On 14 November 2012, the U.S. Department of Justice (DOJ) and U.S. Securities and Exchange Commission (SEC) issued their long awaited “guidance” on the Foreign Corrupt Practices Act (FCPA), FCPA: A Resource Guide to the U.S. Foreign Corrupt Practices Act (the guide). The stated aim of the guide is to “provide helpful information to enterprises of all shapes and sizes” about the government’s approach to FCPA enforcement. As the guide notes, it is “an unprecedented undertaking … to provide the public with detailed information about [the agencies’] FCPA enforcement approach and priorities.”
At 130 plus pages, the guide provides a comprehensive view of the DOJ and SEC’s interpretation of the FCPA, the agencies’ enforcement priorities, their approach to investigations and settlements, and, perhaps for the first time, clearer answers on what conduct is safe and what conduct can result in significant liability for a company. Although observers will discover that much of the guide rehashes previous government positions, perhaps most importantly for business enterprises, the guide provides actual practical advice on what the limits are in areas where the FCPA itself is not black and white.
Because of its length, Hogan Lovells is not attempting to provide a comprehensive review of the entire guide at this time. That will follow. Rather, this Alert is designed to quickly inform you of the seven most important things you and your company can take away from this new guidance.
- The long reach of the law: claims of far reaching jurisdiction
The guide is somewhat breathtaking in its assertion of the FCPA's jurisdiction. For issuers and domestic concerns, the guide contends that the broadest definition of interstate commerce applies; sending an email, a text message, or a fax from, to, or through the United States is a sufficient jurisdictional hook for the DOJ or the SEC. In Magyar Telecom, the government used the location of email servers in the United States as a basis to assert jurisdiction. Similarly, sending a wire transfer to or from the United States, or otherwise using the United States banking system, creates jurisdiction in the government's eyes. Thus, presumably a dollar transaction that takes place in another country, but that involves a correspondent bank because of the dollar currency, would be enough to trigger prosecution.
The guide also crystallizes the agency theory that the DOJ and SEC employed in Panalpina and other cases to assert jurisdiction over foreign entities. Thus, if an agent of a foreign entity commits an act in furtherance of a corrupt payment, and that act is committed in the United States, that is enough to create jurisdiction. The guide also expressly addresses co-conspirator liability and Pinkerton liability ― two time-worn theories used by prosecutors everywhere. Under these theories, there is jurisdiction if a foreign entity enters into a conspiracy with an agent of an issuer or a domestic concern, and the government believes that it is reasonably foreseeable that the agent would bribe a government official.
Some might say this means that the DOJ and SEC could use these theories to get at virtually any corrupt payment. Although jurisdiction is always an issue worth considering in evaluating defenses, the guide seeks to set out very broad prosecution jurisdiction.
- Winning business: What are the limits on hospitality, gifts, and travel?
Recently, many businesses have put in place often draconian prohibitions on entertainment or provision of even token gifts to foreign officials. The guide makes clear that many of these restrictions may be overkill. While the guide reiterates that an organization must have “clear and easily accessible guidelines and processes” for gift giving and hospitality, the DOJ and SEC are only seeking to go after those payments that are truly bribes disguised as gifts ― asking whether there is a corrupt intent behind the gift.
One of the frequent areas of concern for organizations is promotional events. The guide states that under normal circumstances, the FCPA is not violated by providing prospective government customers at a trade show with refreshments or promotional items such as logo t-shirts or hats. Moreover, it would also be permissible for a company to invite these same customers or potential customers for drinks or a moderate meal at the end of the day. The key is avoiding excess. While cocktails at the hotel bar are likely fine, champagne at a luxury night club would draw inquiry. The difference here? The former is seen as simply a way to get time with the customer, while the latter may be seen as crossing over to the zone of rewarding the official for doing business with you ― a corrupt purpose.
Companies are often faced with the challenges of foreign environments that encourage gift giving as part of the business culture. The guide makes clear that this is not necessarily prohibited. In the example in the guide, the government says that no law is violated where a moderately priced crystal vase is presented to a general manager of a foreign government-owned entity as a wedding gift. “Tokens of esteem or gratitude” are permissible where they are appropriate under local law, customary where given, reasonable for the occasion, and properly recorded in the company’s records. The guide in this area provides companies with a zone of comfort in which to operate.
Many companies bring foreign officials to the United States for contract negotiations, site visits, or training. The guide makes clear that such travel is appropriate where there is a legitimate purpose such as training or a performance review. Indeed, even business class airfare, an item often prohibited without exception, is permissible for foreign officials where appropriate to the length of the trip and provided on the same terms as to the company’s own employees. Meals and moderate entertainment that make up a small part of total costs are likewise permissible. In contrast, as would be expected, the guide suggests enforcement proceedings would result from trips to cities where there is no tie to the contract or companies, trips involving spouses or family members, or where the purpose is to provide an incentive for the official to misuse his or her position or influence.
Thus, the agencies’ focus in these areas seems to be on whether the nature of the gift or hospitality suggests a corrupt intent. Expenditures that are modest, in line with local custom, or similar to what company employees are entitled to in similar circumstances are likely to be permissible.
- They made me do it: extortion and duress under the FCPA
The FCPA does not prohibit payments made in the face of extortion or under duress where the payments are necessary to preserve the safety of employees or company property. As the guide notes, paying money in response to a threat to demolish a company facility or arrest an employee cannot be said to have been undertaken with a corrupt intent to obtain or retain business (although it could trigger other offenses if the payments were, for example, to a terrorist organization). The guide goes on, however, to make clear that economic coercion is not, in and of itself, sufficient to trigger this carve out. Where a company makes the “conscious decision” to pay an official to gain or retain business, the FCPA is violated even if there is no other perceived alternative. This makes clear that even a situation where all bidders were asked to pay bribes to bid or in the event of a contract award constitutes an FCPA violation. The fact that all bidders were on equal footing is irrelevant. Likewise, a threat to end a contract or otherwise harm the company’s economic interests unless a bribe is paid is not sufficient to provide protection from prosecution.
- Foreign officials: broad reach and interpretation
In addressing the issue of who is a “foreign official,” the guide essentially rehashes the position the agencies have taken in settlements and court filings, including US v. Esquenazi, where the meaning of “foreign official” and what constitutes an instrumentality of a foreign government is currently being challenged before the 11th Circuit. Two points here are particularly notable. First, because the statute defines a foreign official as “any officer or employee of a foreign government” and to those acting on the foreign government’s behalf, the guide emphasizes that the FCPA prohibits corrupt payments to low-level employees and high-level officials alike.
Second, the guide addresses the DOJ and SEC’s views of what constitutes an “instrumentality” of a foreign government, and therefore which officers and employees of state-owned or state-controlled entities should be treated as “foreign officials.” Those who hoped for a clear definition of “instrumentality” will be disappointed. Rather than creating a bright-line definition, the guide asserts that the term is broad, including both state-owned and state-controlled entities. Whether a particular entity is an “instrumentality” requires a fact-specific analysis of an entity’s ownership, control, status, and function. Notably, the guide does not concede that 50 percent or greater ownership by a foreign government is definitive in determining whether the entity is an instrumentality. In yesterday’s press conference announcing the guide, SEC Enforcement Director Robert Khuzami noted that the guide does not draw a bright line standard here because there are “many indirect ways of ownership and control.” Assistant Attorney General Lanny Breuer pointed out that the DOJ is unlikely to consider a foreign entity that is less than 50 percent controlled by a foreign government to be an instrumentality; “specific factors” could lead to a different conclusion.
- All in the family: liability for subsidiaries, parents, and successors
The guide focuses on two aspects of corporate liability: the liability of a parent company for the acts of its subsidiary and the liability of a successor company following a merger or acquisition. Notably, it also includes some new “practical tips” for companies acquiring and integrating new businesses.
With respect to parent-subsidiary liability, the guide simply restates familiar principles of agency law. A company is liable for the acts of its agents undertaken within the scope of their employment and intended, at least in part, to benefit the company. In determining whether an agency relationship exists between a parent and a subsidiary, the DOJ and SEC examine the parent’s control over the subsidiary, including the parent’s knowledge and direction of the subsidiary’s actions.
The guide devotes considerably more attention to the principles of successor liability, focusing on the ability of the successor company to reduce its risks of liability by conducting thorough anti-corruption due diligence, and reporting and remediating any misconduct it discovers. The guide also affirms that successor liability does not create liability where none existed before. For example, an issuer is not liable for the pre-acquisition acts of a foreign company that was not subject to the FCPA.
Perhaps most significantly ― and for the first time ― the DOJ and SEC have set forth the following five “practical tips” that they encourage companies to take in conducting mergers and acquisitions:
- conduct thorough risk-based anti-corruption due diligence
- ensure that the acquiring company’s code of conduct and anti-corruption policies apply as quickly as possible to the acquired business
- train the acquired business’ directors, officers, employees, and where appropriate, agents and business partners, on applicable anti-corruption laws and policies
- conduct an FCPA audit as quickly as practicable on the newly acquired business
- disclose to the DOJ and SEC any corrupt payments discovered in the due diligence process
These “tips” may well prove to be the DOJ and SEC’s baseline expectations for an acquiring company’s conduct of FCPA due diligence and integration. But even companies that undertake each of these actions ― including disclosure ― do not eliminate the risk of liability, as the guide provides only that the DOJ and SEC “may” decline to bring enforcement actions in such cases.
- Books and records: What does the other part of the FCPA really mean?
The guide for issuers on the FCPA's books and records and internal control provisions does not break any new ground. However, there are important legal positions outlined in this part of the guide. First and foremost, the guide makes explicit what often gets lost in the consideration of how payments get recorded: the FCPA’s books and records rules are not limited to payments made to government officials. Rather, commercial bribes, embezzlements, and proceeds of fraud or export control violations can create liability for issuers subject to these provisions. The DOJ and SEC have brought cases, such as Johnson & Johnson, where both government bribes and commercial bribes occurred, but the guide points out that either a books and records violation or an internal controls violation can be a stand-alone case based solely on a commercial bribe.
Second, the guide also articulates the government's position that an internal controls violation is a separate and independent FCPA offense. Most internal controls violations involve systemic failures in policing improper payments, hence why they come to light, but the guide does not limit the application of the internal controls provisions to such situations. Indeed, other violations of the securities laws ― such as 13(a)'s prohibition on lying to auditors or Sarbanes Oxley's (SOX) requirement for management's certification of the financial statements ― could also violate the internal controls provisions.
Third, the guide notes the importance of a compliance program that addresses FCPA risks to an issuer's internal controls. In addition, the guide points out that an issuer's SOX compliance system is part of its internal controls. Finally, the guide states that internal controls are not one-size-fits-all, and issuers should assess their FCPA risks in designing their internal controls. These parts of the guide will no doubt warm the hearts of lawyers and consultants everywhere.
- Resolutions: Do the DOJ and SEC really ever decline to pursue cases?
One key discussion point amongst FCPA practitioners in recent years has been the value of self-disclosure. In particular, the sense that every self-disclosure, no matter how small the issues involved or how great the cooperation, seemed to lead to some sort of negative resolution to the matter for the company involved. Perhaps sensing this discontent, the guide goes to great lengths to discuss how the DOJ and SEC regularly decline to prosecute FCPA cases, noting that in the past two years, the DOJ had declined “several dozen cases against companies where potential FCPA violations were alleged.” The guide reiterates that these decisions will generally be made in accordance with the Principles of Federal Prosecution and the Principles of Federal Prosecution of Business Organizations, two DOJ publications. Most significantly, for the first time the guide actually provides six examples of recent public company declinations. Some common themes:
- quick and complete voluntary disclosure
- the companies involved moved swiftly after initial discovery to investigate and terminate business ties
- the amounts at issue were relatively small
- in several cases, the conduct was discovered as a result of a well-functioning compliance program or pre-acquisition due diligence
- responsibility could be isolated with a small number of local or low-level employees who were terminated or otherwise disciplined
- the companies immediately implemented remedial plans and/or enhancements to their compliance regimes
While there is still relatively unfettered discretion on the part of the agencies, these examples at least will provide a somewhat more informed view of the process for companies considering self-disclosure.
* * *
Over the next few weeks, the guide will likely be analyzed in great detail and much effort given over to divining the meaning or intent behind every word. Hogan Lovells will continue to keep you up to date on these issues, but we believe that the seven areas above are likely to prove most valuable for companies who may be facing FCPA issues now or in the future.