prevents them from providing small token gifts or basic business hospitality. As the Guide states, “it is difficult to envision any scenario in which the provision of cups of coffee, taxi fare, or company promotional items of nominal value would ever evidence corrupt intent, and neither DOJ nor SEC has ever pursued an investigation on the basis of such conduct.”
- Sorting Out Who Is a “Foreign Official” – The Guide provides a non-exclusive list of factors that should be considered in determining whether an entity is a government “instrumentality” such that its officers and employees may be considered “foreign officials” under the FCPA. These factors include, but are not limited to: (1) the extent of government ownership; (2) the degree of government control; (3) the government’s characterization of the entity; and (4) the function of the entity, i.e., whether the entity is performing official or governmental functions. DOJ has previously touted these same factors in enforcement actions where it has been disputed who can be considered a “foreign official.” Government officials at the FCPA Conference noted that it can be difficult to obtain full transparency regarding the ownership and control of foreign entities and stated that where a company undertakes a good faith effort but does not learn that a foreign company is a foreign instrumentality, DOJ would not likely be able to demonstrate that the company had “knowledge” that the foreign company was a foreign instrumentality, a requirement for an FCPA violation to occur.
- Vetting Third Parties – The Guide emphasizes that FCPA liability cannot be avoided by using third party agents or other intermediaries so as to avoid actual knowledge of bribes. The Guide prominently highlights the case U.S. v. Kozeny, et al., in which the Second Circuit upheld the conviction of a businessman based on a theory of “conscious avoidance.” This theory allows a jury to find a defendant had culpable knowledge of a fact when the evidence shows that the defendant intentionally avoided confirming the fact. The Guide cautions that FCPA risks can only be reduced by implementing a rigorous compliance program and conducting thorough due diligence of any potential agents.
- Navigating the Facilitating Payments Exception – The Guide emphasizes the “narrowness” of the exception for facilitating payments in that it applies only to “routine governmental action” that involves non-discretionary acts, such as processing visas, providing police protection or mail service, and supplying utilities. In addition, the Guide notes that a payment that would not be prohibited by the FCPA’s anti-bribery provisions may nonetheless violate the books and records provisions if not properly recorded, and would likely violate local law or possibly other international bribery laws such as the UK Bribery Act.
- Assessing Successor Liability – In the context of mergers and acquisitions, the Guide emphasizes that DOJ and SEC have declined to take action against an acquiring company when it or the acquired company voluntarily discloses improper conduct, takes corrective action, and cooperates with DOJ and SEC. In contrast, the Guide stresses that DOJ and SEC have taken action against the acquiring company in cases where there were egregious and sustained violations, where the successor company participated in the violations, or where the successor company failed to stop misconduct after the acquisition.1 In addition, the Guide emphasizes the importance of thorough post- and pre-acquisition diligence to uncover possible violations. Thorough due diligence, prompt remedial action, and integration of the acquired company into the acquiring company’s internal compliance processes and procedures are all steps that DOJ and SEC consider when determining what action to take with respect to a violation by the predecessor company.
- Books and Records Provision – The Guide notes that there is no materiality threshold for the books and records provision, which requires that an issuer keep books and records that “in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the issuer.” However, the Guide states that enforcement actions have typically focused on widespread smaller payments that were part of a systemic pattern or on large bribe payments.
- Internal Controls Provision – The internal controls provision requires a system of controls that provides reasonable assurances regarding the reliability of financial reporting and the preparation of financial statements and compliance with management’s general or specific authorizations. The Guide emphasizes that there is no one-size-fits-all approach to internal controls. They must take into account the risks inherent to the company’s business such as the nature of its products or services, how the products or services get to market, its work force, the degree of regulation of its business, the extent of government interaction, and high-risk country operations.
- Subsidiaries and Affiliates – The accounting requirements apply to subsidiaries and affiliates under the control of the parent. The FCPA requires that a parent company use its best efforts to cause minority-owned joint ventures, those in which it holds 50% or less of the stock, to devise and maintain a system of internal accounting controls consistent with the issuer’s own obligations. Sharp-eyed readers of the Guide may have noticed that the Guide refers to parents that own less than 50% instead of 50% or less. Government officials at the FCPA Conference indicated that they hope to correct that error in the hard copy of the Guide.
Investigation and Enforcement Approach
Guiding Principles of Enforcement
- Enforcement Principles – The Guide references the Principles of Federal Prosecution and Principles of Federal Prosecution of Business Organizations set forth in the U.S. Attorney’s Manual as the DOJ guidance for prosecutors regarding initiating or declining prosecution, selecting charges, and resolution of cases for individuals and corporations, respectively. For corporations, nine factors are considered, including but not limited to: the corporation’s history of similar misconduct, the existence and effectiveness of the corporation’s pre-existing compliance program, and the corporation’s remedial actions. The Guide emphasizes that waiver of attorney-client privilege is not a factor, although disclosure of the underlying relevant facts is. For SEC Enforcement, the Guide references the SEC’s Enforcement Manual and lists a number of factors that are considered, including: the egregiousness and magnitude of the violation, whether it is ongoing, and whether the matter gives SEC an opportunity to “be visible” in a sector that might not otherwise be familiar with SEC’s laws.
- How Violations are Identified – The Guide notes that FCPA violations come to the attention of SEC staff (and presumably also DOJ staff) through a variety of means including: tips from whistleblowers or other informants, investigations, self-reports or public disclosures by companies, referrals from other offices or agencies, public sources such as media reports and trade publications, and proactive investigations and risk-based initiatives. Government personnel at the FCPA Conference indicated that both whistleblower reports and referrals from foreign agencies have been rising noticeably, which is to be expected given the new whistleblower bounty provisions enacted under the Dodd–Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act) and the bolstering of anti-corruption laws around the globe.
- Self-Reporting, Cooperation and Remedial Efforts – According to the Guide, both DOJ and SEC place a high premium on self-reporting, cooperation with officials, and remedial efforts when determining the course of an investigation and resolution of cases.2
The Role of a Corporate Compliance Program in the Enforcement Context – The Guide emphasizes that both DOJ and SEC consider the adequacy of a company’s compliance program when deciding whether to enter into a deferred prosecution agreement or non-prosecution agreement, or to decline prosecution. The Guide notes that no compliance program can stop all criminal activity by employees, and advises that each program should be tailored to a company’s risks and evolve as the business and markets evolve. When reviewing a compliance program, DOJ and SEC consider: whether the compliance program is well-designed, whether it is applied in good faith, and whether it works. Hallmarks of an effective compliance program include:
- Tone from the top and tone from the middle – conveyed commitment by not just the senior officials, but also the middle-managers.
- A clear, concise, and accessible Code of Conduct. It should be available in the local language for foreign employees.
- Assigned responsibility to one or more senior officials with appropriate authority, autonomy, and sufficient resources.
- A risk-assessment that focuses company compliance resources appropriately. Due diligence, for example, should be fact-specific and vary based on factors including but not limited to industry, country, size and nature of the transaction, and method and amount of third-party compensation.
- Periodic training and certifications from directors, officers, relevant employees, and, where appropriate, agents and business partners.
- Appropriate disciplinary procedures and possibly positive incentives for compliance.
- An avenue for confidential reporting, followed by investigation.
- Periodic testing and review.
FCPA Penalties, Sanctions, and Remedies
The Guide sets forth the different criminal and civil penalties associated with violations by companies and individuals. When calculating penalties for criminal violations, DOJ “focuses” its analysis on the U.S. Sentencing Guidelines (Guidelines). DOJ calculates a base fine in accordance with the Guidelines and multiplies that base fine by a “culpability score” that can either reduce the fine to as little as 5% of the base fine or increase the fine up to four times the amount of the base fine. Both DOJ and SEC may also pursue civil penalties. Significantly, SEC may also obtain disgorgement of “ill-gotten gains” and pre-judgment interest, which can be quite massive when the violation resulted in large benefits for the defendant.
The Guide details the different types of alternative resolutions that are possible with DOJ and SEC. The Guide explains that aside from bringing charges or a civil action, DOJ and SEC may choose to decline to pursue FCPA violations by a company or may resolve violations through a plea agreement, a deferred prosecution agreement, or a non-prosecution agreement. Regarding declinations, the Guide indicates that “in the past two years alone, DOJ has declined several dozen cases against companies where potential FCPA violations were alleged.”
The Guide provides six examples of when DOJ and SEC declined to take enforcement action and lists the factors that were taken into consideration in declining to take action. Unsurprisingly, in all six instances, the companies at issue voluntarily reported their misconduct to DOJ and SEC and took steps to “enhance” or “improve” their internal controls or compliance programs.
Whistleblower Provisions and Protections
The Guide explains that whistleblowers who report FCPA violations may be entitled to receive monetary awards if they report high quality, original information that leads to SEC enforcement action in which over $1 million in sanctions is ordered. Awards range between 10-30% of the monetary sanctions recovered by the government. Employers are also prohibited from taking retaliatory actions against FCPA whistleblowers under the Sarbanes-Oxley Act and the Dodd-Frank Act.