Doing business internationally has always been fraught with risk, but businesses are justifiably troubled that much of the risk lately comes from our own government. The government has reinvigorated its enforcement of a 1978 U.S. law prohibiting bribery of foreign officials. Most U.S. businesses could support that effort, in theory, if the government's interpretation of the definition of "bribery" and "foreign official" weren't so hopelessly broad. The government recently attempted to provide some guidance to U.S. businesses on how to avoid prosecution under this law. The new guidance does not provide the clear roadmap most businesspeople might like — in large part because the law itself is vague — but it underscores the importance of implementing certain compliance strategies as soon as possible.

BACKGROUND

The Foreign Corrupt Practices Act prohibits any representative (including consultants or foreign sales representatives) of a company from paying or offering "anything of value" to a foreign official in a corrupt attempt to obtain or retain business. The statute permits both criminal and civil enforcement, which is carried out by the Department of Justice and the Securities and Exchange Commission (SEC). The statute is broad in almost every respect, including:

  • Applying to any U.S. citizen, national or resident operating anywhere in the world, as well as to all companies that are required to file reports under the Securities Exchange Act (including foreign companies whose stock is traded on U.S. exchanges), and any company organized under U.S. law or with a principal place of business in the United States. Moreover, wholly foreign companies or citizens may be liable for "aiding and abetting" a U.S. company's violation.
  • "Anything of value": there is no de minimis exception under the FCPA; anything of value can mean anything, including discounts, free samples, pens, meals, t-shirts, etc.
  • Foreign Official: Federal prosecutors have taken an incredibly broad view of the definition of foreign official to include, essentially, any representative of a company in which a foreign government has an ownership stake or other controlling role.
  • "Obtain or Retain Business": this standard has been interpreted to mean, broadly, any effort to generate more revenue for a company. See, e.g., United States v. Kay, 513 F.3d 432 (5th Cir. 2007) (holding that bribes paid to reduce customs duties and taxes owed by a company in Haiti violated the FCPA because the bribes were designed to aid the company's efforts to obtain or retain business).
  • Low Standards for Requisite Knowledge
    • First, through the doctrine of "conscious avoidance," criminal prosecutors can impute criminal intent to a company (and its individual directors, potentially) if the company took no action to address a substantial risk that FCPA violations were occurring in a particular country. Given the prevalence of corruption in some countries, companies may have to implement aggressive compliance measures as a necessary cost-of-doing-business in certain regions of the world.
    • Second, the SEC may initiate a civil lawsuit to enforce the FCPA under a strict-liability standard based only on a showing of "control person" liability.
  • Payments by Third-Parties: The FCPA holds companies responsible for payments or offers made by third-party intermediaries on the company's behalf. In other words, a company may be liable even if the payment or offer was not made directly to the foreign official so long as a company representative or consultant has reason to know that the payment would go to a foreign official.

The Act is broad enough to make international businesspeople wonder what transactions are not within its ambit. Nevertheless, this lack of clarity has not stopped the government from enforcing the law aggressively, which has led, with good reason, to international businesses investing millions of dollars in compliance programs to avoid FCPA violations. The investment in compliance is a sound one as prosecution of a case carries substantial investigative and discovery costs. Prosecution can also result in reputational injury, decline in share price, termination of corporate executives and directors, debarment, loss of export privileges, huge fines, engagement of a compliance monitor (at company expense), and onerous compliance obligations dictated by the government.

"NEW" GUIDANCE

As a result of this pressure, on November 14, 2012, the U.S. Department of Justice and the U.S. Securities and Exchange Commission issued "A Resource Guide to the U.S. Foreign Corrupt Practices Act." The Resource Guide is a classic example of "old wine in new bottles." It is more descriptive than prescriptive. Put another way, it mainly distills essential principles from the government's prior prosecutions and investigations into one volume.

Worse, the Resource Guide buries its guidance under caveat upon caveat. For example, the government goes to great lengths to emphasize that there is no "one size fits all" solution and that a "check-the-box" type of compliance program is likely to be ineffective. In many places, the Resource Guide reads as if the government is laboring to preserve its discretion to resolve each future case as it sees fit. Still, the Resource Guide does set forth certain "Hallmarks of Effective Compliance Programs," as summarized below, which should form the blueprint for future compliance efforts:

  • Commitment from Senior Management and a Clearly Articulated Policy Against Corruption: Compliance must start from the top. Any effective compliance program must be not only strong on paper but also diligently enforced. This will create a strong culture of compliance that will permeate the entire organization.
  • Code of Conduct and Compliance Policies/ Procedures: Compliance policies must be clear, concise and accessible to all employees. If a company has foreign subsidiaries, the compliance program should be translated into the local language. The policies should account for any unique risks the company may face and provide internal controls and auditing processes.
  • Oversight, Autonomy and Resources: The individuals in charge of a company's compliance program must have the appropriate authority, adequate autonomy from management, and sufficient resources to implement and enforce the company's compliance program.
  • Risk Assessment: One-size-fits-all compliance programs are generally ineffective. A helpful compliance program, therefore, should focus on high-risk areas and devote fewer resources to low-risk areas. Factors to consider in risk assessments are the country and industry involved, potential business partners, amount of foreign government involvement, and frequency of exposure to customs, immigration, tax and licensing officials in a foreign country.
  • Training and Continuing Advice: Training can ensure a compliance program is understood and followed. Training programs should be tailored to fit the different needs of different employees. For example, sales personnel and accounting personnel will confront different questions when facing compliance issues than those confronted by workers in a company's manufacturing plant. A company's FCPA training program should reflect these essential differences.
  • Incentives and Disciplinary Measures: A compliance program should strive not only to punish bad behavior but also to reward positive behavior. Compliance should be a part of employee performance reviews and a metric for promotions and bonuses. Incentives and disciplinary measures must be applied consistently throughout the organization.
  • Third-Party Due Diligence: Because third-parties are often used to facilitate and conceal bribes, companies must exercise special caution when dealing with agents, consultants, and distributors. Companies must scrutinize the qualifications of third-parties, as well as the business reason for including them in any transaction. A company should inform third-parties of its commitment to lawful business practices and seek reciprocal assurances.
  • Confidential Reporting and Internal Investigation: A company's personnel must have a mechanism for reporting suspected misconduct anonymously and without fear of reprisal. Once a problem is reported, the company should have specified procedures for investigation and should document the company's response.
  • Continuous Improvement: Periodic Testing and Review: A company's compliance program must adapt as its business, business environments and governing laws change. A company must regularly review and improve its compliance program so that it does not become outdated.
  • Mergers and Acquisitions: Pre-Acquisition Due Diligence and Post-Acquisition Integration: When acquiring another company, a company should conduct due diligence designed to uncover any possible corruption at the target company. If corruption is discovered, it should be stopped and disclosed to the government. After the transaction closes, the company should integrate the acquired company into its compliance controls and internal procedures.

RESPONSE TO THE RESOURCE GUIDE

There is much that the Resource Guide does not address. For example, at a fundamental level, the FCPA may create a disadvantage for U.S. companies attempting to compete with foreign companies that are not subject to strict anti-corruption laws. Furthermore, designing and implementing a robust compliance program to avoid FCPA prosecution implicates broader areas of law. Enforcement of the compliance program, for example, may require termination of an employee, bringing employment law issues into the mix. The Resource Guide does not venture into such legal thickets, but experienced counsel will recognize the issues all too well.

Nonetheless, the Resource Guide should serve as a wake-up call to any U.S. company doing business internationally. In particular, companies and their executives should understand that, without a robust FCPA compliance program in place before trouble arises, they will deprive themselves of any basis upon which to seek leniency from the FCPA's onerous sanctions. The time to invest in that compliance effort is, therefore, now, both to prevent violations from occurring and to be able to demonstrate to the government that the company by its actions is not liable for encouraging corruption.

www.cozen.com

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.