Last week, the Securities and Exchange Commission (the SEC) charged Diageo plc—one of the world’s largest producers and distributors of premium alcoholic beverages—with wide-ranging violations of the Foreign Corrupt Practices Act (the FCPA).1
Although this case is one more in a long line of FCPA enforcement matters brought by the SEC and/or Department of Justice (DOJ) this year, it is notable because the findings of illegal activity read like a law school exam question. The case identifies many of the myriad ways that a company can violate the FCPA, and what a company can do to potentially minimize the sanctions sought by federal regulators to address those violations.
Review of the Diageo case will provide companies, their compliance professionals, and counsel with a description of the “hot button” FCPA enforcement trends and pitfalls that are the current focus of the regulators, including, among other things: (i) liability for the activities of subsidiaries, (ii) working with third-party agents and consultants, (iii) the risks of providing gifts and entertainment, (iv) working with “state owned enterprises,” (v) the requirement for transparent books and records, and (vi) the possible benefits of cooperating with the anti-corruption regulators.
Diageo, headquartered in London, is a leading producer and distributor of premium branded alcoholic beverages, including Johnnie Walker, Smirnoff, Captain Morgan, and Guinness. Through various direct and indirect subsidiaries, Diageo maintains operations in more than 180 countries.
According to the SEC’s cease-and-desist order, over a period spanning more than six years, Diageo, through its subsidiaries, paid more than $2.7 million to various government officials in India, Thailand, and South Korea in separate efforts to obtain lucrative sales and tax benefits.2 The SEC found that Diageo and its subsidiaries failed properly to account for these illicit payments in their books and records. Rather, the company “concealed the payments to government officials by recording them as legitimate expenses for third-party vendors or private customers, or categorizing them in false or overly vague terms or, in some instances, failing to record them at all.”3
The proceeding was resolved with Diageo consenting to the entry of a cease-and-desist order and paying disgorgement of $11,306,081 plus interest and a $3 million civil penalty.
“ACQUIRING” FCPA LIABILITY
A common trend among recent FCPA actions is that many companies are finding themselves liable for the actions of the target companies that they acquire. Repeatedly, companies expanding through acquisition discover that—in addition to owning new business assets and operations—they have acquired significant FCPA liability risks. This is particularly true for companies that fail to acclimate their new subsidiaries to a more effective compliance culture with adequate controls, policies, and procedures.
Diageo was formed in 1997 through the merger of two existing companies. For the next several years, the company grew through acquiring interests in various foreign subsidiaries. In fact, all three subsidiaries found to have been the cause of Diageo’s FCPA violations were companies acquired by Diageo.
While Diageo “recognized that its new subsidiaries had weak compliance policies, procedures, and controls” at the time of the acquisitions, the SEC found that Diageo “failed to make sufficient improvement to these programs until mid-2008 in response to the discovery of the illicit payments”4 at issue. The SEC concluded that Diageo’s “history of rapid multinational expansion through mergers and acquisitions contributed to defects in its FCPA compliance programs.”5 As a result, the SEC held Diageo responsible for those subsidiaries’ lack of controls and FCPA compliance
FCPA enforcement actions often involve third parties such as agents and partners making improper payments on behalf of a company. And, although the company did not make the payment itself, the cases are clear that the company can nonetheless be liable under the FCPA.
In the Diageo case, one of Diageo’s subsidiaries reimbursed its third-party promoters and distributors for payments they made to government officials for the purpose of securing label registrations for Diageo’s products. They also reimbursed the third parties for payments made to officials to secure import permits and administrative approvals.
The third parties were reimbursed for the payments through debit notes that described the payments as “special rebates” or “incentive for reaching sales targets.” The SEC found that, because the documentation concerning the improper payments was, at best, vague, the company improperly hid the fact that it was reimbursing the distributors and promoters for payments to government employees by recording them on the books as commissions and rebates.
LAVISH HOSPITALITY AND LOCAL CUSTOMS
The FCPA prohibits corruptly giving anything of value to foreign officials for the purpose of obtaining a business advantage. That prohibition includes various types of gifts and entertainment. The FCPA does provide an affirmative defense for “a reasonable and bona fide expenditure, such as travel and lodging expenses, incurred by or on behalf of a foreign official . . . directly related to  the promotion, demonstration, or explanation of products or services.”6 But there is little guidance in the statute or case law regarding the application of the affirmative defense, and FCPA enforcement actions often involve companies providing hospitality expenditures that regulators find “unreasonable.”
In Diageo, the company’s South Korean subsidiary paid almost $110,000 in travel and entertainment-related expenses. These expenses included travel costs for customs and other officials to travel to Scotland. While the trip had the legitimate purpose of taking the South Korean officials to inspect the company’s scotch production facilities, the officials were also taken on recreational side-trips to Prague and Budapest. The SEC, not surprisingly, found those side trips to be improper under the FCPA.
The South Korean subsidiary also spent approximately $230,000 on “rice cake payments” (which are customary and traditional gifts in South Korea) and “Mokjuksaupbi” payments (non-traditional, non-seasonal gifts and entertainment) to members of the South Korean military.7 Some of these payments, which were individually very small, were approved by a senior Diageo compliance officer after an employee of the subsidiary stated that the company would face a competitive disadvantage if the payments were not made. The SEC, however, found these payments to be illegal.
WHO IS A GOVERNMENT OFFICIAL?
This past year, the question of who falls within the definition of a “government official” under the FCPA has been actively debated.8 Litigants and commentators alike have vigorously challenged the regulator’s expansive view that all employees of state-owned enterprises—irrespective of rank, position, or responsibility—are covered by the statute. Recently, for the first time in FCPA enforcement history, there is judicial guidance stating that the “nature and characteristics of the business entity” must be taken into consideration when analyzing who will be considered a government official.9
In Diageo, its Indian subsidiary paid more than $700,000 in cash to 900 or more employees of government-owned liquor stores. According to the SEC, Diageo’s subsidiary made the payments to increase government sales orders of its products and to secure favorable product placement and promotion within the stores. The SEC found these employees to be government officials, and the payments to them to be inappropriate under the FCPA. While Diageo did not, in settling this matter, challenge the SEC’s characterization of the liquor store employees as government officials, the recent case law on the issue raises the question of whether, if litigated, Diageo may have been able to mount a defense against these charges on the ground that a liquor store employee is not, under the FCPA, a “government official.”
BENEFITS OF COOPERATION
Much has been written about the potential advantages and disadvantages of self-reporting FCPA violations to the government, and cooperating in any investigation.10 Just how much “credit” a company receives by self-reporting and cooperating under the current enforcement regime is subject to debate. There is a widespread belief among practitioners that, in many instances, a company may not benefit at all by having reported the violation and, in some instances, it is in fact worse off. But federal regulators have actively tried to dispel this belief through recent enforcement actions highlighting the credit that companies receive by self reporting and by providing significant cooperation.
The Diageo case may be another effort by the SEC to demonstrate its commitment to crediting companies that cooperate. The SEC specifically acknowledged Diageo’s cooperation and remedial efforts in accepting the terms of the settlement.11 Though difficult to determine with any certainty, some facts that may show that credit was given for Diageo’s cooperation are that: (i) the SEC resolved the FCPA violations with an administrative cease-and-desist action only, rather than the more typical federal injunctive action; (ii) the SEC found only books and records and controls violations, rather than actual bribery; and (iii) the relatively low penalty of $3 million in an era where penalties ranging in the hundreds of millions of dollars are not unusual.
And, of course, it does not go unnoticed that the DOJ has not (to date) made an appearance in the matter.
INTERNATIONAL PATCHWORK OF REGULATIONS
Companies also need to be aware of the growing patchwork of anti-corruption laws to which they are subject, and cannot ignore the risks they face in foreign jurisdictions. For example, in the Diageo matter, two former Diageo Korea employees were convicted in South Korea for improper payments to a Korean customs official. Former employees were also convicted on various counts of tax evasion. In addition, the fact that Diageo was not charged in the UK is likely merely the result of the fact that the violations reach back several years, as the new UK Bribery Act would appear to squarely prohibit the activity described in the SEC order.
The Diageo case can be seen as a veritable checklist for companies trying to understand and assess current FCPA enforcement trends and issues. According to Scott Friestad, Associate Director of the SEC’s Division of Enforcement, “As a result of Diageo’s lax oversight and deficient controls, the subsidiaries routinely used third parties, inflated invoices and other deceptive devices to disguise the true nature of the payments.”12 Those issues, and the others noted above, should be viewed by companies and their compliance personnel as the first of many concerns to be assessed and mitigated when reviewing FCPA risks.