Editor’s Note: Marc S. Rosenberg is a partner and co‑chair of the Corporate Governance and Board Advisory practice at Cravath, Swaine & Moore LLP. This post is based on a Cravath memorandum.
Last week, the Criminal Division of the Department of Justice and the Enforcement Division of the Securities and Exchange Commission released their long-awaited guidance on the application and enforcement of the U.S. Foreign Corrupt Practices Act. The release—a 120-page “Resource Guide”—confirms that FCPA enforcement remains a central priority of the U.S. government while simultaneously and most importantly identifying the circumstances when the government may decline to pursue an enforcement action. It is available at http://www.sec.gov/spotlight/fcpa/fcpa-resource-guide.pdf.
Compliance Program Guidance
While much of the guidance reaffirms statutory interpretations that practitioners have gathered from published government settlements and opinion releases, it also provides a useful tool for companies seeking to develop FCPA compliance programs that will minimize the risk of enforcement action or severe penalties in the event those systems fail to prevent a violation. Having such a compliance program in place is particularly important given the SEC’s announcement last week that it received more than 3,000 whistleblower complaints in the first year of the new whistleblower program implemented under the Dodd-Frank Act.
The Guide identifies the hallmarks of strong compliance programs generally and addresses the elements of effective FCPA controls, reiterating that there is no “one-size-fits-all” program; an effective FCPA compliance program addresses corruption risks specific to the organization and includes meaningful unique controls to mitigate those risks. Some possible risk-based compliance controls that the Guide suggests are:
- devoting greater resources to review of large contracts in high-risk regions than to modest entertainment and gift giving;
- web-based approval processes for gifts, travel and entertainment that give senior management or in-house counsel an opportunity to review requests;
- fact-specific, flexible due diligence commensurate with the size and risk of the transaction at issue;
- a mix of training opportunities and materials, including materials translated into local languages and customized for particular functions; and
- publicizing disciplinary action within the company to demonstrate the consequences of misconduct, and openly rewarding contributions to the company’s compliance program.
The Guide demonstrates the government’s expectation that an FCPA compliance program be tailored to the company’s specific business and evolve as the business and markets in which it operates change—a comprehensive, risk-based and constantly evolving approach that is regularly reviewed and tested.
Relief from Enforcement or Sanctions
There are no guarantees that adopting an effective FCPA program will insulate an organization from enforcement action; however, the Guide makes clear the government’s commitment to providing favorable treatment to organizations that self-report, cooperate and remediate when FCPA issues arise. The Guide credits voluntary and timely disclosure of violations, recognition of the seriousness of misconduct and efforts to improve an existing compliance program and discipline wrongdoers. To illustrate this approach, the Guide lists six examples of recently declined enforcement actions. In all six, the targeted company voluntarily disclosed a violation, disciplined the responsible employees and undertook a review of its compliance procedures. Likewise, the Guide offers an example of a company that received reduced sanctions because it self-reported, conducted a thorough internal investigation, cooperated with the government and remediated.
In light of the specific FCPA program guidance, the potential benefits to be derived from a risk-based approach to FCPA compliance and the continued increased focus of the government on FCPA violations, companies will be well-served to evaluate their FCPA controls and testing procedures to ensure they conform to best practices.
Clarification of Statutory Elements
In addition to providing helpful guidance on implementing a risk-based compliance program as described above, the Guide offers useful commentary on how the government interprets the statute itself.
What does “anything of value” mean?
The FCPA prohibits the corrupt offer, promise or payment of “anything of value” to a foreign official. The Guide notes that there is no minimum threshold amount for corrupt payments or gifts. At the same time, the Guide acknowledges that the FCPA permits reasonable gifts, travel and entertainment when there is a bona fide business purpose, and does not prohibit small gifts or tokens of esteem or gratitude. For instance, the Guide notes that if foreign officials are traveling to inspect a company’s facilities for a legitimate business purpose, the company may, in appropriate circumstances, pay for business class airfare, moderately priced dinners and modest entertainment.
Who is a “foreign official”?
The Guide confirms the long-held government view that any employee of a foreign-government instrumentality—including state-owned or controlled entities—is a foreign official. This includes executives, middle-management and even entry-level employees. Whether any particular entity is sufficiently state-owned or controlled to qualify as a foreign “instrumentality”, however, depends on a fact-specific consideration of the entity’s ownership, control, status and function. The Guide explains that if a foreign government owns or controls only a minority stake in an entity, then the DOJ and SEC are “unlikely” to consider that entity to be a foreign-government instrumentality, absent a special mechanism of foreign-government control. The issue of whether the term “instrumentality” includes state-owned entities that do not perform typical governmental functions is currently pending in the U.S. Court of Appeals for the 11th Circuit.
What is covered by the FCPA’s accounting provisions?
The FCPA’s “books and records” provision requires issuers to maintain books and records that, in reasonable detail, accurately reflect the issuer’s transactions and asset dispositions. The “internal controls” provision requires issuers to devise and maintain a system of internal accounting controls that provide reasonable assurances regarding the reliability of the company’s financial reporting. Although the FCPA’s accounting provisions apply only to issuers (i.e., companies whose securities are registered with the SEC or who are required to file reports with the SEC), the Guide makes clear that an issuer’s books and records include those of its consolidated subsidiaries and affiliates. Accordingly, an issuer’s obligations under the FCPA extend to ensuring that its consolidated subsidiaries and affiliates comply with the FCPA’s accounting provisions.
When will a successor be liable for the acts of an acquired company?
Generally, when a company merges with or acquires another company, the successor company assumes the predecessor company’s liabilities. Companies engaging in pre-acquisition due diligence should be careful to consider possible FCPA exposure and, accordingly, apply a risk-based approach to the diligence process. The Guide signals, however, that the DOJ and SEC will take action against successor companies only in limited circumstances, citing as examples cases involving “egregious and sustained” violations or where the successor company participated in the violation or failed to stop the misconduct after the acquisition.
Vigorous enforcement of the FCPA will remain a top priority of the DOJ and SEC. Although the Guide does not represent a change in FCPA enforcement policy, it provides a comprehensive overview of the statute and offers important insights into the government’s regulatory approach. By applying the practical lessons outlined in the Guide, such as focusing on high-risk activity and maintaining an effective compliance program, companies will mitigate their exposure to FCPA liability.