Guidance on the FCPA Resource Guide from Steptoe & Johnson, LLP

Below we highlight a few of the Guide’s more noteworthy points with respect to DOJ and SEC’s interpretation of the FCPA’s antibribery and accounting provisions; current FCPA enforcement policy; and compliance program expectations.

FCPA Antibribery Elements

The Guide’s treatment of the elements of the FCPA’s antibribery provisions generally resists calls for bright-line guidance regarding definitions of foreign officials and instrumentalities or the size or amount of payments that will be considered “anything of value.” It nonetheless offers useful insights regarding DOJ and SEC’s interpretation of, and enforcement policy with respect to, these and other elements of the antibribery provisions.

Anything of Value – Gifts, Meals, Entertainment, and Travel. The Guide recognizes that small gifts and reasonable meals, entertainment, and promotional expenses can be a legitimate part of conducting business. It suggests that corrupt intent is what causes hospitality to cross a line from proper to improper, noting that past enforcement actions generally have targeted travel and entertainment expenses that “occurred in conjunction with other conduct reflecting systemic bribery or other clear indicia of corrupt intent.”[3] While offering no de minimis exception for gifts and meals, as proposed by some commentators and critics, the Guide goes as far as stating that “it is difficult to envision any scenario in which the provision of cups of coffee, taxi fare, or company promotion items of nominal value would ever evidence corrupt intent.”[4] Additionally, the Guide notes that, while large, extravagant gifts will likely evidence corrupt intent, smaller gifts will not, unless part of a pattern evidencing a corrupt scheme to improperly influence officials. The Guide describes the “hallmarks of appropriate gift-giving” as gifts “given openly and transparently, properly recorded in the giver’s books and records, provided only to reflect esteem or gratitude, and permitted under local law”[5] It notes that effective compliance programs should include “clear and easily accessible guidelines and processes,” with many “larger companies” choosing to automate clearance processes, set monetary thresholds and annual limitations, and permit “limited exceptions” with approval by “appropriate management.”[6] Consistent with a DOJ Opinion Procedure Release (OPR) from earlier this year, the Guide endorses a hypothetical scenario involving provision of business class air travel for foreign officials in appropriate circumstances.[7] While several of the Guide’s  hypothetical examples fall fairly clearly on one side or the other of a sometimes blurry line dividing appropriate from inappropriate gifts, entertainment, and travel,[8] they nonetheless may offer useful guideposts when analyzing the many more challenging questions that arise in the course of companies’ day-to-day operations.

Anything of Value – Charitable Contributions. The Guide emphasizes that legitimate charitable giving does not violate the FCPA, but that proper risk-based due diligence and controls are essential for ensuring donations are not “used as a vehicle to conceal” corrupt payments.[9] In its discussion of charitable contributions, the Guide sheds new light on the sole FCPA enforcement action arising solely out of charitable giving, Schering-Plough, including that there were internal documents indicating that employees viewed the payments as “dues” required to be paid to gain assistance from a government official, rather than as legitimate charitable donations.[10] Additionally, this is one of several areas in which the Guide uses formally non-binding OPRs to illustrate DOJ’s enforcement policy, citing previous OPRs for examples of what DOJ views as appropriate risk-based due diligence, ongoing monitoring, and other controls on donations.[11] The Guide’s section on charitable contributions is unique in offering an enumerated list of “questions to consider” when evaluating a proposed course of conduct.[12]

Foreign Officials and Instrumentalities. One of the most eagerly anticipated areas of guidance relates to the definition of “foreign official” under the FCPA, and in particular how DOJ and SEC evaluate whether an entity is an “instrumentality” such that its employees are “foreign officials.” As a threshold matter, the Guide stresses that the FCPA prohibits payments to foreign officials and not foreign governments, while advising that payments to governments – including contributions or donations – should be made with controls ensuring funds are not used for corrupt purposes, “such as the personal benefit of individual foreign officials.”[13] The Guide also reflects DOJ and SEC’s position that an “actor need not know the identity of the [bribe] recipient” to commit an offense[14] – a position that is currently contested in individual litigation[15] and has been disclaimed in recent court opinions.[16] With respect to guidance on the definition of “instrumentality,” those hoping for a bright-line test were left wanting. The Guide instead reiterates that the analysis is fact-specific –requiring consideration of an entity’s ownership, control, status, and function – and consolidates a list of non-exclusive factors approved by courts in the Esquenazi, Carson, and Aguilar cases.[17] The Guide does helpfully suggest that majority ownership or control is a dominating factor: “an entity is unlikely to qualify as an instrumentality if a government does not own or control a majority of its shares.”[18] In the same breath, however, the Guide cautions that no one factor is dispositive and that an entity with minority government shareholding or control could be deemed an instrumentality, such as where the government controls essential elements of the entity’s operations or political appointees hold important positions. Moreover, the Guide warns that bribes paid to private individuals risk prosecution under the FCPA’s accounting provisions, the Travel Act, anti-money laundering laws, and other laws.[19]

Promotional Expense Affirmative Defense. In addition to affirming that, absent corrupt intent, reasonable gifts, meals, and entertainment do not violate the antibribery provisions, the Guide separately addresses the availability of the affirmative defense for reasonable and bona fide travel and lodging expenses that are directly related to the promotion, demonstration, or explanation of products or services or the execution or performance of a contract. Not surprisingly, the Guide emphasizes that “trips that are primarily for personal entertainment purposes” are not bona fide.[20] It also compiles a “non-exhaustive list of safeguards” from its OPRs to guide the fact-specific analysis of whether particular expenses qualify for the affirmative defense.[21]

No news is good news? The Guide offers no new, major insights on the interpretation of corrupt intent, willfulness, the business purpose test, treatment of third parties, facilitating payments, or the local law affirmative defense. In each of those sections, the Guide largely restates congressional intent statements, court interpretations, or prior settled actions without adding any appreciably new information.

Accounting Provisions

Books and Records. The Guide’s discussion of the FCPA’s antibribery provisions notes that improper recording of expenses may be viewed as evidence of corrupt intent.[22] In its discussion of the accounting provisions, the Guide emphasizes that there is no materiality threshold for books and records violations, while observing that DOJ and SEC’s enforcement has generally has involved “misreporting of either large bribe payments or widespread inaccurate recording of smaller payments made as part of a systematic pattern of bribery.”[23]

Internal Controls. While the FCPA refers to systems of “internal accounting controls,” the Guide reiterates a position reflected in many DOJ and SEC enforcement actions that treat “an effective compliance program” as a “critical component of an issuer’s internal controls.”[24] These controls should include, inter alia, a tone of integrity, risk assessments, policies and procedures, communication, and monitoring.[25] The Guide as originally issued incorrectly stated that an issuer must use “best efforts” to cause subsidiaries or affiliates in which it holds “less than 50%” to devise and maintain a system of internal accounting controls.[26] In fact, the statutory requirement is one of “good faith” and “to the extent reasonable under the issuer’s circumstances,” and applies with respect to subsidiaries or affiliates in which the issuer holds “50 percentum or less” of the voting power.[27] The Guide has now been corrected in the version posted by DOJ to its website.

Jurisdiction

Antibribery Provisions. The Guide re-affirms the Government’s aggressive stance on FCPA jurisdiction, particularly with respect to non-US persons. For example, in past enforcement actions DOJ has asserted jurisdiction over non-US persons under 15 U.S.C. § 78dd-3 based on isolated meetings in – or telephone calls, emails, or wire transfers to or from – the United States.[28] It also has grounded jurisdiction on the indirect use of “correspondent accounts” that foreign banks maintain at US banks to clear dollar-denominated transactions.[29] Further, the Guide maintains that 15 U.S.C. §78dd-3 confers jurisdiction whenever a foreign person merely causes an act to be done in the United States by an agent.[30] The Guide also continues to advance expansive theories of agency, conspiracy, and aiding and abetting to reach non-US persons “regardless of whether the foreign national or company itself takes any action in the United States.”[31] The Guide does not address recent judicial challenges by individual defendants to DOJ’s broad assertions of jurisdiction. These have included challenges both to DOJ’s expansive interpretation of the phrase “while in the territory of the United States” under 15 U.S.C. § 78dd-3,[32] as well as arguments that individual defendants had insufficient contacts with the United States to support an assertion of personal jurisdiction.[33] The Guide does not address these potential limitations to jurisdiction, and gives no indication that DOJ or SEC intend to retreat from their prior, aggressive positions in this area.

Accounting Provisions. While noting that the FCPA’s accounting provisions only apply directly to issuers, the Guide stresses that individuals, subsidiaries, and private companies may be liable for aiding and abetting, conspiring to commit, or causing violations by an issuer, for falsifying an issuer’s books and records, or for circumventing internal controls.[34] The Guide also highlights liability risks for certain officers or directors as control persons, for false statements to auditors, and for false certifications under the Sarbanes-Oxley Act of 2002, as well as the risk of criminal liability for companies for knowing violations of the accounting provisions and for individuals for knowing and willful violations.[35]

Parent, Successor, and Target Liability

One of the most important parts of the Guide is its section on parent, successor, and target company liability, as it represents the first attempt of DOJ and SEC to articulate explicitly the policies and principles that govern their enforcement actions in this area. As the cases have proliferated, so has confusion about even some basic premises. Groups seeking reform of the FCPA had targeted the M&A area as key for cutting back on successor liability.

Parent-Subsidiary Liability. The Guide begins its discussion of liability in the context of corporate transactions with a summary of parent-subsidiary liability generally.[36] It reinforces that traditional principles of parent-subsidiary liability – agency and respondeat superior – apply to FCPA cases just as they do in other areas. As a result, the Guide makes clear the agencies’ view that a parent may be held liable for the acts of its subsidiaries in at least two ways: first, directly, as a result of its own knowledge of and involvement in the acts of its subsidiary; and second, under traditional agency principles. Whether the Government will view a subsidiary as the agent of its parent depends not only on the formal relationship between the parent and subsidiary, but also on the degree of actual control the parent exercises. If an agency relationship exists, the Guide makes clear that DOJ and SEC will apply the respondeat superior doctrine and find the parent liable for the acts of its subsidiary. 

Successor Liability vs. Liability for Acts of an Acquired Subsidiary. The Guide devotes nearly seven pages to the subject of “successor liability,”[37] beginning with a general discussion of the risks – both legal and commercial – of entering into corporate transactions without conducting sufficiently robust FCPA-focused due diligence. The Guide states clearly that DOJ and SEC view liability of a successor company for the acts of a corporate predecessor as an “integral component of corporate law” and that nothing relating to FCPA enforcement alters that principle. In its discussion of when SEC and DOJ will seek to hold acquiring companies liable for the acts of their acquired entities, however, the Guide appears to conflate two related but analytically distinct scenarios: true successor liability, where a corporate entity has acquired another entity with FCPA liabilities and subsequently merged or amalgamated with it, and liability of a buyer for the acts of an acquired company that remains a separate legal entity.

Enforcement Intentions and Hypotheticals. Notwithstanding the conflation of these two distinct scenarios, the Guide provides a useful restatement of DOJ and SEC’s enforcement history in this area, including when they have held acquirers liable as true successors, and when they have brought enforcement actions only against a target company that survives the transaction. A series of six hypothetical factual scenarios divided into two sections – where the acquisition target is subject to the FCPA and where it is not – is provided. The hypotheticals highlight the importance the agencies place on pre-acquisition due diligence, post-closing remediation and training, voluntary disclosure, and cooperation with any Government investigations. Where companies engage in robust efforts, the Guide indicates that the agencies are unlikely to hold them liable directly or as a successor (although the target will remain liable for any prior violations). Where companies do not, however, the Guide states that the agencies are more likely to bring an enforcement action against the acquirer. That said the Guide is clear that – where a target was not subject to the FCPA prior to an acquisition (which typically arises when the acquired company is a non-US entity operating in a local market outside of US jurisdiction) – the mere fact of an acquisition does not create successor liability for the acquiring company for the target’s pre-acquisition conduct.

Enforcement Guidance

The Guide’s discussion of enforcement principles, penalties, sanctions, remedies, and resolutions largely summarizes existing DOJ and SEC guidance on these topics,[38] but provides some additional information on the application of these principles in the particular context of FCPA matters. It also highlights concrete benefits that may accrue to companies with effective compliance programs, identifies factors for determining whether a monitor is appropriate, and – for the first time – provides (anonymized) examples of matters DOJ and SEC have declined to pursue.

Self-Reporting and Cooperation. The Guide, as expected, emphasizes the “high premium” placed on voluntary and timely self-reporting, cooperation, and the implementation of meaningful remedial measures in determining the appropriate resolution of an FCPA matter as to a company.[39] By explaining, with some specificity, that these factors may reduce a company’s culpability score under the US Sentencing Guidelines, and thereby lead to fine reductions under the Guidelines, DOJ – while not guaranteeing a specific outcome or being formulaic – provides some tangible evidence of the benefits that may be afforded to companies who self-report, cooperate, and implement meaningful remedial measures.[40] SEC makes similar statements, which are important, but given the operation of its penalty regime, it is not able to say how these factors, in specific quantitative terms, will affect its penalty determinations.[41]

Role of Compliance Programs. The Guide also re-affirms the Government’s long-held position that the adequacy and effectiveness of a company’s compliance program plays a significant role in the resolution of FCPA matters.[42] The adequacy and effectiveness of such programs may influence whether a Deferred Prosecution Agreement (DPA) or Non-Prosecution Agreement (NPA) is used, the length of any DPA or NPA imposed, the penalty amount, and whether a monitor or on-going self-reporting is required.[43] What is new in the Guide, as a result of declining to bring a criminal or civil action against Morgan Stanley in connection with the activities of one of its executives, is the Government’s recognition that it “may decline to pursue charges against a company based on the company’s effective compliance program, or may otherwise seek to reward a company for its program, even when that program did not prevent the particular underlying FCPA violation that gave rise to the investigation.”[44] This is as close as the Guide comes to the compliance defense that a number of commentators have sought. While some have expressed disappointment that DOJ and SEC did not go further in the Guide, this position should be no surprise.

Compliance Expectations for Small and Medium Enterprises. While the Government’s public acknowledgement that it may decline to pursue charges against a company based on its effective compliance program is welcome news,[45] many companies’ compliance programs will never replicate the depth and breadth of the program Morgan Stanley implemented. In response to these concerns, DOJ and SEC acknowledge in the Guide that “small- and medium-size enterprises likely will have different compliance programs from large multi-national corporations,” and assure these companies that they take these differences “into account when evaluating companies’ compliance programs.”[46] Similarly, the Guide notes that it will evaluate whether a company “devoted adequate staffing and resources” to its compliance program in light of “the company’s size, complexity, industry, geographic reach, and risks associated with the business.”[47] Despite these statements, the Government’s expectations as to the compliance measures small- and medium-sized companies will adopt and implement are likely to remain high. It will be interesting to see how the Government reacts going forward to any arguments made by these companies that, in light of their organization’s size and risks, their compliance programs were “designed carefully, implemented earnestly, and enforced fairly.”[48]

What is “Meaningful Credit” for Risk-Based Compliance? To encourage implementation of risk-based compliance programs, the Guide states that DOJ and SEC will give “meaningful credit to a company that implements in good faith a comprehensive, risk-based compliance program, even if that program does not prevent an infraction in a low risk area because greater attention and resources had been devoted to a higher risk area.”[49] On its face this statement is quite significant, as all companies have limited resources. How it will be applied in concrete cases remains the key issue. For example, since there is no materiality standard, it cannot be an excuse for a company to minimally monitor low-risk areas that may spawn multiple infractions over time. It also is impossible to know what, and how much, credit DOJ and SEC will give when these infractions occur. Nevertheless, the clear implication here is that whatever level of resources are devoted to lower-risk activities (such as gifts and entertainment) or jurisdictions, a greater level of resources will be expected for higher-risk activities.

When are Monitors Appropriate? One recent trend in FCPA resolutions has been the decreased use of monitors. The Guide reinforces this view by stating that monitors are “not appropriate in all circumstances . . . .”[50] The Guide, nevertheless, identifies six factors DOJ and SEC will consider when determining whether a monitor is appropriate and, in particular, mentions that monitors may be appropriate “where a company does not already have an effective internal compliance program or needs to establish necessary internal controls.”[51]

Charging Decisions. The Guide summarizes the available dispositions in FCPA matters, such as Plea Agreements (DOJ), Civil Injunctive and Administrative Remedies (SEC), DPAs (DOJ and SEC), and NPAs (DOJ and SEC), as well as the differences between these resolutions.[52] It is silent, however, on the factors that lead to the use of one of these dispositions over another. It is also silent on the factors influencing enforcement choices when multiple potential targets are presented (for example, individuals versus companies).

Declinations Data. Companies and FCPA practitioners have long sought greater transparency from DOJ and SEC regarding declinations to help evaluate whether to self-report a potential FCPA violation and to better understand the credit that may be given should they decide to self-report, cooperate, and remediate in the wake of discovering potential or actual violations. The Guide responds to this request by stating that “in the past two years alone, DOJ has declined several dozen cases against companies where potential FCPA violations were alleged,”[53] identifies seven circumstances present in some or all of its recent declinations,[54] and sets forth details regarding six recent anonymized examples of declinations involving companies.[55] These disclosures are welcomed and generally helpful, though it is unclear whether any of the several dozen declinations referred to involved tips deemed not credible enough to pursue or matters not pursued due to resource issues. Also, it would be informative to companies for DOJ and SEC to continue disclosing the details of their declinations, much as they did with the six matters detailed in the Guide. It would also be helpful for DOJ and SEC to periodically release information about their levels of investigative activity and rates of declinations.

Declination Examples. The six declinations set forth in the Guide are instructive as to the factors that must be present for a declination to occur. Each matter appears to have involved a voluntary self-report, an internal investigation, cooperation with the government, and the implementation of remedial measures. Many involved relatively small bribes and some involved potential bribes that were detected and prevented before being paid. However, no information was provided on how long it took for DOJ or SEC to decline these matters once they were brought to the attention of the Government. Moreover, it appears that in connection with obtaining a declination, each company expended significant resources to investigate and remediate these matters, many of which, as previously noted, involved relatively small improper payments or payments that were never made. A reasonable question may be raised as to whether, given the circumstances involved in these cases, DOJ and SEC would decline these cases in the event a company undertook a prompt investigation and implemented all the aforementioned remedial measures but chose not to self-report.

Subscribe to our bi-weekly newsletter Ethisphere Insights for the latest articles, episodes, and updates.

RELATED POSTS

Free Magazine Access!

Fill out the form below, and get access to our Magazine Library

Free Magazine Access!

Fill out the form below, and get access to our Magazine Library

%d