Robert Dodge, Assistant Director of the SEC's FCPA Unit, spoke at today's ACI conference on the FCPA in Washington, DC. Dodge provided his thoughts on enforcement of the FCPA's accounting provisions.
Reminder: Why is This Important?
- Although the FCPA's anti-bribery provisions often make headlines, the Act also requires "issuers" (i.e., public companies) to maintain accurate books and records and a system of internal accounting controls that provides reasonable assurance over assets and transactions.
- Thus, even where enforcement authorities are unable to establish all of the elements of the FCPA's bribery provisions or meet the high standard of proof for a criminal violation, they have imposed significant civil sanctions by showing deficiencies in a company's internal accounting controls or inaccuracies in its financial records.
- The SEC has also taken an expansive view that a company's responsibility for its internal controls extends to its overall compliance program, though this position remains largely untested in the courts.
- Moreover, the books and records provision has no materiality requirement, resulting in SEC enforcement actions over amounts that are relatively insignificant given the size of the companies.
What Was Said?
- Dodge acknowledged a concern in the business community that "internal accounting controls basically means whatever the government wants it to mean"- a perception that is exacerbated by the fact that there "really is no case law to speak of that defines the statutory provision in any meaningful way."
- However, he pushed back on this idea, noting that cases pursued by the SEC that involve internal accounting controls violations under the FCPA are "generally speaking going to involve bribery in the loose sense." He added: "We are really focused on anti-bribery-related controls," including third-party due diligence and management.
- Dodge's guidance for companies trying to avoid internal accounting controls violations is to focus on preventing corrupt payments of any kind, even if those payments would not strictly violate the FCPA's anti-bribery provisions, and to respond appropriately to red flags. For example, Dodge pointed to a civil case the SEC pursued in which a company had conducted insufficient due diligence on an intermediary that ultimately used funds to make improper payments.
- Dodge also discussed monitorships, noting that they are the exception rather than the rule in FCPA settlements by the SEC. Over the last two years, the SEC did not impose monitorships in any resolutions. Three cases required a period of self-reporting to the SEC, but even that was the exception.
- Dodge noted that the "vast majority of [FCPA] cases" that the SEC reviews are "resolved without any negotiated charges whatsoever."
What's the Takeaway?
- Risk assessments often focus on the FCPA's anti-bribery provisions, but public companies should give careful attention to the FCPA's accounting provisions, which can be a significant source of liability.
- Companies should confirm that their employees in finance and accounting functions and in higher-risk roles appreciate their obligations under these provisions and how they can help the company manage risk.
- When remediating issues, companies should remember their books and records and control systems. For example, companies should correct inaccurate books and records and confirm that they have a well-documented account of how they addressed any control deficiencies. A helpful question to ask is: what would you wish you had done if you had to explain it to the SEC or DOJ?
- The majority of the SEC's FCPA cases do not ultimately resort in enforcement action. By maintaining a reasonable and appropriate compliance program in good faith, and promptly responding to issues that arise, companies can mount a robust defense to an SEC investigation.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.