For the first time since the U.S. Foreign Corrupt Practices Act (FCPA) was enacted in 1977, the Department of Justice (DOJ) and the Securities and Exchange Commission (SEC) have jointly issued written guidance designed to provide additional clarity to the provisions of this increasingly prominent U.S. law. Following a recommendation of the OECD (Organization of Economic Cooperation and Development) that the United States consider issuing consolidated public guidance and calls from the U.S. Chamber of Commerce and other stakeholder groups for statutory amendments to the Act, the enforcement agencies issued a 120-page Resource Guide on the U.S. Foreign Corrupt Practices Act (the “Guide”).
On November 14, 2012, almost a year to the day after Assistant Attorney General Lanny Breuer announced that detailed guidance would be forthcoming, the agencies released a hefty Guide that addresses a host of issues, including all of the elements of the statute and each of the issues raised by the Chamber of Commerce and other groups in their calls for amending the statute. The Guide contains narrative discussions of key issues, hypotheticals, case summaries, “anonymized” examples of declinations, examples of violations, enforcement principles, over 400 footnotes and “practical tips” for reducing risk or complying with the law.
As discussed below, the Guide makes no sharp departures from current practice, but does confirm some previously unwritten enforcement policies and practices and explicitly clarifies the government’s view of provisions that may appear ambiguous to companies new to the statute and counsel who do not regularly practice in the area. Overall, the Guide clarifies the law and how it is applied by the enforcement agencies, expressly confirms pre-existing enforcement practices and policies, and consolidates current agency thinking in a single, comprehensive reference source.
The Guide addresses each of the issues raised by those championing changes to the FCPA but does not make the changes in the law or enforcement policies that those groups advocated. Advocates for change may nonetheless welcome the fact that written guidance has been issued, that the Guide extensively uses hypotheticals and examples, and that the agencies provided some comfort as to enforcement priorities regarding gifts and entertainment, successor liability, third-party due diligence, and extortion or duress.
Calls for guidance or clarification on the parameters of the FCPA – through either legislative amendments or administrative guidance – have gained little traction over the last 35 years. During the 1980s, when the FCPA was the only statute of its type in the world and when concerns about adverse competitive effects were most intense, a multi-year effort to soften the FCPA culminated in amendments in 1988 that made little practical difference to the substantive provisions of the statute. The 1988 amendments did, however, encourage the executive branch to push for agreement on international anticorruption conventions and directed the attorney general to determine, through public notice and comment, to what extent guidance would facilitate compliance and assist the business community. More than a year later, the DOJ invited comments on the idea of regulations or other guidance but ultimately dropped the matter without further comment. Amendments to the statute a decade later, in 1998, were limited to changes necessary to conform to the terms of the OECD Convention against public corruption.
Since 1977, the fast-growing area of U.S. anticorruption law has been replete with public settlements and plea agreements, but spare on published judicial decisions applying and interpreting the law. With only a few recent exceptions, judicial precedents and public challenges to agency interpretations have been rare. Similarly, the Opinion Release process available through the Justice Department has enjoyed relatively little popularity, and opinion releases typically contain neither the systemic application of law to relevant facts nor the ultimate rationales that would make those releases more instructive to the public.
As a result, interpretations of the statute have commonly been deduced from “case law” that consists of settlement documents – consent decrees, guilty pleas, deferred prosecution agreements and the like. While this “administrative jurisprudence” provides useful insights into enforcement attitudes, it is typically also the result of settlements between enforcement agencies that have considerable leverage and corporate or individual targets who are eager to resolve their issues and move on. Recent court cases have addressed a few key FCPA elements, but the Guide’s heavy citation of settled enforcement dispositions should remind readers that many agency positions articulated in the Guide have not yet been tested in court.
In its seven chapters, the Guide touches on each of the statute’s primary provisions. While it makes no sharp changes in direction, it does expressly clarify and confirm current enforcement practices and does so in impressive, if not comprehensive, detail. For this, the U.S. Chamber of Commerce and others can fairly claim some of the credit.
Less than 48 hours after the Guide was released, I had the privilege at the American Conference Institute’s annual FCPA conference of chairing a panel discussion of the Guide with senior enforcement officials from both the DOJ and the SEC. Immediately before that panel, Lanny Breuer, the assistant attorney general for the DOJ’s Criminal Division, addressed the more than 400 attendees of the conference. Both the panel and Assistant Attorney General Breuer’s remarks provided additional context and unique commentary on the Guide.
The small print of the Guide notes that it is “non-binding, informal, and summary” and that its text “does not constitute rules or regulations.” As a result, the Guide would have little legal authority if cited in court. At the same time, enforcement officials have confirmed that companies may reasonably rely on the Guide, cite its provisions when negotiating with the agencies, and expect the agencies to abide by its terms.
The Guide provides a number of clarifications of the jurisdictional quilt of the FCPA, in particular, jurisdiction over foreign subsidiaries of U.S. companies or issuers. Although the Guide does not definitively state that foreign subsidiaries are not directly subject to the FCPA’s antibribery provisions, enforcement officials do accept the point, but with a list of qualifications and admonitions about how the actions of foreign subsidiaries may cause them to become subject to the Act’s antibribery provisions.
For example, foreign subsidiaries, like any other foreign corporation or foreign individual, may become subject to FCPA jurisdiction under the FCPA’s newest jurisdictional provision – section 78dd-3 of the statute – by taking any action in furtherance of a corrupt payment “while in the territory of the United States.”
Notwithstanding some previous conversations in which enforcement officials have suggested that this provision might be broadly interpreted to encompass an “effects test” (i.e., causing an act in the United States), the Guide closely tracks the statutory language, which provides that such jurisdiction exists only when a foreign company or individual takes some prohibited action “while in the territory of the United States.”
The Guide also expresses the view that jurisdiction over a foreign entity will exist if an agent of a foreign entity takes actions in the territory of the United States, even if the foreign company itself (the principal of the agent) takes no action in U.S. territory.
The Guide further cautions its readers that a foreign entity may also subject itself to U.S. criminal jurisdiction if it aids and abets, conspires with, or acts as an agent of a U.S. company to violate the FCPA.
These various theories of jurisdiction suggest that although the antibribery provisions of the FCPA do not apply directly to a foreign subsidiary of a U.S. corporation or issuer, enforcement agencies will look closely to see if one of these alternative theories (some of which are based on related general criminal statutes, such as the federal conspiracy laws) may provide a jurisdictional basis for proceeding against the foreign subsidiary.
Finally, it should not be forgotten that many owned or controlled foreign subsidiaries are indirectly subject to the accounting provisions of the FCPA. This is because the accounting provisions provide that the failure of a controlled foreign subsidiary of a U.S. issuer to meet the accounting standards of the FCPA constitutes a violation of the Act by the U.S. issuer/parent. This provision has frequently been invoked when antibribery jurisdiction over the foreign subsidiary does not exist. These cases confirm the central point that foreign subsidiaries are not, without more, directly subject to the antibribery provisions of the FCPA.
A related issue is when, if ever, a U.S. corporation or an “issuer” can be held liable for improper payments made by a foreign subsidiary. Some critics of the FCPA have asserted that the enforcement agencies have improperly held U.S. companies liable for actions by a foreign subsidiary when the U.S. parent had no involvement and despite the fact that the foreign subsidiary was not itself subject to the antibribery provisions of the FCPA.
Language in settlement documents in some recent FCPA cases has fueled this confusion. In a few cases, U.S. companies have agreed to settlement documents stating that they “accept and acknowledge responsibility” for the actions of a foreign subsidiary. If the U.S. parent company directed, authorized or was actively involved in the subsidiary’s action, jurisdiction over the parent may properly exist, and the language could simply be a matter of imprecise or incomplete drafting or the omission of key facts from the public documents. Alternatively, the unreported facts might show that the foreign subsidiary was acting at the behest of its parent and serving as its parent’s agent – facts that create liability, enforcement officials would likely argue, on the part of both companies.
On its face, however, the language in these settlement documents suggests that an improper act of a foreign subsidiary is being attributed to a U.S. parent simply by virtue of the parent-subsidiary relationship. There is nothing in the FCPA that makes a U.S. parent company vicariously liable for an improper payment independently made by a foreign subsidiary. In the absence of evidence that the foreign subsidiary acted as an intermediary for the parent or acted as its parent’s agent, there is no statutory basis in the FCPA for holding the parent company liable.
The Guide, it must be said, is not the source of confusion on this point. Indeed, the Guide may effectively clarify this issue since its discussions of the various theories of jurisdiction and liability make no suggestion that a U.S. parent company can be held liable for the acts of a foreign subsidiary simply because the foreign subsidiary is owned or controlled by the U.S. parent.
This leads, finally, to a brief word on agency, and when a foreign subsidiary of a U.S. corporation or an issuer may be deemed to be acting as the agent of its parent. The Guide (in another section) confirms the agencies’ position that parents may be held liable for subsidiary conduct under “traditional agency principles” and that principles of respondeat superior may apply. The Guide further states that the agencies will focus on the parent’s control, both generally and in the context of the specific actions under investigation.
Accepting the larger point that liability may exist where an agency relationship exists, our reading of the law is that ownership or control, in and of itself, is insufficient to establish an agency relationship. Classic agency law requires that the principal authorize the agent to act on its behalf and the agent agree to the agency relationship. Although agency questions are fact specific and may be complicated, the point in this context is that ownership of a foreign subsidiary by a U.S. parent does not, in and of itself, create an agency relationship upon which FCPA jurisdiction can be extended.
That an acquiring company succeeds to the liabilities as well as the assets of any company it acquires is a broadly established principle, and not an issue unique to the FCPA. Advocates for amending the FCPA have argued that there should be no FCPA successor liability in such cases, that reasonable M&A due diligence should protect a company from successor liability, or that agencies should delineate what level of due diligence is “sufficient.” Agencies and others have responded that the risk of successor liability encourages due diligence, that enforcement agencies give acquiring companies a reasonable time to stop and remediate past violations of companies they acquire, and that they would create a loophole if companies were able to immunize themselves for past violations by reorganizing or by merging with another company.
The Guide defends and preserves the agencies’ views regarding the principle of successor liability and its potential applicability in M&A situations where pre-merger FCPA violations later come to light. At the same time, it discusses at some length that enforcement decisions will depend on the facts and circumstances, considered case by case. The Guide emphasizes the importance of thorough due diligence, quick responses to issues that emerge, and the vigor of remediation, citing cases in which such actions prompted enforcement officials to decline to take any action against the acquiring company.
Thus, the Guide does not offer a bright-line test for avoiding successor liability, but it does offer some comfort that companies that conscientiously seek to identify, address, and remedy bribery issues – either before or soon after closing – will be given considerable credit for doing so, and that the result may be a decision to take no enforcement action. The Guide also specifically provides that a company that acquires a foreign company that has not been subject to the FCPA will not be held retroactively liable for improper payments that the acquired company may have made prior to the acquisition. The concomitant caution, of course, is that if improper conduct continues after the time of the acquisition, it could create FCPA violations or related criminal liability (for example, under conspiracy laws) for the new combined company.
Some calls for reform and questions raised by some members of Congress featured concerns that companies could be subject to penalties or prosecution under the FCPA for modest gifts or hospitality for government officials, including paying for taxi rides and cups of coffee. The agencies, which had previously challenged such assertions as apocryphal and unrealistic, used the Guide to dismiss explicitly the notion that modest hospitality could give rise to an enforcement action.
The Guide expressly states that “for a gift or other payment to violate the statute, the payor must have corrupt intent,” a point that is clearly the case under the statute, if not one that the agencies have trumpeted in the past. It then dismissively deals with the taxi fare and modest meals examples: “it is difficult to envision any scenario in which the provisions of cups of coffee, taxi fare, or company promotional items of nominal value would ever evidence corrupt intent.” The Guide further notes the absence of any cases to the contrary, states that federal enforcement officials exercise prosecutorial discretion in this area, and adds that small gifts are mentioned in FCPA cases only when they are a part of a larger pattern of more egregious conduct.
The section of the Guide dealing with gifts and entertainment also includes examples and hypotheticals. Although the permissible examples cited may be marginally less generous than examples in the official guidance that accompanied the UK Bribery Act, the Guide clearly is designed to assure readers that minor gifts or hospitality generally are not FCPA issues. The string of hypotheticals notes, for example, that within the context of an appropriate inspection and training visit by officials, the provision of such benefits as business-class airfare for international travel, modestly priced dinners, and tickets to a baseball game and a play would not create an FCPA violation. Together with guidance suggesting that compliance resources should be deployed to address the most serious corruption risks, this section may diminish the disproportionate amount of compliance attention that has traditionally been devoted to questions of line-drawing and reasonableness of gifts, travel, and hospitality.
The definition of “foreign official,” among the most widely discussed issues in the recent policy debates, is really an issue about the definition of “instrumentalities.” The FCPA is clear that officers and employees of state instrumentalities are “foreign officials”; the uncertainty that sometimes arises is in determining whether or not an entity, most often a state-owned company, is an “instrumentality.” The foreign official/instrumentality issue typically arises not because a company is trying to determine whether it is free to pay a bribe but rather in the context of hosting and determining whether safeguards are necessary. If not in that circumstance, it may arise when a company is in search of a legal defense.
The Guide, undoubtedly to the frustration of some, restates that whether a company is an “instrumentality” requires a “fact-specific” analysis. The Guide cites a “non-exclusive list” of 11 factors that courts have used in jury instructions. (The requirement that the government prove every element of a crime leads to the instrumentality question being a jury question of fact absent a stipulation between the parties.) Beyond that, at least one enforcement official has also pointed out that if a company makes a good-faith analysis under the 11 factors but gets it wrong, the company is unlikely to have violated the law since it would not have met the knowledge element of the statute.
The Guide provides some further solace by stating that “as a practical matter, an entity is unlikely to qualify as an instrumentality if a government does not own or control a majority of its shares.” The Guide notes, however, that this principle is not universal, citing one exception involving a 43 percent government-owned company that was nonetheless found to be an instrumentality because the government otherwise had “substantial control” over the company. Even so, by giving heavy weight to share ownership, the Guide will simplify this issue in many situations and effectively eliminate entities in which governments have minority, passive investments, or so-called “golden shares” that carry with them no special powers of control.
The Guide contains an important discussion of internal accounting controls, one that highlights the distinction between “internal accounting controls,” the term in the statute, and “internal controls,” a term often used as shorthand but sometimes used to denote more than just financial or accounting controls.
The statement in the Guide that “an effective compliance program is a critical component of an issuer’s internal controls” could be read to suggest that a company’s obligation to maintain a system of effective internal accounting controls sweeps in a statutory obligation to maintain an anticorruption compliance program. Officials explaining the Guide have made clear that this was not the intent. An effective compliance program must, they insist, include effective accounting controls; however, the statutory requirement does not bootstrap in a requirement to have a compliance program.
The Guide helpfully lists components that should be included in controls over financial reporting. Among them are risk assessments, authorization and approval requirements, reconciliations, and segregation of duties. The Guide also notes that internal accounting controls should be tailored to the needs and circumstances of the company. Finally, SEC officials commenting on the Guide repeatedly have stated that a robust internal audit group carrying out regular, rigorous testing of the applicable controls is a critical component in the agency’s assessment of whether requisite controls are sufficient.
The discussion on internal controls in the Guide includes paragraphs on joint ventures, a subject that has received increasing levels of attention from enforcement authorities. The agencies’ basic approaches to joint ventures remain unchanged, but two mistakes appear on page 43 of the Guide. Although each is only a slight misstatement, each is substantively important.
The Guide first states that issuers are responsible for assuring that their controlled subsidiaries and affiliates comply with the FCPA’s accounting provisions, including foreign subsidiaries and “joint venture partners.” Consistent with the statute, the text should read “joint ventures,” not “joint venture partners.”
Second, the Guide notes that companies may not be able to control the actions of foreign subsidiaries if they lack legal control. It then restates the obligation of issuers with non-controlled foreign subsidiaries by referring to an ownership interest of “less than 50 percent.” Again, the language should track the statutory language and should say “50 percent or less,” not “less than 50 percent.” The difference, of course, is that 50-50 joint ventures, common in many parts of the world, are not controlled subsidiaries, and issuers generally cannot exercise control unless they have majority ownership of more than 50 percent.
In discussing the new Guide, enforcement officials acknowledged the editing errors and promised that the language would be corrected.
The FCPA, a statute for which “knowledge” is an element, defines “knowledge” to encompass more than actual knowledge and to include, for example, awareness that there is a “high probability” that a bribe will be paid. This language, together with FCPA penalty provisions that use the term “willfully” in defining penalties for individuals but not for corporations, has raised questions about corporate criminal liability and what distinguishes it from corporate civil liability.
Enforcement officials explaining the Guide have noted that, for criminal liability to apply to a company, there must be corporate “knowledge” (either through individual corporate employees or through the doctrine of “collective knowledge”) that would meet the standard for individual criminal liability. They have added that the prosecution of an individual is not a prerequisite for corporate criminal liability.
Asked if the mens rea requirement for criminal liability is legally sufficient when the statute’s knowledge standard is met through “willful blindness,” government lawyers unhesitatingly responded “yes,” adding that this is equally the case for corporations as individuals. Apart from a summary of the Kozeny case, which is now on appeal, the Guide says little about what facts are necessary to support a finding of a willful blindness violation of the FCPA or to constitute a conspiracy to violate the FCPA.
Although the FCPA nowhere includes the word “compliance” and although the statute’s only indirect reference to compliance is the requirement for maintaining a system of internal accounting controls, compliance and compliance programs receive more attention in the Guide than any other single topic. The discussion of compliance includes a listing of 10 “hallmarks” of an effective compliance program, a reminder that three of the nine factors in DOJ’s Principles of Federal Prosecution of Business Organizations (“Federal Principles”) relate to compliance, and a caution that compliance programs should be tailored to the risks and business profile of the company. This point will be relevant both to smaller companies assessing how to deploy limited resources and to larger corporations seeking to prioritize compliance initiatives on a global basis.
Officials emphasize that in investigations they will almost invariably want to assess a company’s compliance program, both at the time that issues arose and at the time of the investigation. The Guide reinforces their view that an effective program is measured by a company’s compliance culture, while noting helpfully that compliance programs are not expected to be perfect and that a single violation does not necessarily signify an ineffective compliance program.
Among the compliance program components featured in the Guide are two that have emerged as compliance best practices have continued to evolve. One is periodic testing and review of compliance programs. The Guide says that both agencies evaluate companies on this element, citing the value of employee surveys, targeted audits and “proactive evaluations.” Also featured are pre-acquisition due diligence and post-acquisition integration in the context of mergers and acquisitions. Reiterating the importance of these factors in applying the principle of successor liability, the Guide touts both the business and compliance virtues of effective due diligence before and immediately after an acquisition.
The call that an effective compliance program should be an affirmative defense to an FCPA violation finds no support in the Guide, and officials explaining the Guide rejected this proposal as categorically as they have in all prior public discussions of the issue. Their explanations highlighted the fact that the “adequate procedures” provisions of the new UK Bribery Act are a defense only to a strict liability form of payments liability under the new UK law, that the Federal Principles include eight additional factors that enter into prosecutorial decisions, and that such a defense would shift attention to the sufficiency of compliance programs rather than focusing on the underlying issue of improper payments.
One of the perennials of FCPA discussions is whether and when corporations should voluntarily disclose issues or violations to government enforcement officials. Consistent with the theme that enforcement officials have stressed over the past few years, the Guide states that both agencies place “a high premium” on self-reporting. The triad of factors that agencies emphasize in discussing this issue is timely disclosure, full cooperation and strong remediation. Although all three may not be enough to prevent an investigation or penalties, the Guide notes that self-reporting is an important factor in both DOJ and SEC guidance on enforcement.
The subject reappears in the Guide, if implicitly, in discussions about declinations and independent compliance monitors. The Guide provides six recent actual, but “anonymized,” examples of declinations – cases in which the agencies declined to prosecute. All six of the examples involved voluntary disclosure by the companies. Similarly, in its discussion of Compliance Monitors and when companies may be allowed to self-monitor, the Guide notes that self-monitoring is permitted “typically in cases when the company has made a voluntary disclosure.” And the discussion of the SEC’s first deferred prosecution agreement notes that the company in that case discovered the misconduct itself and “brought it to the government’s attention.”
Although precise predictability of the ultimate outcome does not come with voluntary disclosure, the Guide reiterates the agencies’ past assertions that they give significant credit for voluntary disclosure and cooperation. Seeking to quantify what credit may be, or has been, provided in a particular case requires asking the question, “compared to what?” Although the Guide does not state it specifically, the agencies’ answer would likely be that penalties ultimately imposed in cases of voluntary disclosure should be compared to the penalties that could be imposed under the Sentencing Guidelines.
Woven into the text and footnotes of the Guide are some acknowledgements of government theories of prosecution or jurisdiction of which those in the private sector should be aware. As discussed above, the agencies seek to take full advantage of broad statutory language that extends the antibribery provisions of the FCPA fully to agents, officers and shareholders that are acting for the company, even if they are foreign nationals or corporations with no other nexus to the United States. Although this may go beyond classic principles of territorial or nationality jurisdiction, enforcement agencies take the view that there is a jurisdictional basis for these extra-territorial features of the FCPA, and they can cite some settlements in support of their view.
Similarly, enforcement agencies plainly extend FCPA jurisdiction to foreign nationals and corporations that aid and abet, or conspire with, U.S. corporations in violating the FCPA or that serve as their agents in such violations. These theories are in addition to jurisdiction over issuers that are non-U.S. corporations and the broad exercise of territorial jurisdiction under section 78dd-3, through which foreign corporations may be covered if they use an instrumentality of interstate commerce while in the territory of the United States to take any action in furtherance of an antibribery violation.
Finally, the Guide reflects various ways in which the five-year statute of limitations may fail to protect against an FCPA prosecution. One is that the statute may be extended for up to three years through an ex parte, non-public proceeding before a judge (think of a search warrant) when it is necessary to gather evidence outside of the country. Also, a charge of conspiracy to violate the FCPA can be made so long as some part of the conspiracy was continuing during the statute of limitations period. And the position of the SEC is that the equitable remedy of disgorgement of profits does not end with the running of the statute.
Most common, the government may extend the statute of limitations through a tolling agreement between the company and the government. Whether a tolling agreement may properly be extended retroactively after lapsing is untested in the courts in the FCPA context.
Among the issues not directly addressed by the recent policy debate or the new Guide are the following, most of which could be addressed without guidelines, but that remain open issues for companies directly affected by FCPA enforcement and their counsel. These issues include:
By any measure, however, the sweep of the Guide is impressive and is a significant and unprecedented milestone in the administration of the U.S. Foreign Corrupt Practices Act.