United States: The FCPA And SEC Whistleblowers: Major Opportunities

AN IMPORTANT ANNOUNCEMENT: The United States Government is currently offering millions of dollars to highly motivated individuals anywhere in the world for certain information available right within their own workplaces.

To learn more about this remarkable offer from the United States treasury do some quick Internet research on the FCPA, the "Foreign Corrupt Practices Act." This once but no longer obscure law, now in force for almost forty years, is justifiably feared in the C Suites of corporations worldwide. Through its increasingly aggressive use by the U.S. Department of Justice ("DOJ") and the Securities and Exchange Commission ("SEC"), the US government has recovered billions of dollars from a long list of corporations, many of them foreign entities over which US regulatory authorities might normally have little or no jurisdiction. The cases just keeping coming, and the facts (and legal theories) just get better for the government—and for whistleblowers who understand just how impressive a hand they may hold.

As long as humans are fallible and there is corruption in this world, the FCPA statute should be studied by anyone, anywhere, who works or has worked for, a company that does any form of business with foreign governments and their employees and agents. Likewise if you think a competitor, vendor, or client is engaged in such business, one can report them as well. Even if your company is already under investigation you can still be a whistleblower, depending on the circumstances.

To put it very simply, the FCPA's anti-bribery provisions make it "illegal to corruptly offer or provide money or anything of value to officials of foreign governments, foreign political parties, or public international organizations with the intent to obtain or retain business."1 There are also accounting provisions, requiring the keeping of accurate books and records, and internal control provisions requiring the company to devise and maintain internal accounting controls to prevent and detect FCPA violations. We will address these very "whistleblower friendly" provisions below.

What matters is the intersection of the FCPA with the SEC's Dodd-Frank whistleblower program which offers awards of as much as 30% of the multi-million dollar penalties the SEC and DOJ routinely extract from companies who are found to have violated the FCPA. In any given year, a small but usually very wealthy group of corporations from around the world runs afoul of this law, leading to large settlements with the US Securities and Exchange Commission (SEC) and sometimes the US Department of Justice (for which the whistleblower will also get credit provided there is an SEC settlement in the package). In FY 2015 alone, the SEC filed fourteen actions for FCPA violations and obtained over $215 million in financial remedies. When you tie together the FCPA and the whistleblower law, you have a powerful combination.

In fact, there is $400 million presently available in a special fund for the SEC to pay qualifying whistleblowers that supply original (as defined in the law) information leading to SEC cases which result in penalties exceeding $1 million. The largest single whistleblower award to date has been $30 million. This and 21 other awards have been given out through FY 2015, totaling over $54 million. Providing tips about FCPA violations is only one way of obtaining awards (any securities law violation is eligible), but it is clearly one of the most lucrative.

A list of the larger recent FCPA settlements and the companies that paid them to the government just since 2013 reads like a page from an International Fortune 500:

Alstom (French conglomerate): $772 million (DOJ case, largest ever)
Total S.A (French oil and gas co.): $398 million
Alcoa (aluminum): $384 million
Weatherford International (oil and natural gas services): $152.6 million
Avon (healthcare): $135 million
Hewlett-Packard (high tech): $108 million
Diebold (ATMs, security systems): $48 million
BHP Billiton (mining): $25 million
Hitachi (Japanese high tech conglomerate): $19 million
Goodyear (tire and rubber): $16 million
BNY Mellon (US bank): $14.8 million
Bristol-Myers Squibb (pharma): $14.7 million
Stryker Corporation (medical devices): $13.2 million
Mead Johnson (infant formula): $12 million
FLIR Systems (sensing devices): $9.5 million
Parker Drilling (oil field services): $4 million
Koninklijke Philips Electronics (electronics, healthcare): $4.5 million

None of these cases were overly complicated. Most basically involved some form of bribery of foreign public officials or broadly defined " state actors" (example: doctors in countries where the government runs the health care system). Some cases were based on the bribes themselves; some cases just on violation of the broad accounting provisions. The bribes were paid all over the world: Middle East, Africa, Europe, and the Far East. The companies that violated the FCPA are both foreign and domestic. Two French companies paid a total of over $1 billion.

An observant employee, former employee, or vendor or customer of any one of these companies, or the employee of a competitor, might have given the tip that bribes were being paid to such parties to get or retain business. The bribes could even consist of such non-traditional payoffs as "world tours," gift cards, contributions to a political party, or hiring the unqualified children of public officials. Even commercial bribery (kickbacks to or from vendors, agents, etc., an offense that has been going on for centuries) not involving public officials may suffice. Whistleblowers in any of these cases, provided they satisfied the SEC rules, could become millionaires, courtesy of the US government.

The SEC does not announce which of its FCPA cases qualify for whistleblower awards. But it does provide year-by-year statistics on how many whistleblower tips it receives, and how many were FCPA related. Given the large amounts that may be available for awards, it may come as a surprise that, consistently over the 5.5 years of the program, less than 5% of whistleblower tips have concerned possible FCPA violations. For example, in FY 2015, of the total of almost 4,000 tips, only 186 related to the FCPA2. As Mike Koehler, the "FCPA Professor" recently observed: "I stand by my prediction-now 5.5 years old, that Dodd-Frank's whistleblower provisions will have a negligible impact on FCPA enforcement."3 He may be right (or not, since the SEC does not disclose this information). Recent statements by SEC officials suggest that the role of whistleblowers in FCPA cases may be considerably more than "negligible." At a recent FCPA panel discussion, the Chief of the SEC's FCPA unit indicated that the input of whistleblowers has become important to the FCPA enforcement program.4 Yet, if only 186 out of 4000 tips had anything to do with the FCPA, there appears to be an untapped opportunity for an astute whistleblower of any nationality potentially to receive a substantial sum of money from the U.S. government, provided he or she supplies original information leading to an SEC case involving a violation of the FCPA, and meets the various other criteria.

FCPA cases are often filed against large multinational corporations who can afford to, and do, always settle and pay large penalties, and pay on time (usually within two weeks of the filed settlement Order). These are often large banks, big pharma companies, medical equipment, high tech, and companies in the "extraction" industries (mining, energy) that do significant business around the world. No problem with collecting the money in this crowd. Indeed, with worldwide commodity prices (including the price of oil) way down, the increasing pressure on companies in these sectors to make a profit may mean that more FCPA violations will occur.

Most are subject to SEC jurisdiction by trading on US stock exchanges, including foreign-based companies trading with ADR's (American Depository Receipts). While the FCPA law started off slowly in the 1970's, it reached critical mass in the 1990's, led by creative and relentless government lawyers like Mark Mendelsohn at the DOJ and recently a series of aggressive Chiefs of the SEC's and DOJ's expanding FCPA units. In corporate suites around the globe, this once obscure and widely disregarded statute is now among the most feared weapons in the US government's enforcement arsenal. Few if any comparable examples exist of the brute exercise of extra-territorial legal authority by one country over the business activities of others.

The FCPA Juggernaut

Today, the FCPA enforcement teams at the SEC and DOJ are humming along, staffed with highly competent attorneys who take their jobs very seriously. They are always looking for new cases, and welcome whistleblowers of all nationalities. The government lawyers quickly embrace credible (i.e. no crackpots) individuals who present viable evidence of potential FCPA violations. Documents, especially emails, are very much appreciated. The government lawyers do not want privileged material, but just about everything else is welcome. The whistleblower may report directly or through an attorney (which is necessary if the whistleblower wants to remain anonymous).

The head of the SEC Enforcement Division, Andrew Ceresney, said recently "pursuing violations of the FCPA remains a critical part of the SEC's enforcement efforts. The SEC has taken a lead role in combatting corruption worldwide..."5 Furthermore, the SEC is now receiving assistance from as many as eleven foreign enforcement authorities. This can help immensely when it comes to obtaining foreign witness testimony and documents.

Once an investigation starts the usual pattern is for the target company's management to engage a major (usually US) law firm to complete a comprehensive "internal investigation," in which teams of very competent lawyers (often SEC or DOJ alumni) scour the company's records from one end of the world to the other to uncover every shred of evidence relating to alleged foreign bribery schemes. The outside law firms sometimes identify evidence that the government probably would never have uncovered, given its limited resources and the legal obstacles to obtaining such evidence abroad. The outside lawyers can locate and interview witnesses and retrieve documents and report their information directly to the SEC. In the "old days", corporate lawyers would try to bury the government lawyers in paper. Now they know enough to pick the smoking emails and get them in quickly, or else. As they unfold, these investigations take on a life of their own and are generally very helpful to the government. Ultimately they assist the SEC/DOJ in making the case against their own clients, but in return the client companies often get "credit" (in the form of lesser penalties) for their cooperation.

This cooperative self-enforcement system, which would have been unthinkable a generation ago, is now standard practice among the SEC, the DOJ, and corporations worldwide. The name of the game is to cooperate, investigate, negotiate, and settle. Monitors and deferred prosecution are sometimes part of the resolution, although the age of monitors is fading, as companies get more sophisticated and effective with their compliance programs. High corporate officials are seldom charged in these resolutions, although the DOJ has recently decreed that individuals who did wrong should also be charged (this may further elevate the value of whistleblowers who can provide direct evidence against top managers). Woe to the company and its officers that tries to bury an incriminating email which later turns up in a whistleblowers' submission.

In the end, the amount of the settlement, which is often heavily negotiated, is not the real crux of the deal for the target companies. The settlements are often in the multi-millions of dollars, which to many of these companies, while not exactly a "parking ticket," is nevertheless an amount they can handle (usually by "reserving"—a polite term—enough to cover the payout to the government). The key company objective is, in the familiar jargon, "to get this matter behind us and get back to business."

All of this high-powered legal maneuvering leading to a big settlement inures to the benefit of the humble whistleblower that started the ball rolling. How often can you have dozens of very smart lawyers working, at someone else's expense, to make money for you? The whistleblower will typically be interviewed by the government one or more times, and be encouraged to provide documents to the enforcement attorneys, which can be particularly important at the early stages of an investigation to guide them as to what they should be demanding from the company. As noted above, documents, especially emails and documents, perhaps some kept out of the ordinary course of business, can be of particular value in these cases, where most if not all witnesses are abroad and generally beyond the reach of SEC subpoenas. Damaging emails in particular are prized for they are "set in stone" and not subject to changed recollections or sudden amnesia. In the age of the email with a dozen people on the "cc" line, the government typically has numerous folks to interview. One email that acknowledges a bribe has been paid to a foreign government official can be "worth its weight in gold." The whistleblower can also serve as an insider guide to help the SEC learn the employees or managers who should be interviewed from among potentially thousands of employees spread across the globe in a sprawling multi-national corporation. The whistleblower law provides that this form of help is viewed favorably in determining an award. The government expects the whistleblower to deliver the goods, and generally appreciates the help.

Likewise, corporations are strongly encouraged by the SEC and DOJ to "self-report" FCPA violations; it now appears they must do so to get full cooperation credit (in FY 2015 the SEC gave "significant credit for cooperation in more than half a dozen cases.")6 In particular, if the company intends to ask for a so-called NPA or DPA (non or deferred prosecution agreements, akin to being put on "corporate probation") they will almost always have to self-report. In the age of the whistleblower, not reporting an FCPA violation, even a small one, is very risky. Many cases are still uncovered by means other than corporate self-reporting, including from whistleblowers. Most whistleblowers are current or former company employees. A whistleblower can go to the SEC without "reporting up" inside the company, but according to the SEC almost all do make some sort of complaint or report to the company first. Those who go to the SEC typically have been ignored or given the run around by the company. A whistleblower can even go to the company first, and still qualify for an SEC award if she reports to the SEC within four months with the same information. This provision has put pressure on companies to make a quick initial report to the SEC shortly after learning of the problem, whether from a whistleblower or elsewhere, for fear of getting to the SEC after a whistleblower has already been there. Either way, the information gets to the SEC, and the whistleblower should get the credit.

As we have seen, regardless of how it starts, once an SEC investigation commences, the normal end result, which can take several years (and often longer), will be a healthy settlement that often exceeds the $1 million minimum needed for a whistleblower award. The hardest part for the whistleblower may be making make the decision to "cross the Rubicon" and become a whistleblower. From that point on they should be in the capable hands of experienced counsel (working on a contingency fee, in all likelihood) and the SEC or DOJ staff, who will be soon inclined to treat them as a trusted colleague (as long as the whistleblower tells "the whole truth and nothing but the truth.")7

Where Are the Whistleblowers?

As my dad told me in 5th grade, "you can't play if you don't go out for the team." So, given such good odds and lucrative awards, why so few FCPA whistleblowers? I have several theories, based perhaps on intuition and anecdotal evidence, as well as having represented a number of whistleblowers. First, there is the fear that, even if they proceed anonymously, the whistleblower's identity may be discovered, or at least suspected. Retaliation can take many forms, from simple unemployment to physical harm. While the SEC itself does a very good job of concealing the existence and identify of its whistleblowers, the nature of the business carries the risk that, once the company comes under investigation, someone may be able to figure out the whistleblower's identity. However, companies who retaliate against current employees risk severe sanctions from the SEC. Most of the potential whistleblowers that contact me have carefully considered this risk and nevertheless choose to proceed. In my opinion, while all of them are well aware of the potential monetary rewards, their predominant motivation is the simple desire to do the right thing, combined with a healthy disgust for the corruption they have witnessed and how the company has (or has not) addressed it.

Unfortunately, the U.S. Second Circuit Court of Appeals in the case of Liu v. Siemens AG, 763 F.3d 175 (2nd Cir. 2014) held that Congress did not provide for the Dodd-Frank protections against retaliation to apply extraterritorially, so the whistleblower coming in from abroad must assume that neither he nor the SEC will be able to sue his employer if he is retaliated against. For its part, the SEC, shortly after the Liu decision, reaffirmed its right to pay awards to foreign whistleblowers, and in fact gave its largest ($30 million) award to a whistleblower outside the United States. If the Congress ever gets around to reviewing this law, it should specify that the retaliation provisions cover foreign whistleblowers and that retaliation by former employers (such as industry blacklisting) is also covered.

There may be a second reason for the apparent paucity of FCPA tips. I suspect that many individual corporate employees, both foreign and domestic, simply are not familiar with or do not understand the law, and overlook (or possibly ignore) within their own companies the classic "red flags" present in most FCPA prosecutions. The SEC has done a good job over the years alerting the corporate community about obeying the FCPA. Larger companies have (or better have) extensive training programs on the FCPA. A cottage industry has arisen among consultants and law firms presenting seminars to educate potential clients on every nuance of the FCPA. Nevertheless, there are no seminars aimed specifically at educating whistleblowers on how to detect fraud at their companies (this writer has wistfully considered offering one, at an undisclosed location). While all companies encourage internal whistleblowing, often providing tip lines and Internet submission sites, they do not encourage SEC whistleblowing. Faced with these obstacles, and presumably lack of knowledge of this law, most employees, even those who may have information which could very well trigger an SEC investigation, will elect to stay below the radar, do their business as usual, and say nothing. As a result, the roster of hardy souls willing to play David against the Goliath of a powerful multi-national corporation remains short.

Spotting the "Red Flags"—It's Not Rocket Science

Fortunately, the SEC and DOJ have clearly spelled out how to detect potential FCPA violations. For example, if the whistleblower is uncertain whether or not the people he believes are being bribed by his company would qualify as government officials under the FCPA, he can look for guidance to the SEC, and the courts. In a July 2014 interview with Bloomberg, the Chief of the SEC's FCPA unit Kara Brockmeyer noted the significance of U.S. v. Esquenazi, 752 F.3d 912 (11th Cir 2014), cert. denied, 135 S.Ct. 293 (2014).8

In that case, the federal circuit court grappled with the meaning of the term "instrumentality" in the FCPA's definition of a foreign official as "any officer or employee of a foreign government or any department, agency or instrumentality thereof." The court defined it as "an entity controlled by the government of a foreign country that performs a function the controlling government treats as its own." Id. at 925. The court set out a two-pronged test that is supposed to give guidance to businesses and whistleblowers, and their respective lawyers. A Sidley "News and Insights" update (May 20, 2014) called it "a significant win" for the government. The decision, using this "fact based" test, upheld the FCPA convictions of several employees of Haiti Telco, finding it was an instrumentality of the Haitian government. The court found that an "instrumentality" need not be a formal part of the government as long as it performs "a government function at the government's behest." Id. at 921.

This issue has become important given the increasing frequency of privatization of government functions in many developing countries. The whistleblower may work for a company that supplies equipment or services to foreign entities that have complex relationships with the government of the country and are to some extent controlled by the government. The payees of the bribes may themselves be employees of organizations that at first blush may not appear to be state entities. While the Esquenazi decision has been criticized as espousing an essentially "unworkable" test, see "Recent Cases," 128 Harvard Law Review 1500 (2015), the fact is the decision will enable whistleblowers to provide tips on a wider variety of entities that do business with many multi-national public companies and can only lead to more FCPA cases, and potential awards to the whistleblowers. When in doubt, the whistleblower should consult counsel, and first do some research on the operations and control of the foreign entity with which his company is doing business.

The Brockmeyer interview was informative to potential whistleblowers in other ways. According to the Bloomberg report, "she explained that the unit may get one case through a whistleblower, but during the investigation it appears that the conduct of the particular company 'is something that appears to be endemic to the industry...that can start us looking at their competitors.'" This can be very significant to a whistleblower, because SEC rules allow a whistleblower to get credit for other "related cases" that may owe their generation to the whistleblower's original tip. See Rule 21F-3(b)(2). Ms. Brockmeyer has more recently indicated that the SEC is looking closely at agents, distributors and other middlemen who work for multiple companies in a particular country or region. If it appears to the SEC that these individuals or entities are bribe conduits for one company the SEC may ask other companies who use these suspect agents or consultants in that country or region to investigate if they are doing it for them as well.9

Internal Controls—the Key to Flagging the Red Flags

The SEC is very interested in examining a company's internal controls, not just in accounting cases but in the FCPA arena as well. These are the procedures a company puts in place to monitor its operations, including risks and compliance functions. Under the Sarbanes-Oxley Act companies have to evaluate and certify the effectiveness of their internal controls. Ms. Brockmeyer in her Bloomberg interview cited the example of a customs broker. She asks: "do you have all the documentation and supporting documentation you would expect? Are the expenses for that broker in line with what you would expect the service to be? If not, is there documentation to support a legitimate reason why you're paying that broker more than the going rate?"

She further observed, "you really need to dig further. That's really where companies fall down. They see things that might be a red flag and they just don't dig far enough." She also noted situations where a third-party agent is paying bribes or an employee at a subsidiary has worked out a deal with the agent. "Either way, from the SEC's perspective, as a public company you have a problem and you're not being a very good steward of your investor's assets."

She also cautioned small and medium sized companies going overseas for the first time or moving into an emerging market but not paying enough attention to their internal controls and FCPA risks. She noted that the SEC is seeing more examples of "bribes being funneled through third parties that may appear to be more legitimate, such as customs brokers, or distribution or channel partners." If the company has no explanation for what such middlemen do for their money, other than to "get business," the SEC will want a valid explanation. Likewise, the SEC may be suspicious if the company does not object to agents/consultants/distributors being paid well above market rates, a frequent ploy to create room for payments of bribes.

Another red flag is the so-called "world tour" for public officials who, for example, only needed a few hours to conduct a factory inspection in a city but stay for a few extra days to go sightseeing on the company tab. If it's a one-off trip, and the company reports it, that's probably ok. If its been going on for years, the whistleblower who reports this may instigating a case the SEC will act upon.

In general, any corporate practices that generate cash, perks, or any other things of value, for the benefit of individuals or entities with whom the company does business who are in any way involved with securing or servicing business with foreign government entities of any kind, should be considered potential FCPA cases, particularly if the amounts being paid out by the company exceed market rates for such services. If the agent is the brother-in-law of the prince, that's clearly a red flagger. If the payment to the agent or consultant goes offshore, that's another. If payments are for a percentage of the contract, not hourly rates or flat fees, that can be a problem. If the accounting for such expenses seems suspicious, that's another red flag. Disguising a payment meant to be a bribe in any fashion in the books is a big red flag, and most likely an FCPA violation all in itself (see below). Even if the whistleblower does not have concrete proof, the information may be enough for the SEC to trigger an investigation, which, once it gets going, can open the proverbial "Pandora's Box."

The Risk of Running a Paper Compliance Program

Half-hearted, non-existent, or so-called "paper" compliance programs will also get the SEC's attention. In remarks delivered in Nov. 2014 and March 2015, SEC Enforcement Director Ceresney focused on "the importance of comprehensive FCPA compliance programs." He stated, "this is a message that I think has started to get through in the past 5 years. Nothing situates a company better to avoid FCPA issues that a robust FCPA compliance program."10 There are multitudes of ways a compliance program can be deemed insufficient, at least in the eyes of the SEC or DOJ.

The astute whistleblower will take a critical look at his company's compliance programs and internal controls. Does the company perform risk assessments that consider what the DOJ and SEC believe to be the "hallmarks of an effective compliance program."? The DOJ and SEC jointly published a Resource Guide on the FCPA in 2012, which sets out at pp. 57-62 a detailed description of what these agencies consider an effective compliance program. The US Sentencing Commission has issued guidelines as well.11 Does the company perform third-party agent due diligence? Does it utilize distributors who may use their margins or spreads to create a slush fund of cash that could be used for bribes? Does the company improperly account for bribes as legitimate expenses? Is there a thorough vetting of agents? Are appropriate expense controls in place to ensure that third-party payments are not being used to direct bribes to foreign officials? Do compliance officers really seem to care about these issues, or are they frustrated with the company's responses to their efforts? It never hurts to inquire about these matters with compliance when one is seeing the red flags. Do it in an innocuous email and see if you get a response.

The whistleblower should also "evaluate whether the company has disciplinary measures in place to deter violations" and compliance programs that are "periodically tested and reviewed to ensure they are keeping pace with the business."12 Mr. Ceresney also reiterated the SEC's negative view of "paper [compliance] programs." The whistleblower does not have to be a compliance officer to figure out if the compliance function, if it exists at all, is little more than a sham effort to provide cover for upper management if anything goes wrong, or to set up a straw man compliance officer to blame if the company gets caught.13 Once the SEC, and perhaps an outside law firm, starts digging into these issues, the lack of a viable compliance program will probably become apparent. In November 2015 the DOJ hired a "compliance counsel," Ms. Hui Chen (a former Global Head for Anti-Bribery and Corruption at Standard Chartered Bank) to assist its lawyers in assessing the effectiveness of companies' corporate compliance programs. Clearly both the SEC and DOJ are very keyed into this issue, and if you have a company with many of these red flags and a weak compliance program to boot you may be on to a potential FCPA case.

The FCPA's Utility Infielders—the Internal Controls and Books and Records Provisions

The SEC has of late increasingly used the obscure "little brother" of the FCPA bribery provisions as a useful go-to statute when evidence of bribery is lacking or otherwise difficult to prove. These so-called "accounting" provisions take two forms. The "books and records" provisions require issuers to make and keep accurate books, records, and accounts that in reasonable detail, accurately and fairly reflect the issuers transactions and disposition of assets. The "internal controls" provision requires that issuers devise and maintain reasonable internal accounting controls in an effort to prevent and detect FCPA violations. There is no requirement that a false record of deficient control be linked to an improper payment, so a payment that does not entail a violation of the anti-bribery provisions can be a violation of the accounting provision if inaccurately recorded or such errors can be blamed on an internal control deficiency.14

Fake documents may become violations of this provision even if what is being covered up is legal. There is no materiality requirement and violations are not limited to transactions above a certain amount. Off-book payments or ones that fail to show the actual purpose of a transaction can thus violate the FCPA.

These provisions are very broad, and give the SEC and DOJ useful negotiating tools in reaching settlements in cases lacking clear, provable bribery. Lately the SEC has used these provisions in settlements in large penalty cases, which usually involved ineffective compliance programs, or payments which were not accurately recorded (such as falsely booking them as "expenses" instead of "bribes"). Compliance programs that fail to catch bribery schemes or simply don't work in practice can be the basis for internal control FCPA violations.

For the astute whistleblower, these provisions, while not as damning as outright bribery evidence, can nevertheless be the route to a viable FCPA case that can, in the context of a major investigation of a major corporation, lead to a substantial whistleblower award. If your company has shoddy internal controls, a weak compliance program, or books containing suspicious accounts, and is also doing business with agents or middlemen who have bad reputations, you may have the makings of an FCPA case, even if the SEC is ultimately unable to prove concrete evidence of bribery. To be clear—the whistleblower does not have to have concrete evidence of bribery to make a submission to the SEC, assuming some of the other elements we have discussed here are present.

Conclusion—"Where There is Smoke, Trust the SEC to Find the Fire"

With all this evidence of increasing FCPA enforcement activity, and the resulting multi-million dollar settlements, it is evident that whistleblowers who make the government aware of what they know about possible FCPA violations may well be in line for a substantial award, provided they have the courage to start the process and the patience to see it through. When considering the fact that FCPA cases come from across the globe and have covered just about every form of business activity in just about every industry, no suspicious activity involving any form of business with a foreign governmental entity should be overlooked for a whistleblowing opportunity. In this world, there are few chances to do good, follow the law, and potentially get a substantial monetary reward. It can literally pay (and very well) to learn about the FCPA and look for any suspicious activities at the company you are most familiar with which may upon investigation turn out to violate this most powerful and far-reaching law.


[1] Gibson Dunn, 2015 Mid-Year FCPA Update, at 1 (July 6, 2015).

[2] FY 2015 Annual Report to Congress of the SEC Office of the Whistleblower, p.28.

[3] FCPA Professor, Nov. 23, 2015

[4] FCPA Recent Developments, DC Bar Program, Dec. 16, 2015, remarks of Kara Brockmeyer.

[5] Andrew Ceresney, ACI's 32nd FCPA Conference Keynote Address, Nov. 17, 2015, p.1 (available on the SEC website). Mr. Ceresney also cautioned "companies are gambling if they fail to self-report FCPA misconduct to us."

[6] Ceresney, ACI's 32nd FCPA Conference Keynote Address, n. 4 supra, p.2.

[7] See Daniel J. Hurson, "10 Rules for Becoming A Successful SEC Whistleblower," Mondaq News Service, Sept. 11, 2013.

[8] Bloomberg BNA Corporate Accountability Report, "More FCPA Cases in Pipeline, Brockmeyer Says; Some Administrative," July 25, 2014.

[9] Recent FCPA Developments, Panel held by District of Columbia Bar, December 17, 2015.

[10] Andrew Ceresney, "Remarks at 31st International Conference on the Foreign Corrupt Practices Act", National Harbor, Maryland, Nov. 19, 2014. See also his address "FCPA, Disclosure and Internal Control Issues Arising in the Pharmaceutical Industry", March 3, 2015 (both available on the SEC website).

[11] U.S. Sentencing Commission, 2014 Federal Sentencing Guidelines Manual Chapter 8 (effective Nov. 1, 2014).

[12] Ceresney, supra n. 3, Nov. 19, 2014, at 3.

[13] Even a compliance officer can in some circumstances become a whistleblower, see Daniel J. Hurson, "When Should Internal Auditors and Compliance Officers Become Whistleblowers", Mondaq News Service, Dec. 10, 2014.

[14] See Gibson Dunn 2015 Mid-Year FCPA Update, supra n. 1, page 1.

Daniel J. Hurson practices law in his own firm in Washington DC. A graduate of Harvard Law, he was an Assistant Litigation Counsel at the SEC and an Assistant US Attorney at the Department of Justice. He represents whistleblowers before the SEC and CFTC and defends individuals in SEC, DOJ, and FINRA investigations. His website is www.hursonlaw.com.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on Mondaq.com.

Click to Login as an existing user or Register so you can print this article.

In association with
Related Video
Up-coming Events Search
Font Size:
Mondaq on Twitter
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).
Email Address
Company Name
Confirm Password
Mondaq Topics -- Select your Interests
 Law Performance
 Law Practice
 Media & IT
 Real Estate
 Wealth Mgt
Asia Pacific
European Union
Latin America
Middle East
United States
Worldwide Updates
Check to state you have read and
agree to our Terms and Conditions

Terms & Conditions and Privacy Statement

Mondaq.com (the Website) is owned and managed by Mondaq Ltd and as a user you are granted a non-exclusive, revocable license to access the Website under its terms and conditions of use. Your use of the Website constitutes your agreement to the following terms and conditions of use. Mondaq Ltd may terminate your use of the Website if you are in breach of these terms and conditions or if Mondaq Ltd decides to terminate your license of use for whatever reason.

Use of www.mondaq.com

You may use the Website but are required to register as a user if you wish to read the full text of the content and articles available (the Content). You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these terms & conditions or with the prior written consent of Mondaq Ltd. You may not use electronic or other means to extract details or information about Mondaq.com’s content, users or contributors in order to offer them any services or products which compete directly or indirectly with Mondaq Ltd’s services and products.


Mondaq Ltd and/or its respective suppliers make no representations about the suitability of the information contained in the documents and related graphics published on this server for any purpose. All such documents and related graphics are provided "as is" without warranty of any kind. Mondaq Ltd and/or its respective suppliers hereby disclaim all warranties and conditions with regard to this information, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Mondaq Ltd and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use or performance of information available from this server.

The documents and related graphics published on this server could include technical inaccuracies or typographical errors. Changes are periodically added to the information herein. Mondaq Ltd and/or its respective suppliers may make improvements and/or changes in the product(s) and/or the program(s) described herein at any time.


Mondaq Ltd requires you to register and provide information that personally identifies you, including what sort of information you are interested in, for three primary purposes:

  • To allow you to personalize the Mondaq websites you are visiting.
  • To enable features such as password reminder, newsletter alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our information providers who provide information free for your use.

Mondaq (and its affiliate sites) do not sell or provide your details to third parties other than information providers. The reason we provide our information providers with this information is so that they can measure the response their articles are receiving and provide you with information about their products and services.

If you do not want us to provide your name and email address you may opt out by clicking here .

If you do not wish to receive any future announcements of products and services offered by Mondaq by clicking here .

Information Collection and Use

We require site users to register with Mondaq (and its affiliate sites) to view the free information on the site. We also collect information from our users at several different points on the websites: this is so that we can customise the sites according to individual usage, provide 'session-aware' functionality, and ensure that content is acquired and developed appropriately. This gives us an overall picture of our user profiles, which in turn shows to our Editorial Contributors the type of person they are reaching by posting articles on Mondaq (and its affiliate sites) – meaning more free content for registered users.

We are only able to provide the material on the Mondaq (and its affiliate sites) site free to site visitors because we can pass on information about the pages that users are viewing and the personal information users provide to us (e.g. email addresses) to reputable contributing firms such as law firms who author those pages. We do not sell or rent information to anyone else other than the authors of those pages, who may change from time to time. Should you wish us not to disclose your details to any of these parties, please tick the box above or tick the box marked "Opt out of Registration Information Disclosure" on the Your Profile page. We and our author organisations may only contact you via email or other means if you allow us to do so. Users can opt out of contact when they register on the site, or send an email to unsubscribe@mondaq.com with “no disclosure” in the subject heading

Mondaq News Alerts

In order to receive Mondaq News Alerts, users have to complete a separate registration form. This is a personalised service where users choose regions and topics of interest and we send it only to those users who have requested it. Users can stop receiving these Alerts by going to the Mondaq News Alerts page and deselecting all interest areas. In the same way users can amend their personal preferences to add or remove subject areas.


A cookie is a small text file written to a user’s hard drive that contains an identifying user number. The cookies do not contain any personal information about users. We use the cookie so users do not have to log in every time they use the service and the cookie will automatically expire if you do not visit the Mondaq website (or its affiliate sites) for 12 months. We also use the cookie to personalise a user's experience of the site (for example to show information specific to a user's region). As the Mondaq sites are fully personalised and cookies are essential to its core technology the site will function unpredictably with browsers that do not support cookies - or where cookies are disabled (in these circumstances we advise you to attempt to locate the information you require elsewhere on the web). However if you are concerned about the presence of a Mondaq cookie on your machine you can also choose to expire the cookie immediately (remove it) by selecting the 'Log Off' menu option as the last thing you do when you use the site.

Some of our business partners may use cookies on our site (for example, advertisers). However, we have no access to or control over these cookies and we are not aware of any at present that do so.

Log Files

We use IP addresses to analyse trends, administer the site, track movement, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.


This web site contains links to other sites. Please be aware that Mondaq (or its affiliate sites) are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of these third party sites. This privacy statement applies solely to information collected by this Web site.

Surveys & Contests

From time-to-time our site requests information from users via surveys or contests. Participation in these surveys or contests is completely voluntary and the user therefore has a choice whether or not to disclose any information requested. Information requested may include contact information (such as name and delivery address), and demographic information (such as postcode, age level). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the functionality of the site.


If a user elects to use our referral service for informing a friend about our site, we ask them for the friend’s name and email address. Mondaq stores this information and may contact the friend to invite them to register with Mondaq, but they will not be contacted more than once. The friend may contact Mondaq to request the removal of this information from our database.


This website takes every reasonable precaution to protect our users’ information. When users submit sensitive information via the website, your information is protected using firewalls and other security technology. If you have any questions about the security at our website, you can send an email to webmaster@mondaq.com.

Correcting/Updating Personal Information

If a user’s personally identifiable information changes (such as postcode), or if a user no longer desires our service, we will endeavour to provide a way to correct, update or remove that user’s personal data provided to us. This can usually be done at the “Your Profile” page or by sending an email to EditorialAdvisor@mondaq.com.

Notification of Changes

If we decide to change our Terms & Conditions or Privacy Policy, we will post those changes on our site so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users by way of an email. Users will have a choice as to whether or not we use their information in this different manner. We will use information in accordance with the privacy policy under which the information was collected.

How to contact Mondaq

You can contact us with comments or queries at enquiries@mondaq.com.

If for some reason you believe Mondaq Ltd. has not adhered to these principles, please notify us by e-mail at problems@mondaq.com and we will use commercially reasonable efforts to determine and correct the problem promptly.