The enforcement actions in 2019, like the year before it, largely failed to generate any new or surprising issues related to the FCPA's statutory regime. Instead, we mostly observed a continuation of past issues, with the DOJ and SEC buckling themselves as they pushed the boundaries of the FCPA's definitions and scopes.
JURISDICTION
The application of the FCPA's territorial jurisdiction provision to foreign persons and the contours of how to define "while in the United States" under § 78dd-3 have been areas in which the DOJ and SEC have been creatively pushing the boundaries. As we noted in the July 2019 Trends & Patterns, in the Fresenius matter, the DOJ and SEC based their jurisdictional hook solely on the use of internet-based email accounts hosted by service providers in the United States. Neither agency alleges that any of the actors involved in the misconduct had any presence in the United States while they acted in furtherance of the corrupt scheme, nor any other connection to the United States. Instead, the actors' emails and communications by which they engaged in the misconduct represented the only "presence" in the United States. While latching a $231 million USD enforcement action on electronic signals passing through a server might seem tenuous, it is in keeping with other criminal statutes, such as the federal wire fraud statute, that use the location of electronic signals as a basis for jurisdiction.
Similarly, as in past years, in MTS and Samsung Heavy Industries, the agencies continued to highlight correspondent bank transactions between two foreign banks that merely passed through the U.S., although no case relied solely on these transactions for jurisdiction.
PARENT-SUBSIDIARY LIABILITY
Last year, we commented on the SEC's tendency to charge parent issuers for violations under the FCPA's anti-bribery provisions for misconduct by their subsidiaries without establishing the parent's liability through traditional concepts of corporate liability. Essentially, the SEC applied a theory of strict liability of the parent for its subsidiary's conduct, in that it did not specifically establish that the parent authorized, directed, or controlled the subsidiary's relevant conduct.
This year, the DOJ, perhaps in reaction to this criticism of its peer FCPA enforcer and certainly in reaction to "concerns that have been voiced" on the issue, commented on corporate-subsidiary liability and agency theory. Specifically, Assistant Attorney General Brian A. Benczkowski provided a synopsis of FCPA enforcement in 2019 to the American Conference Institute's International Conference on the Foreign Corrupt Practices Act, and gave commentary on the DOJ's interpretation of agency theory under the FCPA. Benczkowsi expressed that he "wholeheartedly" agrees that the FCPA explicitly provides for agency theories of liability, but he acknowledged concerns about the "bounds of agency principles." Benckowski clarified that "the Criminal Division will not suddenly be taking the position that every subsidiary, joint venture, or affiliate is an 'agent' of the parent company simply by virtue of ownership status." Of course, Benczkowski does not speak for his counterparties over at the SEC on this point, so we cannot expect any such consideration from the civil side. Benczkowski explained that, ultimately, "the law requires more" than a mere parent-subsidiary relationship. However, the exact contours of what "more" the law requires to establish agency liability remains somewhat unclear in the FCPA context, given the dearth of caselaw on this topic. Benczkowski cited the case against Lawrence Hoskins, which, as we discussed above, resulted in a jury conviction. Hoskins has been at the center of a jurisdictional battle, with the Second Circuit finding in 2018 that Hoskins, having never set foot in the United States, could not be held liable for conspiracy to violate the FCPA's anti-bribery provisions. However, it left open the possibility that he could be liable under agency theory, even if he never entered the U.S. Hoskins was ultimately convicted under this theory of liability in 2019, an event which Benczkowski highlighted in his speech. Benczkowski also touted the DOJ's commitment to "provid[ing] a window into the Department's thinking and approach to cases"—an objective that was not achieved in the rest of the speech in terms of providing specific elements or factors the DOJ would consider as part of its parentsubsidiary relationship analysis. So we are left with needing "something more" and prosecutorial discretion.
Benczkowski's comments on agency theory might have been motivated by more than just the DOJ's efforts to provide insight into cases, generally. A few days later, the DOJ announced the $1.06 billion enforcement action against Ericsson, in which it relied heavily on agency theory to hold Ericsson, the parent company, liable for the misconduct largely carried out by its subsidiaries. First, the DOJ's Statement of Facts starts to lay the groundwork early on—stating that Ericsson's subsidiaries "acted as divisions of the parent, rather than separate and independent entities." Then, in connection with the Djibouti scheme, the DOJ identified several individuals who were employees of Ericsson's direct and indirect subsidiaries, including Ericsson Egypt, and who "acted as an agent of Ericsson." However, besides the comment at the beginning of the Statement of Facts regarding subsidiaries acting like divisions, the Statement of Facts does not explain how the individuals were acting as Ericsson's agents. These individuals almost assuredly were acting as agents of the Ericsson subsidiaries for whom they worked, but the DOJ fails to explain the "something more" between Ericsson and the employees of its subsidiaries.
A generous interpretation would cite to Ericsson's scheme in China and Indonesia, where the DOJ more closely connected the subsidiary's misconduct with authorization, direction, and control by LM Ericsson—citing an Ericsson employee who instructed subsidiary employees to enter into sham contracts and retain sales agents (which were generally prohibited by LM Ericsson's policies) to facilitate corrupt payments as part of the schemes. While this still does not represent the strongest example of agency liability, it does fall within the "authorizes, controls, and directs" principle.
With that scheme's corporate parent liability more clearly established, perhaps the DOJ considered its agency liability case resolved and neglected to obtain or convey information supporting agency liability in the (completely separate) Djibouti scheme. If we are being more realistic, the DOJ's stance on agency in Ericsson appear to contradict, in part, Benczkowski's promise to require "something more" than the parent-subsidiary relationship to impose liability on the parent for actions taken by the subsidiary.
FOREIGN OFFICIALS
This year's enforcement actions have further underscored the fact that a corporation may be subject to liability under the FCPA, even if it did not bribe a foreign official. Indeed, a corporation may be subject to books-and-records and internal accounting controls liability if it simply makes a payment to a third party and fails to document that the payment is legitimate.
For example, in Telefonica Brasil, the SEC brought an action against the Brazilian telecommunications company for failing to devise and maintain sufficient internal accounting controls over a hospitality program hosted in connection with the 2014 Men's FIFA World Cup and 2013 Men's Confederations Cup. For the internal controls violation, the SEC alleges that the company failed to "detect and prevent" improper payments to foreign officials, a standard that is not explicitly required by the statute. The internal controls provision says only that the controls must be "sufficient to provide reasonable assurances that transactions are executed in accordance with management's general or specific authorization." However, if we assume that senior management did not authorize bribes, then there is an implicit requirement of detecting and preventing.
This year's case against Walmart provided a look at the various degrees of separation a matter can have from actual involvement of a foreign official in the scheme. The DOJ's case against Walmart spans the spectrum for how concrete or hypothetical the evidence of connection to foreign officials can be. Specifically, the internal controls failures in Mexico, India, and Brazil resulted in improper payments that were traced to foreign officials, including in Mexico, where the invoices for improper payments to government officials had specific codes. However, in China, it was merely alleged that the internal controls weaknesses were flagged by its internal audit team but never addressed. Like Ericsson, where the support for agency liability varied between various schemes, Walmart is interesting because the contrast between the solid and well-documented and the more suppositional is particularly high.
THING OF VALUE
In 2015, the SEC caused a bit of a ruckus when it charged BNY Mellon with FCPA violations for offering jobs to the unqualified relatives of foreign officials. While a job and the related salary are undeniably "things of value," the idea that referral hiring constituted a form of bribery under the FCPA upset traditionally held views about the scope of the statute, since it was providing the benefit to an official's relative. This year's actions against Barclays and Deutsche Bank involved alleged bribery through similar hiring schemes—indicating that this basis for liability is here to stay. As with BNY Mellon and JPMorgan, both Barclays and Deutsche Bank asserted that the individuals hired were underqualified for the positions or were merely holding sham positions without contributing. However, assuming the "thing of value" is the employment of an official's relative, and there is some sort of quid pro quo with a foreign official, the emphasis on the fact that the individual was unqualified seems somewhat superfluous.
MODES OF PAYMENT
As the DOJ and SEC become more sophisticated in their investigation of corrupt payments, corrupt actors similarly attempted to become more creative in their methods for conveying corrupt payments, making it increasingly important for corporations to have broad and constantly adapting policies and controls in place.
For example, in Quad/Graphics, the payments were made through a third-party law firm. According to the SEC, Quad/Graphics's Peruvian subsidiary "retained a local Peruvian law firm to serve as outside counsel on [a Peruvian tax authority] litigation" and paid it every month in amounts ranging from $1,000 to $1,200 per month. However, after the case moved against Quad Peru, it decided to arrange for the law firm to make improper payments to the Peruvian judges on the matter to try to influence their decisions. Suddenly, the payments to the law firm increased significantly, with a total of $209,752 in payments from Quad Peru to the law firm, which the SEC alleged were for the purpose of paying bribes. This case is instructive in part because it highlights the long-held compliance adage that significant increases in the amount of payments to third parties are a red flag for potential bribery. It is also demonstrative of the fact that law firms may not be any better at covering up bribes than the more traditional third-party bribery scheme actors.
Indeed, this rest of the enforcement cases this year involved common third-party intermediary suspects. For example, in Fresenius, they used third-party agents in West Africa, Morocco, Serbia, and Mexico to make corrupt payments to officials. They used the typical hide-the-bribe techniques, ranging from charging sham "service fees" to Fresenius and then passing them onto government hospital administrators to false consulting contracts.
In Cognizant, Cognizant's subsidiary in India authorized an engineering and construction firm to pay an Indian government official to obtain various licenses and permits.
Also, Juniper's subsidiary in Russia used third-party channel partners to divert extra funds from discounts that were not passed on to customers into off-book accounts referred to as "common funds." These "common funds" were then used to pay for trips, which included government officials and had no business or educational purpose.
In one twist to the usual narrative, some of the improper payments allegedly made in MTS involved $1.1 million in payments to charities connected to an Uzbek government official. There were no allegations that the charities were connected to the official in any way—other than that she requested the contributions. Therefore, the benefit to the official from these donations is not clearly stated by the DOJ or the SEC. Instead, the issue appeared to be that MTS's Uzbekistani subsidiary authorized the payments in violation of MTS's policies and they were not properly recorded in the books and records.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
