Government Investigations ADVISORY
November 20, 2012
DOJ and SEC’s Resource Guide on the FCPA Provides Important
Guidance to Companies Doing Business Abroad
On November 14, 2012, the Department of Justice (DOJ) and the Securities and Exchange Commission (SEC) jointly released their long-anticipated guidance on the Foreign Corrupt Practices Act (FPCA). Entitled A Resource Guide to the U.S. Foreign Corrupt Practices Act (the “Resource Guide”),1 it does not contain ground-breaking legal revelations but does offer helpful information to companies transacting business in foreign countries. For example, it provides in-depth discussions on permissible gifts and payments under the FCPA, the definition of “foreign official,” FCPA risk in the merger and acquisition context, liability under the accounting provisions, and the keys to a successful compliance program. Although the Resource Guide is not legally binding, it contains practical guidance that can help companies operating abroad mitigate FCPA risk. This advisory discusses some of the Resource Guide’s more notable areas of guidance.
Permissible Gifts and Payments Under the FCPA
Gift-Giving. In order for liability to attach under the FCPA’s anti-bribery provisions, an offer, promise, authorization of payment, or payment to a government official must be made “corruptly.” That is, an individual or company must act with an intent to wrongfully influence or induce the recipient to misuse his official position. Notably, even though the FCPA does not contain a de minimis exception, the DOJ and SEC have never investigated the provision of cups of coffee, taxi fares, or promotional items of nominal value—e.g., free pens, hats, or t-shirts with a company’s logo. The Resource Guide indicates that this is because such gifts are unlikely to influence a foreign official and, therefore, unlikely to evidence the requisite corrupt intent. Instead, the DOJ and SEC have targeted extravagant gifts and giving patterns that indicate corrupt intent.
Critically, the Resource Guide recognizes that reasonable gifts or tokens of gratitude are an appropriate way for business people to show respect. The Resource Guide emphasizes that, to reduce risk, proper gifts should be made in an open and transparent manner, recorded in the company’s books, and only given in conformity with local laws and customs. Thus, for example, a company that has contracted with a foreign state-owned utility company may give a moderately priced wedding present to that company’s general manager without fear of prosecution.
Travel and Entertainment Expenses. The Resource Guide provides helpful illustrations regarding both potentially corrupt and appropriate payment of travel and entertainment expenses. It provides the following examples of improper, non-business-related expenses: a $12,000 birthday trip for a government decision-maker that included visits to wineries; an evening consisting of dinners, drinks and entertainment for a government official valued at $10,000; and a sight-seeing trip to Italy for eight government officials, including $1,000 in “pocket money” per official. Importantly, however, not all travel and entertainment expenses violate the FCPA. As an example, the Resource Guide provides a hypothetical scenario involving foreign officials that wish to tour and inspect facilities at a U.S. company with which they have contracted. In that situation, the company could lawfully pay for the officials’ airfare, hotels, and transportation, as well as a night of entertainment, including a moderately priced dinner and a sporting event.
Payments to Third Parties and Charitable Organizations. The Resource Guide reminds companies that it is possible to violate the FCPA by giving a gift or payment to a third party in an effort to corruptly influence a foreign official. For example, one defendant was convicted for paying the personal bills and airfare of a foreign official’s cousin. Companies must exercise similar care in connection with charitable contributions. The FCPA does not prohibit companies from acting as good corporate citizens; however, charitable donations cannot be used to conceal payments to corruptly influence foreign officials. The Resource Guide recommends that a company ask itself five questions prior to making a charitable donation abroad:
What is the purpose of the payment?
Is the payment consistent with the company’s internal guidelines on charitable giving?
Is the payment at the request of a foreign official?
Is a foreign official associated with the charity, and if so, can the foreign official make decisions regarding your business in that country?
Is the payment conditioned upon receiving business or other benefits?
Facilitating Payments. The Resource Guide highlights the distinction between an unlawful bribe and a lawful “facilitating or expediting payment.” This exception to the FCPA’s anti-bribery provision applies where a payment is made to further “routine governmental action” involving non-discretionary acts, such as processing government papers—e.g., visas and work orders—connecting phone service, power or water supply, and providing police protection or mail pickup. As such, a company can lawfully pay a foreign official a one-time, small payment to have the power turned on at its factory. Likewise, a company does not run afoul of the FCPA by making a one-time, small cash payment to a clerk in a government office to ensure that the clerk stamps permit applications expeditiously (assuming the clerk has no discretion as to whether to stamp the permit applications). Companies should note, however, that the concept of facilitating payments is not universally recognized—these payments are not exceptions under other laws, such as the U.K. Bribery Act, and many local laws also make these payments illegal.2
Who Is a Foreign Official?
Foreign Officials – Generally. The FCPA’s anti-bribery provisions proscribe payments to “foreign officials.” At its most basic level, foreign officials include officers and employees of a foreign government and individuals acting on the government’s behalf. Although direct payments to foreign governments are unaffected by the FCPA, the Resource Guide recommends that safeguards be enacted to ensure that these payments are not used for corrupt purposes.
Instrumentality of a Foreign Government. Although many types of foreign officials are easy to identify, there is less clarity with respect to employees of government controlled entities. Multinational companies often interact with such entities, particularly in the finance, health care, energy, and telecommunications industries. These entities’ employees may be considered foreign officials by virtue of their affiliation with a foreign government instrumentality. The Resource Guide offers practical guidance regarding when such entities qualify as a foreign government’s “instrumentality,” including the following factors courts have used to make such determinations in the past:
the foreign state’s extent of ownership of the entity;
the foreign state’s degree of control over the entity (including whether key officers and directors of the entity are, or are appointed by, government officials);
the foreign state’s characterization of the entity and its employees;
the circumstances surrounding the entity’s creation;
the purpose of the entity’s activities;
the entity’s obligations and privileges under the foreign state’s law;
the exclusive or controlling power vested in the entity to administer its designated functions;
the level of financial support by the foreign state (including subsidies, special tax treatment, government-mandated fees, and loans);
the entity’s provision of services to the jurisdiction’s residents;
whether the governmental end or purpose sought to be achieved is expressed in the policies of the foreign government; and
the general perception that the entity is performing official or governmental functions.
The principal factors the DOJ and SEC consider are the foreign entity’s ownership, control, status, and function. Recently, the DOJ designated a Haitian telecommunications company as a foreign instrumentality where the government owned 97 percent of the company and the country’s president appointed the company’s director. While an instrumentality designation is uncommon where the foreign country remains a minority shareholder, minority ownership is not dispositive. For example, where the Malaysian government owned 43 percent of a telecommunications company, the DOJ still regarded the company as an “instrumentality” because most senior company officials were political appointees and the Malaysian Ministry of Finance was designated a “special shareholder” that could veto all major expenditures. This case’s inclusion in the Resource Guide reiterates that the instrumentality-inquiry will be one the DOJ and SEC approach on a case-by-case basis.
Third Parties or Intermediaries. The FCPA precludes companies from funneling corrupt payments through third parties or intermediaries. The statutory language prohibits payments where the payee “knows” that any portion will be offered, given or promised to a foreign official. But, as the Resource Guide indicates, companies will be deemed to have knowledge if they demonstrate willful blindness or deliberate indifference. Thus, knowledge can be imputed to a company if it ignores red flags such as excessive third-party commissions, unusually large discounts to third-party distributors, or “vaguely described” third-party consulting agreements. The Resource Guide counsels that businesses engaging third parties overseas incorporate due diligence of these third parties into their compliance programs.
How to Reduce FCPA Risk in the Merger & Acquisition Context
In the merger and acquisition context, the DOJ and SEC have only taken action against successor companies in very limited situations, such as cases involving egregious violations or a successor company that directly participated in (or failed to stop) unlawful bribes post-acquisition. More often, the agencies have initiated enforcement actions against the predecessor company alone. This is especially true where the acquiring company uncovered, disclosed, and sought to remedy potential violations.
The Resource Guide provides practical tips for companies to reduce FCPA risks in the context of a merger and acquisition. For example, a company contemplating an acquisition may seek an opinion regarding the DOJ’s enforcement position in various circumstances. Within 30 days, the DOJ will respond by issuing an opinion about whether, under present enforcement policy, the proposed conduct would violate the FCPA. Even though obtaining a DOJ opinion is a useful way to address due diligence challenges, the Resource Guide notes that most acquisitions will not require prospective DOJ assurances and that opinions will often contain more stringent requirements than necessary.
In the ordinary case, comprehensive FCPA due diligence and disclosures should suffice. The Resource Guide recommends the following steps for companies engaging in mergers and acquisitions:
Conduct thorough risk-based anti-corruption due diligence on potential acquisitions.
Ensure that the acquiring company’s code of conduct and policies regarding anti-corruption laws quickly apply to merged entities.
Train directors, officers, and employees of merged entities on anti-corruption laws and the company’s code of conduct and compliance policies.
Conduct an FCPA-specific audit of all newly acquired or merged business as soon as practicable.
Disclose corrupt payments uncovered during due diligence of newly acquired or merged entities.
The Resource Guide emphasizes that the enforcement agencies will give “meaningful credit” to companies that act in accordance with these recommendations and that demonstrate a genuine commitment to uncovering and preventing FCPA violations. Beyond that, thorough pre-acquisition due diligence enables acquiring companies to accurately value the targeted company, minimizes the risk that an acquired company will continue to pay bribes, and allows the parties to negotiate the allocation of costs and responsibilities in connection with potential violations.
FCPA Accounting Provisions
The FCPA’s “books and records” and “internal controls” provisions affect all issuers of publicly traded securities, including those companies required to file annual or periodic reports and whose stock trades in over-the-counter markets. These Accounting Provisions ensure the accurate representation by public companies of assets and liabilities. Importantly, they can create liability for a company regardless of whether the company has violated the FCPA’s anti-bribery provision.
Books and Records Provision. The “books and records” provision requires companies to “make and keep books, records, and accounts, which in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the [company].” The most common violation of this section involves financial misreporting of either substantial bribes or systematic, small-scale bribery. Examples of past accounting mischaracterizations include classifying illicit payments as “consulting fees,” “petty cash withdrawals,” and “entertainment expenses.”
Internal Controls Provision. The “internal controls” provision combats foreign bribery by requiring public companies to “devise and maintain a system of internal accounting controls.” The provision does not outline or suggest what types of controls or procedures a public company should enact. The Resource Guide suggests that a company create internal controls and procedures tailored to five factors:
the nature of the company’s products or services;
how the company’s products and services get to market;
the degree of regulation;
the extent of governmental interaction; and
the degree to which the company operates in countries with a high risk of corruption.
According to the Resource Guide, sufficient internal controls not only stymie potential FCPA violations, but can also prevent other illegal and unethical conduct.
The Resource Guide explores a real-world example of how travel and entertainment expenditures can violate the accounting provisions: A company would clearly violate the FCPA’s bribery provisions if it covered foreign officials’ travel expenses for a week-long visit to a city where the company maintained no facilities. However, the company would likewise be in violation of the accounting provisions if it recorded those costs as legitimate business expenses, and such conduct may further indicate that the company’s internal controls were inadequate for FCPA purposes.
Compliance Programs Critical to Reduce FCPA Risk
There is not a one-size-fits-all program for compliance, and companies must tailor policies that suit their specific needs. Nevertheless, the Resource Guide provides the following “Hallmarks of Effective Compliance Programs”:
Commitment from Senior Management and a Clearly Articulated Policy Against Corruption. FCPA compliance and a strong ethical culture should start at the top. Corporate leaders must be truly committed to a “culture of compliance.”
Code of Conduct and Compliance Procedures. Companies should have clear, concise, and accessible codes of conduct, as well as internal procedures outlining compliance responsibilities, internal controls, auditing practices, documentation policies, and disciplinary procedures.
Oversight, Autonomy, and Resources. It is critical for a company to assign responsibility for the oversight and implementation of its compliance program to specific executives within the organization. These individuals should be provided with appropriate authority, adequate autonomy, and sufficient resources to effectively implement compliance.
Risk Assessment. Companies must realistically analyze and address the particular risks associated with a given industry, country, or transaction-type. As a company’s FCPA risks grow, the business should consider increasing its compliance procedures, including due diligence and internal audits.
Training and Continuing Advice. Compliance policies cannot function unless they are effectively communicated throughout an organization. Therefore, companies should host periodic training sessions, certification seminars, or other web-based and in-person educational programs to ensure a compliance program is understood at every level.
Incentives and Disciplinary Measures. Companies should set forth appropriate disciplinary and incentive schemes to encourage employees to achieve FCPA compliance. It is critical that incentives and discipline be applied evenly across the organization; in short, no executive is above compliance.
Third Party Due Diligence and Payments. Companies must conduct specific risk-based due diligence in connection with any third parties, agents, consultants, and distributors they engage abroad. More specifically, a company should seek to mitigate risks by understanding the qualifications, reputation, and associations of third-party partners; understanding the rationale for including the third party in transactions; and monitoring the third-party relationship on an ongoing basis.
Confidential Reporting and Internal Investigation. Effective compliance programs must provide a procedure by which employees can report suspected misconduct on a confidential basis, without fear of retaliation.
Continuous Improvement: Periodic Testing and Review. A good compliance program constantly evolves. Companies must regularly review and improve upon their compliance programs, ensuring that their policies keep up with changes in environment, customer bases, laws, and industry standards.
Merger & Acquisition Due Diligence and Integration. Companies should effectuate a specific FCPA risk-reduction and due diligence plan in connection with potential mergers and acquisitions. Particular steps that a company can take to reduce risks in this context are outlined above.
Guiding Principles of Enforcement
The DOJ considers the following nine factors in investigating a corporation, determining whether to charge, and negotiating a plea agreement:
the nature and seriousness of the offenses;
the pervasiveness of wrongdoing;
the corporation’s history of misconduct;
the corporation’s timely and voluntary disclosure of wrongdoing and willingness to cooperate;
the existence and effectiveness of the company’s compliance program;
the corporation’s remedial actions;
the collateral consequences, such as harm to shareholders and employees;
the adequacy of the prosecution of the individuals responsible; and
the adequacy of remedies such as civil or regulatory enforcement.
When considering an investigation or enforcement action, the SEC takes into account similar factors, such as the egregiousness of the potential violation, whether the potentially harmed group is vulnerable, whether the conduct is ongoing, whether other authorities might be better suited to investigate the conduct, whether the case involves a widespread industry practice needing to be addressed, and whether the case involves a recidivist.
The DOJ and SEC ordinarily do not publicize declinations. As such, the Resource Guide’s discussion of six recent, anonymous declinations provides a rare and valuable glimpse into the enforcement process. In one instance, the DOJ and SEC declined to take enforcement action against a public U.S. company, where the company, after discovering that its employees received competitor bid information from sources in a foreign government, began an internal investigation, withdrew its contract bid, terminated the involved employees, and severed all ties with a third-party agent. Additionally, the enforcement agencies accounted for the company’s voluntarily disclosure and its steps to improve its compliance program.
The Resource Guide describes another declination in which the DOJ declined to prosecute a privately held U.S. company and its foreign subsidiary for paying bribes to foreign social security officials. In doing so, the DOJ gave credence to the following factors: the company voluntarily disclosed the bribe payments, the bribes were relatively small, the corrupt practices were immediately stopped and the individuals involved were all terminated or disciplined, and the company had improved training and compliance programs commensurate with its size and risk exposure.
The most important takeaway is that, in determining the appropriate resolution of FCPA matters, the DOJ and SEC place a high premium on self-reporting, cooperation and remedial efforts, as well as the existence of effective compliance programs.
The FCPA remains a high priority for SEC and DOJ enforcement officials. This recent guidance makes it critical for companies to ensure that its directors, employees, and agents are complying with the FCPA and all other applicable anti-bribery laws, such as the United Kingdom Bribery Act. Companies should dedicate appropriate resources to auditing, monitoring, and internal reviews to mitigate FCPA risks. These activities will not only protect the company financially but also preserve the company’s brand and reputation.
2 For more information on the UK Bribery Act, see: Companies with International Operations and Sales Should Review Compliance Programs in Light of the UK Bribery Act.
This advisory is published by Alston & Bird LLP to provide a summary of significant developments to our clients and friends. It is intended to be informational and does not constitute legal advice regarding any specific situation. This material may also be considered attorney advertising under court rules of certain jurisdictions.