New FCPA Guidance by DOJ & SEC: Important, But No Sea Change

by Perkins Coie

On November 14, 2012, the Department of Justice (DOJ) and the Securities and Exchange Commission (SEC) issued their long-anticipated Resource Guide regarding the agencies’ enforcement of the Foreign Corrupt Practices Act (FCPA).  The 120-page Guide addresses, among other things, (1) the definition of a foreign official, (2) gifts and entertainment, and (3) the “hallmarks” of an effective corporate compliance program.  While the Guide does not represent a significant departure from the agencies’ prior positions, it offers several important clarifications and hypothetical case studies that corporate counsel should carefully review.

Emphasizing Importance of Effective Compliance Programs

The Guide highlights the importance of effective anti-corruption compliance programs and identifies the basic elements that DOJ and SEC consider when evaluating such programs.  The Guide notes that DOJ and SEC understand that “no compliance program can ever prevent all criminal activity by a corporation’s employees,” and that they do not hold companies to a standard of perfection.  The Guide reiterates the agencies’ prior claims that companies will receive meaningful credit if they implement in good faith a comprehensive, risk-based compliance program, even if that program does not prevent an infraction in a low-risk area because greater attention and resources had been devoted to a higher-risk area.  For example, the adequacy of the program may influence whether or not charges should be resolved through a deferred prosecution agreement (DPA) or non-prosecution agreement (NPA), as well as the length of any DPA or NPA, the term of corporate probation, the penalty amount or the need for a monitor versus self-reporting.  Conversely, the Guide warns that a company that fails to prevent an FCPA violation on an economically significant, high-risk transaction because it neglected to perform due diligence at a level commensurate with the size and risk of the transaction is likely to receive reduced credit based on the quality and effectiveness of its compliance program.

Although DOJ and SEC have no formulaic requirements regarding compliance programs, the Guide identifies the following “hallmarks” of an effective compliance program.  

  • Commitment From Senior Management and a Clearly Articulated Policy Against Corruption.  Senior management should clearly articulate company standards, communicate them in unambiguous terms, adhere to them scrupulously and disseminate them throughout the organization.  Such high-level commitment should be reinforced and implemented by middle managers and employees at all levels.   
  • Code of Conduct and Compliance Policies and Procedures.  A code of conduct that is clear, concise and accessible (in local languages) is a prerequisite for an effective compliance program. 

    Beyond a code of conduct, the compliance policies and procedures that a business needs will vary based on the size and nature of the business and the risks associated with the business. Among the risks that a company may need to address are the nature and extent of transactions with foreign governments, including payments to foreign officials; use of third parties; gifts, travel and entertainment expenses; charitable and political donations; and facilitating and expediting payments.

    Large, global companies may consider using web-based approval pro­cesses to review and approve routine gifts, travel and enter­tainment involving foreign officials and private customers with clear monetary limits and annual limitations. A system should have built-in flexibility so that senior manage­ment, or in-house legal counsel, can be apprised of and, in appropriate circumstances, approve unique requests. These types of systems can be a good way to conserve corporate resources while at the same time, if properly implemented, preventing and detecting potential FCPA violations.
  • Oversight, Autonomy and Resources.  A company should assign respon­sibility for the oversight and implementation of the com­pany’s compliance program to one or more specific senior executives who have appropriate authority within the organization, adequate autonomy from management and sufficient resources to ensure that the company’s compliance program is implemented effectively.  “Adequate autonomy” gener­ally includes direct access to an organization’s board of directors.  
  • Risk AssessmentOne-size-fits-all compliance programs are generally ill-conceived and ineffective because resources inevitably are spread too thin, with too much focus on low-risk markets and transactions to the detriment of high-risk areas.  The Guide cautions that “[d]evoting a disproportionate amount of time policing modest entertainment and gift-giving instead of focusing on large government bids, questionable payments to third-party consultants, or excessive discounts to resellers and distributors may indicate that a company’s compliance program is ineffective.”
  • Training and Continuing Advice.  Relevant policies and procedures should be com­municated throughout the organization, including through periodic training and certification for all directors, officers, relevant employees, and, where appropriate, agents and business partners. 
  • Incentives and Disciplinary MeasuresA compliance program should apply from the board room to the supply room—no one should be beyond its reach. A company should have appropri­ate and clear disciplinary procedures and should apply those proce­dures reliably and promptly.  Publicizing disciplinary actions internally can have an important deterrent effect, while positive incentives can also drive compliant behavior. 
  • Third-Party Due Diligence.  Although the degree of appropriate due diligence will vary based on industry, country, size and nature of the transaction, and historical relationship with the third party, three guiding principles always apply.

    First, as part of risk-based due diligence, a company should understand the qualifications and associations of its third-party partners, including each third-party partner’s business reputation and relationship, if any, with foreign officials. The degree of scrutiny should increase as red flags surface.

    Second, a company should have an understanding of the business rationale for including the third party in the transaction and ensure that the contract terms specifically describe the ser­vices to be performed.

    Third, a company should undertake some form of ongoing monitoring of third-party relationships.  Depending on the circumstances, this may include updating due diligence peri­odically, exercising audit rights, providing periodic train­ing and requesting annual compliance certifications by the third party.
  • Confidential Reporting and Internal Investigation.  An effective compliance program should include a mechanism for an organization’s employees and others to report suspected or actual misconduct on a confidential basis without fear of retaliation.  A company should also have in place an efficient, reliable and properly funded process for investigating any allegation made and documenting the company’s response, including any disciplinary or remediation measures taken.
  • Continuous Improvement: Periodic Testing and Review.  A good compliance program should constantly evolve.  A company should regularly review and improve its compliance program and not allow the program to become stale.  A company should also review and test its controls and think critically about its poten­tial weaknesses and risk areas.

Because each compliance program should be tailored to an organization’s specific needs, risks and challenges, these “hallmarks” should not be considered a substitute for a company’s own assessment of the corporate compliance program that is most appropriate for that particular business organization.  But, as the Guide instructs, “if designed carefully, implemented earnestly, and enforced fairly, a company’s compliance program—no matter how large or small the organization—will allow the company generally to prevent violations, detect those that do occur, and remediate them promptly and appropriately.”

Clarifying Who Is a “Foreign Official”

The Guide provides a non-exhaustive list of factors considered by DOJ and the SEC in determining whether a government “instrumentality” constitutes a foreign official under the FCPA.  The list, which echoes the agencies’ prior opinions, includes such factors as the foreign government’s degree of control over the entity, the circumstances surrounding the entity’s creation and the purpose of the entity’s activities.  The Guide adds that while no one factor is dispositive, an entity is unlikely to qualify as an instrumentality if a foreign government does not own or control a majority of its shares, unless other indicia of substantial control are present.  This clarification is significant, as it marks the first time DOJ or SEC has provided an ownership threshold to assist corporate counsel in assessing an instrumentality’s status.  The indicia of substantial control have been broadly construed by the agencies in the past, however, so companies should refrain from overreliance on the ownership threshold introduced by the Guide. 

Focusing on Intent of Gifts, Travel and Entertainment

The Guide also provides helpful clarifications regarding gifts, travel, entertainment and other things of value for foreign officials.  To violate the FCPA, such things of value must be given with corrupt intent—that is, the intent to improperly influence the government official.  The Guide thus instructs that DOJ and SEC are unlikely to investigate the provision of taxi fare, cups of coffee or company promotional items of nominal value.  In fact, neither agency has ever pursued an investigation based solely on such conduct in the past. 

Many have criticized the Guide, however, for failing to address what constitutes a “reasonable” meal or entertainment expense under the law.  While DOJ and SEC have made clear that $10,000 meals or entertainment expenses are unreasonable, they have not provided guidance for situations closer to the line that are more likely to vex corporate counsel. 

Encouraging M&A Due Diligence

DOJ and SEC may also decline to pursue an enforcement action when a company has taken steps toward FCPA compliance, including in the context of mergers and acquisitions.  The Guide encourages a company engaging in such corporate restructuring to conduct thorough FCPA and anti-corruption due diligence, conduct FCPA-specific audits of a newly acquired or merged business and implement FCPA-specific code of conduct and compliance training programs as quickly as practicable.

Reaffirming Value of Self-Reporting, Cooperation and Remedial Efforts

The Guide reaffirms what has long been conventional wisdom, namely that both DOJ and SEC place a high premium on self-reporting, along with cooperation and remedial efforts, in determining the appropriate resolution of FCPA matters.

In addition to considering whether a company has self-reported, cooperated and taken appropriate remedial actions, DOJ and SEC also consider the adequacy of a company’s compliance program when deciding what, if any, action to take.  The program may influence decisions made regarding whether or not charges should be resolved through a DPA or NPA (as well as the appropriate length of any DPA or NPA), the term of corporate probation or the penalty amount.


The Guide collects DOJ’s and SEC’s prior opinions and releases and provides helpful clarifications and hypothetical case studies for corporate counsel.  The Guide, however, is just that—a guide—and is not binding on courts or even the agencies themselves.  Corporate counsel should be cognizant that the guidance included in the Guide may change, perhaps even dramatically, as occurred earlier this year with the appointment of a new Serious Fraud Office (SFO) chief in the United Kingdom.  In statements from earlier this week, SFO Director David Green predicted an increase in UK Bribery Act prosecutions, despite earlier SFO guidance that certain technical infringements of the Act would not be pursued.  Nevertheless, the Guide provides a valuable tool for corporate counsel to check its compliance activities against the current expectations of DOJ and SEC.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Perkins Coie | Attorney Advertising

Written by:

Perkins Coie

Perkins Coie on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at:

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.