DOJ and SEC Issue FCPA Guidance

by Cadwalader, Wickersham & Taft LLP

On November 14, 2012, the Department of Justice ("DOJ") and the Securities and Exchange Commission ("SEC") jointly issued their Resource Guide to the U.S. Foreign Corrupt Practices Act ("FCPA") (the "Guide") which is available here.1 In comments made on November 16, 2012 Assistant Attorney General Lanny Breuer described the Guide as "the most comprehensive effort ever undertaken by either the Justice Department or the SEC to explain our approach to enforcing a particular statute" and that as "the boldest manifestation of our transparent approach to enforcement, [it] will help businesses that are unsure of their obligations, and should therefore improve compliance." While the Guide explicitly warns that it is "non-binding, informal, and summary in nature, and...may not be relied upon to create any rights, substantive or procedural, that are enforceable at law by any party, in any criminal, civil, or administrative matter," at a recent FCPA conference, DOJ representatives stated that prosecutors will make a good faith effort to follow the Guide.

The Guide compiles and summarizes, in one convenient location, applicable laws, case precedents, and enforcement policies, as well as provides insight into the factors that DOJ and SEC consider when making their ultimate charging and settlement determinations. As such, the Guide will serve as a valuable resource for corporations, their officers, directors, employees and counsel.

The Business Purpose Test

The Guide correctly explains that the FCPA applies to payments intended to induce or influence a foreign official to use his or her position or influence "in order to obtaining or retaining business for or with, or directing business to, any person," or in order "to gain a business advantage." The Guide, however, adds that the "FCPA also prohibits bribes in the conduct of business," citing, among other things, "payments made to secure favorable tax treatment, to reduce or eliminate customs duties, to obtain government action to prevent competitors from entering a market, or to circumvent a licensing or permit requirement." The Guide describes it as the "business purpose test," thus potentially expanding the scope of the FCPA to cover payments that are business-related, although not necessarily made with the intention of obtaining or retaining business or gaining an unfair advantage in that regard. This interpretation is buttressed by examples cited by the government, including (1) "circumventing the rules for importation of products;" (2) "[g]aining access to non-public bid tender information;" (3) "influencing the adjudication of lawsuits or enforcement actions;" and (4) "obtaining exceptions to regulations." This is a somewhat broader interpretation of the Congressional intent set out in the 1988 legislative history. Although Congress cited its intent to cover payments to obtain "more favorable tax treatment," it also cautioned against expanding the prohibition to lobbying and other "normal representations to government officials."2 The Guide cites only recent settlements entered with companies in support for its broader interpretation.


The 1998 Amendments to the FCPA provided for alternative jurisdiction, based upon the nationality principle, to extend jurisdiction to include the acts of U.S. companies and nationals outside of the U.S., regardless of whether the U.S. mails or a means or instrumentality of interstate commerce is used in furtherance of a corrupt payment, and also extended the reach of the FCPA to prohibit the acts of non-U.S. entities and persons who, while in the territory of the U.S., use the mails or a means or instrumentality of interstate commerce in furtherance of the bribery of a foreign official. The Guide, however, states that "sending a wire transfer from or to a U.S. bank or otherwise using the U.S. banking system" is sufficient to satisfy the jurisdiction requirement. This would essentially cover financial transactions denominated in U.S. dollars that merely clear through correspondent accounts in the U.S.: a novel approach that has not been used in the past unless other acts in furtherance of the improper payment occurred in the U.S.

Instrumentality of a Foreign Government and Foreign Official

The scope of the terms "instrumentality of a foreign government" and "foreign official" has been contested by several defendants during the last two years. In these litigated cases, the federal trial courts accepted the government's interpretation of those terms, and the issue is currently pending before an appellate court.3 The Guide restates the position of the government that was upheld by the trial courts.

The Guide notes that many foreign governments operate through state-owned and state-controlled entities, and emphasizes that the determination as to whether such an entity satisfies the statutory requirement is "fact-specific." If the entity is found to be an instrumentality of a foreign government, its employees will be considered foreign officials under the FCPA. Citing to jury instructions approved by several trial courts in recent cases, the Guide sets forth a list of factors that companies should consider in determining whether an entity is an instrumentality of a foreign government. Although the Guide states that "an entity is unlikely to qualify as an instrumentality if a government does not own or control a majority of its shares," it describes various circumstances under which DOJ and SEC would consider an enterprise to be an instrumentality, including situations where a foreign government acts as a "special shareholder" of an entity, exercises control over its major expenditures and operational decisions, or has the ability to appoint members of a company's board.

Facilitation Payments

The Guide recognizes that facilitation payments can be made, but only in furtherance of routine governmental action that involves non-discretionary acts. These include, as provided in the Act, payments for the purpose of "processing visas, providing police protection or mail service, and supplying utilities such as phone service, power, and water." In a hypothetical discussion of the use of facilitation payments, the Guide states that a small, one-time payment to ensure that a clerk files and stamps a permit expeditiously, a service described as routine and non-discretionary, will not be prosecuted. Facilitation payments do not include, however, acts that are "within an official's discretion or that would constitute misuse of an official's office," such as having an official ignore the fact that a company does not have a valid permit to operate its business or that an individual does not have a valid visa. Although the Guide states that the purpose of the payment is more important than its size when assessing lawfulness,4 it makes it clear that "a large payment is more suggestive of corrupt intent to influence a non-routine governmental action."

Importantly, and notwithstanding their discussion of acceptable facilitation payments, DOJ and SEC strongly caution against the use of the payments. Although such payments are not illegal under the FCPA, the Guide states that facilitation payments may violate the FCPA's books and records provision if recorded incorrectly. Moreover, DOJ and SEC correctly warn that local law and/or other countries' foreign bribery laws may prohibit facilitation payments. The UK Bribery Act, which became effective in 2011, prohibits facilitation payments for companies subject to that law's broad reach.5 In this respect, the Guide is somewhat self-contradictory in that it goes to great lengths to describe various types of permissible facilitation payments, but simultaneously cautions against making such payments at all. Companies are well-advised, especially if they do business in the U.K. or other countries that have implemented the OECD Convention, to review their policies regarding facilitation payments, and strictly limit, if not prohibit, their use.

The Guide also acknowledges that a payment made under actual or threatened physical duress or a "true extortionate demand" does not violate the FCPA because "it is made in imminent threat of physical harm." Thus, in such situations, the payment is not made with corrupt intent or for the purpose of obtaining or retaining business. Such payments would include, among others, threats to health, safety, or property. However, economic coercion in order to provide business or extend a contract will not constitute extortion.

Gifts and Entertainment

Through both hypothetical examples and explicit statements, DOJ and SEC made a significant effort to promulgate clearer standards as to what constitute acceptable gifts, entertainment, and travel expenditures, and to eliminate certain myths about compliance. The Guide recognizes that "small gifts or token of esteem or gratitude," and "items of nominal value, such as pens and hats that bear the company's logo, cab fare, or reasonable meals and entertainment" are appropriate and "unlikely to influence any official." Indeed, neither DOJ nor SEC has ever pursued an investigation on the basis of such conduct. The Guide also finds acceptable the gift of a "moderately priced crystal vase" given to a foreign official customer as a "token of esteem" to celebrate the customer's wedding. The government cautions against gifts of cash or luxury items, or any gifts, regardless of size, given with corrupt intent, as well as "widespread gifts of smaller items as part of a pattern of bribes." In his comments following the release of the Guide, SEC Enforcement Director Robert Khuzami declared that, "it is not the $5 cup of coffee...but payments of real and substantial value that clearly represent an unambiguous intent to bribe a foreign official to obtain or retain business."6

With respect to the entertainment of foreign officials, the Guide notes that a party is unlikely to run afoul of the FCPA by providing "moderately" priced meals, or entertainment at sporting and theatrical events, and the expenditures have a "clear and legitimate business purpose." Any purposeful mischaracterization of gift or entertainment expenses may indicate a corrupt intent.

The Guide recommends that as part of an effective compliance program, a company establish "clear and accessible guidelines and processes" for entertainment and gift-giving, that include "automated gift-giving clearance processes" and "clear monetary thresholds... along with annual limitations[and] limited exceptions for gifts approved by appropriate management." It suggests that such tools may be an effective and efficient method of controlling entertainment and gift-giving and deterring improper ones.

Despite these helpful examples, however, the Guide leaves a considerable number of gray areas in which companies must continue to exercise judgment. For example, what constitutes a moderately priced crystal vase? And what about more frequent ceremonial gifts, such as customary presents given to celebrate cultural holidays? The Guide obviously could not address every possible example, and as such, compliance departments will continue to face questions from employees as they struggle to conform their conduct to company anti-corruption procedures.

The "Reasonable and Bona Fide Business Expenditure" Defense

DOJ and SEC have regularly recognized that a company may incur reasonable expenses for foreign officials related to the promotion of the company's products and services, the execution of an existing contract, or the provision of training required under a contract. In several opinion procedure releases, DOJ provided guidance about what constituted legitimate promotional and contract-related expenses.7 However, trips that are primarily for the personal entertainment of a foreign official "are not bona fide business expenses" and may violate the FCPA. Similarly, any expenditure, whether bona fide or not, that is mischaracterized or entered inaccurately in a company's books and records, or that is unauthorized or improper because of a company's failure to implement adequate internal controls, may also violate the accounting provisions of the FCPA.

To that end, the Guide lists a number of factors set out in its FCPA Opinion releases to be considered in determining the appropriateness of such expenditures and whether they are likely to violate the FCPA:

  • The visiting officials should be selected by their respective government agency rather than the inviting company, or selected according to pre-determined, merit-based criteria;
  • All costs should be paid directly to travel and lodging vendors, rather than to the foreign official directly, or reimbursed only upon presentation of receipts;
  • Funds should not be advanced and no reimbursement made in cash;
  • All expenditures should be "necessary and reasonable;"
  • All expenses should be transparent, both within the company and to the foreign government;
  • Payment of expenses should not be conditioned on any action by the foreign official;
  • Written confirmation should be obtained that the payment is not contrary to local law; and
  • All costs and expenses must be accurately recorded in the company's books and records.

The Guide recognizes that a company may provide business class travel to a foreign official for lengthy trips where the company's own employees are entitled to the same travel accommodation. The visiting officials may also be entertained at a moderately priced play or a sporting event. However, a company may not pay the expenses of an official's accompanying family members. These examples should provide some level of guidance to companies. Indeed, the entertainment provided to the hypothetical electricity commission in the Guide is more lavish than the entertainment proposed by the consortium of nineteen non-profit adoption agencies whose request for guidance is addressed in the DOJ Opinion Procedure Release 12-02 issued October 18, 2012. The proposal submitted to DOJ by the adoption agencies was for business class airfare only for the most high-ranking officials and coach airfare for the remaining ones, and entertainment events "of nominal cost" involving families who adopted children from the foreign officials' country. No other "entertainment, side trips, or leisure activities" were to be offered.

Reducing FCPA Risk in Acquisitions

DOJ and SEC make clear that, as in most areas of the law, a company that acquires the assets of another company also acquires its liabilities - including responsibility for the FCPA violations of the acquired company. However, the Guide offers the possibility that enforcement authorities might decline prosecution of successor companies because they conducted proper due diligence prior to an acquisition. Indeed, the Guide emphasizes that DOJ and SEC will give "meaningful credit" to, and may decline to bring enforcement actions altogether against, companies that undertake the following steps pre-acquisition:

  • Conduct thorough risk-based anti-corruption due diligence regarding potential new business acquisitions;
  • Ensure that the acquiring company's anti-corruption code of conduct and compliance policies are applied as quickly as practicable to the acquired businesses;
  • Train the directors, officers, and employees of the newly acquired business, as well as its agents and business partners where appropriate, on the FCPA and the company's code of conduct;
  • Conduct an FCPA-specific audit of all newly acquired businesses as quickly as practicable; and
  • Disclose to DOJ and SEC any corrupt payments that are uncovered during the due diligence process at the entity to be acquired.

Significantly, DOJ and SEC have declined to initiate enforcement actions against companies that conducted pre-acquisition due diligence, voluntarily disclosed the conduct to and cooperated with the agencies, and took remedial action. Action was only taken against successor companies in limited circumstances where the successor entity directly participated in the violations or failed to stop the misconduct from continuing after the acquisition or where there was "egregious and sustained" conduct. More typically, the government has proceeded against the acquired, rather than the acquiring, company where the latter uncovered and timely remedied the violations.

By way of example, the Guide discusses the due diligence review Pfizer Inc. conducted at Wyeth over an 18-month period following that acquisition, in order to identify any potential FCPA violations, and the manner in which Pfizer integrated its code of conduct and compliance policies at the former Wyeth business entities. DOJ "considered these extensive efforts... in its determination not to pursue a criminal resolution for the pre-acquisition improper conduct of Wyeth subsidiaries."

The Books and Records Provision of the FCPA

The Guide emphasizes that issuers are not expected to maintain their books and records with 100% accuracy but, rather, in "reasonable detail." Nonetheless, mischaracterizing transactions will always be viewed as a violation of the books and records provisions.

The new guidance provides a list of "misnomers" or mischaracterizations that have been used in the past to disguise improper payments, and this list may serve as an appropriate starting point on which to focus when conducting FCPA investigations and related document reviews. These mischaracterizations have included:

  • Commissions or Royalties
  • Consulting Fees
  • Sales and Marketing Expenses
  • Scientific Incentives or Studies
  • Travel and Entertainment Expenses
  • Rebates or Discounts
  • After Sales Service Fees
  • Miscellaneous Expenses
  • Petty Cash Withdrawals
  • Free Goods
  • Intercompany Accounts
  • Supplier/Vendor Payments
  • Write-Offs
  • "Customs Intervention" Payments

The Guide also emphasizes that an issuer is responsible for ensuring that subsidiaries and affiliates under its control, including foreign subsidiaries and joint ventures, comply with the accounting provisions.8

Similarly, the Guide notes that non-issuers can be held civilly and/or criminally liable for conspiring to violate the accounting provisions of the FCPA or for aiding and abetting an issuer's violations.

Guiding Principles of Enforcement

In large part, the Guide reiterates the considerations detailed in DOJ's Principles of Federal Prosecution of Business Organizations, and in SEC's Seaboard Report, regarding the elements these agencies consider in deciding whether to initiate any enforcement action. The Guide provides anonymized examples from actual cases that give some insight into the process.

Despite significant private sector clamoring for concrete metrics quantifying the benefits of self-reporting, cooperation, and the implementation of compliance programs, the Guide does not seek to attach specific value to these actions. Rather, by citing historical examples of actual cases, DOJ and SEC re-emphasize the importance both agencies attach to self-disclosure, cooperation, and compliance and to illustrate benefits other companies have received in potentially analogous contexts. Additionally, the Guide sets out instances in which both agencies have declined to take enforcement action at all and lists the elements that an effective compliance program should contain, signaling to companies that if their conduct falls within the cited examples, they can potentially expect to receive maximum cooperation credit from the government.

Credit for Self-Reporting, Cooperation, and Remedial Efforts

As expected, both agencies "place a high premium" on whether a company has made a voluntary disclosure, cooperated fully with the agencies, and undertook prompt remedial actions.

Credit for Implementing an Effective Compliance Program

The Guide identifies the elements that DOJ and SEC consider critical for a robust and properly implemented anti-corruption compliance program. Notably, the Guide acknowledges that effective compliance programs are "risk-based" rather than one-size-fits-all, and that a company's failure to prevent every single violation does not necessarily indicate that its compliance program "was not generally effective," as DOJ and SEC understand that "no compliance program can ever prevent all criminal activity by a corporation's employees."

The nature and effectiveness of a company's compliance program "may influence" the agencies' decision as whether or not to file charges, resolve them through either a deferred prosecution agreement or non-prosecution agreement, or the term of corporate probation. It will often affect the determination of the amount of the fines that should be imposed, and whether there is a need for the appointment of an independent monitor.

In assessing whether a compliance program is sufficiently robust and effective, DOJ and SEC will "employ a common-sense and pragmatic approach," focusing on three questions: (1) whether the program is well designed; (2) whether it is it "being applied in good faith;" and (3) whether it works. Although the details provided in the Guide largely echo specific provisions of recent FCPA settlement agreements, they shed fresh light on what companies should implement with respect to due diligence and oversight of third parties, and the training, disciplining and incentivizing of employees.

DOJ and SEC acknowledge that treating all third party representatives the same, irrespective of risk factors, for purposes of due diligence is ineffective. The Guide notes that the degree of appropriate due diligence is fact-specific and will vary based on industry, country, size, the nature of the transaction at issue, and the method and amount of a third-party payment. It lists the following elements as essential for effective due diligence of agents and third parties, including joint venture and other business partners:

  • It must be risk-based and "the degree of scrutiny should increase as red flags surface." It should include consideration of, among others things, the party's qualifications, including the party's business reputation, and relationship, if any, with foreign officials.
  • There should be a clear understanding of the business rationale for using the particular third party, the manner in which the party was introduced to the company, the exact role of the party, the reasonableness of the payments to be made to the party and whether those payment terms compare to typical terms in that industry and country.
  • The contract terms should specifically describe the services to be performed, the payment terms and their timing.
  • The company should confirm and document that the third party is actually performing the work for which it is being paid and that its compensation is commensurate with the work being provided.
  • The company should undertake some form of ongoing monitoring of the third party.
  • The company should determine whether it has informed the third party of the company's compliance program and commitment to ethical and lawful business practices and, where appropriate, whether it has sought assurances from the third party, through certifications and otherwise.

With respect to FCPA training, DOJ and SEC will consider whether a company has implemented an appropriate training program for all directors, officers, relevant employees, "and where appropriate, agents and business partners." In particular, the training should be targeted to different groups of employees in order to accurately apprise them of situations that they might encounter in their own lines of work. In addition, the agencies expect that a company will require directors, officers, relevant employees, as well as agents and business partners to provide certifications of compliance with anti-corruption policies.

Disciplinary action and incentives have long been recognized as important elements of a compliance program. DOJ and SEC recognize that disciplinary action in particular may have to be consistent with the applicable labor laws of the country where the individual is employed. Unlike the prior policy directives of DOJ, the Guide states that "positive incentives" can "drive compliant behavior," and recognize the use of bonuses and other incentives as rewards for compliance. It notes that employees can be rewarded financially and through other forms of recognition for improving and developing a company's compliance program, as well as for their leadership in ethics and compliance. It urges companies to make compliance a significant metric for management's bonuses.


As noted, the Guide sets out a number of instances in which DOJ and SEC declined to take any action against companies. Although the amount of the payments and level of involvement of management was an important consideration,9 the factors that ultimately led the agencies to refuse to initiate any enforcement action included:

  • Prompt initiation and conduct of a thorough internal investigation upon learning of a potential violation;
  • Self-reporting the violation to DOJ and SEC;
  • Full and meaningful cooperation with both agencies;
  • Severing ties and/or effectively disciplining employees involved;
  • Promptly severing ties with third parties and agents involved; and
  • Initiating prompt and effective remedial action, including improving compliance policies and internal controls, expanding the compliance group as needed, providing renewed training to employees.


The Resource Guide to the U.S. Foreign Corrupt Practices Act draws upon 34 years of investigative and prosecutorial experience of the two agencies charged with the enforcement of the Act. With its clear exposition of DOJ and SEC policies, it should prove to be of great use to corporations and their officers, directors and employees - as well as their counsel - in assisting them in their efforts to achieve full compliance with the FCPA.

For further information and advice regarding the Guide, you may contact any of the attorneys in Cadwalader's Business Fraud and Complex Litigation Group.

1 A Resource Guide to the U.S. Foreign Corrupt Practices Act, Criminal Division of the U.S. Dept. of Justice and Enforcement Division of the U.S. Securities and Exchange Commission (Nov. 14, 2012) ("The Guide"), available at
2 H.R. Rep. No. 100-576 (1988) at 1951-52.
3 See, e.g., Initial Brief of Appellant, United States v. Esquenazi, No. 11-15331-C (11th Cir. May 9, 2012).
4 See Non-Prosecution Agreement, In re Helmerich & Payne, Inc. (July 29, 2009), available at; Criminal Information, Vetco Gray Controls Inc., et al. No. 07-cr-4 No. (S.D. Tex. Jan. 2007), ECF Nos. 1-2, available at
5 See Bribery Act 2010, c.23 (Eng.), available at
6 Remarks During News Briefing About SEC-DOJ FCPA Guide, Robert Khuzami, Securities and Exchange Commission Director of the Division of Enforcement (Nov. 14, 2012).
7 FCPA Opinion Release 11-01 (June 30, 2011) (travel, lodging and meals for two officials to visit the U.S. for two days to observe U.S. adoption service providers); 08-03 (July 11, 2008) (stipend for minimal travel expenses to government-affiliated reporters to attend a press conference in another country); 07-02 (Sept. 11, 2007) (travel, lodging and meals for six foreign officials to attend a six week education program); 07-01 (July 24, 2007).
8 Although the Guide refers to "joint venture partners," both DOJ and SEC have acknowledged that they intended to include only joint ventures and not other entities owned by joint venture partners.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Cadwalader, Wickersham & Taft LLP | Attorney Advertising

Written by:

Cadwalader, Wickersham & Taft LLP

Cadwalader, Wickersham & Taft LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide

JD Supra Privacy Policy

Updated: May 25, 2018:

JD Supra is a legal publishing service that connects experts and their content with broader audiences of professionals, journalists and associations.

This Privacy Policy describes how JD Supra, LLC ("JD Supra" or "we," "us," or "our") collects, uses and shares personal data collected from visitors to our website (located at (our "Website") who view only publicly-available content as well as subscribers to our services (such as our email digests or author tools)(our "Services"). By using our Website and registering for one of our Services, you are agreeing to the terms of this Privacy Policy.

Please note that if you subscribe to one of our Services, you can make choices about how we collect, use and share your information through our Privacy Center under the "My Account" dashboard (available if you are logged into your JD Supra account).

Collection of Information

Registration Information. When you register with JD Supra for our Website and Services, either as an author or as a subscriber, you will be asked to provide identifying information to create your JD Supra account ("Registration Data"), such as your:

  • Email
  • First Name
  • Last Name
  • Company Name
  • Company Industry
  • Title
  • Country

Other Information: We also collect other information you may voluntarily provide. This may include content you provide for publication. We may also receive your communications with others through our Website and Services (such as contacting an author through our Website) or communications directly with us (such as through email, feedback or other forms or social media). If you are a subscribed user, we will also collect your user preferences, such as the types of articles you would like to read.

Information from third parties (such as, from your employer or LinkedIn): We may also receive information about you from third party sources. For example, your employer may provide your information to us, such as in connection with an article submitted by your employer for publication. If you choose to use LinkedIn to subscribe to our Website and Services, we also collect information related to your LinkedIn account and profile.

Your interactions with our Website and Services: As is true of most websites, we gather certain information automatically. This information includes IP addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp and clickstream data. We use this information to analyze trends, to administer the Website and our Services, to improve the content and performance of our Website and Services, and to track users' movements around the site. We may also link this automatically-collected data to personal information, for example, to inform authors about who has read their articles. Some of this data is collected through information sent by your web browser. We also use cookies and other tracking technologies to collect this information. To learn more about cookies and other tracking technologies that JD Supra may use on our Website and Services please see our "Cookies Guide" page.

How do we use this information?

We use the information and data we collect principally in order to provide our Website and Services. More specifically, we may use your personal information to:

  • Operate our Website and Services and publish content;
  • Distribute content to you in accordance with your preferences as well as to provide other notifications to you (for example, updates about our policies and terms);
  • Measure readership and usage of the Website and Services;
  • Communicate with you regarding your questions and requests;
  • Authenticate users and to provide for the safety and security of our Website and Services;
  • Conduct research and similar activities to improve our Website and Services; and
  • Comply with our legal and regulatory responsibilities and to enforce our rights.

How is your information shared?

  • Content and other public information (such as an author profile) is shared on our Website and Services, including via email digests and social media feeds, and is accessible to the general public.
  • If you choose to use our Website and Services to communicate directly with a company or individual, such communication may be shared accordingly.
  • Readership information is provided to publishing law firms and authors of content to give them insight into their readership and to help them to improve their content.
  • Our Website may offer you the opportunity to share information through our Website, such as through Facebook's "Like" or Twitter's "Tweet" button. We offer this functionality to help generate interest in our Website and content and to permit you to recommend content to your contacts. You should be aware that sharing through such functionality may result in information being collected by the applicable social media network and possibly being made publicly available (for example, through a search engine). Any such information collection would be subject to such third party social media network's privacy policy.
  • Your information may also be shared to parties who support our business, such as professional advisors as well as web-hosting providers, analytics providers and other information technology providers.
  • Any court, governmental authority, law enforcement agency or other third party where we believe disclosure is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights, the rights of any third party or individuals' personal safety, or to detect, prevent, or otherwise address fraud, security or safety issues.
  • To our affiliated entities and in connection with the sale, assignment or other transfer of our company or our business.

How We Protect Your Information

JD Supra takes reasonable and appropriate precautions to insure that user information is protected from loss, misuse and unauthorized access, disclosure, alteration and destruction. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. You should keep in mind that no Internet transmission is ever 100% secure or error-free. Where you use log-in credentials (usernames, passwords) on our Website, please remember that it is your responsibility to safeguard them. If you believe that your log-in credentials have been compromised, please contact us at

Children's Information

Our Website and Services are not directed at children under the age of 16 and we do not knowingly collect personal information from children under the age of 16 through our Website and/or Services. If you have reason to believe that a child under the age of 16 has provided personal information to us, please contact us, and we will endeavor to delete that information from our databases.

Links to Other Websites

Our Website and Services may contain links to other websites. The operators of such other websites may collect information about you, including through cookies or other technologies. If you are using our Website or Services and click a link to another site, you will leave our Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We are not responsible for the data collection and use practices of such other sites. This Policy applies solely to the information collected in connection with your use of our Website and Services and does not apply to any practices conducted offline or in connection with any other websites.

Information for EU and Swiss Residents

JD Supra's principal place of business is in the United States. By subscribing to our website, you expressly consent to your information being processed in the United States.

  • Our Legal Basis for Processing: Generally, we rely on our legitimate interests in order to process your personal information. For example, we rely on this legal ground if we use your personal information to manage your Registration Data and administer our relationship with you; to deliver our Website and Services; understand and improve our Website and Services; report reader analytics to our authors; to personalize your experience on our Website and Services; and where necessary to protect or defend our or another's rights or property, or to detect, prevent, or otherwise address fraud, security, safety or privacy issues. Please see Article 6(1)(f) of the E.U. General Data Protection Regulation ("GDPR") In addition, there may be other situations where other grounds for processing may exist, such as where processing is a result of legal requirements (GDPR Article 6(1)(c)) or for reasons of public interest (GDPR Article 6(1)(e)). Please see the "Your Rights" section of this Privacy Policy immediately below for more information about how you may request that we limit or refrain from processing your personal information.
  • Your Rights
    • Right of Access/Portability: You can ask to review details about the information we hold about you and how that information has been used and disclosed. Note that we may request to verify your identification before fulfilling your request. You can also request that your personal information is provided to you in a commonly used electronic format so that you can share it with other organizations.
    • Right to Correct Information: You may ask that we make corrections to any information we hold, if you believe such correction to be necessary.
    • Right to Restrict Our Processing or Erasure of Information: You also have the right in certain circumstances to ask us to restrict processing of your personal information or to erase your personal information. Where you have consented to our use of your personal information, you can withdraw your consent at any time.

You can make a request to exercise any of these rights by emailing us at or by writing to us at:

Privacy Officer
JD Supra, LLC
10 Liberty Ship Way, Suite 300
Sausalito, California 94965

You can also manage your profile and subscriptions through our Privacy Center under the "My Account" dashboard.

We will make all practical efforts to respect your wishes. There may be times, however, where we are not able to fulfill your request, for example, if applicable law prohibits our compliance. Please note that JD Supra does not use "automatic decision making" or "profiling" as those terms are defined in the GDPR.

  • Timeframe for retaining your personal information: We will retain your personal information in a form that identifies you only for as long as it serves the purpose(s) for which it was initially collected as stated in this Privacy Policy, or subsequently authorized. We may continue processing your personal information for longer periods, but only for the time and to the extent such processing reasonably serves the purposes of archiving in the public interest, journalism, literature and art, scientific or historical research and statistical analysis, and subject to the protection of this Privacy Policy. For example, if you are an author, your personal information may continue to be published in connection with your article indefinitely. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
  • Onward Transfer to Third Parties: As noted in the "How We Share Your Data" Section above, JD Supra may share your information with third parties. When JD Supra discloses your personal information to third parties, we have ensured that such third parties have either certified under the EU-U.S. or Swiss Privacy Shield Framework and will process all personal data received from EU member states/Switzerland in reliance on the applicable Privacy Shield Framework or that they have been subjected to strict contractual provisions in their contract with us to guarantee an adequate level of data protection for your data.

California Privacy Rights

Pursuant to Section 1798.83 of the California Civil Code, our customers who are California residents have the right to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes.

You can make a request for this information by emailing us at or by writing to us at:

Privacy Officer
JD Supra, LLC
10 Liberty Ship Way, Suite 300
Sausalito, California 94965

Some browsers have incorporated a Do Not Track (DNT) feature. These features, when turned on, send a signal that you prefer that the website you are visiting not collect and use data regarding your online searching and browsing activities. As there is not yet a common understanding on how to interpret the DNT signal, we currently do not respond to DNT signals on our site.

Access/Correct/Update/Delete Personal Information

For non-EU/Swiss residents, if you would like to know what personal information we have about you, you can send an e-mail to We will be in contact with you (by mail or otherwise) to verify your identity and provide you the information you request. We will respond within 30 days to your request for access to your personal information. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why. If you would like to correct or update your personal information, you can manage your profile and subscriptions through our Privacy Center under the "My Account" dashboard. If you would like to delete your account or remove your information from our Website and Services, send an e-mail to

Changes in Our Privacy Policy

We reserve the right to change this Privacy Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our Privacy Policy will become effective upon posting of the revised policy on the Website. By continuing to use our Website and Services following such changes, you will be deemed to have agreed to such changes.

Contacting JD Supra

If you have any questions about this Privacy Policy, the practices of this site, your dealings with our Website or Services, or if you would like to change any of the information you have provided to us, please contact us at:

JD Supra Cookie Guide

As with many websites, JD Supra's website (located at (our "Website") and our services (such as our email article digests)(our "Services") use a standard technology called a "cookie" and other similar technologies (such as, pixels and web beacons), which are small data files that are transferred to your computer when you use our Website and Services. These technologies automatically identify your browser whenever you interact with our Website and Services.

How We Use Cookies and Other Tracking Technologies

We use cookies and other tracking technologies to:

  1. Improve the user experience on our Website and Services;
  2. Store the authorization token that users receive when they login to the private areas of our Website. This token is specific to a user's login session and requires a valid username and password to obtain. It is required to access the user's profile information, subscriptions, and analytics;
  3. Track anonymous site usage; and
  4. Permit connectivity with social media networks to permit content sharing.

There are different types of cookies and other technologies used our Website, notably:

  • "Session cookies" - These cookies only last as long as your online session, and disappear from your computer or device when you close your browser (like Internet Explorer, Google Chrome or Safari).
  • "Persistent cookies" - These cookies stay on your computer or device after your browser has been closed and last for a time specified in the cookie. We use persistent cookies when we need to know who you are for more than one browsing session. For example, we use them to remember your preferences for the next time you visit.
  • "Web Beacons/Pixels" - Some of our web pages and emails may also contain small electronic images known as web beacons, clear GIFs or single-pixel GIFs. These images are placed on a web page or email and typically work in conjunction with cookies to collect data. We use these images to identify our users and user behavior, such as counting the number of users who have visited a web page or acted upon one of our email digests.

JD Supra Cookies. We place our own cookies on your computer to track certain information about you while you are using our Website and Services. For example, we place a session cookie on your computer each time you visit our Website. We use these cookies to allow you to log-in to your subscriber account. In addition, through these cookies we are able to collect information about how you use the Website, including what browser you may be using, your IP address, and the URL address you came from upon visiting our Website and the URL you next visit (even if those URLs are not on our Website). We also utilize email web beacons to monitor whether our emails are being delivered and read. We also use these tools to help deliver reader analytics to our authors to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

Analytics/Performance Cookies. JD Supra also uses the following analytic tools to help us analyze the performance of our Website and Services as well as how visitors use our Website and Services:

  • HubSpot - For more information about HubSpot cookies, please visit
  • New Relic - For more information on New Relic cookies, please visit
  • Google Analytics - For more information on Google Analytics cookies, visit To opt-out of being tracked by Google Analytics across all websites visit This will allow you to download and install a Google Analytics cookie-free web browser.

Facebook, Twitter and other Social Network Cookies. Our content pages allow you to share content appearing on our Website and Services to your social media accounts through the "Like," "Tweet," or similar buttons displayed on such pages. To accomplish this Service, we embed code that such third party social networks provide and that we do not control. These buttons know that you are logged in to your social network account and therefore such social networks could also know that you are viewing the JD Supra Website.

Controlling and Deleting Cookies

If you would like to change how a browser uses cookies, including blocking or deleting cookies from the JD Supra Website and Services you can do so by changing the settings in your web browser. To control cookies, most browsers allow you to either accept or reject all cookies, only accept certain types of cookies, or prompt you every time a site wishes to save a cookie. It's also easy to delete cookies that are already saved on your device by a browser.

The processes for controlling and deleting cookies vary depending on which browser you use. To find out how to do so with a particular browser, you can use your browser's "Help" function or alternatively, you can visit which explains, step-by-step, how to control and delete cookies in most browsers.

Updates to This Policy

We may update this cookie policy and our Privacy Policy from time-to-time, particularly as technology changes. You can always check this page for the latest version. We may also notify you of changes to our privacy policy by email.

Contacting JD Supra

If you have any questions about how we use cookies and other tracking technologies, please contact us at:

- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.