On November 14, 2012, the Criminal Division of the U.S. Department of Justice (DOJ) and the Enforcement Division of the U.S. Securities and Exchange Commission (SEC) released their much-anticipated FCPA guidance, entitled “A Resource Guide to the U.S. Foreign Corrupt Practices Act” (the Guide). Released just over a year after Assistant Attorney General Lanny A. Breuer announced that such guidance would be forthcoming in 2012, the Guide is a useful resource on myriad FCPA topics for both businesses and practitioners. To be clear, the 120-page Guide was not intended to provide an “academic” analysis of the sparse legal precedent, legislative history and competing statutory interpretations of the FCPA. Rather, the Guide is designed to outline the statute, and to offer some measure of transparency into DOJ and SEC enforcement priorities, theories, and approaches to exercising prosecutorial discretion in this area.
Before the Guide, businesses and practitioners attempting to understand DOJ’s and the SEC’s respective approaches to the FCPA were largely forced to “read tea leaves” by studying often opaque settlement agreements between FCPA defendants and DOJ and/or the SEC; attending conferences at which FCPA enforcement authorities were guest speakers; sifting through DOJ advisory opinions; and studying DOJ and SEC press releases. To that end, the Guide is a major development in that, for the first time, DOJ and the SEC have presented their collective views of FCPA issues in one, comprehensive, 120-page resource. While the Guide is non-binding and does not limit the enforcement options or litigating positions of any U.S. government agency, Principal Deputy Chief Jeffrey H. Knox of the Criminal Division’s Fraud Section described the guidance as similar to the U.S. Attorneys’ Manual, and noted that the legal community can be confident that authorities will act consistently with the guidance.i Thus, for the first time, businesses and practitioners have clear statements from the relevant authorities about numerous FCPA-related issues, and no longer have to rely on extrapolation from a variety of typically case-specific sources.
The Guide includes examples of actual enforcement cases and identifies red flags and risk factors to consider in addressing a number of recurring FCPA issues. It also includes a number of detailed hypotheticals that explain the U.S. government’s views on legal questions ranging from jurisdiction and successor liability to the interpretation of the term “foreign official” and the treatment of gifts, travel, and entertainment expenses. The Guide provides particularly valuable insight into how companies should prioritize specific activities and resources in their FCPA compliance programs.
Ultimately, however, the Guide does not alter the landscape of FCPA enforcement policy, or announce any groundbreaking changes to the government’s view of various FCPA issues. Since the Guide is primarily a compilation of government positions and statutory interpretations articulated over many years in enforcement actions, plea agreements, DOJ advisory opinions, jury instructions, and government press releases, there is little that is truly “new” in the Guide. Much of the guidance represents the government’s largely untested interpretations of the law, so questions regarding how courts might rule on a variety of issues remain unsettled.
Particularly Helpful Clarifications Presented in the Guide
The Guide provides the most meaningful and useful information in its coverage of the following topics:
1.) Definition of “Foreign Official”
Offering more clarity on the hot-button issue of who is a “foreign official” under the FCPA, the Guide explains the government’s interpretation of what constitutes an “instrumentality” of a foreign government.ii The Guide reiterates the government’s previously stated position that “instrumentality”—an otherwise undefined term—should be construed broadly, and that a state-owned or state-controlled enterprise can be an “instrumentality” even in situations where the foreign government is a minority investor in the enterprise and the enterprise has other attributes of a commercial business. For companies in many industries – particularly those with customers such as state-owned hospitals, oil companies, or banks—the Guide provides a non-exhaustive list of factors to consider when analyzing whether a potential business partner is likely to be deemed a “foreign official” by U.S. authorities for risk assessment purposes. These factors, which largely mirror the factors articulated in recent court decisions addressing the issue,iii include the circumstances surrounding the entity’s creation, the percentage owned by the state, the purpose of the entity’s activities, the level of state control over the entity, and the level of financial support provided by the foreign state (including subsidies, special tax treatment, government-mandated fees, and loans). With these parameters in mind, companies and practitioners alike will be able to perform more effective evaluations of potential business partners, and improve the quality of important risk assessments.
Importantly, the Guide acknowledges that an entity is unlikely to qualify as an instrumentality if a government does not own or control a majority of its shares. The Guide cautions, however, that other factual circumstances have led to enforcement actions for corrupt payments to employees of entities with less than 50% foreign government ownership. The overarching consideration in such cases appears to be the ability of the government to control the actions of the instrumentality. Notably, after providing insight into how the authorities will analyze the “foreign official” question, the Guide reiterates prior warnings that all corrupt payments carry a risk of prosecution, as bribes to employees of even private entities may still violate the FCPA’s accounting provisions, the Travel Act, anti-money laundering laws, or other federal laws.
2.) Hallmarks of an Effective FCPA Program
The Guide makes clear that, in deciding whether to take enforcement action against a corporate entity for FCPA violations, the government will consider whether a company has an effective compliance program in place. The Guide specifically explains that “effective” does not mean “perfect,” adding that DOJ and the SEC may decline to pursue charges or otherwise reward a company for its compliance program even if that program did not prevent the conduct that gave rise to the violation being investigated. For example, in April 2012, DOJ and the SEC declined to charge Morgan Stanley, stating that violations committed by an employee had occurred in spite of the company’s rigorous global anti-corruption program.iv In assessing whether a compliance program is effective, DOJ and the SEC will evaluate “common sense” factors such as whether the program is well-designed, applied in good faith, and actually implemented and working to prevent and detect corrupt payments.
According to the Guide, the general “hallmarks of an effective compliance program” are as follows: (1) a genuine commitment from senior management and a clearly articulated policy against corruption; (2) a Code of Conduct and written compliance policies and procedures; (3) dedication of sufficient resources and appropriate authority with adequate autonomy for oversight; (4) continual and targeted risk assessment; (5) communication of the compliance program throughout the organization through training and continuing advice; (6) enforcement of the program through positive incentives and appropriate and clear disciplinary procedures; (7) risk-based due diligence and ongoing monitoring of third-party relationships; (8) a mechanism for confidential reporting and an efficient, reliable, and properly funded process for investigation; and (9) continuous improvement of the program through periodic testing and review.
A primary theme that emerges from the Guide’s description of an effective compliance program is the importance of continual risk assessment and monitoring that will allow the program to continually grow and evolve. To be “effective,” an anti-corruption compliance program must be tailored to the organization’s specific needs, risks, and challenges. Above all, the government will emphasize not the mere existence of written policies and procedures, but rather the effective implementation and operation—the “bringing to life”—of those policies and procedures in preventing, detecting, and remediating violations. The Guide makes clear that, in order for their compliance programs to be deemed “effective,” companies must demonstrate that anti-corruption policies and procedures were routinely reviewed and amended to address ever-changing operational challenges and business relationships.
The Guide emphasizes that the financial and personnel resources a company devotes to FCPA compliance should be commensurate with the risks involved. The Guide stresses that companies should not devote a disproportionate amount of time to policing modest entertainment and gift-giving, but should instead focus on issues such as large government bids, questionable payments to third-party consultants, and excessive discounts to resellers and distributors. Enforcement officials are interested in companies spending compliance dollars in a cost-effective way to maximize their investment in addressing matters of real concern. The Guide explains that enforcement officials will give meaningful credit to comprehensive risk-based compliance programs, even if such programs do not prevent an infraction in a lowrisk area because greater attention and resources were devoted to higher-risk areas. Failure to perform a level of due diligence commensurate with the size and risk of a particular transaction will likely result in reduced credit for the quality and effectiveness of a company’s compliance program.
3.) Successor Liability
The Guide offers useful insight into how the government intends to exercise its prosecutorial discretion in FCPA cases arising from mergers and acquisitions. The hypothetical scenarios presented in this section of the Guide emphasize that enforcement officials have declined to take action in cases where a successor company voluntarily disclosed target misconduct to the relevant authorities, remediated the corrupt conduct, and cooperated with authorities. The Guide notes that most enforcement actions against successor companies have stemmed from pre-acquisition misconduct that was particularly egregious and sustained, or from situations in which the successor either participated directly or failed to stop misconduct after the acquisition closed.
The Guide highlights the importance of conducting risk-based analysis of a target company, and suggests several preclosing due diligence procedures for companies engaging in mergers and acquisitions. The Guide makes clear that the government’s primary focus is not simply on whether an acquiring company performed some level of due diligence, but also on whether it actually addressed any issues identified through the due diligence. If an acquiring company detects a problem, the Guide emphasizes that it should identify the employees and business units involved, stop the improper behavior, and promptly bring the acquired company into compliance. Where pre-acquisition due diligence is not possible, an acquiring company can decrease the likelihood of an enforcement action through appropriate postacquisition due diligence, voluntary disclosure, cessation and remediation of the offending conduct, and implementation of an effective compliance program. The Guide emphasizes that, post-closing, acquiring companies should promptly train the acquired company’s employees and third-parties and otherwise integrate the new company into the acquiring company’s compliance program. Acquiring companies also should consider conducting an FCPA-specific audit of the newly-acquired entity as quickly as possible upon closing.
Because DOJ and the SEC do not typically publicize matters in which they have declined to take enforcement action, understanding how these authorities have exercised their discretion in the FCPA realm has proven difficult. In an open discussion of the government’s approach to declinations, the Guide provides a number of real-world examples in which DOJ and the SEC declined to take enforcement action. In most of the examples, declination was considered appropriate where the company had a robust compliance program in place, detected the corruption or problematic activity, voluntarily disclosed it to the government, cooperated with the government’s investigation, and implemented appropriate remedial measures. The Guide suggests that enforcement officials will credit evidence that the disclosing company’s internal controls are working and effectively detected the problem. The Guide also notes that remedial measures should be meaningful and illustrate the company’s recognition of the seriousness of the misconduct, including taking disciplinary measures against responsible employees and ending relationships with intermediaries that were responsible for corrupt payments.
What the Guide Does Not Address
The Guide does not provide meaningful new guidance on a number of nuanced questions that routinely confront practitioners and large companies with well-established compliance programs. For example, while the Guide openly discusses the credit that could be given for “effective” compliance programs, it is silent on the potential benefits of an “adequate procedures” affirmative defense. Comments from enforcement officials in the days following the Guide’s release suggested that such an affirmative defense is not likely without Congressional action. Assistant Attorney General Lanny Breuer expressed concern that such a defense might result in a “race to the bottom” and invite litigation focused on the merits of the compliance program rather than the underlying bribes. Thus, although not explicitly stated in the Guide, it appears that the FCPA enforcement authorities remain opposed to any affirmative defense based on adequate compliance procedures.
The Guide also fails to provide a formula for determining monetary sanctions in FCPA settlements, another area that practitioners and companies often find inscrutable. For example, despite suggestions throughout the Guide of a real, tangible benefit for voluntary disclosure and cooperation, quantifying the actual benefit received from self-disclosure remains difficult.
The Guide is a welcome resource that helpfully collects and reiterates the government’s positions on a range of important and recurring issues in FCPA enforcement. While it does not break new ground, its examples and hypotheticals should provide authoritative guidance for companies and practitioners when evaluating FCPA concerns and anticipating the government’s perspective and expectations.