On July 3, 2020, the U.S. Department of Justice and the Securities and Exchange Commission issued a Second Edition of the Resource Guide to the U.S. Foreign Corrupt Practices Act (the Guide), representing the Guide’s first significant update since 2012. The release comes on the heels of DOJ’s modest revisions to its guidance on the Evaluation of Corporate Compliance Programs (DOJ Compliance Guidance) in June, which we discussed in detail here. Although notable updates to the Second Edition reflect familiar principles and priorities, the Guide remains a rare commentary and compilation from an enforcement body, providing critical insight into the government’s continually developing approach to eradicating (and punishing) foreign bribery.

M&A and the FCPA

The Second Edition speaks in greater depth about corporate successor liability, reflecting an increased expectation that companies will make compliance a touchstone throughout the life of a deal. That process does not conclude when the ink dries on a corporate merger or acquisition. Rather, post-acquisition diligence and integration efforts should be thorough and top of mind – especially when “robust” pre-acquisition due diligence was not done. As the DOJ’s Compliance Guidance explained in June, compliance personnel should ensure that an acquired entity and its employees are quickly incorporated into existing compliance expectations. The Second Edition also emphasizes that the FCPA Corporate Enforcement Policy affords favorable treatment to an acquiring company when it uncovers, timely remedies, and voluntary discloses a predecessor’s violations; even in the face of aggravating circumstances, declination is possible and the risk of enforcement is decreased. Even before the celebratory champagne flows, compliance should have a plan in place for near-term and ongoing assessment, including training legacy personnel, reevaluating legacy business practices and relationships, and conducting audits on new business units.

Resourcing and Evolution Remain Key

The Second Edition builds on its previous guidance regarding effective compliance programs and clarifies the government’s position that “the truest measure of an effective compliance program is how it responds to misconduct.” As we know from the June DOJ Compliance Guidance updates, this is measured “both at the time of the offense and at the time of the charging decision and resolution.” Once an allegation is made, companies should have a “properly funded” process in place to facilitate quick identification of the problem and how it occurred (analogized to a “root cause” analysis in the Second Edition), and to incorporate lessons learned as soon as practicable to strengthen the compliance program going forward.

The government expects that even the most battle-tested compliance program “will inevitably uncover weaknesses and require enhancements.” Sustainability (i.e., continuous monitoring and improvement and adequate resources) is key. As companies have long understood, an effective compliance program cannot be stale or a paper tiger. In the face of ever-changing operating environments, legal landscapes, industry standards, and customer profiles, compliance personnel should consider, be empowered to undertake and document, proactive evaluations tailored to their organization’s size and risk profile. In such cases, the government asserts that “meaningful credit” will be available if a problem is later discovered.

A Second Look at Accounting Controls

In addition to its well-known anti-bribery provisions, the FCPA contains accounting provisions (books-and-records and internal controls) that are alike in form, substance, and purpose to those promulgated under Sarbanes-Oxley. They similarly lack specifics: for instance, the FCPA fails to specify a particular set of controls that companies are required to implement; or specify the types of records needed to demonstrate the qualitative aspects of any given transaction. However, the Second Edition includes several key clarifications that companies should heed given the government’s increasing use of these provisions to enforce the FCPA in the absence of confirmed bribery. 

First, the Second Edition makes explicit that the FCPA’s internal controls provision refers to internal accounting controls, and that “a company’s internal accounting controls are not synonymous with a company’s compliance program.” While clearly encouraging separate accounting and compliance functions, the Second Edition notes that both systems should reflect and be tailored to a company’s “operational realities” and specific risk profile. Accordingly, the Second Edition states that effective compliance programs and internal controls may have (and likely should have) a number of overlapping components. 

Second, the Second Edition clarifies the government’s position that unlike the anti-bribery provisions—which specifically enumerate classes of people who can violate them—the accounting provisions apply to “any person,” allowing for often-nebulous and attenuated accomplice and conspiracy liability. Moreover, the Second Edition states the government’s view that criminal violations of the accounting provisions are subject to the more generous six-year statute of limitations provided for in 18 U.S.C. § 3301, which governs securities fraud offenses. 

Given their breadth and reach, the accounting provisions are a powerful tool in the government’s arsenal, and accounting controls should not be overlooked despite DOJ’s focus on compliance programs in recent years. Although the Guide does not explicitly say so, it suggests that accounting personnel should be equally empowered and resourced to continuously reevaluate risk and to identify areas for improvement. At a minimum, companies should take the simple step of ensuring that the right hand (accounting) is talking to the left (compliance) to minimize criminal exposure.

Conclusion

In general, the Second Edition reinforces DOJ’s and SEC’s view that adequately resourced and effective compliance programs, risk-based diligence and assessment and self-reporting are vital. As always, companies should pay careful attention to its updates and keep the Guide close as a valuable resource.