On November 14, 2012, the Department of Justice and the Securities and Exchange Commission released their long-awaited guidance on the Foreign Corrupt Practices Act. The 120-page compendium, A Resource Guide to the U.S. Foreign Corrupt Practices Act, does not evince a sea change in government interpretation and enforcement of the FCPA. It does, however, provide some welcome and helpful guidance into a murky legal regime.
In between its introduction and conclusion, the Guide contains eight substantive chapters, entitled as follows: The FCPA: Anti-Bribery Provisions; The FCPA: Accounting Provisions; Other Related U.S. Laws; Guiding Principles of Enforcement; FCPA Penalties, Sanctions, and Remedies; Resolutions; Whistleblower Provisions and Protections; and DOJ Opinion Procedure. Throughout its discussion, the Guide provides citations to numerous related enforcement and guidance materials, and addresses how DOJ and SEC would likely respond to several hypothetical scenarios. Thus, the Guide is comprehensive in scope and certainly required reading for corporate compliance officers and counsel. Executives and counsel should be mindful, however, that DOJ and SEC stress that the Guide is non-binding and informal; may not be relied upon to create rights in criminal, civil, or administrative proceedings; and does not limit the enforcement intentions or litigating positions of those or other federal agencies. Ultimately, although the Guide provides a useful compilation of general guidance regarding FCPA enforcement, each factual situation is unique and must be assessed by counsel on an individual basis.
We believe the Guide is particularly helpful in (1) clarifying what constitute permissible expenditures for gifts, travel, and entertainment; (2) discussing the significant risks inherent in making facilitating or expediting payments; (3) stressing the importance of third-party vetting practices; (4) addressing the importance of pre-merger due diligence and its potential impact on successor liability; and (5) highlighting the importance of well-designed and thorough corporate compliance programs.
Gifts, Travel, and Entertainment
The Guide reiterates that the FCPA does not proscribe companies from making bona fide expenditures to promote, demonstrate, or explain their products or services. Additionally, the agencies make clear that the FCPA was not intended to prohibit all forms of hospitality to foreign officials. Accordingly, the Guide opines that the following hypothetical scenarios would not violate the FCPA:
A company at a trade show providing foreign officials with promotional items and free snacks and beverages; and the same company at the trade show paying a moderate bar tab for foreign officials who are current and prospective customers.
“The FCPA does not prevent companies from promoting their businesses in this way or providing legitimate hospitality, including to foreign officials.” Guide at 17.
Company executives providing a reasonable wedding gift to a foreign official with whom they do business. “It is appropriate to provide reasonable gifts to foreign officials as tokens of esteem or gratitude. It is important that such gifts be made openly and transparently, properly recorded in a company’s books and records, and given only where appropriate under local law, customary where given, and reasonable for the occasion.” Id.
A company that supplies goods and services to a far-flung, state-owned, foreign commission, and which provides training to commission employees at one of its U.S. facilities, paying for the commission’s senior officials to travel to and inspect the training facility for several days, and taking the officials to a moderately priced dinner, a baseball game, and a play. “Reasonable and bona fide promotional expenditures do not violate the FCPA. Here, [the company] is providing training to the . . . [c]ommission’s employees and is hosting the . . . [c]omission senior officials. Their review of the execution and performance of the contract is a legitimate business purpose. Even the provision of business class airfare is reasonable under the circumstances, as are the meals and entertainment, which are only a small component of the business trip.” Id. at 18.
Contrasting these legitimate expenditures, the Guide sets forth the following examples of improper travel and entertainment payments: “a $12,000 birthday trip for a government decision-maker from Mexico that included visits to wineries and dinners”; “$10,000 spent on dinners, drinks, and entertainment for a government official”; “a trip to Italy for eight Iraqi government officials that consisted primarily of sightseeing and included $1,000 in ‘pocket money’ for each official”; and “a trip to Paris for a government official and his wife that consisted primarily of touring activities via a chauffeur-driven vehicle.” Id. at 16.
Facilitating or Expediting Payments
The Guide accurately recounts that “[t]he FCPA’s bribery prohibition contains a narrow exception for ‘facilitating or expediting payments’ made in furtherance of routine governmental action.” Id. at 25. It explains that “[t]he facilitating payments exception applies only when a payment is made to further ‘routine governmental action’ that involves non-discretionary acts,” such as processing visas, providing police protection or mail service, and supplying utilities services. Id. As those in the compliance world recognize, however, companies currently make any facilitating or expediting payments at their peril. The Guide recognizes that reliance on the facilitating payments exception is fraught with risk:
Although true facilitating payments are not illegal under the FCPA, they may still violate local law in the countries where the company is operating, and the OECD’s Working Group on Bribery recommends that all countries encourage companies to prohibit or discourage facilitating payments, which the United States has done regularly. In addition, other countries’ foreign bribery laws, such as the United Kingdom’s, may not contain an exception for facilitating payments. Individuals and companies should therefore be aware that although true facilitating payments are permissible under the FCPA, they may still subject a company or individual to sanctions.
Id. at 25-26 (footnotes omitted).
Third-Party Vetting Practices
A long-recurring problem in the FCPA realm is the making of corrupt payments to foreign officials through third parties or intermediaries. Consequently, it is critical for companies that enlist foreign agents to implement compliance programs which include due diligence reviews of those third parties. The Guide recites a litany of factors that constitute “[c]ommon red flags associated with third parties”:
excessive commissions to third-party agents or consultants;
unreasonably large discounts to third-party distributors;
third-party “consulting agreements” that include only vaguely described services;
the third-party consultant is in a different line of business than that for which it has been engaged;
the third party is related to or closely associated with the foreign official;
the third party became part of the transaction at the express request or insistence of the foreign official;
the third party is merely a shell company incorporated in an offshore jurisdiction; and
the third party requests payment to offshore bank accounts.
Id. at 22-23.
In this context, the Guide states that “[r]isk-based due diligence is particularly important with third parties and will also be considered by DOJ and SEC in assessing the effectiveness of a company’s compliance program.” Id. at 60. While the Guide aptly recognizes that “the degree of appropriate due diligence may vary based on industry, country, size and nature of the transaction, and historical relationship with the third-party,” it sets forth “some guiding principles [which] always apply.” Id.
First, “companies should understand the qualifications and associations of its third-party partners, including its business reputation and relationship, if any, with foreign officials. The degree of scrutiny should increase as red flags surface.” Second, “companies should have an understanding of the business rationale for including the third party in the transaction.” In this vein, companies should comprehend the role of the third party and be comfortable with the third party’s contract provisions and payment terms. Third, “companies should undertake some form of ongoing monitoring of third-party relationships.” This may include updating the due diligence review, exercising audit rights, providing training to the agent, and requesting compliance certifications from the third party. Id.
Pre-Merger Due Diligence and Successor Liability
The Guide stresses that “DOJ and SEC encourage companies to conduct pre-acquisition due diligence and improve compliance programs and internal controls after acquisition . . . .” Id. at 28. The Guide notes that pre-merger due diligence assists an acquiring company in accurately valuing the target company, reduces the risk of bribe payments continuing post-merger, enables the parties to negotiate about shouldering the consequences and costs of discovered violations, and demonstrates a commitment to uncovering and preventing FCPA violations. According to the agencies, vigorous pre-merger due diligence also has the following benefit vis-à-vis government enforcement action:
In a significant number of instances, DOJ and SEC have declined to take action against companies that voluntarily disclosed and remediated conduct and cooperated with DOJ and SEC in the merger and acquisition context. And DOJ and SEC have only taken action against successor companies in limited circumstances, generally in cases involving egregious and sustained violations or where the successor company directly participated in the violations or failed to stop the misconduct from continuing after the acquisition.
More often, DOJ and SEC have pursued enforcement actions against the predecessor company (rather than the acquiring company), particularly when the acquiring company uncovered and timely remedied the violations or when the government’s investigation of the predecessor company preceded the acquisition.
Id. at 28-29 (footnote omitted).
The Guide underscores the critical importance of effectual corporate compliance programs: “In a global marketplace, an effective compliance program is a critical component of a company’s internal controls and is essential to detecting and preventing FCPA violations.” Id. at 56. The Guide also properly acknowledges that the extent and depth of a company’s FCPA compliance program should be commensurate with its risk: “Effective compliance programs are tailored to the company’s specific business and to the risks associated with that business. They are dynamic and evolve as the business and the markets change.” Id. Because an effective compliance program helps to prevent and root out misconduct of all sorts, including FCPA violations, the agencies make clear that the sufficiency of a compliance program factors into their enforcement decisions:
In addition to considering whether a company has self-reported, cooperated, and taken appropriate remedial actions, DOJ and SEC also consider the adequacy of a company’s compliance program when deciding what, if any, action to take. The program may influence whether or not charges should be resolved through a deferred prosecution agreement (DPA) or non-prosecution agreement (NPA), as well as the appropriate length of any DPA or NPA, or the term of corporate probation. It will often affect the penalty amount and the need for a monitor or self-reporting. As discussed above, SEC’s Seaboard Report focuses, among other things, on a company’s self-policing prior to the discovery of the misconduct, including whether it had established effective compliance procedures. Likewise, three of the nine factors set forth in DOJ’s Principles of Federal Prosecution of Business Organizations relate, either directly or indirectly, to a compliance program’s design and implementation, including the pervasiveness of wrongdoing within the company, the existence and effectiveness of the company’s pre-existing compliance program, and the company’s remedial action. DOJ also considers the U.S. Sentencing Guidelines’ elements of an effective compliance program, as set forth in § 8B2.1 of the Guidelines.
Id. (footnotes omitted).
While stressing the importance of thorough compliance programs, the Guide recognizes that they are not fail-proof and that the existence of violations does not mean a program was necessarily insufficient. Moreover, the agencies recognize that in some instances a company’s well-designed compliance program can obviate the need for enforcement action even in light of FCPA violations:
[A] company’s failure to prevent every single violation does not necessarily mean that a particular company’s compliance program was not generally effective. DOJ and SEC understand that no compliance program can ever prevent all criminal activity by a corporation’s employees, and they do not hold companies to a standard of perfection. An assessment of a company’s compliance program, including its design and good faith implementation and enforcement, is an important part of the government’s assessment of whether a violation occurred, and if so, what action should be taken. In appropriate circumstances, DOJ and SEC may decline to pursue charges against a company based on the company’s effective compliance program, or may otherwise seek to reward a company for its program, even when that program did not prevent the particular underlying FCPA violation that gave rise to the investigation.
Id. (emphasis added; internal quotation marks and footnotes omitted).
The Guide also helpfully recognizes that effective compliance programs can take many forms depending on the type and extent of the business at issue. “Individual companies may have different compliance needs depending on their size and the particular risks associated with their businesses, among other factors. When it comes to compliance, there is no one-size-fits-all program. . . . Indeed, small- and medium-size enterprises likely will have different compliance programs from large multi-national corporations, a fact DOJ and SEC take into account when evaluating companies’ compliance programs.” Id. at 57.
Nonetheless, the Guide puts forth several broad factors that the agencies consider “hallmarks of effective compliance programs,” including: (1) a clearly articulated policy against corruption and senior management’s visible commitment to that policy; (2) a clear, concise, and accessible code of conduct, policies, and procedures that address key FCPA areas; (3) autonomy and resources for a senior compliance-focused executive; (4) periodic risk assessments of the company’s business; (5) regular training of employees; (6) disciplinary measures that serve as deterrents and incentives for compliant behavior; (7) as previously discussed, due diligence concerning third-party partners (including ongoing monitoring of them); (8) a confidential reporting structure regarding suspected misconduct; and (9) continuous improvement of the program through periodic testing and review. Id. at 57-62.
In sum, while the Guide does not contain any revelations into the agencies’ enforcement views, it is in the end comprehensive and helpful guidance, particularly as to the topics discussed above. It is certainly required reading for corporate compliance officers and counsel.