When first introduced to the tenets of the FCPA, there are two apparently unassailable doctrinal boundaries: (1) the FCPA concerns bribe payments made to foreign government officials (not private parties); and (2) the FCPA concerns paying not receiving a bribe. But the SEC’s recent use of the “books and records provision” (15 U.S.C. §78m) tests how steadfast those tenets are.
The SEC has jurisdiction over entities that issue securities in U.S. markets, and the books and records provision generally prohibits a company from falsely recording transactions in accounting records that are ultimately incorporated into public investor filings. In the realm of anti-corruption enforcement, the SEC has traditionally used this provision to either tack on liability when a bribe payment has been made and subsequently concealed in the company’s accounting records or as a catch-all when evidence of some element of the FCPA’s more substantive bribery requirements is lacking or difficult to prove. In the last six months, however, the SEC has used the books and records provision on multiple occasions to pursue companies who do not seem to be within the gamut of traditional FCPA enforcement whatsoever.
That first tenet was tested in the SEC’s September 28, 2018 enforcement action against Stryker Corporation, in which the SEC found books and records violations for inadequate documentation of transactions with private hospitals and healthcare providers in India. Company audits revealed overbilling practices by dealers that resulted in improper benefits for “private hospitals in India (mostly large, corporate hospitals)” to those hospitals, and travel expenses and consulting fees paid to doctors of these private hospitals without adequate documentation. Nowhere in the SEC order’s description of the books and records violations is there mention of a government official or state-owned entity.
Tenet number two was challenged by the widely publicized enforcement actions against Petrobras and Electrobras, issued on September 27, 2018 and December 26, 2018 respectively. Petrobras, itself a Brazilian state-owned entity, is alleged to have engaged in sweeping bribery schemes with various contractors and suppliers who devised kickback arrangements and paid direct bribes to Petrobras executives in exchange for contract awards and favorable terms. The SEC did not allege in the Petrobras case, considered to be the largest FCPA enforcement action in history, that Petrobras made any improper payments, just that the company’s books and records misstated the value of assets and expenses where the costs of the bribes had been hidden. Electrobras, similarly a Brazilian state-owned entity, was pursued by the SEC because company officials received bribes from construction companies in a bid-rigging and bribery scheme concerning a nuclear powerplant. And similarly, the books and records of Electrobras were alleged to have been misstated because the costs to pay the bribes were concealed within the cost of the projects being performed by the construction companies.
So it seems that it is time that we begin to view the FCPA’s books and records provision more expansively, as not just a catch-all, but as a gap filler for traditional U.S. anti-corruption enforcement. Indeed, Britain’s UK Bribery Act criminalizes both private-to-private bribery as well as the receipt of a bribe. The Petrobras and Electrobras cases demonstrate similar exposure for receiving a bribe under the FCPA, and the Stryker case demonstrates vulnerability where entirely non-government entities are involved. And though it has not yet arisen, imagine the confluence of these two situations where a non-state-owned company receives a bribe or kickback from its supplier or contractor, burying the cost of the funds somewhere in its financial statements. Such a company would seem to be similarly at risk of the SEC bringing FCPA books and records charges against it. It may therefore be time to update FCPA training slide decks to ensure the boundaries defined match the realities of modern SEC books and records enforcement.