Internal Controls « FCPA Professor

Archive for the ‘Internal Controls’ Category

For Your Listening Enjoyment

Wednesday, June 13th, 2012

On June 5th, the American Bar Association Criminal Justice Section and the ABA Center for Continuing Legal Education in cooperation with Dorsey & Whitney & LLP and Pepper Hamilton LLP sponsored a program titled “The New Era of FCPA Enforcement and the Collapse of the Africa Sting Cases: Time to Reevaluate?”

I was pleased to participate along with John Buretta (Deputy Assistant Attorney General, Criminal Division, Department of Justice); Charles Cain (Deputy Chief, FCPA Unit, Securities and Exchange Commission); France Chain (Senior Legal Analyst, Anti-Corruption Division, OECD); Stanley Sporkin; and Eric Bruce (Partner, Kobre & Kim LLP). The program was moderated by Thomas Gorman (Partner, Dorsey & Whitney LLP) and Frank Razzano (Partner, Pepper Hamilton LLP).

An audio version of the 90 minute program can be downloaded here. Below is a breakdown of topics discussed along with the approximate minute mark(s) of the discussion.

4 – 11 minutes – Eric Bruce (defense counsel in the Africa Sting case) provides an inside view of the case.

11 – 13 minutes – discussion of 78dd-3 jurisdictional issues, including in the Africa Sting case

13 – 19 minutes – discussion of various issues including corporate FCPA resolutions, whether the DOJ is more of a regulator than prosecutor in FCPA cases, and the DOJ’s view of the Africa Sting cases including whether it learned anything from the cases

19 – 24 minutes – Stanley Sporkin weighs in as to the origins of the FCPA’s books and records and internal control provisions, says that the DOJ was hunting in the wrong place in the Africa Sting cases and says that FCPA enforcement needs to get back to the basics of “blocking and tackling”

25 – 30 minutes – discussion of the “foreign official” issue in which the DOJ says that “no one really conveys that they are confused” about what “foreign official” means

30 – 38 minutes – discussion of facilitation payments and whether the enforcement agencies have ignored this statutory exemption

38 – 41 minutes – I raise the question of whether the FCPA has morphed into an all-purpose corporate ethics or governance statute and discussion regarding what is the best way to expand the FCPA – through charging decisions or through Congressional action

42 – 50 minutes – discussion of compliance issues and how best to reward corporate compliance as well as the recent Garth Peterson / Morgan Stanley case in which I pose to the DOJ and the SEC the question of whether the outcome would have been any different if the FCPA had a formal compliance defense

50 – 55 minutes – discussion of miscellaneous issues including transparency in enforcement, cooperation issues and self-reporting

55 – 67 minutes – further discussion of compliance issues, including whether a compliance defense would be a “race to the bottom” or a “race to the top,” whether there is a Washington D.C. beltway view on FCPA compliance, and whether the increase in FCPA enforcement is doing anything to properly incentivize business conduct

67 – 71 minutes – discussion of whether there is any practical difference in the corporate liability standards in the U.K. Bribery Act and the FCPA

72 – 76 minutes – further discussion of the Africa Sting cases

77 – 79, 83 – 86 minutes – DOJ responds to a question regarding FCPA guidance, including timing and specifics

80 – 83 minutes – discussion as to whether it is acceptable not to self-report if the company otherwise implements a variety of internal remedial measures

87 – 89 – once again the issue of whether the DOJ has learned anything from the Africa Sting cases

*****

If you are aware of other FCPA video or audio programs and would like to provide a similar annotation as to issues, please consider this an open invitation to do a guest post as many could benefit.

Reasonable

Wednesday, March 14th, 2012

I recently discovered the awesomeness of word clouds. A word cloud is a graphical representation of word frequency in a source text. Word clouds can be a fun and informative learning device. The word cloud for the FCPA’s anti-bribery provisions is here and the word cloud for the FCPA’s books and records and internal control provisions is here. (Both word clouds – as well as future FCPA-related word clouds I create – can be found on the Resources tab of this website).

A quick glance at the FCPA books and records and internal controls word cloud demonstrates that the term “reasonable” is the most prominent term in these provisions. Yet, reviewing SEC FCPA enforcement actions you would hardly know as the agency seems to have, in many cases, converted the books and records and internal control provisions into strict liability provisions. See here for a prior post and for an extended discussion see here - ”The Facade of FCPA Enforcement” (pages 976-981). Common verbiage in SEC FCPA enforcement actions includes generic statements that the parent company issuer failed to implement effective internal controls or that problematic payments in distant subsidiary books and records were consolidated with the issuer’s for purposes of financial reporting and that therefore the parent company issuer is liability.

The dominance of “reasonable’ in the FCPA books and records and internal control provisions, as demonstrated by the word cloud, is a good opportunity to revisit this prior post which details comments by Harold Williams (Chairman of the SEC) in 1981 as to the then infant FCPA. Terming his statements as official Commission policy, Williams stated as follows.

“The Act does not mandate any particular kind of internal controls system. The test is whether a system, taken as a whole, reasonably meets the statute’s specified objectives. ‘Reasonableness,’ a familiar legal concept, depends on an evaluation of all the facts and circumstances.” [...] “Private sector decisions implementing these statutory objectives are business decisions. And, reasonable business decisions should be afforded deference. This means that the issuer need not always select the best or the most effective control measure. However, the one selected must be reasonable under all the circumstances.”

As to the “degree of exactitude” Williams stated as follows. “I turn first to the question of whether the Act’s text or purpose mandates that business records and controls conform to a standard of absolute exactitude or that a company’s control system meet some absolute ideal. The answer is ‘no.’ Both of the Act’s accounting provisions, it should be noted are modified by the key term ‘reasonable.’ […] In essence, therefore, the Act does provide a de minimus exemption, though not in absolute quantitative terms.” Williams further stated as follows. “Reasonableness, as a standard, allows flexibility in responding to particular facts and circumstances. Inherent in this concept is a toleration of deviations from the absolute. One measure of the reasonableness of a system relates to whether the expected benefits from improving it would be significantly greater than the anticipated costs of doing so. Thousands of dollars ordinarily should not be spent conserving hundreds. Further, not every procedure which may be individually cost-justifiable need be implemented; the Act allows a range of reasonable judgments.”

In a sign of just how much FCPA enforcement has changed, Williams stated as follows in his speech. “If a violation was committed by a low level employee, without the knowledge of top management, with an adequate system of internal control, and with appropriate corrective action taken by the issuer, we do not believe that any action against the company would be called for.”

In another sign of just how much FCPA enforcement has changed, William stated as follows. “… [D]epending on the
circumstances, intentional circumventions of a company’s system of records and of accounting controls by a low-level employee would not always be considered violations of the Act by the issuer. No system of adequate records and controls – no matter how effectively devised or conscientiously applied – could be expected to prevent all mistaken and improper transactions and disposition of assets. Given human nature, regardless of the adequacy of the system, a bookkeeper may still erroneously post entries, an overzealous agent may make unauthorized payments, or an unscrupulous employee may falsify records for his own purposes. The Act recognizes each of these limitations. Neither its text and legislative history nor its purposes suggest that occasional, inadvertent errors were the kind of problem that Congress sought to remedy in passing the Act. No rational federal interest in punishing insignificant mistakes has been articulated. And, the Act’s accounting provisions do not require a company or its senior officials to be the guarantors of all conduct of company employees.”

In concluding this portion of his speech, Williams stated as follows. “The test of a company’s internal control system is not whether occasional failings can occur. Those will happen in the most ideally managed company. But, an adequate system of internal controls means that, when such breaches do arise, they will be isolated rather than systemic, and they will be subject to a reasonable likelihood of being uncovered in a timely manner and then remedied promptly. Barring, of course, the participation or complicity of senior company officials in the deed, when discovery and correction expeditiously follow, no failing in the company’s internal accounting system would have existed. To the contrary, routine discovery and correction would evidence its effectiveness.”

As to the SEC’s enforcement policy, Williams concluded his remarks as follows. “The genius – and challenge – of [the FCPA’s accounting provisions] , it should be remembered, is their reliance on private sector decisionmaking – rather than specific federal edicts – to address an area of public concern. The Act’s eventual success or failure will, therefore, depend primarily upon business’s response. The Commission’s obligation, in turn, is to provide a regulatory environment in which the private sector can address these issues meaningfully and creatively. In this regard, we must encourage public companies to develop innovative records and control systems, to modify and improve them as circumstances change, and to correct recordkeeping errors when they occur without a chilling fear of penalty or inference that a violation of the Act is involved.”

The above comments by Williams are even more significant when one considers that the FCPA Williams was speaking about in 1981 did not contain the good faith compliance provisions added to the FCPA’s books and records and internal control provisions in 1988.

Those provisions currently state as follows.

“Where an issuer [...] holds 50 per centum or less of the voting power with respect to a domestic or foreign firm, the [FCPA's books and records and internal control provisions] require only that the issuer proceed in good faith to use its influence, to the extent reasonable under the issuer’s circumstances, to cause such domestic or foreign firm to devise and maintain a system of internal accounting controls consistent with [the provisions]. Such circumstances include the relative degree of the issuer’s ownership of the domestic or foreign firm and the laws and practices governing the business operations of the country in which such firm is located. An issuer which demonstrates good faith efforts to use such influence shall be conclusively presumed to have complied with the requirements of [the provisions].

In short, the FCPA’s books and records and internal control provisions focus on reasonable. Are the SEC’s enforcement theories as to these provisions reasonable?

SEC Chairman Schapiro’s FCPA Responses

Friday, October 7th, 2011

As noted in this prior post, on June 30th, Senator Mike Crapo (R-ID) sent SEC Chairman Mary Schapiro a letter requesting answers to a number of FCPA related questions. In this September 23rd letter, SEC Chairman Schapiro responds.

Chairman Schapiro begins as follows. “Contuined strong enforcement of the FCPA sends the message that American companies operating abroad will not pay bribes as a ‘cost of doing business.’ The deterrence message of the Commission’s FCPA enforcement program incentivizes companies to self-assess and update their compliance and internal controls – all of which benefits companies’ operations overall and provides greater transparency to investors. While I certainly appreciate and share your concerns about the costs of FCPA compliance in certain circumstances, I believe that the risks to investors and costs to companies posed by outdated or weak FCPA compliance measures are equally significant.”

Compliance Defense?

As to a potential FCPA compliance defense, Chairman Schapiro began by stating a common enforcement agency response … we already consider compliance. She stated as follows. “The Commission, in deciding whether to approve the filing of an FCPA enforcement action against a public company, already considers as one mitigating factor whether the company’s compliance program was reasonably designed and operated in a manner to detect and prevent FCPA violations.” “Similarly,” Chairman Schapiro stated, “companies facing FCPA inquiries can obtain credit for cooperation under the Commission’s new Cooperative Initiative, in which cooperation is defined to include, among other factors, having reasonable internal controls and compliance measures.” Given the above, Chairman Schapiro states that “it seems unnecessary – and even counterproductive – to recognize a formal affirmative defense for having such a program, given that there are at least three significant costs associated with such a defense.”

Chairman Schapiro then identifies the following three issues.

“First, the reasonableness of a compliance program is best measured not by how it exists on paper, but by how it operates in practice. Consequently, the ease with which an employee was able to circumvent anti-corruption controls is some evidence – not sufficient evidence, but some evidence – that internal controls were insufficient. The Commission would not want to be foreclosed from bringing FCPA charges under those circumstances, since holding companies accountable for weak internal controls incentivizes companies to create a robust FCPA compliance environment.”

“Second, providing an affirmative defense for reasonably designed compliance programs could allow companies to retain ill-gotten gains. A company could engage in bribery or other corrupt behavior, obtain a benefit from such conduct (i.e. securing lucrative contracts), and yet not disgorge its ill-gotten gains. Enabling companies to retain proceeds generated from the payment of bribes would disincentivize those companies from adopting rigorous anti-corruption programs.”

“Third, sanctioning corrupt behavior sends a strong message of general deterrence to all similarly situated companies that there is a high financial and reputational cost to be paid if they bribe foreign officials. There is often no substitute for the deterrent impact of financial and reputational sanctions, which prevent improper behavior from becoming ingrained as just another ‘cost of doing business.’ That deterrence message likely would be diluted if such an affirmative defense was adopted.”

“Foreign Official”?

According to Chairman Schapiro, the FCPA “sufficiently defines the term foreign official.” She stated as follows. “Given the various forms of government found around the world, it would be impractical to articulate each of the myriad of ways that one could use to identify a foreign official in particular countries or cultures. In addition, Commission and Department of Justice enforcement actions also provide guidance on the meaning of ‘foreign official’ in various contexts. Finally, companies with a strong compliance culture have policies prohibiting all bribery in order to send a clear corporate message that such practices are not condoned.”

SEC Guidance?

“Both the Commission and the Department of Justice have numerous mechanisms for providing guidance on FCPA matters. Perhaps the most important guidance comes from the enforcement actions that are brought by the Commission and the Department of Justice. The Commission uses it pleadings and accompanying public news releases to highlight and reinforce the key elements of each case. Additionally, senior staff in the Division of Enforcement speak regularly at industry conferences and provide guidance on the FCPA program. ”

For a prior post on “prosecutorial common law” – see here.

As relevant to Chairman Schapiro’s ”guidance” response, readers may be interested in my “Facade of FCPA Enforcement” article (here) in which I discuss the frequency in which FCPA enforcement actions are resolved based on uninformative, bare-bones statements of facts or allegations or conclusory legal statements; the increasing trend of FCPA enforcement actions resolved based on untested and dubious legal theories, as well as enforcement theories seemingly in direct conflict with FCPA’s statutory provisions; and the opaque nature of FCPA enforcement and how similar enforcement actions, based on the government’s own allegations, are resolved with materially different charges and penalties.

In short, the notion that settled SEC civil complaints or administrative orders (or now SEC NPAs or DPAs or DOJ NPAs or DPAs for that matter) provide meaningful guidance or should serve as FCPA caselaw is absurd. In my Facade article, I detail cases in which the SEC admits that the terms of an SEC settlement “do not necessarily reflect the triumph of one party’s position over the other.” I also highlight statements from former SEC Commissioner and current Standford law professor Joseph Grundfest that, among other things, SEC complaints “typically omit mention of valid defenses and of countervailing facts or mitigating circumstances …”. In the words of Professor Grundfest, the “natural result” of settling an SEC enforcement action “is a one-sided record in which the Commission asserts its version of the facts and the law, and the settling defendants commit not to challenge that rendition.”

On the same general topic, albeit in the DOJ FCPA context, see this recent piece from Michael Volkov ”The FCPA & Voluntary Disclosure An Engimatic Threat to Due Process” (“the Justice Department has started to cite as precedent its own decisions respecting the outer reaches of the law”).

Strict Parent Company Liability for Foreign Subsidiary Actions?

Chairman Schapiro’s response states in full as follows. “A U.S. parent company may be liable under the FCPA for bribes paid by its foreign subsidiary in certain circumstances, such as where the parent company had knowledge of the foreign subsidiary’s bribery or where the subsidiary acted as the parent’s agent. ‘Knowledge’ under the FCPA’s anti-bribery provisions encompasses actual knowledge, conscious disregard of, or willful blindness to the subsidiary’s illicit activities. In addition, under agency law, an agent’s knowledge can be imputed to the principal (parent). Accordingly, in the absence of the requisite evidence, the Commission does not charge a U.S. parent company with a violation of the FCPA’s anti-bribery provisions in connection with the foreign subsidiary’s actions. In addition, the Commission may, based on its analysis of the particular facts and circumstances of some cases, charge the foreign subsidiary directly with violation of the FCPA’s anti-bribery provisions while separately charging the parent company with violations of the books and records and internal control provisions of the FCPA. This is because the public company parent typically is responsible for the accuracy of the books and records of its overall operations, including those of its controlled foreign subsidiaries. While the FCPA’s books and records and internal controls provisions do not contain a ‘knowledge’ requirement, the Commission exercises its discretion and flexibility in charging these provisions.”

For previous posts on the issue of strict liability see here and here.

Double-Dip Penalties?

Chairman Schapiro stated as follows. “The Commission and Department of Justice do not obtain duplicative penalties in FCPA cases. Typically, the Commission will obtain monetary sanctions in the form of disgorgement (ill-gotten gains) while the Department of Justice obtains monetary sanctions in the form of penalties. In those rare cases where both the Commission and the Department of Justice obtain penalties, the total penalty assessed against the company is no greater than it would be if either the Commission or DOJ alone obtained the penalty.”

However, DOJ penalties are calculated by reference to the advisory U.S. Sentencing Guidelines where an important factor in determining the ultimate penalty amount is value of the benefit received by the company from the conduct at issue.

*****

For your viewing pleasure here - an October 5th rountable program sponsored by the Heritage Foundation on corruption, economic growth, and freedom.

For the calendars of Indianapolis area readers see here. A luncheon address - “Compliance in a New Era of FCPA Enforcement” I am giving next Tuesday (Oct. 11th) to the World Trade Club of Indiana. The event, sponsored by Butler University College of Business, begins at 11:30 at the downtown law offices of Baker & Daniels.

In The Words of Stanley Sporkin

Monday, September 26th, 2011

Stanley Sporkin, as Director of the SEC’s Division of Enforcement in the mid-1970′s, played a key role in addressing the foreign corporate payments issues being investigated by Congress and in shaping what would become the FCPA’s books and records and internal control provisions. Calling Sporkin the “Father of the FCPA” (as many have) is, in all due respect, a bit of an overstatement as Sporkin’s SEC was not in favor of what would become the FCPA’s anti-bribery provisions and wanted no part in enforcing those provisions. Nevertheless, Sporkin was a key participant, and has remained a key player, on FCPA issues throughout his storied career.

Sporkin has been talking about FCPA reform for years – long before the U.S. Chamber released its FCPA reform proposals in October 2010.

Thanks to a reader, we can all read some of Sporkin’s early FCPA reform speeches.

In a 2004 speech (here), Sporkin spoke of the SEC stumbling upon the foreign payments issue in connection with its Watergate-related investigations. The FCPA was not a singular outgrowth of Watergate - Congress was already actively investigating allegations of overseas bribery and corruption separate and apart from the Watergate scandal – yet Watergate is nevertheless relevant to the FCPA’s origins. In his speech, Sporkin also talks about the relationship between the FCPA and Sarbanes-Oxley Section 404 (a hot-button issue in 2004 when Sporkin delivered the speech). As to “Next Steps,” Sporkin stated as follows. “[W]e need more than Congress passing new statute, and the SEC requiring strict compliance with existing legislation. We need a comprehensive assault on the problem. This means we need the assistance of our government and indeed all the countries of the world along with the world business community, to provide a climate which enables our corporations to compete honestly and fairly throughout the world. There is a way to fix this problem if there is a will to do so.” Among other things, Sporkin proposed – no doubt in recognition that most FCPA issues arise from use of foreign agents – the “establishment of a country-by-country list of agents that have been properly vetted and have agreed to be examined and audited by an independent international auditing group.”

In 2006, Sporkin returned to the podium (see here) as the FCPA neared its 30th year. He stated as follows. “What I envisioned when the law was enacted was a new corporate regime where bribery of foreign officials would be almost completely extinguished at least as it pertained to major U.S. corporations. As all of us here have observed, the wild-eyed-do-gooder predictions never occurred. Instead statistics indicate that bribery of foreign officials has maintained a steady pace over the years.” [Counterpoint - perhaps bribery of foreign officials, as envisioned by Congress and indeed Sporkin's SEC, has largely been extinguished, but the issue (in 2006 and still today) is that the goalposts have been moved ... and not by Congress].

In his 2006 speech, Sporkin did not advocate the FCPA’s repeal, but he did “think the Department of Justice and the SEC can do something forward-looking which would be win-win for both the government and the private sector.” He called it the “FCPA Immunization-Inoculation Program.” Sporkin stated that the “quasi-amnesty program” would consist of the following: (i) “agreement by participating firms to conduct a full and complete review [conducted jointly by a major accounting firm or specialized forensic accounting firm and a law firm] of the company’s compliance with the FCPA for the previous 3 years; (ii) the company would agree “to disclose the results of the legal-accounting audit to the SEC, its investors, and the public; (iii) “if any violations turned up in the process of the audit, the participating [company] would agree to take all steps to eliminate the problems and implement the appropriate controls to prevent further violations; (iv) participating companies “would agree to subject themselves to a similar audit on an annual basis for at least 5 years to ensure that compliance was being maintained; (v) participating companies “would be required to create the position of FCPA compliance officer, whose sole responsibility would be to ensure the company’s compliance with the FCPA” and make an annual certification; and (vi) “in exchange … the SEC and DOJ would give qualified assurances that no actions would be brought for violations exposed by the review.” As envisioned by Sporkin, the “limited amnesty would not apply if violations rose to flagrant or egregious level.”

According to Sporkin, the “immunization-inoculation program would serve the dual purpose of: (1) creating suitable incentives to compliance-minded companies to adopt and maintain high ethical standards in the conduct of their business; and (2) reducing the case load and investigative burden of governmental agencies that enforce the FCPA while reassuring regulators that companies are taking active steps to limit corruption in their foreign contracting and other activities.” Sporkin conceded that “some adjustments may be necessary” but he believed that his proposal “would provide the right-thinking corporate community with the necessary assurances that it needs to develop a vibrant overseas business without having to defend itself against very costly and time consuming investigations.”

At the November 2010 Senate FCPA hearing, FCPA practitioner Michael Volkov (here) resurrected Sporkin’s proposal – see here for Volkov’s prepared statement. [By the way, for those of you looking for the complete transcript of that hearing, along with the prepared statements, and post-hearing Q&A's - see here].

While Sporkin’s FCPA reform proposals are, in certain ways, different from many of the proposed FCPA amendments being discussed at the moment, the point of this post – other than to highlight Sporkin’s reform proposals, is to demonstrate that the screams of some – that FCPA reform is solely a Chamber issue or somehow akin to waving the white flag of surrender to corporate bribery - are off-base.

What various FCPA reform proposals through the years have in common is experienced and knowledgeable individuals (including many former DOJ and SEC enforcement attorneys who helped shape the FCPA and FCPA enforcement) sharing a belief that the current ad hoc, inconsistent, arbitrary, and largely opaque enforcement only climate is in need of reform.

A Focus On The SEC

Wednesday, July 13th, 2011

From an FCPA reform perspective, most of the recent scrutiny has been on the DOJ and its enforcement policies and positions.

Yet, the FCPA is also enforced by the SEC.

As a civil enforcement agency only, the SEC’s stick is less sharp the DOJ’s. Nevertheless, the SEC’s FCPA enforcement positions on issues such as “foreign official” and “obtain or retain business” are seemingly identical to the DOJ’s.

Moreover, certain of the SEC’s enforcement theories as to the FCPA’s books and records and internal control provisions are subject to controversy. As I highlighted in “The Facade of FCPA Enforcement” (here at pgs. 976-984), with increasing frequency, the SEC has charged FCPA books and records and internal control violations based on untested and dubious legal theories, as well as theories seemingly in direct conflict with the FCPA’s statutory provisions.

For instance, the SEC routinely charges parent companies with FCPA books and records and internal control violations based solely on the conduct of indirect subsidiaries or affiliates in the absence of any allegation that the parent company participated in, or had knowledge of, the conduct at issue – even though the FCPA specifically states that issuers that demonstrate good faith efforts to cause indirect subsidiaries and affiliates to devise and maintain effective internal controls “shall be conclusively presumed to have complied with” the FCPA’s applicable requirements.

The SEC’s FCPA enforcement theories and policies are now being questioned. See here for the June 30th letter from Senator Mike Crapo (R-ID) to SEC Chairman Mary Schapiro.

The letter begins with Senator Crapo stating that “Congress and the agencies that enforce the FCPA must work together to ensure that the statute’s goals are being met without perverting the risk and reward calculus U.S. firms face when considering overseas business opportunities that would support domestic job growth.”

In the letter, Senator Crapo says he is “concerned by the recent Congressional testimony about the increased compliance costs for businesses operating in good faith to abide by the FCPA’s strictures and the deterrence of U.S. firms’ entry into, or expansion of, overseas operations.”

Senator Crapo then asks Chairman Schapiro for answers to the following questions.

1. Should the FCPA be amended to provide an affirmative defense, which may be raised where violations resulted from the conduct of individual employees or agents who circumvented compliance measures that were reasonably designed to identify and prevent such violations?

2. Does the Commission believe that regulations or guidance explaning factors it considers when determining whether an entity’s officers or employees are “foreign officials” would be helpful to U.S. firms? Would the Commission support legislation that more clearly defines the term “foreign official” under the FCPA?

3. What are the mechanisms by which the Commission could or does provide guidance on FCPA related matters?

4. Is it the Commission’s policy to hold firms strictly liable for foreign subsidiaries’ actions in violation of the FCPA?

5. Under what circumstances, if any, is it appropriate for both the Commission and the Department to seek the recovery of penalties from the same entity for the same conduct?

Prior to responding to Senator Crapo’s letter, Chairman Schapiro and others at the SEC’s FCPA Unit would be well served by reviewing a 1981 speech by then Chairman of the SEC – Harold Williams – on the FCPA’s books and records and internal control provisions.

To best understand (and place in context) current SEC FCPA enforcement positions and policies, it is useful to understand past SEC FCPA enforcement positions and policies. Statements made by the SEC Chairman in 1981 bear little resemblence to the SEC’s current enforcement of the FCPA’s books and records and internal control provisions.

*****

The year was 1981, the event was the American Institute of Certified Public Accountants, and the speaker was Harold Williams, the Chairman of the SEC. Williams focused his remarks (here) “solely to one major auditing development of recent years: the accounting provisions of the Foreign Corrupt Practices Act of 1977.”

Williams began has remarks as follows. “When viewed from an abstract perspective, the Act’s accounting provisions seem merely to codify a basic and uncontroversial management principle: no enterprise of any size can operate successfully without maintaining effective controls over its transactions and the disposition of its assets. Perhaps in part because these provisions were considered truisms, the Act was passed without Congressional dissent. However, practical experience with new legislation – even a law thought to be noncontroversial – often will reveal unanticipated problems. Newly enacted standards, for example, may be subject to differing constructions or raise compliance difficulties and ambiguities unforeseen by their draftsmen. And, until these problems are resolved by an agency, the courts or the Congress, those who are subject to these laws are often faced, unfortunately, with some disquieting circumstances. The anxieties created by the Foreign Corrupt Practices Act – among men and women of utmost good faith – have been, in my experience without equal.”

Williams noted that “such uncertainty can have a debilitating effect on the activities of those who seek to comply with the law. My sense is that, as a consequence, many businesses have been very cautious – sometimes overly so – in assuring at least technical compliance with the Act. And, therefore, business resources may have been diverted from more productive uses to overly-burdensome compliance systems which extend beyond the requirements of sound management or the policies embodied in the Act. The public, of course, is not well served by such reactions.”

Unlike many SEC speeches that contain the usual – this is only my personal opinion disclaimer – Williams specifically noted that he “conferred” with his “colleagues before presenting these remarks, and they have authorized me to advise you that these remarks constitute a statement of the Commission’s policy.”

As to the FCPA’s books and records provisions, Williams stated as follows. “This provision is intimately related to the requirement for a system of internal accounting controls, and we believe that records which are not relevant to accomplishing the objectives specified in the statute for the system of internal controls are not within the purview of the recordkeeping provision. […] nor could a company be enjoined for a falsification of which its management, broadly defined, was not aware and reasonably should not have known.”

As to the FCPA’s internal control provisions, Williams stated as follows. “The Act does not mandate any particular kind of internal controls system. The test is whether a system, taken as a whole, reasonably meets the statute’s specified objectives. ‘Reasonableness,’ a familiar legal concept, depends on an evaluation of all the facts and circumstances.”

Under the heading “deference” Williams stated as follows. “Private sector decisions implementing these statutory objectives are business decisions. And, reasonable business decisions should be afforded deference. This means that the issuer need not always select the best or the most effective control measure. However, the one selected must be reasonable under all the circumstances.”

Under the heading “state of mind” Williams stated as follows. “The accounting provisions principal objective is to reaching knowing or reckless conduct.”

As to the “purposes of the Act,” Williams provided a brief review of the “events which led to the [FCPA].” He stated as follows. “Clearly, Congress went further than determining whether the payments which gave the new law its name were ethically and commercially justifiable. It also chose to consider the corporate accounting and control deficiencies which had been breeding grounds for these practices. And, by doing so, it addressed the far more serious issues raised by these disclosures. […] These payments and falsifications were not only previously unknown to public investors and independent auditors, but many were also unknown to the payor’s board and, in numerous examples, even to its senior management. In some of these instances, internal controls existed, but they were shown to be ineffective or easily subverted. Unauthorized payments and related falsifications of corporate records seemed to evidence – indeed, were fostered by – a lack of adequate accounting records and controls. Consequently, in the legislation which ultimately emerged from Congress, prohibiting questionable payments and mandating control and recordkeeping were inexorably interconnected.”

Williams stated as follows. “The primary thrust of the Act’s accounting provisions, in short, was to require those public companies which lacked effective internal controls or tolerated unreliable recordkeeping to comply with the standards of their better managed peers. That is the context in which these provisions should be construed.”

Williams then addressed “four of the most important” interpretative questions concerning the then-young FCPA: “first, the degree of exactitude in recordkeeping mandated by the Act; second, the deference it affords business decisions concerning internal controls; third, whether a particular state of mind is necessary for a violation to exist; and finally, liability for compliance by subsidiaries.”

Williams noted that Congress specifically declined to adopt a materiality test and stated that “internal accounting controls are not only concerned with misconduct that is material to investors, but also with a great deal of misconduct which is not.” He noted that while materiality is “appropriate as a threshold standard to determine the necessity for disclosure to investors, [it] is totally inadequate as a standard for an internal control system.”

Williams stated that “procedures designed only to uncover deficiencies in amounts material for financial statement purposes would be useless for internal control purposes” and noted that “systems which tolerated omissions or errors of many thousands or even millions of dollars would not represent, by any accepted standard, adequate records and controls.” Indeed, Williams noted that many of the “questionable payments that alarmed the public and caused Congress to act” […] were in most instance of far lesser magnitude than that which would constitute financial statement materiality.”

“Reasonableness, rather than materiality, is the appropriate test,” Williams stated. He noted as follows. “Reasonableness, as a standard, allows flexibility in responding to particular facts and circumstances. Inherent in this concept is a toleration of deviations from the absolute. One measure of the reasonableness of a system relates to whether the expected benefits from improving it would be significantly greater than the anticipated costs of doing so. Thousands of dollars ordinarily should not be spent conserving hundreds. Further, not every procedure which may be individually cost-justifiable need be implemented; the Act allows a range of reasonable judgments.”

As to the “specific recordkeeping requirement” in the FCPA, Williams stated as follows. “… [T]his provision is not an independent unrestrained mandate to the Commission to establish novel or unprecedented corporate recordkeeping standards; it is, rather, an integral part of Congress’ efforts to assure that the business community records transactions and assets in such a way as to maintain adequate control over them. And this leads to two important conclusions: First, the Act does not establish any absolute standard of exactitude for corporate records. And, second, records which are not related to internal or external audits or to the four internal control objectives set forth in the Act are not within the purview of the Act’s accounting provisions.”

As to “deference” with respect to “issuer liability for recordkeeping violations” Williams stated that the SEC “will look to the adequacy of the internal control system of the issuer, the involvement of top management in the violation, and the corrective actions taken once the violation was uncovered.”

In a sign of just how much FCPA enforcement has changed, Williams then stated as follows. “If a violation was committed by a low level employee, without the knowledge of top management, with an adequate system of internal control, and with appropriate corrective action taken by the issuer, we do not believe that any action against the company would be called for.”

Williams next turned to the “state of mind needed to violate the Act’s accounting provisions.” He reiterated that the “Act’s principal purpose is to reach knowing or reckless misconduct.”

In another sign of just how much FCPA enforcement has changed, William stated as follows. “… [D]epending on the circumstances, intentional circumventions of a company’s system of records and of accounting controls by a low-level employee would not always be considered violations of the Act by the issuer. No system of adequate records and controls – no matter how effectively devised or conscientiously applied – could be expected to prevent all mistaken and improper transactions and disposition of assets. Given human nature, regardless of the adequacy of the system, a bookkeeper may still erroneously post entries, an overzealous agent may make unauthorized payments, or an unscrupulous employee may falsify records for his own purposes. The Act recognizes each of these limitations. Neither its text and legislative history nor its purposes suggest that occasional, inadvertent errors were the kind of problem that Congress sought to remedy in passing the Act. No rational federal interest in punishing insignificant mistakes has been articulated. And, the Act’s accounting provisions do not require a company or its senior officials to be the guarantors of all conduct of company employees.”

As to subsidiaries, Williams stated as follows. “Where the issuer controls more than 50 percent of the voting securities of the subsidiary, compliance is expected. So, too, would it be expected if there is between 20 percent and 50 percent ownership, subject to some demonstration by the issuer that this does not amount to control. If there is less than 20 percent ownership, we will shoulder the burden to affirmatively demonstrate control.”