On November 14, 2012, the Department of Justice (“DOJ”) and Securities and Exchange Commission (“SEC”) released A Resource Guide to the Foreign Corrupt Practices Act, available here (the “Guide”). In its 10 chapters, the Guide provides an overview of the current state of the FCPA as interpreted by the courts, the DOJ and the SEC. In addition to setting forth black-letter law, the Guide provides concrete examples of the FCPA’s practical application through hypotheticals and through anonymized anecdotes in which the government declined to prosecute, constituting what Assistant Attorney General Lanny Breuer described as perhaps “the most comprehensive effort ever undertaken by either the Justice Department or the SEC to explain [their] approach to enforcing a particular statute.” The following is an outline and summary of the Guide.
- Introduction (Chapter 1)
The Introduction gives an overview of the Foreign Corrupt Practices Act (“FCPA”). A brief historical background is provided, and then the respective roles and responsibilities of the DOJ and SEC are discussed. The chapter also includes an overview of anti-bribery and anti-corruption efforts in the United States and internationally (e.g., the OECD Working Group on Bribery).
- The FCPA: Anti-Bribery Provisions (Chapter 2)
- Who is covered by the FCPA?
Issuers, domestic concerns, and certain persons (in addition to issuers and domestic concerns) acting while in the territory of the United States are all subject to the FCPA’s anti-bribery provisions.
- Issuers: The Guide states that a company is an issuer if (1) it is listed on a national securities exchange in the United States; or (2) the company’s stock trades in the over-the-counter market in the United States and the company is required to file SEC reports. A company need not be a U.S. company to be considered an issuer. Officers, directors, employees, agents, or stockholders acting on behalf of an issuer, and any co-conspirators, also can be prosecuted under the FCPA.
- Domestic concerns: Any individual who is a citizen, national, or resident of the United States, and any business entity that is organized under the laws of the United States or has its principal place of business in the United States is a domestic concern. Again, officers, directors, employees, agents, or stockholders acting on behalf of a domestic concern are covered.
- Territorial jurisdiction: As of 1998 the FCPA’s anti-bribery provisions apply to foreign persons and non-issuer entities that engage in any act in furtherance of a corrupt payment while in the territory of the United States
- Jurisdictional Conduct
The Guide notes that the FCPA’s anti-bribery provisions apply to conduct both inside and outside the United States. Issuers and domestic concerns may be prosecuted for using U.S. mail or any other means of instrumentality of interstate commerce in furtherance of a corrupt payment. The Guide was careful to note that “interstate commerce” includes the intrastate use of any interstate means of communication. Persons or entities that are not issuers or domestic concerns are subject to prosecution if they engage in any act in furtherance of a corrupt payment while in the territory of the United States, regardless of whether they utilize a means or instrumentality of interstate commerce.
- Business Purpose Test
The Guide reiterates that the FCPA is not limited to just bribes used to obtain or retain government contracts, but extends to any bribes in the conduct of business or to gain a business advantage, and gives examples from recent case law of such conduct (e.g., bribes to obtain favorable tax treatment, and improperly expediting the importation of goods and equipment).
- “Corruptly” and “Willfully”
The Guide is clear that the FCPA focuses on intent and does not require a corrupt act to establish a violation. The Guide noted that while the term “willfully” is not defined in the FCPA, “it has generally been construed by courts to connote an act committed voluntarily and purposefully, and with a bad purpose. . . . Notably, as both the Second Circuit and Fifth Circuit have found, the FCPA does not require the government to prove that a defendant was specifically aware of the FCPA or knew that his conduct violated the FCPA.”
- “Anything of Value”
There is no minimum threshold amount for bribes under the FCPA. While cash is the most obvious form of corrupt payments, the Guide also provides examples of other improper payments, such as gifts, travel, entertainment, and charitable contributions. A lengthy hypothetical is provided to underscore what is permitted and what is not.
- “Foreign Official”
The Guide states that the FCPA is broadly applied to corrupt payments to any officer or employee of a foreign government and to those acting on the government’s behalf.
Regarding “instrumentalities,” the Guide states that this term is interpreted broadly as well, and that whether a particular entity constitutes an instrumentality “requires a fact-specific analysis of an entity’s ownership, control, status, and function.” The Guide provides a list of factors some courts have considered in the context of approving final jury instructions. While no one factor is dispositive, “an entity is unlikely to qualify as an instrumentality if a government does not own or control a majority of its shares.” However, the Guide contains a warning that the DOJ and SEC have brought limited enforcement actions involving such entities in the past.
- Third Party Payments
The FCPA expressly prohibits corrupt payments made through third parties. In this section the Guide focuses on the definition of “knowing,” making clear that actual knowledge is not required, and that liability may be imposed on those who purposefully avoid actual knowledge. A list of common “red flags” associated with parties is included in the Guide.
- Affirmative Defenses
The “local law” and “reasonable and bona fide business expenditure” defenses are each discussed. As to the former, the Guide notes that the absence of written law in a country is not by itself sufficient to satisfy this defense. The 2011 Kozeny case, in which the defendant unsuccessfully asserted this defense, is also discussed. Regarding the “reasonable and bona fide expenditures” defense, the Guide notes that the following types of expenditures are permissible: travel and expenses to visit company facilities or operations; travel and expenses for training; and product demonstration or promotional activities. The Guide also provides list of safeguards, gleaned from several releases, to help businesses evaluate whether a particular expenditure may expose them to liability under the FCPA.
- Facilitating or Expediting Payments; Extortion or Duress
Examples of facilitating and expediting payments—which are permissible under the FCPA—are provided, along with hypothetical examples. In its discussion of extortion and/or duress, the Guide again discusses the 2011 Kozeny case and notes that mere economic coercion does not amount to extortion.
- Parent-Subsidiary and Successor Liability
This portion of the Guide focuses mostly on successor liability. Practical tips for reducing FCPA risk in mergers and acquisitions are provided. For specific due diligence challenges (e.g., limited pre-acquisition due diligence available to the prospective acquiring company), the Guide notes that one option is to seek an opinion from the DOJ in anticipation of the acquisition. For acquisitions not requiring the type of prospective assurances contained in an opinion from the DOJ, the Guide notes that the DOJ and SEC encourage acquirers to (1) conduct thorough risk-based FCPA and anti-corruption due diligence; (2) ensure that the acquirer’s code of conduct regarding the FCPA applies as quickly as possible to newly acquired entities; (3) train directors, officers, and employees of newly acquired entities; (4) conduct an FCPA-specific audit of newly acquired entities; and (5) disclose any corrupt payment discovered as part of the acquirer’s due diligence. Acquirers that undertake such actions will be given “meaningful credit” by the DOJ and SEC, and “in appropriate circumstances, DOJ and SEC may consequently decline to bring enforcement actions.” The Guide notes that action against successor companies has been limited, “generally in cases involving egregious and sustained violations or where the successor company directly participated in the violations or failed to stop the misconduct from continuing after the acquisition.” Instead, it is more typical for the DOJ and SEC to pursue enforcement actions against the predecessor company. Multiple hypotheticals are offered in this section.
- Accounting Provisions (Chapter 3)
This chapter provides a comprehensive overview of the books and records and internal controls provisions of the FCPA. In addition, it summarizes certain other obligations of issuers and their management. This chapter also distinguishes accounting violations for which companies and individuals may face civil liability and those for which they may face criminal liability. Lastly, the chapter addresses auditors’ obligations.
- Books and Records
The Guide notes that bribes are often mischaracterized in companies’ books and records, and that the FCPA requires issuers to make and keep books, records and accounts “in reasonable detail,” defined as the level of detail that would “satisfy prudent officials in the conduct of their own affairs.” The Guide further notes that in instances where all the elements of a violation of the anti-bribery provisions are not met, companies nonetheless may be liable if the improper payments are inaccurately recorded. As with the anti-bribery provisions, the Guide continues, the DOJ’s and SEC’s enforcement of the books and records provision has typically involved misreporting of either large bribe payments or widespread inaccurate recording of smaller payments made as part of a systemic pattern of bribery. The Guide provides a list of common mischaracterizations of bribes, including “commissions or royalties,” “consulting fees,” “scientific incentives or studies” and “after sales service fees,” and anonymized anecdotes of companies that have violated the books and records provision.
- Internal Controls
Internal controls over financial reporting are the processes used by companies to provide reasonable assurances regarding the reliability of financial reporting and the reparation of financial statements. Like the “reasonable detail” requirement in the books and records provision, the FCPA defines “reasonable assurances” as “such level of detail and degree of assurance as would satisfy prudent officials in the conduct of their own affairs.” The Guide observes that the FCPA does not specify a particular set of controls that companies are required to implement, but rather that the internal controls provision gives companies the flexibility to develop and maintain a system of controls that is appropriate to their particular needs and circumstances. The Guide provides that the design of a company’s internal controls must take into account the operational realities and risks attendant to the company’s business, such as (1) the nature of the company’s products or services; (2) how the company’s products or services get to market; (3) the nature of the company’s work force; (4) the degree of regulation over the company and its products or services; (5) the extent of the company’s interaction with government officials; and (6) the degree to which the company has operations in countries with a high risk of corruption. The Guide also provides anonymized anecdotes of companies that have violated the internal controls provision.
- Other Obligations
The Guide notes that issuers are required to make periodic filings, including annual reports, with the SEC under Section 13(a) of the Securities Exchange Act of 1934, as amended (the “Exchange Act”), and that failure to properly disclose material information about the issuer’s business may give rise to anti-fraud and reporting violations under the Exchange Act. The Guide also addresses certain obligations of issuers’ management under the Sarbanes-Oxley Act of 2002, including the requirement that management certify in the company’s SEC’s filings (1) the integrity of the company’s filed financial statements and (2) the effectiveness of the company’s internal controls over financial reporting.
The Guide describes the issuers to which the FCPA’s accounting provisions apply, and points out that their consolidated subsidiaries and affiliates are covered, too. Thus, the Guide observes, an issuer’s responsibility extends to ensuring that subsidiaries and affiliates under the issuer’s control, including foreign subsidiaries and joint venture partners, comply with the accounting provisions. An anonymized anecdote demonstrates the application of the accounting provisions to an issuer’s joint venture partners. The Guide recognizes that issuers might not be able to exercise the same level of control over a minority-owned subsidiary or affiliate as they do over a majority or wholly owned entity. Consequently, issuers are required to use only “best efforts” to cause minority-owned subsidiaries or affiliates to devise and maintain a system of internal accounting controls consistent with the issuer’s own obligations under the FCPA.
- Civil Liability
The Guide explains that companies and individuals may also face civil liability for aiding and abetting or causing an issuer’s violation of the accounting provisions, for falsifying an issuer’s books and records, for circumventing internal controls, for making false statements to a company’s auditors, and for signing false personal certifications that are required by Sarbanes-Oxley. The Guide gives several examples of enforcement actions to illustrate this point.
- Criminal Liability
The Guide further explains that criminal liability may be imposed on companies and individuals for knowingly failing to comply with the books and records provision or the internal controls provision. The Guide clarifies that individuals are subject to criminal liability for accounting violations only if they acted “willfully.” Again, the Guide provides illustrative examples. The Guide also covers the imposition of criminal liability on companies and individuals for conspiring to commit, or for conspiring to aid and abet, violations of the FCPA’s accounting provisions.
- Auditor Obligations
Lastly, this chapter touches upon the obligations of auditors of public companies, pointing out that independent auditors who discover an illegal act, such the payment of a bribe to a domestic or foreign government official, have certain obligations in connection with their audits of public companies. Generally, the Guide observes, Section 10A of the Exchange Act requires auditors who become aware of illegal acts to report such acts to appropriate levels within the company and, if the company fails to take appropriate action, to notify the SEC.
- “Other Related U.S. Laws” (Chapter 4)
The Guide provides a very brief overview of other statutes or regulations that may be implicated by the same conduct governed by the FCPA, including the Travel Act, anti-money laundering statutes, mail and wire fraud statutes, the Arms Export Control Act (AECA), the International Traffic in Arms Regulations (ITAR), and tax law.
- “Guiding Principles of Enforcement” (Chapter 5)
The DOJ is guided by the Principles of Federal Prosecution (in the case of individuals) and the Principles of Federal Prosecution of Business Organizations (in the case of companies), both of which are set forth in the U.S. Attorney’s Manual. Nine factors are considered when determining whether to charge a corporation: (1) the nature and seriousness of the offense; (2) the pervasiveness of the wrongdoing; (3) the corporation’s history of similar misconduct; (4) the corporation’s timely and voluntary disclosure, and its willingness to cooperate; (5) the existence and effectiveness of the corporation’s pre-existing compliance program; (6) the corporation’s remedial actions; (7) collateral consequences (e.g., harm to shareholders, pension holders, and employees); (8) the adequacy of the prosecution of individuals responsible; and (9) the adequacy of alternative remedies.
The Guide notes that the SEC “considers a number of factors, including: the statutes or rules potentially violated; the egregiousness of the potential violation; the potential magnitude of the violation; whether the potentially harmed group is particularly vulnerable or at risk; whether the conduct is ongoing; whether the conduct can be investigated efficiently and within the statute of limitations period; and whether other authorities, including federal or state agencies or regulators, might be better suited to investigate the conduct.”
- Cooperation and Remedial Efforts
The Guide states that “both DOJ and SEC place a high premium on self-reporting, along with cooperation and remedial efforts, in determining the appropriate resolution of FCPA matters.” Willingness to cooperate is given “serious consideration” by the DOJ when deciding whether to enter into a plea agreement. The Sentencing Guidelines also take into consideration an individual’s cooperation and an organization’s remedial efforts.
The SEC primarily looks at four factors, set forth in its 2001 Report of Investigation Pursuant to Section 21(a) of the Securities Exchange Act of 1934 and Commission Statement on the Relationship of Cooperation to Agency Enforcement Decisions(commonly known as the Seaboard Report), when evaluating a company’s cooperation: (1) self-policing prior to the discovery of the misconduct; (2) self-reporting of the misconduct when it is discovered; (3) remediation; and (4) cooperation. The Guide is careful to note, however, that “this analytical framework sets forth general principles but does not limit SEC’s broad discretion to evaluate every case individually on its own unique facts and circumstances.”
As to evaluating an individual’s cooperation, SEC also has four factors: (1) the assistance provided in SEC’s investigation or related enforcement actions; (2) the importance of the matter in which the individual provided cooperation; (3) the societal interest in ensuring the individual is held accountable; and (4) the appropriateness of cooperation credit in light of the profile of the individual.
- Compliance Programs
The Guide devotes significant attention to corporate compliance programs, deeming them “a critical component of a company’s internal controls” and “essential to detecting and preventing FCPA violations.” A compliance program may influence, among other things: (1) the government’s decision whether charges should be resolved through a deferred prosecution agreement or a non-prosecution agreement; (2) the length of such agreements; (3) the term of corporation probation, (4) the penalty amount, and (5) the need for a monitor or self-reporting.
While acknowledging that neither the DOJ nor SEC “hold companies to a standard of perfection” and that “there is no one-size-fits-all program,” the Guide does offer some basic hallmarks of effective compliance programs:
- Commitment of corporate leaders to compliance, which is also reinforced and implemented by all employees;
- Codes of conduct and policies and procedures that are effective, current, and accessible (e.g., availability in local languages;
- Persons assigned responsibility for the compliance program who have authority, autonomy, and sufficient resources;
- Risk assessments that perform due diligence based upon the size and risk of the transaction;
- Training that is appropriate and targeted for the particular audience;
- Disciplinary measures that are clear, applied consistently and promptly, and commensurate with the violation;
- Third party due diligence: companies should “understand the qualifications and associations of its third-party partners”; should “have an understanding of the business rationale for including the third party in the transaction”; should review payments terms and confirm that the third party is actually performing work and that the compensation is appropriate for the work performed; and should “undertake some form of ongoing monitoring of third-party relationships”;
- Mechanism for employees to report misconduct without fear of retaliation, and, when such reports have been made, a process for investigating allegations;
- Efforts to review and test controls and assess potential weaknesses: the Guide gave the example of employee surveys and targeted audits;
- Adequate, effective FCPA due diligence prior to a merger or acquisition; and
- Promptly incorporating acquired companies into all of the acquiring company’s internal controls: the Guide suggests that “[c]ompanies should consider training new employees, reevaluating third parties under company standards, and where appropriate, conducting audits on new business units.”
- Penalties (Chapter 6)
The Guide offers a brief overview of the potential criminal and civil penalties for companies and individuals. Potential criminal penalties include: (1) fines for each violation of the anti-bribery provisions (up to $2 million for corporations and other business entities, and up to $100,000 and up to five years in prison for individuals); (2) fines for each violation of the accounting provisions (up to $25 million for corporations and other business entities, and up to $5 million and 20 years in prison for individuals); and (3) higher fines per the Alternative Fines Act. As for civil penalties, corporations and individuals are subject to civil penalties of up to $16,000 for each violation of the anti-bribery provisions. For violations of the accounting provisions fines may range from $7,500 to $150,000 for an individual and $75,000 to $725,000 for a company.
The Guide notes that individuals and companies who violate the FCPA may face additional consequences beyond fines and imprisonment, such as suspension or debarment and loss of export privileges.
Finally, a company may be required to retain independent compliance consultants or third-party monitors.
- Resolutions (Chapter 7)
The Guide notes that the following types of resolutions are available for charges brought against individuals and companies by the DOJ: plea agreements; deferred prosecution agreements; non-prosecution agreements; and declinations. The Guide provides a quick overview of all four of these options. The Guide also lists the factors prosecutors consider when deciding whether to decline bringing a case against an individual.
Resolutions with the SEC include civil injunctive actions and remedies; civil administrative actions and remedies; deferred prosecution agreements; non-prosecution agreements; and declinations.
The Guide provides anonymized examples of matters DOJ and SEC have declined to pursue, listing various factors that were taken into consideration.
- Whistleblower Protection (Chapter 8)
The Guide quickly notes that the Sarbanes-Oxley Act and Dodd-Frank Act both provide protection to whistleblowers who report FCPA violations. The latter Act also provides monetary awards to certain individuals who bring information to the SEC.
- “DOJ Opinion Procedure” (Chapter 9)
The last substantive chapter of the Guide gives an overview of the process for obtaining an opinion from the DOJ regarding whether proposed conduct falls within its enforcement policy. The Guide states that parties seeking an opinion should do the following: (1) evaluate whether their question relates to actual, prospective conduct as DOJ will only issue opinions on prospective conduct; (2) check that they are either an issuer or a domestic concern (only those categories of parties may receive an opinion); (3) put their request in writing, being specific and attaching all pertinent material; (4) sign the request; and (5) submit an original and five copies of the request to the Assistant Attorney General in charge of the Criminal Division. The DOJ should issue an opinion within 30 days.