FCPA Compliance Requirements: A Guide for Global Companies
By: Philip H. Hilder
Trends In Foreign Corrupt Practice Act Compliance
Foreign Corrupt Practice Act (FCPA) investigations and prosecutions have increased substantially over the past few years. Fueling the increase is a number of factors, which include the Sarbanes-Oxley Act requirements, self-disclosures, greater investigation emphasis, and globalization of investigations.
Shift Towards Individual Accountability
There is a decisive trend towards FCPA enforcement against individuals and away from companies. This shift is driven by the U.S. Department of Justice (DOJ) to hold individuals accountable for FCPA violations, which the government contends has deterrent value. Those targeted include individuals who authorize corporate bribes, as well as the facilitators and recipients. The policy was articulated starkly on November 17, 2009 by Assistant Attorney General for the U.S. Department of Justice Criminal Division, Lanny Breuer, who stated, “…we tried more individuals for FCPA violations than in any prior year, and we indicted more individuals than ever before. That is no accident. In fact, prosecution of individuals is a cornerstone of our enforcement strategy.”
The government’s target of individuals is dual purposed. Not only will the risk of individuals being prosecuted act as a deterrent, it will also promote cooperation with government investigations because of the immense pressure put on an individual who may be facing a substantial prison sentence. In January 2010, twenty-two individuals were indicted in an FBI sting operation and were accused of bribing a purported foreign official for a country in Africa. The DOJ calls the indictment the result of its largest investigation and prosecution against individuals to date in relation to the FCPA.
Prosecuting individuals is partly driven by criticism that in recent years, there has been a flurry of deferred and non-prosecution agreements for FCPA violations. These vehicles have declined as the increase in individual prosecutions has grown. Pursuing individuals has, in effect, expanded the global reach of the FCPA. For instance, FCPA violations provide that persons who are involved in a bribe must do so while in the territory of the United States. Accordingly, co-conspirators who are not present in the U.S. can still be indicted based upon actions of co-conspirators who are physically present in the U.S.
The SEC has become more aggressive in its role in investigating FCPA violations. The SEC’s Division of Enforcement recently created a specialized FCPA unit to focus on new and proactive approaches to identify violations. This unit will complement work currently being performed by the DOJ, and will continue to put individuals under scrutiny for FCPA violations.
Enhanced Sentences and Penalties
Recently, an 87-month sentence was received by Charles Jumet in connection with bribes in the amount of $212,400 paid to a former Panamanian official to secure a contract. The sentence is steep, considering the relatively small amount of the bribe. In December 2008, Siemens paid nearly $1.7 billion to globally resolve its criminal and civil matters with the U.S. government relating to bribery. Other recent FCPA fines include those brought against Willbros for $32 million; Kellogg, Brown & Root LLC for $579 million; BAE Systems PLC for $450 million; and in March 2010, a $40.2 million global settlement with Innospec, a Delaware chemical company.
Deferred Prosecution and Non-prosecution Agreements in Greater Use
As prosecution of individuals increases, company prosecutions for FCPA violations have decreased. Companies have been rewarded with deferred prosecution agreements (DPAs) for self-disclosing and implementation of remedial action. However, a DPA is not without strings. In most instances, an independent monitor is appointed for a finite period. The mandate of monitors is directed to the type of misconduct that led to the investigation. The monitor will report periodic findings directly to the DOJ. A DPA breach may result in government prosecution of the original charge.
Another option that has gained traction for companies that voluntarily disclose misconduct and cooperate with an FCPA investigation is the non-prosecution agreement. Here, a company is given a probationary period. If the company does not further violate the law, then charges will not be brought. Typically, the probation is for a short period of time; however, the fine may be large.
Regions of the World Where Companies Experience the Greatest FCPA Activity
It appears from polling companies doing international business, in addition to recent cases being prosecuted, that the biggest FCPA concerns seem to be corruption and bribery in Nigeria, China, India, Indonesia, Mexico, Russia, Eastern Europe, and the Middle East. Upon reviewing FCPA enforcement actions, it appears that the oil and gas industry, as well as the medical device, military products, telecommunications, and pharmaceuticals sector, seem to draw the closest scrutiny. There have been a large number of oil and oil-related companies that have paid tens of millions of dollars in penalties for FCPA violations in west Africa. Over the last couple of years, there have been a number of medical device manufacturers domestically that were sanctioned for alleged FCPA violations stemming from foreign sales activities.
It is reasonable to deduce that the high-tech world centered in Asia will be the new focus of the SEC. The San Francisco Regional Office of the SEC in the spring of 2010 opened a unit dedicated to FCPA enforcement. The unit will keep an eye on Silicon Valley companies doing business internationally with an emphasis on Asia. The FCPA is meant to govern illegal payments to government officials. China’s economy is controlled by state-owned enterprises, which will be fertile ground for future cases.
FCPA Investigations over the Last 12 Months
The government has begun to be proactive in its FCPA investigations. On January 19, 2010, twenty-two individuals were indicted for allegedly participating in a scheme to bribe a minister of defense in connection with what the individuals believed to be supplying military and law enforcement products. The government acknowledged the use of undercover agents in this sting operation. The government also acknowledged that it was its first large scale use of undercover enforcement techniques to uncover FCPA violations. The government’s message is clear that it wants potential violators to have doubt in their mind that the person being bribed may possibly be a government informant or agent.
Also, it cannot be ignored that the amount of fines, disgorgements, and forfeitures has drastically increased over the years, making FCPA profitable for government action. In 2005, DOJ brought approximately sixty FCPA cases. By the end of 2009, DOJ, along with SEC, combined to bring over one hundred twenty FCPA investigations. As of January 2010, Assistant Attorney General Lanny Breuer of the DOJ’s Criminal Division stated that approximately one hundred forty companies and/or individuals were under investigation for potential FCPA violations.
Percentage of FCPA Cases
Both the DOJ and the SEC have added additional resources for FCPA prosecutions. The SEC dedicated unit will ensure that the trend of SEC involvement in FCPA enforcement will continue. Globalization of business is partly responsible for the increased level of enforcement. Another factor that drives enforcement levels is the Sarbanes-Oxley Act’s (SOX) requirement that senior management verify a company’s financial statements. This, in turn, causes companies to look inwardly with greater scrutiny for potential FCPA violations. Essentially, SOX has promoted FCPA self-reporting.
Globalization has also fostered cross-border investigations and prosecutions, as evidenced by the growing number of international investigations leading to prosecutions. A good example is the Siemens case. U.S. vs. Siemens AG, 08-cr-367 (D.D.C. 2008); SEC vs. Siemens, no. 08-cv-02167 (D.D.C. 2008). Siemens’ conviction and settlement signals enhanced cooperation and coordination cross borders for anti-bribery investigations. Siemens AG, a German corporation, along with three subsidiaries in Argentina, Venezuela and Bangladesh, pled guilty to FCPA violations in a U.S. court in December of 2008 and paid a nearly $1.7 Billion penalty, the greatest FCPA penalty yet. The investigation resulted in a united effort including worldwide simultaneous searches and prosecution strategy by U.S. and German officials.
The coordinated international trend continues as highlighted by the prosecution in U.S. vs. BAE Systems PLC, 1:10-cr-00035-JDB; U.S.D.C. D.D.C. (filed February 5, 2010). There, the government charged the company with conspiracy to commit false statements to a U.S. government agency and improper payments. In March 2010, the company pled guilty and agreed to pay a $400 Million fine. Contemporaneous with the filing of the criminal information in the United States, Britain’s Serious Fraud Office also announced that they had reached an agreement with the company to plead guilty for failure to keep accurate records. Clearly, U.S. and U.K. prosecutors worked the case jointly. In the end, the company, which is one of Europe’s largest military contractors, was able to negotiate away an FCPA violation because of disbarment or suspension issues.
Impact of the Global Economic Crisis
The economic crisis has pressured corporate compliance efforts. The international recession has created intense pressure on companies to be mindful of the bottom line. Companies involved in international sales have been stressed. The competitive environment and pressure to obtain business will, by its very nature, create greater FCPA violations. The flip side is companies may feel the pressure to cut compliance programs which police potential violations. Increased pressure may increase bribery. As for the government’s programs, FCPA training and auditing may be negatively impacted. It is foreseeable that financial pressures created by current economic conditions may cause companies to resort to corruption in order to land contracts. It is also foreseeable that companies may be forced to result to corruption in order to remain competitive.
Record high oil prices in 2008 have moderated, but it is foreseeable that they will again increase. Because of a rise in demand and high fuel prices, it is likely that the energy industry needs to be monitored for FCPA violations. As prices rise, there will be development of untapped reserves. Much of this activity will be centered in central Asia and western Africa. These areas have a record for corruption. It is likely there will be enhanced government scrutiny of these businesses and contracts.
Knowing that economic conditions are ripe for FCPA violations, it is important to stay vigilant by implementing a compliance program that is multi-faceted. Preliminarily, there needs to be a clear policy in place that bans FCPA violations. It must be clear to employees that illegal business activity will be cause for immediate termination. There must be a robust training and education program for all employees, including management, consultants, agents, and partners, regarding FCPA requirements. Gifts, travel, and entertainment pose the most problems under FCPA. Clearly written policies and procedures will minimize risk. There must be a mechanism of auditing controls that identify suspicious payments. A confidential reporting mechanism must be established to report questionable transactions. Due diligence efforts must be effective in order to investigate potential partners, consultants, and agents. Finally, the buck must stop with a responsible senior officer at the company who is on the hook for FCPA violations. The compliance program must be all encompassing, with its goal being to prevent, deter, and identify improper payments.
Complying with Anti-Bribery Rules
The anti-bribery provisions of the FCPA are sweeping. It is illegal for a U.S. person to make a corrupt payment to a foreign official for the purpose of obtaining or retaining business, including directing business. It is also illegal for foreign firms and persons to act in furtherance of a corrupt payment while in the United States. Moreover, companies whose securities are listed in the U.S. are required to keep accurate books and records that reflect the transactions of those corporations, as well as maintain an effective system of internal accounting controls.
As a sweeping premise, the FCPA makes it illegal to bribe foreign government officials to either obtain or retain business. In order to determine if the anti-bribery provisions are applicable, an analysis of the elements must occur. The law applies to individuals, officers, directors, employees, or agents of a company, or any stockholder acting on behalf of the company. The entity itself can be liable. The person making or authorizing the payment needs to have corrupt intent, while the payment must intend to induce the recipient to misuse an official position to direct business, as guided by the person making or authorizing payment. The law prohibits offering, promising, or authorizing payment of money or anything of value. Prohibition of corrupt payment is limited to a “foreign official.” The term “foreign official” is broad and covers nearly every benefit conferred on someone in a position to affect an individual’s dealings with a foreign government. It is DOJ’s position that even employees of a state-owned business are to be deemed “foreign officials” for the purposes of the FCPA. See, FCPA Review Procedure Release No. 83-02, U.S. Department of Justice (July 26, 2002). An analysis must be made as to the purpose of the payment to determine corrupt purpose. The element of “obtaining or retaining business” is broadly interpreted by the government. For instance, the business purpose need not be with the foreign government.
The FCPA allows for “facilitating payments” for “routine governmental action.” The following are examples listed in the statute of permissible payments: obtaining permits, licenses, or other official documents; processing governmental papers, such as visas and work orders; providing police protection, mail pick-up and delivery; providing phone service, power, and water supply; loading and unloading cargo; protecting perishable products; and scheduling inspections associated with contract performance or transit of goods across country. What makes these payments permissible is that they are routine actions that do not go to the awarding of new business or the continuation of business. Should FCPA charges be brought, it is important to note that an affirmative defense can be raised if the payment was legal under the written laws of the foreign country, i.e., the money was spent as part of a product demonstration, or was done to fulfill a contractual obligation.
In order not to fall victim to anti-bribery laws, there are practical actions that can be taken. Companies should perform a vigorous due diligence investigation of foreign representatives and joint venture partners to determine the credibility of the entity or persons with which they are to conduct business. The due diligence will examine whether the entity or individual is in fact qualified; what, if any, governmental ties they have; and what, if anything, is known about their reputation by the U.S. Embassy or Consulate. Moreover, a determination should be made with respect to any peculiar financial arrangements; examination of high commissions; transparency of expense and accounting records; and qualifications of the entity or person to perform services.
Should there be any doubt as to the structure of the operation, the government has established a procedure by which any U.S. company or national may submit a request for the U.S. Department of Justice to provide an opinion as to the proposed business conduct. This is a formalized procedure under 18 CFR part 80. The law mandates that the Justice Department issue an opinion in response to an inquiry within 30 days of the request. The opinion will state whether or not the conduct conforms to current enforcement policy. If the opinion allows for the conduct, the petitioner will be entitled to a presumption that it conforms within the boundaries of the FCPA, should there be a subsequent enforcement action.
Accounting Controls and Internal Auditing
The bookend to the FCPA’s anti-bribery provision is accounting. This provision is found in Title 15 U.S.C. § 78m(b)(2) and (b)(5). The accounting requirements mandate companies to maintain books, records, and accounts accurately and with reasonable detail, and require that the information reflects the transaction of the issuer. The recordkeeping and accounting provisions apply to publically-held companies considered “issuers” under the Securities and Exchange Act. The provision is broad, applying to businesses regardless of foreign operations and regardless of whether the transaction is considered a bribe (Rule 13b2-1). There are additional rules of the Securities and Exchange Act which prohibit the falsification of any books and records that are required to be maintained under the record-keeping provisions of the Act, and which prohibit any officer or director from making materially false or misleading statements or omitting material facts in connection with any audit review or examination of financial statements, or in the preparation of any filing requirements by the Act (Rule 13b2-2). False entries or omissions found by the auditor can be used to demonstrate criminal intent.
The accurate record-keeping requirement mandates that reasonable detail be kept to accurately and fairly reflect the transactions of the issuer. “Reasonable detail” requires a “level of detail and degree of assurance as would satisfy prudent officials in the conduct of their own affairs.” § 78m(b)(7). The record-keeping provision was intended to provide transparency by preventing failure to record illegal transactions and the falsification of records.
Internal accounting controls must also be implemented to assure the integrity of the system. These internal controls ensure that the issuers utilize accepted methods of accounting, which will give them reliability. “Reasonable assurances” are needed that transactions are authorized, properly recorded, and conform to generally accepted accounting principles. See, Title 15 U.S.C. § 78m(b)(7). The SEC looks to a number of factors to determine whether the internal controls were adequate. The following factors will be taken into consideration: the role of the board of directors; communication of corporate procedures and policies; assignment of authority and responsibility; competence and integrity of personnel; accountability for performance and compliance with policies and procedures; and objectivity and effectiveness of the internal audit function.
Criminal violations can be stiff. The DOJ and SEC can also seek civil enforcement action for FCPA violations including fines, civil penalties, and injunctive relief. For criminal liability to attach, it must be shown that an individual has “knowingly circumvented or knowingly failed to implement a system of internal accounting controls, or knowingly falsified any book, record, or account.” Title 15 U.S.C. § 78m(b)(5). The purpose of the intent requirement is to minimize potential prosecutions for accounting errors, although willful blindness will result in fulfilling the “knowing” requirement.
Responding To a Compliance Investigation
There are a variety of activities that can trigger an FCPA investigation. These include whistle blowing; self-disclosure; government investigation; civil litigation; competitor tip-off; industry-wide investigation; and association with individuals or entities already under investigation.
One way clients can minimize their risk of triggering an FCPA investigation is to conduct a number of preventive measures. Generally speaking, employing financial controls in high risk areas will pay dividends. Among the controls that are needed are accounting controls to ensure transparency; cash controls to prevent the misuse of funds; protocol regarding vendors to prevent unauthorized payments; and monitoring high-risk transactions.
The implementation of an anti-corruption program is elementary. Such a program would take in many components. Foremost would be the development of a company policy requiring and enumerating FCPA compliance. The policy must reflect the culture at the highest level of a company. The policy must be approved by the board of directors and distributed to all personnel. The policy must be included in a written code of conduct that is received by all personnel.
Next, there must be training regarding what constitutes corruption and ways to deal with situations that may arise. Training should be updated and ongoing.
The company should also do a risk assessment focusing on risks of corruption that confront the company. The purpose of the assessment, in part, is to identify problematic risks. Resources must be allocated to meet the identified risks. A risk assessment is meant to narrow the focus of areas to be monitored. Generally, attention should be paid to joint ventures, acquisitions, and partners in countries where there is a history of corruption. Specifically, scrutinize relationships of the consultants, agents, distributors, and subcontractors which pose the greatest FCPA risk to companies. For the most part, these parties interface with foreign government officials in the areas of custom, tax and regulatory matters. The company should also conduct an internal audit to identify potential violations in areas where risks of corruption may occur.
There should also be particularized policies that are in place for the utilization of consultants and agents. Policies should go to the type of control and oversight of agents and consultants. There should be written policies in place so that consultants and agents know what is required of them in operating within the FCPA law. This would include anti-corruption training.
It is imperative to have a policy that clearly spells out the rules for gifts and entertainment. There should also be a policy implemented for pre-approval of facilitating payments. This will allow review to see if the payments are truly of a non-discretionary and routine nature. These payments need extra scrutiny, and should be kept in a different ledger to ensure transparency. A policy should also be implemented to clearly delineate circumstances in which charitable giving is allowed in order to prevent charitable giving from being confused with bribery. Ways to limit the confusion involve a policy of transparency in giving, no cash donations and demand a reasonable relationship of the charitable gift between the donor and organization, such as a technology company contributing computers to a local school.
Companies should make it a habit to use due diligence for international mergers, acquisitions, and joint ventures. This is to ensure FCPA integrity.
A company that is under investigation for FCPA violations must obtain outside counsel. Presumably, outside counsel will remain objective as to events while conducting an internal investigation. In-house counsel may be too close to the situation, and may have even been involved with the activity that is being investigated.
During an internal FCPA investigation, one of the most agonizing decisions is whether to self-disclose. It is often very difficult to decide whether to disclose possible FCPA violations. DOJ policy states that “timely and voluntary disclosure of wrongdoing” is a key factor to be considered in deciding whether or not to prosecute a company. See, Principles of Federal Prosecutions of Business Organizations – Title 9 Chapter 9-28.000 (revised on August 28, 2008). The decision is never an easy one. Self-disclosure may result in reduced penalties, but there is no assurance from the DOJ or SEC of leniency when companies voluntarily self-report. In fact, self-reporting does not extinguish the reality that companies may be subject to enforcement action after disclosure.