The U.S. Foreign Corrupt Practices Act (“FCPA”), enacted in 1977, addresses the reality of corrupt practices used in many parts of the world to win business controlled by foreign government officials. Under the FCPA individuals and enterprises may be subject to civil and criminal penalties, debarment from government contracts, and even the loss of export privileges for bribing foreign officials, directly or indirectly, or failing to detect and deter bribery by their employees, agents and associates. Against this backdrop of significant sanctions, in recent enforcement actions against corporate executives, officers and agents the primary enforcing agencies, the Department of Justice (“DOJ”) and the Securities and Exchange Commission (“SEC”), have emphasized deterrence of FCPA violations as a major enforcement goal. Both DOJ and SEC recognize the benefits of robust company compliance programs as essential to achieving this goal. As a result, the enforcement policies of these two agencies give significant recognition to well-designed and active compliance programs. Businesses and corporate management should take heed.
The FCPA Casts a Wide Net and Carries a Big Stick
The FCPA prohibits the corrupt payment, promise or gift of anything of value to a foreign official to (i) influence any act or decision of the foreign official in his official capacity, (ii) secure any improper advantage, or (iii) use his influence with a foreign government in an effort to assist a U.S. company to obtain or retain business with any person. It applies to U.S. nationals and residents, U.S. and foreign public companies, and private businesses organized under U.S. or state law or having its principal place of business in the US. The FCPA also applies to certain foreign individuals and businesses who engage in any act in the U.S. in furtherance of a corrupt payment. In short, the act casts a wide net.
In addition to prohibiting corrupt payments, for those businesses subject to SEC jurisdiction (“Issuers”) the FCPA includes requirements that businesses establish and maintain accurate books and records reflecting the company’s business, as well as effective internal and external controls and policies that apply to their employees, agents, representatives, vendors and consultants and those of their affiliates and subsidiaries. Businesses and their managers cannot avoid liability by using third parties or ignoring or overlooking warning signs of corruption that they discover or should have discovered with reasonable diligence.
Penalties for FCPA bribery violations can result in criminal fines up to $2 million for corporations and $100,000 for individuals. Individuals may also be sentenced up to 5 years in prison. For Issuers, each violation of the accounting provisions carries criminal fines of up to $25 million for corporations and other business entities and up to $5 million and imprisonment for up to 20 years for individuals. In addition, in certain cases a court can impose even higher criminal penalties — up to twice the benefit sought by making the corrupt payment. As an alternative to criminal enforcement, DOJ can seek civil penalties of $16,000 per violation. SEC civil penalties can be higher as they range from $7500-$150,000 for individuals and $75,000-$725,000 for companies.
A Compliance Program Can be a Good Deterrent
The mere launching of a federal investigation by the DOJ/SEC can prove very costly to companies chosen for investigation — even where the company is ultimately found innocent. An FCPA compliance program, which incorporates effective internal controls to detect and prevent anti-bribery violations, is a necessary part of doing business abroad. It also can satisfy the DOJ/SEC at the early stages of the investigation and thus limit significant financial exposure.
What do the DOJ/SEC want?
The DOJ/SEC Resource Guide to the U.S. Foreign Corrupt Practices Act, November 2012, says that a compliance program must promote “an organizational culture that encourages ethical conduct and a commitment to compliance with the law…” and that “[a] well-constructed, thoughtfully implemented, and consistently enforced compliance and ethics program helps prevent, detect, remediate, and report misconduct, including FCPA violations.” As discussed inHallmarks of Effective Compliance Programs in the Resource Guide, the DOJ/SEC say that they will look to see whether programs are well designed, applied in good faith, and consistently enforced.
What does this mean?
While there is no prescriptive formula for what the DOJ/SEC will consider an effective compliance program, they offer the following as basic elements of a well-conceived compliance program:
- Commitment from Senior Management and a Clearly Articulated Policy Against Corruption: Senior management should clearly articulate company standards, communicate them in unambiguous terms, adhere to them scrupulously, and disseminate them throughout the organization.
- Risk Assessment: The company should implement in good faith a comprehensive compliance program based on an analysis of its particular organizational risks.
- Code of Conduct and Compliance Policies and Procedures: Company codes, policies, and procedures should be clear, concise and accessible to all employees, and available in local languages. Company management should make certain the company codes, policies and procedures remain current and effective. Periodic review is strongly recommended.
- Oversight, Autonomy, and Resources: The company should assign responsibility for oversight and implementation of the compliance program to a senior executive with appropriate authority, adequate autonomy from management to communicate directly with the organization’s governing authority, and sufficient resources to ensure effective implementation.
- Training and Continuing Advice: Relevant policies and procedures must be communicated throughout the organization, with periodic training for all directors, officers, relevant employees, and, where appropriate, agents and business partners.
- Incentives and Disciplinary Measures: The company should enforce its compliance program through appropriate and clear disciplinary procedures that are applied promptly, fairly and consistently across the organization and are commensurate with the violation.
- Third-Party Due Diligence and Payments: DOJ and SEC will assess, in addition to a company’s due diligence regarding third parties, whether the company has informed third parties of the organization’s compliance program and commitment to ethical and lawful business practices, and whether it has sought assurances from third parties of reciprocal commitments, where appropriate.
- Confidential Reporting and Internal Investigation: The company’s compliance program should include a mechanism for employees and others to report suspected or actual misconduct or violations of the company’s policies on a confidential basis without fear of retaliation as well as procedures for subsequent investigation of such reports.
- Continuous Improvement – Periodic Testing and Review: DOJ and SEC evaluate whether companies regularly review and improve their compliance programs and not allow them to become stale and out of step with current company business practices and organization.
- Mergers and Acquisitions – Pre-Acquisition Due Diligence and Post-Acquisition Integration: An acquiring company should implement FCPA due diligence procedures and promptly incorporate the acquired company into all of its internal controls, including its FCPA compliance program.
The legal industry has paid a lot of attention to implementation of compliance programs for public companies. Private businesses sometimes say that compliance programs that meet the DOJ/SEC guidelines are overkill. However, as stated above, the anti-bribery provision and sanctions apply to both publicly traded and private businesses. As smaller, private companies continue to enter and expand their business in overseas markets, especially in countries like China and India, the potential for encountering corrupt trading partners and intermediaries leading to violations of the FCPA will likewise increase. Given the significant penalties and other sanctions that may be imposed for FCPA violations, prudence and good corporate practice requires assessment of the risks posed by the company’s trading activities in each of its overseas markets and appropriate management of those risks. Thus, it is very important for private companies to work with their attorneys in establishing and maintaining compliance programs that make sense for their business.
Practical Tips for Any Compliance Program
All companies should analyze their businesses and overseas markets for personnel, relationships, transactions and other areas where temptations and opportunities for corrupt payments (and, for Issuers, for failures to establish and maintain accurate books and records and appropriate accounting controls) are likely to arise, and corrupt activity is most likely to occur. They should have policies and processes that anticipate these areas of potential violation. The company’s policy document should begin with an unequivocal statement by a company officer affirming the company’s commitment to anti-corruption deterrence, detection, and enforcement. It should clearly identify the person in charge as the “Compliance Officer” assigned with the specific task of administering the policies and checking for warning signs. The policy document should clearly spell out the potential sanctions applicable to employees for failure to follow company policies and procedures protecting against corrupt payments and activities. To be truly effective, it should include a process for confidential reporting of warning signs as well as potential violations.
All companies should be aware of potential warning signs and “red flags.” The company policy should list those signs and “red flags” that are relevant to its business, which may include:
- Are you doing business in a country with a history of corruption?
- Is someone suggesting that you employ a consultant, representative, and/or vendor that does not have competitive qualifications?
- Do you have a representative, consultant, or vendor who is reluctant to sign FCPA compliance provisions?
- Is a representative, consultant, or vendor asking that payment be made in a suspect jurisdiction outside the country of its business?
- Is a sales representative and/or distributor asking for commissions that are larger than is customary?
- Are you receiving vague, poorly documented, overly large requests for reimbursement of expenses incurred by an employee, representative, agent, or consultant?
- Are you receiving requests for customer travel, meals, or other expenses that are above the levels you expect for legitimate customer expenses and/or are materially different from those allowed for employees?
- Is someone suggesting a contribution to a local charity? Is it internationally recognized?
The company, in consultation with its attorney, should establish written guidelines setting dollar limits on gifts, meals and entertainment, travel and charitable contributions. Cash gifts and political contributions should be strictly prohibited. Training programs should include some “role playing” tips for how to identify and address warning signs and “red flags” and tactfully respond to requests for cash, gifts and other items of value in ways that comply with the company’s anti-corruption policies and procedures.
All third party relationships should have written contracts that cover FCPA compliance. Contract provisions typically describe acts prohibited by the FCPA and include representations and warranties that the contractor/consultant/agent has not and will not commit any of those acts or any acts in violation of local corrupt practices laws. Even with agreements in place, the Compliance Officer should be alert to warning signs and “red flags” and be prepared to respond to them appropriately.
A Compliance Program is a Good Investment
In many cultures, gifts are customary and failure to adhere to local custom can put U.S. businesses at a disadvantage. On the other hand, violation of the FCPA carries high risk of heavy expense and other consequences. This dilemma is an unpleasant reality in many places around the world where US companies are doing business. Thoughtful preparation and implementation of an FCPA compliance program can reduce both the risk of losing business and the potential for costly FCPA investigations and violations. It is well worth its cost.