After a year of waiting, the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) issued A Resource Guide to the U.S. Foreign Corrupt Practices Act (FCPA) (the Guidance) on November 14, 2012 (available at www.justice.gov/criminal/fraud/fcpa and www.sec.gov/spotlight/fcpa/fcpa-resource-guide.pdf). At 120 pages, the Guidance provides a detailed and well-researched primer on the development of U.S. anti-corruption law and policy. Although non-binding, the Guidance provides the most thorough and thoughtful summary of U.S. regulatory authorities' current thinking about FCPA enforcement. Not surprisingly, it confirms that the DOJ and SEC read the FCPA broadly, and that enforcement of the statute against U.S. and foreign companies will continue into the foreseeable future.
The Guidance contains detailed legal summaries, hypothetical factual scenarios, and the DOJ and SEC views on those scenarios. While there is much of interest in the Guidance's lengthy discussion, the following nine areas are of most relevance and importance for our clients and other multinational companies:
- The broad reach of FCPA jurisdiction;
- The expansive view of who qualifies as a "foreign official";
- An explanation of the interplay between the FCPA and other criminal statutes;
- The risk of vicarious corporate liability for the acts of employees, agents, and other third parties acting on a company's behalf;
- Risks associated with acquisitions and successor liability;
- Discussion of the hallmarks of an effective FCPA compliance program;
- The limited and risky nature of facilitating payments;
- Where to draw the line between permissible and impermissible gifts, entertainment, and travel; and,
- The guiding principles used by the government when making enforcement decisions.
The Long Arm of the FCPA
In addition to applying to an issuer of securities on a U.S. exchange and any U.S. citizen or domestic concern, the DOJ and SEC confirm their view that the FCPA will apply to any other party, regardless of nationality, involved in a bribery scheme so long as one member of that scheme engaged in "conduct while in the territory" of the United States. The DOJ and SEC further state that the threshold for what constitutes "conduct while in the territory" of the United States is very low, and may include as little as an e-mail or wire transfer that involves the United States. As stated in the Guidance:
Those who are not issuers or domestic concerns may be prosecuted under the FCPA if they directly, or through an agent, engage in any act in furtherance of a corrupt payment while in the territory of the United States, regardless of whether they utilize the U.S. mails or a means or instrumentality of commerce. Thus, for example, a foreign national who attends a meeting in the United States that furthers a foreign bribery scheme may be subject to prosecution, as may any co-conspirators, even if they did not themselves attend the meeting.
The Guidance also indicates that "placing a phone call or sending an email, text message, or fax from, to, or through the United States . . . [or] sending a wire transfer from or to a US bank or otherwise using the US banking system" can subject a person or company, and all of their co-conspirators, to liability under the FCPA.
The Guidance further confirms that a foreign individual or company can be held liable even if they never engage in any conduct within the United States, so long as another member of the bribery scheme engages in such conduct or otherwise is subject to FCPA jurisdiction.
A foreign national or company may also be liable under the FCPA if it aids and abets, conspires with, or acts as an agent of an issuer or domestic concern, regardless of whether the foreign national or company itself takes any action in the United States.
Although the Guidance cites to two settlement agreements as support for these propositions, these expansive jurisdictional theories have never been challenged in court. Until that happens, the government will likely continue to operate under this expansive theory of FCPA jurisdiction.
The Danger of State-Owned Entities
The DOJ and SEC have long taken the view that employees of commercial enterprises are considered foreign officials under the FCPA if the enterprise is owned or controlled by the government. The Guidance reaffirms their view that the FCPA applies to "corrupt payment to low ranking employees and high level officials alike." Of particular interest is the list of industries specified in the Guidance as being particularly likely to involve many (or predominantly) state-owned entities in certain countries. After pointing out that many governments are not structured like the U.S. government, the Guidance goes on to note that:
Many operate through state-owned or state-controlled entities, particularly in such areas as aerospace and defense manufacturing, banking and finance, healthcare and life sciences, energy and extractive industries, telecommunications, and transportation.
The Guidance goes on to note that, in most cases, 50 percent government ownership would be required, but that even minority interests can cause a commercial entity to be viewed as state-controlled where the government has veto power or other control over operational decisions, or appoints senior corporate officers or board members. This reality can prove particularly challenging for companies doing business in countries where corporate ownership and control is opaque.
Although recent cases have challenged the DOJ's and SEC's expansive view of the foreign official definition, those challenges have not been successful. (See e.g., U.S. v. Carson, (U.S. District Court, Central District of California, Southern Division) Case 8:09-cr-00077-JVS-1, May 18, 2011, Order Denying Defendants' Motion to Dismiss.) The coming years will bring many more challenges and there are important aspects of the definition yet to be litigated. But for now, companies doing business in or selling their products and services to any of the industries listed above, need to have a good understanding of who their business partners and customers are, and whether their employees are foreign officials.
Also, the Guidance does nothing to address the problems faced by virtually all companies doing business in centralized or formerly centralized economies such as China, Russia, the former Soviet states, and much of Eastern Europe. In many of these countries, vast swaths of the economy remains state-owned or controlled and business records are not often publicly available at a level of detail that permits exact determinations of corporate ownership, veto power, or executive and board appointments.
It's Not Just the FCPA
The Guidance confirms that the government is focused on the fact that it has several other options for prosecuting wrongdoing associated with bribery, particularly where the relevant individuals and companies are not necessarily subject to the jurisdiction of the FCPA. Certain obvious examples include anti-money laundering statutes, mail and wire fraud statues, as well as tax laws. Less familiar is the Travel Act, which can be - and has been - used as a basis to prosecute bribery between private commercial enterprises. The Guidance also observes that licensing, certification, and reporting requirements may be violated as collateral consequence of an FCPA violation. For example, the Export-Import Bank of the United States requires American suppliers providing direct loans and loan guarantees to foreign purchasers to make certifications regarding FCPA compliance. A false certification may give rise to criminal liability for false statements.
Along with substantive violations of criminal statutes and other regulations, the Guidance discusses other general theories of criminal liability to establish wrongdoing in bribery cases. For example, under a conspiracy theory of liability, a foreign, non-issuer not itself within the jurisdictional scope of the FCPA, could be convicted of conspiring with a domestic concern to violate the FCPA. The Guidance further notes that companies and individuals can be held liable for "aiding and abetting" FCPA violations. As is the case with conspiracy, aiding and abetting can be charged against entities or individuals even if it never conducts any act within the United States, so long as the entity or individual knowingly provides substantial assistance to the primary violator. Finally, the Guidance points out that individuals and companies may be found civilly liable for aiding and abetting FCPA anti-bribery violations if they recklessly provide substantial assistance to a violator. While not always at the forefront of FCPA cases, the Guidance makes clear that the DOJ and SEC will prosecute entities or individuals who assist others in corrupt activities, even when that assistance is the result of recklessness rather than actual knowledge.
The Guidance provides a similarly expansive view of various forms of vicarious liability that could be used to create liability against a company for the conduct of its subsidiaries, employees, or acquired companies. The Guidance first notes that a parent company can be liable in two ways for the conduct of its subsidiaries; directly, if it participates in the illegal conduct, or indirectly if the subsidiary is considered an "agent" of the parent. The Guidance indicates that DOJ and SEC will evaluate the "parent's control" of the subsidiary when assessing the agency standard, including "the parent's knowledge and direction of the subsidiary's actions, both generally and in the context of the specific transaction" when evaluating whether to exert liability over a parent as a result of the conduct of the subsidiary. This "agency" standard is more expansive than the traditional "piercing the corporate veil" standard often cited in cases of parent-subsidiary liability and reflect the government's continued aggressive assertion of extra-territorial jurisdiction.
The Guidance also notes that the government will continue to leverage the doctrine of respondeat superior and seek to impose liability on an employer for the conduct of its employees that are "undertaken within the scope of their employment and intended, at least in part, to benefit the company."
Buying a Problem: Facing Reality in M&A
The Guidance provides detailed discussion regarding when companies can be held liable for FCPA violations committed by target companies that are acquired, even if those crimes occurred pre-acquisition. The Guidance indicates that this form of successor liability may not be imposed if the acquiring company conducts thorough due diligence, takes appropriate remedial action (such as terminating the individuals responsible), integrates the acquired company into a robust compliance program, and discloses the matter to the government. The Guidance explains that "DOJ and SEC have only taken action against successor companies in limited circumstances, generally in cases involving egregious and sustained violations or where the successor company directly participated in the violations or failed to stop the misconduct from continuing after the acquisition." Indeed, the examples provided in the Guidance where the government took enforcement action against a successor entity include where an acquirer continued a kick-back scheme originated by its predecessor and where two companies each committed FCPA violations before merging to form a new public entity. To be sure, however, even where a successor entity may be spared, the acquired subsidiary as well as its predecessor retain substantial risk of their own.
The Guidance also says that, especially where due diligence is limited, companies can request an Opinion from DOJ, but that this involves a demanding process of providing documentation and certification. More significantly, while DOJ Opinion Releases are not binding on anyone but the companies requesting them, the Guidance states that companies can follow the measures set forth in a prior Opinion Procedure Release (No 08-02) where adequate pre-acquisition due diligence is not possible.
The Guidance notes that compliance programs should be custom built for the needs of each company and that "there is no one-size-fits-all" program. The Guidance further notes that companies should not create a generic, "check-the-box" program, but rather should specifically tailor the program to the "organization's specific needs, risks, and challenges." With these caveats, the Guidance identified the following hallmarks of an effective anti-corruption program:
- A commitment from senior management and a clearly articulated policy against corruption;
- A code of conduct and compliance policies and procedures;
- Oversight of the program by senior executives who have autonomy, resources, authority, and direct access to the organization's governing authority, such as the board of directors and committees of the board of directors;
- A process for conducting risk assessments;
- Training and mechanisms for providing continuing advice;
- Incentives for compliance-oriented employees and disciplinary measures for employees that violate the company's policies or the FCPA;
- Procedures to assess and monitor third parties, such as due diligence in hiring third parties, scrutiny over payments to third parties, and ongoing monitoring of third-party relationships;
- Confidential reporting mechanisms (e.g., whistleblower hotlines) and internal investigations; and,
- Continuous improvement through periodic testing and review.
Much of this is adapted from other well-known sources, such as the U.S. Sentencing Guidelines, the U.S. Attorney Manual's Principles of Federal Prosecution of Business Organizations, and the compliance programs the government has imposed on numerous companies in the context of resolving prosecutions and enforcement actions. Although many companies have already implemented such policies and procedures, the detailed description in the Guidance confirms that the government now considers such a compliance program to be standard for companies subject to the FCPA.
Facilitating Payments and Coercion
Although the Guidance describes "facilitating payments" in terms set out in the FCPA and recites that they are not considered FCPA violations, there is a sense of incongruity in the government's analysis. On the one hand, a facilitation payment is payment to a government official to secure the performance of a "routine governmental action" and is clearly permitted by the plain language of the statute. Such payments include:
- Obtaining permits, licenses, or other official documents;
- Processing government papers;
- Providing police protection, mail pickup and delivery, or scheduling inspections; and,
- Providing phone service, power, and water supply, loading and unloading cargo, or protecting perishable products or commodities from deterioration.
Yet, in the same section, the Guidance goes on to point out that that:
Although true facilitating payments are not illegal under the FCPA, they may still violate local law in the countries where the company is operating, and the OECD's Working Group on Bribery recommends that all countries encourage companies to prohibit or discourage facilitating payments, which the United States has done regularly. In addition, other countries' foreign bribery laws, such as the United Kingdom's, may not contain an exception for facilitating payments.
The Guidance also makes clear that the DOJ and SEC believe that permissible facilitation payments are inherently small, although that limitation does not appear in the FCPA itself. The Guidance states that application of the exception for facilitating payments "is not dependent on the size of the payment, though, size can be telling, as a large payment is more suggestive of corrupt intent to influence a non-routine government action."
Setting aside any debate over whether the DOJ and SEC have historically discouraged facilitating payments, they appear to be doing it in the Guidance. This begs the question: Why would U.S. law enforcement agencies discourage activity that is legal under U.S. law? The answer most likely lies in the fact that facilitating payments are not permitted under the international anti-corruption treaties to which the United States is a party, and are similarly prohibited by the laws of nearly every other country. The FCPA is an outlier and the Guidance recognizes as much when it warns that:
Individuals and companies should therefore be aware that although true facilitating payments are permissible under the FCPA, they may still subject a company or individual to sanctions. As with any expenditure, facilitating payments may still violate the FCPA if they are not properly recorded in an issuer's books and records.
This suggests that facilitating payments are more disfavored and risky than ever. The Guidance may portend a coming restriction in what the DOJ and SEC will legitimately consider to be facilitating payments. By ratcheting back what qualifies as a facilitating payment, the government may be able to bring U.S. enforcement more into line with international norms without the need for formal legislative change.
In contrast, the Guidance takes a clear position that payments made as a result of duress or extortion, specifically payments made upon threat of physical harm by a government official, are not considered facilitating payments and are not violations of the FCPA. Such payments simply are not "made with corrupt intent or for the purpose of obtaining or retaining business."
Gifts, Entertainment, and Travel - How Much is Too Much?
The Guidance describes the government's view of permissible and impermissible gifts, entertainment, and travel expenditures. It provides useful confirmation that certain gifts, entertainment, and travel are appropriate and necessary for conducting business in the modern world.
A small gift or token of esteem or gratitude is often an appropriate way for business people to display respect for each other. Some hallmarks of appropriate gift-giving are when the gift is given openly and transparently, properly recorded in the giver's books and records, provided only to reflect esteem or gratitude, and permitted under local law.
In an attempt to provide some clarity to the question of what gifts and hospitality are permissible, the Guidance provides several examples:
- A company establishes a booth at a trade show which provides free pens, hats, t-shirts and other promotional items.
- A company takes out government officials who are prospective customers to drinks and pays a moderate bar tab.
- A company executive provides a "moderately priced crystal vase" to a foreign public official who is the general manager of a client as a wedding gift and token of esteem.
- A company provides services to a government entity, and pays for an executive of the entity to travel to the United States to inspect the company's facilities in executing the contract. The Guidance notes that it would be permissible for the company to pay for business class travel (so long as it does so for its own employees), moderately priced meals, a baseball game, and attendance at a play during the trip.
This last scenario may be the most helpful and clear illustration in the entire Guidance. This real-world situation, faced by companies around the world on a daily basis, appears to be approved by the SEC and DOJ. That said, the Guidance goes on to provide a list of clearly impermissible gifts, entertainment, and travel:
- A $12,000 birthday trip for a government official that includes visits to wineries and dinners;
- A trip to Las Vegas for a government official and his or her spouse where there is no business purpose for the trip, e.g., the company has no facilities in Las Vegas;
- $10,000 spent on dinners, drinks, and entertainment for one government official;
- A trip to Italy for eight Iraqi officials that consisted of sightseeing and included $1,000 in pocket money;
- A trip to Paris for a government official that consisted primarily of touring activities via a chauffeur-driven vehicle.
The gap between these examples and the ones immediately above is wide. However, hewing close to the first list should provide most companies with the protection they need: avoid treating the official too much better than you would your employees, avoid transforming a business trip into a vacation, avoid any gifts of cash or cash equivalents, and most companies will find themselves in a relatively safe harbor.
Underscoring this point, the Guidance states clearly that isolated small gift and entertainment expenses will rarely, if ever, form the basis for an enforcement action alone:
DOJ's and SEC's anti-bribery enforcement actions have focused on small payments and gifts only when they comprise part of a systemic or long-standing course of conduct that evidences a scheme to corruptly pay foreign officials to obtain or retain business.
What Goes into the Declination Calculus?
Finally, the Guidance provides insight into the kinds of cases where the SEC and DOJ decline to pursue enforcement actions. The Guidance discusses six specific examples of real cases resulting in declinations. Although each example is fact specific, commonalities exist across most of the samples.
- The conduct was voluntarily disclosed to the SEC and DOJ in all of the examples;
- The conduct was typically discovered by the company's compliance program, internal audit, or during due diligence in an acquisition;
- The conduct was promptly reported to the general counsel or audit committee and a thorough investigation was conducted;
- If the conduct was ongoing, it was immediately stopped;
- Remedial actions were taken including employee discipline or termination, modifications to the compliance program, and increased training; and,
- The companies at issue fully cooperated with the SEC and DOJ.
These examples all underscore the importance of quality compliance programs and internal controls. Without them, the discovery, voluntary disclosure, investigation, and cooperation cannot occur. As such, the takeaway is that the road to a declination generally begins years ahead of time with the design and implementation of a robust FCPA compliance program.
Although many, if not all, of the principles summarized in the Guidance, with the exception of the declination discussion, was publicly available and known to FCPA practitioners, the comprehensive and coherent nature of the Guidance provides a much needed step forward in FCPA enforcement. The SEC and DOJ are speaking with one voice about a unified set of policy goals and enforcement considerations. Although there may be much to disagree about and discuss in terms of how the FCPA should be interpreted, the Guidance does provide a clear starting point for those disagreements and discussions.