In recent statements, officials from the Department of Justice (“DOJ”) and Securities and Exchange Commission (“SEC”) with responsibility for enforcement of the Foreign Corrupt Practices Act (“FCPA”) have strongly signaled that the financial services sector will be an area of focus for their agencies going forward, especially in the context of merger and acquisition due diligence.
Companies in the financial services sector can easily inherit or incur FCPA liability. Intermediaries that direct investments while having knowledge of corrupt payments by investment targets can be prosecuted under the FCPA’s antibribery provisions, and companies that take any ownership interest in a target thereby risk successor liability for FCPA antibribery and accounting violations. Considering enforcement officials’ recent public comments about the financial services industry, financial services companies ought to expect an increase in both the number of FCPA investigations and the government’s expectations for such companies’ anti-corruption compliance programs.
An Early Example: Omega Advisors, Inc.’s Investment in Azerbaijan
In June 2007, the hedge fund Omega Advisors, Inc. (“Omega”), a domestic concern under the FCPA, entered into a nonprosecution agreement (“NPA”) to resolve an investigation into its investment in Azerbaijan’s privatization of the state-owned oil company. Omega’s investment occurred after one of its employees acquired knowledge that foreign officials were going to financially benefit from the investment. This knowledge could have been imputed to the company; however, Omega received a NPA because it cooperated with enforcement authorities, took remedial actions, and lacked any criminal history. The DOJ also considered the successful prosecution of the Omega employee in deciding to agree to the NPA. Although Omega itself avoided a criminal prosecution, Omega lost its $100 million investment when privatization ultimately did not occur and incurred the legal expense and reputational harm attendant to resolving this issue.
Law Enforcement Is Increasing its Focus on the Financial Services Industry
On November 18, 2008, Mark F. Mendelsohn, Deputy Chief of the Fraud Section at the US Department of Justice, candidly stated that the financial services industry, as a whole, has been less scrutinized by law enforcement for FCPA violations than have other industries, such as oil and gas, transportation, and medical devices. Mendelsohn suggested that the financial services industry’s conduct could “pose risks” under the FCPA and promised that the financial services industry “will be in focus” going forward.
This increased attention on the financial services industry comes at a time of increased FCPA enforcement. Mendelsohn noted that within the past several years the DOJ and FBI have dedicated more attorneys solely to FCPA matters. Mendelsohn observed that the FBI resources bring more of a “reliance on traditional law enforcement techniques” to FCPA enforcement, “like search warrants, wiretaps, [and] early morning interrogations.” As a result, “we’re putting people in jail now… [for] meaningful jail terms.” Fredric D. Firestone, an Associate Director in the SEC’s Division of Enforcement, agreed that the DOJ’s “putting people in jail for violating the law… gets attention,” but he emphasized that the SEC would pursue individuals, particularly US citizens, for civil FCPA violations even in the absence of a parallel DOJ investigation.
Government officials’ statements have focused on mergers, acquisitions, and initial public offerings and have stressed the importance of due diligence, particularly in light of the government’s broad theories of successor liability.
- Increased Scrutiny of M&A Activity and IPOs
On September 11, 2008, Mendelsohn identified as a new trend the “increased attention to foreign payments issues in the context of transactions,” such as mergers and acquisitions and initial public offerings. Mendelsohn attributed this to increased due diligence as a result of Sarbanes-Oxley.1 According to Mendelsohn, Sarbanes Oxley “has brought a new focus on corporate internal controls. It made corporate officers and directors personally responsible for those controls. That in turn has brought increased attention and scrutiny by legal and accounting to foreign payments issues.” Gerald W. Hodgkins, an Assistant Director in the SEC’s Division of Enforcement, confirmed that “lots” of SEC reviews of foreign payments “are coming in as a result of M&A activity.”
- Importance of Due Diligence
On September 11, 2008, Mendelsohn said that pre-merger FCPA due diligence is “one of the most critical factors we consider” when making charging decisions related to merger activity. The “nature and quality” of premerger due diligence are particularly important. If a company were unable to conduct effective pre-merger due diligence, Mendelsohn stated that it would be very important for that company to respond “aggressively and quickly” postmerger. While he did not establish a bright line, he stated that waiting for one year to look for and fix FCPA problems would not be adequate.
On November 18, 2008, Mendelsohn elaborated further:
There’s an expectation that a company will take efforts, to the maximum extent [possible], in the preacquisition context for due diligence. The conditions may be less than ideal. We want the company to demonstrate risk-based, intelligent efforts to identify and deal with corruption.
Mendelsohn pointed to DOJ FCPA Opinion Procedures Release 08-02 for guidance on what companies facing obstacles to preclosing due diligence should do post-closing. Halliburton, the requestor in 08-02, faced with legal restrictions on its ability to conduct preacquisition due diligence on a UK company, agreed to undertake vigorous post-closing due diligence and report any FCPA violations to the DOJ, in exchange for the DOJ’s agreement to take no action against Halliburton for pre- or postacquisition FCPA violations by the target disclosed to the DOJ within 180 days of the closing. Mendelsohn explained that “the Department had a high degree of comfort [with Halliburton] because of aggressive post-acquisition due diligence work [and its] rigorous approach.” Mendelsohn cautioned that “the Department would be less comfortable” if Halliburton had not taken immediate action and instead “years later talking about a legacy of corruption that had just been discovered.”
Conducting due diligence, particularly due diligence that will meet the government’s expectations, is important in light of the government’s theories of successor liability in the FCPA context.
- Successor Liability
In a statement that might well portend a change in enforcement practices, Mendelsohn argued that the DOJ could prosecute an acquiring company for past acts of an acquired company that would have violated the FCPA had the acquired company been subject to the FCPA. He referred to a “whole body of case law” supporting this approach and characterized past decisions by the DOJ to prosecute only the acquired company as exercises of discretion. Mendelsohn noted that when exercising such discretion, one of the most critical factors is the nature, extent, and quality of the preacquisition due diligence conducted by the acquiring company.
This is a potentially explosive issue for US companies making acquisitions in business cultures where corrupt payments may be common but local law either does not prohibit business bribery or any such prohibition is not well enforced. We believe that the US government’s position on this issue is not well founded and can be challenged, but companies would be well advised to keep this in mind during acquisitions because steps taken at that stage may be important to any subsequent defense and challenge to a government investigation.
- Underuse of DOJ’s Opinion Procedures Release Program
A possible way to address ambiguity in the FCPA’s application to the financial services industry would be for companies to avail themselves of the DOJ’s FCPA Opinion Procedures Release program. Mendelsohn encouraged more companies to do so. “[I]n almost any other arena, [the DOJ] is not going to give you an advisory opinion on whether what you are about to do is a crime or not,” Mendelsohn said. “They are just going to let you do it. If it’s a crime, we’ll bring charges. Under [the Opinion Procedures Release] program, you actually can… get a binding legal opinion that will protect you and will give you some guidance as to how you can conduct your business.” He noted that this process is especially valuable for “more sophisticated questions” beyond “routine travel and entertainment” issues. Increased enforcement of the FCPA in the financial services industry is likely to present issues ripe for the DOJ’s FCPA Opinion Procedures program, which can be an invaluable resource for companies facing novel or complex FCPA issues.
Application of the FCPA to the Financial Services Industry
These recent statements directed at the financial services industry’s FCPA compliance warrant a brief overview of the FCPA, its application to this industry, and the penalties for violating the FCPA.
- Overview of the FCPA
The FCPA imposes criminal and civil liability for the bribery of foreign officials to obtain or retain business and for the failure of “issuers,” defined below, to maintain books and records that accurately reflect the disposition of company assets and to institute proper internal controls concerning the authorization of transactions.2 The provisions of the FCPA prohibiting bribery of non-US government officials are known as the “antibribery provisions,” and the provisions of the FCPA requiring proper books and records and adequate internal controls are known as the “accounting provisions.”
For the purposes of the FCPA, “issuers” are companies that have securities registered with the SEC under § 12 of the 1934 Securities Exchange Act3 or companies that must file reports under § 15(d) of the 1934 Act. Foreign companies holding American Depositary Receipts (“ADRs”) qualify as issuers and are therefore covered by the accounting provisions.4 “Domestic concerns” are business entities organized under US laws or with their principal place of business in the US, as well as any individual “who is a citizen, national or resident of the United States.”5
–– The Antibribery Provisions
The FCPA prohibits directly or indirectly offering, paying, promising, or authorizing to pay money or anything of value to any foreign official to obtain or retain business. This prohibition applies to issuers,6 domestic concerns,7 and other persons whose prohibited conduct occurs “while [they are] in the territory of the United States.”8
Parent corporations, corporations that are members of joint ventures, and corporations that employ third-party agents (i.e., consultants, brokers, or distributors) can be held civilly and criminally liable for improper payments made by their subsidiaries, joint ventures, or third-party agents. Such liability is possible if, for example, an issuer’s subsidiary, joint venture, or third-party agent makes improper payments, and the parent, member of the joint venture, or its employees “authorized, directed, or controlled the activity in question.”9
–– The Accounting Provisions
The accounting provisions apply only to issuers.10 The books and records portion of the accounting provisions requires issuers to “make and keep books, records, and accounts, which in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the issuer.”11 Reasonable detail requires a “level of detail… as would satisfy prudent officials in the conduct of their own affairs.”12 The books and records portion of the accounting provisions are designed to ensure that an issuer’s records “include information that would alert the SEC to any possible impropriety.”13
The internal controls provision requires issuers to “devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that” transactions are properly authorized.14 The term “reasonable assurances” requires such degrees of assurance as would satisfy prudent officials in the conduct of their own affairs.15 In practice, this means that issuers must “use accepted methods of accounting when recording economic transactions.”16
- Penalties for FCPA Violations
Penalties for violations of the FCPA include injunctive relief, substantial criminal and civil fines, forfeiture or disgorgement of profits related to the FCPA violation, prison time, and debarment from participating in US government contracts. The antibribery provisions carry maximum criminal fines of US$2 million for organizations and US$250,000 for individuals, or up to twice the pecuniary gain derived or loss caused by the conduct, and these maximums increase to US$25 million for organizations and US$5 million for individuals for violations of the accounting provisions.17 Individuals face maximum prison terms of five years for violating the antibribery provisions and twenty years for violating the accounting provisions.18
- Application of the FCPA to the Financial Services Industry
For the antibribery provisions, knowledge of the corrupt payments or control over the investment target’s actions will cause liability to accrue in the equity owner or joint venture partner because traditional principles of agency law apply under the FCPA.
An issuer is strictly liable for civil damages arising out of a subsidiary’s or joint venture partner’s violations of the accounting provisions when the issuer owns more than 50 percent of the subsidiary or joint venture.19 Such an issuer also faces criminal liability for a violation of the accounting provisions if the issuer had knowledge of the violations.20
Ownership of 50 percent of less, however, does not absolve the issuer of liability: FCPA liability can still result where there is less than 50 percent ownership if an issuer did not “proceed in good faith to use its influence, to the extent reasonable under the issuer’s circumstances, to cause [such subsidiary or joint venture] to devise and maintain [an appropriate] system of internal accounting controls.”21
The recent resolution of an FCPA investigation into the hedge fund Omega Advisors, Inc. illustrates how the antibribery provisions apply to financial services companies and the risks—reputational, financial, and legal—that even potential FCPA liability carries.
Other Relevant Anti-Corruption Laws
The DOJ often charges violations of the mail and wire fraud statutes concurrently, or in lieu of, charges of violating the FCPA.22 The mail and wire fraud statutes prohibit the use of the US mails or interstate wires to perpetuate a fraud and carry a maximum prison sentence of thirty years.23 Additionally, federal antimoney laundering laws prohibit the use of proceeds from “specified unlawful activities,” including the FCPA,24 as well as the circumvention of reporting requirements.25 The money laundering statutes carry a maximum sentence of twenty years.26
Effective Management of FCPA Risk
Financial services companies can effectively manage FCPA risk by incorporating FCPA compliance into traditional riskmanagement practices. Generally, effective reviews consist of four phases: (1) analysis of relative risk across all corporate functions and operating entities, (2) selected onsite reviews or detailed questionnaires for higher-risk functions, entities, or locations, (3) identification of the most significant risks and how to mitigate these risks, and (4) reporting or presenting the results to management. The costs of conducting such a review, even if compliance problems ultimately result in fines, are considerably less than if the problems are willfully ignored, and a compliance review will reduce the risk of future violations, reduce waste, and signal to the DOJ and SEC—in the event of a future investigation—the company’s sincere commitment to compliance with the law. The recent statements by law enforcement officials are a clear warning to the financial services industry that the DOJ and SEC will be closely scrutinizing the industry’s commitment to complying with the FCPA; this commitment should add new emphasis and urgency to financial services companies’ FCPA compliance efforts.
A copy of the DOJ FCPA Opinion Procedure Release 08-02 can be found here: http://www.usdoj.gov/criminal/fraud/fcpa/opinion/2008/0802.html
The DOJ press release regarding Omega Advisors, Inc. can be found here: www.usdoj.gov/usao/nys/pressreleases/July07/omeganonprospr.pdf