In late 2012, nearly a year after promising guidance on the Foreign Corrupt Practices Act – the wide-ranging statute that outlaws the bribing of foreign officials – the Department of Justice and Securities and Exchange Commission finally issued their Resource Guide to the U.S. Foreign Corrupt Practices Act (the “Guidance”). Totaling 130 pages, the Guidance aggregates the agencies’ interpretive positions that were previously scattered among Opinion Releases, enforcement actions and other materials.
Though the Guidance does not break any new ground or set forth novel interpretations of the FCPA, the government has nevertheless used its issuance to reaffirm its commitment to aggressive FCPA enforcement. Addressing a national convention of FCPA practitioners, Assistant Attorney General Lanny A. Breuer, head of DOJ’s Criminal Division, noted that the number of dedicated FCPA prosecutors had doubled in the past three years. During that same time, he said, “robust FCPA enforcement has become part of the fabric of the Justice Department. The FCPA is now a reality that companies know they must live with and adjust to; and this nation is better off for it.”
In this enforcement environment, then, companies would do well to heed the primary lessons found in the Guidance. Some of those lessons include:
- Greater clarification on permissible gifts, entertainment and travel: The Guidance specifically recognizes that modest gifts and entertainment are not prohibited by the FCPA, so long as they are given without a corrupt purpose. “A small gift or token of esteem or gratitude,” it says, “is often an appropriate way for business people to display respect for each other.” The Guidance even provides examples of permissible gifts, entertainment and travel expenses, such as: 1) Paying for foreign officials’ “moderate bar tab” at an industry trade show; 2) giving a foreign official a “moderately priced crystal vase” as a wedding gift; and 3) furnishing foreign officials with business-class airfare on an international flight, provided that the company’s employees would be entitled to the same.
- Limitations on successor liability: For companies pursuing M&A opportunities abroad, potential liability for the targets’ FCPA violations is a very real concern. The Guidance, thankfully, seems to have acknowledged two important limitations on such liability. The first such limitation is jurisdictional: “[I]f an issuer were to acquire a foreign company that was not previously subject to the FCPA’s jurisdiction, the mere acquisition of that foreign company would not retroactively create FCPA liability for the acquiring issuer.” The second limitation is more nuanced, turning on whether Company A acquires Company B, or instead merges with it. Where the two companies merge to create a new Company C, liability attaches for the pre-merger violations. In the acquisition context, however, no FCPA liability will attach to Company A for Company B’s pre-acquisition violations, provided that Company A reports those violations and ensures Company B’s compliance post-acquisition.
- Reaffirmation of potential liability for violations by third-parties: The Guidance reiterates that the conduct of third-parties, such as agents and consultants, is fertile ground for FCPA prosecution. This is true, according to the government, even where companies lack actual knowledge of the misconduct, but are instead only aware of a high probability of it. To mitigate against such risk, companies must perform appropriate due diligence both in the vetting and engagement of such third-parties. That due diligence would include, among other measures, scrutiny of the company’s business need to retain third-parties in the first instance; inquiry into the third-parties’ qualifications, business reputation and relationships with foreign officials; and post-engagement monitoring of the third-parties’ compliance with the FCPA. As to the latter, such monitoring would typically include anti-corruption compliance training, certification and the exercise of audit rights.
- The “extortion defense” remains limited to threats of physical harm: As discussed in a prior Parker Poe Anti-Corruption Alert (available here), many companies frequently struggle with how to respond to extortionate demands by foreign officials. In certain scenarios, such demands may qualify under the narrow “facilitation payments” exception (see below), but otherwise, the Guidance immunizes from FCPA liability only extortion that presents “real threats of violence or harm.”
- When it comes to the facilitation payments exception, the Guidance giveth and taketh away: The FCPA statutory language has always included both facilitating and “expediting payments” within its exception for payments to secure routine governmental action. There has long been ambiguity, however, about whether payments made to secure routine governmental action on a speedier-than-normal schedule are covered by the exception. Although the Guidance answers that question affirmatively, in the same breath it cautions that many nations have outlawed all facilitation payments (Great Britain, for instance). Individuals and companies “should therefore be aware that although true facilitating payments are permissible under the FCPA, they may still subject a company or individual to sanctions.” As a practical matter, then, companies should strongly consider prohibiting facilitation payments altogether.
Perhaps more important than these discrete lessons is the Guidance’s articulation of its ten “hallmarks” of an effective anti-corruption compliance program. As a general matter, the Guidance emphasizes, there is no one-size-fits-all compliance program. Instead, it must be “tailored to the company’s specific business and to the risks associated with that business.” It must also “evolve as the business and markets change.”
Here, then, are the government’s ten hallmarks of an effective compliance program:
- An appropriate “tone at the top,” such that the Board of Directors and senior management demonstrate and convey a commitment to compliance that is effectively disseminated throughout the organization.
- A clear, concise, written and accessible Code of Conduct that is buttressed by intentional policies and controls that ensure compliance with the Code. Such written materials should be available in multiple languages, where necessary.
- At least one senior executive endowed with authority and resources to implement, oversee and enforce the program. That executive must also enjoy an appropriate level of autonomy from management, ideally reporting directly to the Board of Directors.
- Periodic risk assessments, which the Guidance describe as “fundamental to developing a strong compliance program.” Such assessments help focus the organization’s resources on those areas of highest risk, and should take into account the country and industry sector, business opportunity, potential business partners, degree of interaction with foreign governments (especially customs and immigration officials) and amount of government regulation and oversight.
- Periodic training on the compliance program and related policies to all directors, officers and other appropriate personnel (including third-parties such as agents, consultants and business partners). Personnel stationed in higher risk areas (whether geographically or functionally) must receive additional, targeted training on such risks.
- Clear disciplinary measures for noncompliance with the program, along with positive incentives to encourage compliant conduct. Incentives can take many forms and need not be monetary; they could come in the form of personnel evaluations and promotions, or other types of recognition for compliance leadership.
- Risk-based due diligence on potential third-parties, as discussed above. Consideration must also be given to the manner and method of payment to third-parties.
- Effective mechanisms for confidentially reporting potentially noncompliant conduct. Anonymous hotlines are a common mechanism, but a designated ombudsman can also be effective. The organization must also have an “efficient, reliable, and properly funded process for investigating the allegation and documenting the company’s response, including any disciplinary or remediation measures taken.”
- Periodic testing and review of the program, to uncover and enhance its inevitable weaknesses. Such testing and review also promotes the evolutionary nature of all effective compliance plans.
- Risk-based M&A due diligence pre-closing, which should resemble an internal FCPA investigation of the target company. Equally important, the Guidance states, is post-closing integration of the target company into the acquiring company’s culture of compliance.
The Guidance is free and available here.
Parker Poe’s Government Investigations & White Collar Defense group, led by former federal prosecutor and DOJ veteran Richard S. Glaser, Jr., regularly advises clients on FCPA compliance. The group also has extensive experience conducting FCPA investigations and interfacing with federal authorities to resolve enforcement actions. For more information, please contact Eric H. Cottrell (704.335.9850) or W.C. Turner Herbert (704.335.6629).