Much of the content on FCPA Professor assumes a certain level of knowledge and understanding of the Foreign Corrupt Practices Act. However, not all readers of FCPA Professor are familiar with the FCPA or how the FCPA is enforced. The below Q&A’s do not address every issue that may arise under the FCPA, but rather are designed to provide useful information to better understand the FCPA and FCPA enforcement.
© FCPA Professor 2012. All rights reserved. Accurate reproduction with attribution permitted.
Q. When and Why was the FCPA enacted?
A. The FCPA was enacted and signed into law by President Jimmy Carter in December 1977.
In the mid-1970’s, Congress held numerous hearings in the aftermath of news and disclosures of questionable foreign corporate payments to a variety of recipients and for a variety of reasons. Congressional attention was focused on payments made by Lockheed Aircraft Corporation, Gulf Corporation, United Brands Company, Northrop Corporation, Ashland Oil, and Exxon Corporation. Each of these instances involved allegations or admissions of payments directly or indirectly to traditional foreign government officials or foreign political parties in connection with a business purpose.
Congress soon discovered that such payments were not directly prohibited under U.S. law, even if certain existing laws – such as tax and securities disclosure laws – were perhaps indirectly implicated. Congress set out to close this gap. Both the 94th and 95th Congresses, as well as the Administrations of Gerald Ford and Jimmy Carter, were involved in seeking legislation to address foreign corporate payments and approximately twenty bills were introduced in Congress. Two competing legislative approaches were generally considered by Congress: an outright prohibition of certain foreign payments and a disclosure regime of a broader category of foreign payments. The Ford Administration favored the latter approach, but the Carter Administration – which took office in January 1977 – favored prohibition and this approach ultimately became law.
For an extensive overview of the FCPA’s legislative history, see “The Story of the Foreign Corrupt Practices Act.” This article weaves together information and events scattered in the FCPA’s voluminous legislative record to tell the FCPA’s story through original voices of actual participants who shaped the law.
Q. Has the FCPA been amended since 1977?
A. Yes.
Soon after passage of the FCPA – during a time of economic recession – questions were raised whether the FCPA was harmful to U.S. business. The Carter administration sent a report to Congress that identified the FCPA as discouraging exports; the Government Accountability Office released a report (see here and here) detailing how the FCPA was riddled with complicating ambiguities and shortcomings; and the administration of newly elected President Ronald Reagan recommended decriminalizing conduct subject to the FCPA.
Beginning in 1980, Congress sought to amend the FCPA – a process that took eight years. During this time period, various bills (either stand alone bills or specific titles or sections of omnibus export or trade bills) were introduced in the 96th, 97th, 98th, 99th, and 100th Congresses.
In 1988, the FCPA was amended in Title V of the Omnibus Trade Act (Public Law 100-418). Principal amendments included the creation of an express facilitating payment exception, the creation of certain affirmative defenses, and a revised knowledge standard applicable to payments made to “foreign officials” indirectly through third-parties such as agents.
The FCPA was also amended in 1998. In December 1997, the U.S. signed the Organization for Economic Cooperation and Development (“OECD”) Convention on Combating Bribery of Foreign Public Officials in International Business Transactions. To implement certain portions of the Convention, the FCPA was amended in 1998 (Public Law 105-366). Principal amendments included the creation of a new statutory provision applicable to certain foreign companies and foreign nationals and expanded nationality jurisdiction as to U.S. companies and citizens.
Q. What are the FCPA’s main provisions?
A. The FCPA is part of the Securities Exchange Act of 1934 and it has two main provisions: the anti-bribery provisions; and the books and records and internal control provisions. (See here for the FCPA). The anti-bribery provisions are organized according to the category of entity or person covered by the FCPA. Thus, the anti-bribery provisions are often confusing upon first read. 15 U.S.C. 78dd-1 is applicable to “issuers”; 15 U.S.C. 78dd-2 is applicable to “domestic concerns”; and 15 U.S.C. 78dd-3 is applicable to “persons” other than “issuers” or “domestic concerns.”
The books and records and internal control provisions are set forth in 15 U.S.C. 78m(b)(2)(A) and 78m(b)(2)(B) respectively.
More information on these provisions, as well as the described terms, is provided in a separate Q&A.
Q. Who is subject to the anti-bribery provisions?
A. As described above, the anti-bribery provisions apply to “issuers,” “domestic concerns,” and “persons” other than “issuers or “domestic concerns.”
An “issuer” is generally a company (U.S. or foreign) that has a class of securities traded on a U.S. market or an entity that is otherwise required to file reports with the Securities and Exchange Commission (“SEC”). An “issuer” can also include a company that has American Depository Receipts traded on a U.S. exchange.
A “domestic concern” is generally any business form (e.g., private corporations, limited liability companies, partnerships, sole proprietorships) with a principal place of business in the U.S. or organized under U.S. law. A “domestic concern” also includes “any individual who is a citizen, national, or resident of the U.S.”
As to U.S. “issuers” and “domestic concerns,” the FCPA contains both territorial jurisdiction and nationality jurisdiction. Nationality jurisdiction means that the FCPA’s anti-bribery provisions will apply even if the conduct at issue has no U.S. nexus. Thus, as to U.S. “issuers” and “domestic concerns,” the FCPA’s anti-bribery provisions have extraterritorial jurisdiction meaning that the FCPA can be violated if an improper payment scheme is devised and executed entirely outside of the U.S.
As to foreign “issuers” and associated persons, the FCPA’s anti-bribery provisions apply only to the extent there is territorial jurisdiction (i.e., “use of the mails or any means of instrumentality of interstate commerce”). In SEC v. Straub, a federal trial court judge ruled in February 2013, in an issue of first impression, that the FCPA’s territorial jurisdiction element could be met in an enforcement action against foreign national defendants based on allegations that e-mails in connection with the alleged bribery scheme were routed through and/or stored on network servers located within the U.S. even if the defendants did not personally know where the e-mails would be routed and/or stored. As to foreign national defendants in a civil FCPA enforcement action, a court must first find that it can exercise personal jurisdiction (consistent with due process principles) against the defendant before turning to the FCPA’s specific territorial jurisdiction element. See SEC v. Steffen.
A “person” other than an “issuer” or “domestic concern” can generally include foreign non “issuer” companies and foreign nationals. The anti-bribery provisions will apply to such a “person” “while in the territory of the U.S.. [makes] use of the mails or any means or instrumentality of interstate commerce” or engages in “any other act in furtherance” of an improper payment scheme.
Given the above categories of business and individuals subject to the FCPA’s anti-bribery provisions, it is myth that the FCPA only applies to U.S. companies or U.S. citizens. In fact, several of the most high-profile FCPA enforcement actions have been against foreign companies or foreign nationals. (See here and here for example).
Q. What do the anti-bribery provisions prohibit?
A. As a general matter, the anti-bribery provisions prohibit the corrupt payment of money or “anything of value” to a “foreign official” in order to “obtain or retain business.” Each of these elements is described in more detail in separate Q&A’s.
Q. What does “anything of value” mean?
A. ”Foreign officials” can be influenced in many different ways other than cash payments. FCPA enforcement actions have been based on the following “things of value” provided directly or indirectly to a “foreign official:” gifts such as cars, jewelry, etc; excessive travel and entertainment expenses; educational or executive training expenses; promises of future employment; shares or dividends of a company; and many others.
Q. What does “foreign official” mean?
A. The FCPA defines “foreign official,” as “any officer or employee of a foreign government or any department, agency, or instrumentality thereof, or of a public international organization, or any person acting in an official capacity for or on behalf of any such government or department, agency, or instrumentality, or for or on behalf of any such public international organization.”
The FCPA does not define “department,” “agency,” or “instrumentality.”
The term “foreign official” includes traditional foreign government leaders as well as employees of various foreign government “departments” and “agencies” such as tax officials, customs officials, and others tasked with issuing foreign government licenses, permits, certifications, etc.
The enforcement agencies maintain that state-owned or state-controlled enterprises (so-called SOEs) in foreign countries can be an “instrumentality” of a foreign government such that all SOE employees are “foreign officials” under the FCPA. The enforcement agencies have taken this position in certain actions even if the foreign government is a minority investor in the enterprise (although in the FCPA Guidance jointly issued by the DOJ and SEC in November 2012, the enforcement agencies stated that “as a practical matter, an entity is unlikely to qualify as an instrumentality [of a foreign government and its employees as “foreign officials”] if a government does not own or control a majority of its shares”). In other respects, the enforcement agencies have deemed SOEs to be an “instrumentality” of a foreign government even though the enterprise has publicly traded stock; does business outside of its own borders; employs non-nationals; and has other attributes of a commercial business. Approximately 50% of recent FCPA corporate enforcement actions have been based, in whole or in part, on the enforcement theory that SOE employees are “foreign officials” under the FCPA.
In the first challenges to the enforcement theory that SOE employees are “foreign officials” under the FCPA, certain district court judges have concluded that the question of whether SOEs qualify as “instrumentalities” of a foreign government under the FCPA is a question of fact that is dependent on a number of factors. (See U.S. v. Carson). These factors may include the following: the foreign state’s characterization of the entity and its employees; the foreign state’s degree of control over the entity; the purpose of the entity’s activities; the entity’s obligations and privileges under the foreign state’s law, including whether the entity exercises exclusive or controlling power to administer its designated functions; the circumstances surrounding the entity’s creation; and the foreign state’s extent of ownership of the entity, including the level of financial support by the state (e.g., subsidies, special tax treatment, and loans). Even so, in U.S. v. Carson, the trial court judge issued a jury instruction titled “knowledge of status of foreign official” which stated, in pertinent part, as follows.
“The defendant offered, paid, promised to pay, or authorized the payment of money, or offered, gave, promised to give, or authorized the giving of anything of value to a foreign official; The payment or gift at issue … was to (a) a person the defendant knew or believed was a foreign official or (b) any person and the defendant knew that all or a portion of such money or thing of value would be offered, given, or promised (directly or indirectly) to a person the defendant knew or believed to be a foreign official. Belief that an individual was a foreign official does not satisfy this element if the individual was not in fact a foreign official.”
Another enforcement theory that has yielded a high number of FCPA enforcement actions is that employees (such as physicians, nurses, mid-wives, lab personnel, etc.) of certain foreign health care systems are “foreign officials” under the FCPA. (See this prior post which details the origins and prominence of this enforcement theory). For instance, in 2012 approximately 50% of FCPA corporate enforcement actions were based, in whole or in part, on the enforcement theory that foreign health care providers are “foreign officials” under the FCPA.
At present, there is no case law of precedent on the meaning of “foreign official.” (See here for an extensive overview of the FCPA’s legislative history as to the “foreign official” element). For a complete list of the alleged “foreign officials”in FCPA enforcement actions (see here for 2012, here for 2011, and here for 2010).
Another disputed issue when it comes to “foreign official” is whether the alleged bribe payor must know the specific identity of the “foreign official” for there to be a violation of the FCPA’s anti-bribery provisions. While there is no case law of precedent on this issue, certain trial judge court have reached different conclusions. For instance, in U.S. v. O’Shea, the trial court judge noted as follows. “You can’t convict a man promising to pay unless you have a particular promise to a particular person for a particular benefit.” In SEC v. Jackson, the trial court judge disagreed and stated that ”asking a third party to bribe a government official, in order to induce that official to act in one of the proscribed ways detailed in [the FCPA], would meet the statute. The government does not have to “connect the payment to a particular official.”
Q. What does “obtain or retain business” mean?
A. “Obtain or retain business” includes payments to a “foreign official” to secure a foreign government contract. Beyond such scenarios of foreign government procurement, the meaning of “obtain or retain business” is murky.
Unlike many FCPA issues, this substantive FCPA element has resulted in a circuit court opinion. In U.S. v. Kay, 359 F.3d 738 (5th Cir. 2004), the court was presented with an issue of first impression – that being whether payments to “foreign officials” to avoid paying customs duties and to lower sales taxes could satisfy the “obtain or retain business” element.
The Fifth Circuit concluded that the FCPA’s “obtain or retain” business element was ambiguous and it thus analyzed the legislative history. In short, the Fifth Circuit was convinced that Congress intended to prohibit a range of payments wider than those that only directly influence the acquisition or retention of government contracts. The Fifth Circuit held that payments to a “foreign official” to lower taxes and customs duties can provide an unfair advantage to the payer over competitors and thereby assist the payer in obtaining and retaining business.
However, the Fifth Circuit stated that not all such payments outside the context of directly securing a foreign government contract violate the FCPA; it merely held that such payments “could” violate the FCPA. According to the court, the key issue is whether the payments intended to lower the company’s cost of doing business in the foreign country enough to assist it in obtaining or retaining business. The Fifth Circuit recognized that “there are bound to be circumstances” in which a customs or tax reduction merely increases the profitability of an existing profitable company and thus, presumably, does not assist the payer in obtaining or retaining business. The court specifically stated: ”[i]f the government is correct that anytime operating costs are reduced the beneficiary of such advantage is assisted in getting or keeping business, the FCPA’s language that expresses the necessary element of assisting in obtaining or retaining business would be unnecessary, and thus surplusage – a conclusion that we are forbidden to reach.”
Given the Kay holding, it is a highly fact-dependent question whether a payment to a “foreign official” satisfies the “obtain or retain business” element outside the context of a specific foreign government contract. Despite the equivocal nature of the Kay holding, there has been a significant increase in FCPA enforcement actions since the decision where the alleged improper payment involves customs duties and tax payments or is otherwise alleged to have assisted the payer in securing foreign government licenses, permits, and certifications which assisted the payer in generally doing business in a foreign country. (See here for example).
The significant increase in non-foreign government procurement type enforcement actions post-Kay is despite the fact that the enforcement agencies were 0-2 on this enforcement theory pre-Kay when put to its burden of proof. For instance, in 1989 the DOJ charged Alfredo Duran with conspiracy to violate the FCPA’s anti-bribery provisions. According to the charging documents, Duran conspired to make payments to officials of the Dominican Republic in order to obtain the release of two aircraft seized by the government of the Dominican Republic. Duran pleaded not guilty and put the DOJ to its burden of proof at trial. At the close of the DOJ’s case, he filed a motion for judgment of acquittal and argued that “no reasonable jury could find that the purpose of any of the alleged intended payments was to assist [...] in obtaining or retaining business.” Duran’s motion stated that ”any intended payment was simply for the purpose of hurrying along a bureaucratic process.” The trial court judge granted the motion and ordered an acquittal. (See here for the prior post). Likewise, in SEC v. Mattson, at issue was whether alleged goodwill payments to an Indonesian tax official for a reduction in a tax assessment fell under the FCPA’s anti-bribery provisions. The SEC claimed that the FCPA’s unambiguous language plainly encompassed such payments and the issue before the court on a motion to dismiss was whether the plain language of the FCPA prohibited such payments. The court rejected the SEC’s arguments and granted the motion to dismiss. (See here for the opinion).
Q. Does the FCPA have any exceptions or affirmative defenses?
A. Yes. The anti-bribery provisions contain one exception and two affirmative defenses.
The anti-bribery provisions “shall not apply to any facilitating or expediting payment to a foreign official … the purpose of which is to expedite or to secure the performance of a routine government action by a foreign official …”.
The FCPA’s legislative history states that the law was “deliberately cast in terms which differentiate between [corrupt payments] and facilitating payments” and that the FCPA would not “reach payments made to secure permits, licenses, or the expeditious performance of similar duties of an essentially ministerial or clerical nature …”. Congress recognized that such payments “may be reprehensible in the United States” but “that they are not necessarily so viewed elsewhere in the world and that it is not feasible for the United States to attempt unilaterally to eradicate all such payments.”
The anti-bribery provisions contain two affirmative defenses. The first is for the payment of “anything of value” “lawful under the written laws and regulations” of the foreign official’s country. The second is if the payment of “anything of value” “was a reasonable and bona fide expenditure, such as travel and lodging expenses, incurred by or on behalf of a foreign official … and was directly related to (A) the promotion, demonstration, or explanation of products or services; or (B) the execution or performance of a contract with a foreign government or agency thereof.”
Many FCPA enforcement actions allege conduct that would seem to implicate the above provisions, particularly the FCPA’s facilitating payment exception. (See here and here for examples). Yet, as with most FCPA enforcement actions, these actions are typically resolved without judicial scrutiny. As noted by a former high-ranking SEC FCPA enforcement attorney “the fact that the FCPA’s twin enforcement agencies have treated certain payments as prohibited despite their possible categorization as facilitating payments does not mean a federal court would agree” and the enforcement agencies “narrow interpretation of the facilitating payment exception is making that exception ever more illusory regardless of whether the federal courts – or Congress – would agree.” (See here).
Indeed, in 2012 in SEC v. Jackson, a case of first impression concerning facilitation payment pleading requirements, the court found “that the evolution of the [FCPA] strongly supports the conclusion that the SEC must bear the burden of negating the ‘facilitating’ payments exception” and that ”the facilitating payments exception is best understood as a threshold requirement to pleading that a defendant acted ‘corruptly.’”
Q. Can a third-party subject a company to anti-bribery violations?
A. Yes.
A significant percentage of anti-bribery violations against business organizations are based on the conduct of agents, representatives, distributors, or even joint venture partners (collectively third-parties). Utilizing third-parties in foreign markets is very common as third parties best know the local business landscape and how to get things done. However, knowing the local business landscape and how to get things done can also mean making improper payments on a company’s behalf in violation of the anti-bribery provisions.
The anti-bribery provisions prohibit not only direct payments to a “foreign official” to “obtain or retain business,” but also payments to “any person” (such as a third-party) “while knowing that all or a portion of such money or thing of value” will be provided to a “foreign official.”
The anti-bribery provisions state that “a person’s state of mind is ‘knowing’ with respect to conduct, a circumstance, or a result if (i) such person is aware that such person is engaging in such conduct, that such circumstance exists, or that such result is substantially certain to occur; or (ii) such person has a firm belief that such circumstance exists or that such result is substantially certain to occur.”
The anti-bribery provisions further state as follows. “When knowledge of the existence of a particular circumstance is required for an offense, such knowledge is established if a person is aware of a high probability of the existence of such circumstance, unless the person actually believes that such circumstance does not exist.”
As evident from these provisions, whether one can be subject to FCPA liability for the actions of a third-party based on “knowledge” of the third-party’s conduct is a highly fact-dependent analysis.
Because of the FCPA’s “third-party payment provisions,” it is important for those subject to the anti-bribery provisions that utilize third-parties to conduct pre-engagement due diligence and to adopt policies and procedures regarding the engagement and post-engagement obligations of the third-party.
Q. What do the books and records and internal control provisions prohibit?
A. The FCPA is a statute much broader than its name implies. The corporate payments discovered in the mid-1970’s were often recorded in separate books and records or otherwise misrecorded. Thus, Congress – at the SEC’s urging – included books and records and internal control provisions in the FCPA.
The books and records provision requires that “issuers” “make and keep books, records, and accounts, which, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the issuer.”
The internal controls provision requires that “issuers” “devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that:” among other things, “transactions are executed in accordance with management’s general or specific authorization;” “access to assets is permitted only in accordance with management’s general or specific authorization;” and “transactions are recorded as necessary to permit a preparation of financial statements in conformity with generally accepted accounting principles … and to maintain accountability for assets.”
As evident from the above description, the FCPA’s books and records and internal control provisions are generic and can be implicated in purely domestic scenarios that have nothing to do with payments to “foreign officials” to “obtain or retain business.” (See here for an example of what I call non-FCPA, FCPA enforcement actions). Because payments to a “foreign official” to “obtain or retain business” are frequently concealed or otherwise misrecorded on a company’s books and records (such as “miscellaneous expenses,” “cost of good sold” etc.), the books and records provision can also be implicated in a typical FCPA scenario.
When improper payments are made, the enforcement agencies will generally assert that the internal control provisions were also violated on theory that the payments would have been detected and never paid if the company had proper internal controls (such as effective FCPA compliance policies, adequate supervision and control of foreign managers or third-party agents, sufficient checks and balances for spending corporate money, etc).
The FCPA specifically states that ‘where an issuer … holds 50% or less of the voting power with respect to a domestic or foreign firm [the books and records and internal control provisions] require only that the issuer proceed in good faith to use its influence, to the extent reasonable under the issuer’s circumstances, to cause such domestic or foreign firm to devise and maintain a system of internal accounting controls consistent with [the above stated provisions.]” This provision further provides as follows. “Such circumstances include the relative degree of the issuer’s ownership of the domestic or foreign firm and the laws and practices governing the business operations of the country in which such firm is located. An issuer which demonstrates good faith efforts to use such influence shall be conclusively presumed to have complied with the requirements of [the books and records and internal control provisions].”
Despite this statutory provision, the enforcement agencies routinely charge parent companies – in what is akin to a strict liability theory – for the books and records and internal control violations of indirect subsidiaries and affiliates, even in the absence of any allegation that the parent company lacked good faith or participated in or had knowledge of the conduct at issue (See here for example). As with many securities laws provisions, knowingly circumventing or knowingly failing to implement a system of internal accounting controls or knowingly falsifying any book, record, or account, can be the basis for criminal liability. (See here for example). The books and records and internal control provisions only apply to “issuers.” However, best practices is for any company to follow the provisions to best minimize FCPA exposure.
Q. Which agencies enforce the FCPA?
A. The FCPA has dual enforcers – the DOJ and the SEC.
The DOJ, a criminal law enforcement agency, is the sole agency responsible for criminal enforcement of the anti-bribery provisions and willful violations of the books and records and internal control provisions. The DOJ has jurisdiction over “issuers,” “domestic concerns,” and “persons” other than “issuers” and “domestic concerns” as those terms are described above.
Per DOJ policy, “no investigation or prosecution of cases involving alleged violations of the antibribery provisions of the Foreign Corrupt Practices Act … or of related violations of the FCPA’s record keeping provisions … shall be instituted without the express authorization of the Criminal Division.” Thus, unlike other areas of criminal law, DOJ’s enforcement of the FCPA is highly centralized and very few individuals possess decision making authority and discretion.
The SEC, a civil law enforcement agency, has a lower burden of proof than the DOJ in prosecuting FCPA violations. The SEC has jurisdiction over “issuers” (and its employees and agents) and can bring civil charges for violations of the anti-bribery provisions and the books and records and internal controls provisions. In recent years, the SEC has also brought enforcement actions against non-issuers for violating such provisions on the theory that the defendant, while acting as an agent of an issuer, violated such provisions and/or aided or abetted issuer violations. (See here for example). Assuming both the DOJ and SEC have jurisdiction as to any particular matter, it is common for both agencies to be involved in the same core enforcement action and for both the DOJ and SEC enforcement actions to be announced and resolved on the same day.
Q. How do the enforcement agencies typically find out about FCPA issues?
A. The enforcement agencies have identified the following sources of information that have resulted in FCPA enforcement actions: issuer disclosures; international law enforcement cooperation; U.S. embassy, civil society, and media reporting; competitor complaints or concerns; whistleblower complaints; and voluntary disclosures.
In recent years, the majority of corporate FCPA enforcement actions (and related individual enforcement actions) have resulted from voluntary disclosures. As a general matter, voluntary disclosure means a company’s lawyer, during or after an internal investigation of conduct that may implicate the FCPA, contacts the DOJ and SEC (if applicable) to schedule a meeting during which the lawyer will disclose conduct that may implicate the FCPA.
The FCPA does not require such affirmative disclosure, but given application of the Principles of Prosecution of Federal Business Organizations and the U.S. Sentencing Guidelines (topics discussed in a separate Q&A), a company may choose to voluntarily disclose conduct that may implicate the FCPA even though the enforcement agencies, in many cases, may likely never find out about the conduct. The enforcement agencies actively encourage voluntary disclosure and have stated that such disclosures will result in less harsh treatment of FCPA violators. However, the merit of this position is subject to much dispute.
Q. How long does FCPA scrutiny tend to last?
A. When a company is the subject of FCPA scrutiny, such scrutiny typically lasts between 2-4 years from the point of first disclosure (whether an SEC filing or other instance of public disclosure) to the point of any FCPA enforcement action. In certain cases such scrutiny can last longer.
The long period of scrutiny is largely a function of the “where else” question. Every instance of FCPA scrutiny will have a point of entry – for instance a company’s conduct in China is under investigation. However, typically before the enforcement agencies will agree to resolve any enforcement action, the agencies will ask something along the following lines – if the conduct occurred in China, demonstrate to us that similar conduct did not also occur in countries a, b, and c.
In short, the “where else” often results in the company doing a world-wide review of its operations which takes time and is largely the reason for the high level of pre-enforcement action professional fees and expenses discussed in a separate question. For more on the “where else” question see this post and for a look inside an FCPA investigation see this post.
Other reasons for the typically long period of FCPA scrutiny can include the following: DOJ and SEC enforcement actions tend to be announced on the same day and it is common for one agency to wait for the other agency to conclude its investigation and deliberation; and attrition at the enforcement agencies tends to be high and it is not uncommon for simple employee turnover to delay conclusion of FCPA investigations.
Q. What is the FCPA’s statute of limitations?
A. The FCPA does not have a specific statute of limitations. Rather the five year “catch-all” provisions in 18 USC 3282 (for criminal actions) and 28 USC 2462 (for civil actions) apply.
Despite this general limitations period, if one digs into the details of FCPA enforcement actions one quickly discovers that many actions involve conduct that occurred 5-7 years, 7-10 years, and in some instances 10-15 years prior to the enforcement action. The reasons for this can include the following.
Given the “carrots” and “sticks” relevant to resolving an FCPA enforcement action, cooperation is often the name of the game in corporate FCPA inquiries and to asset statute of limitations issues is not cooperating. Indeed, one of the first steps a company will often do after disclosing conduct to the enforcement agencies is enter into a tolling agreement and/or agree to waive statute of limitations defenses.
In addition, if the DOJ charges a conspiracy, as it often does in FCPA enforcement actions, the five year limitations period may not begin to start until the last overt act in the conspiracy occurs.
Furthermore, under 18 USC 3292, the DOJ can seek in a criminal case, before return of an indictment, to suspend the limitations period if seeking evidence located in a foreign country.
Q. How are FCPA enforcement actions typically resolved?
A. The U.S. used to have a law enforcement system whereby companies that committed crimes or engaged in other wrongdoing were prosecuted criminally and/or civilly and whereby companies that did not commit crimes or did not engage in other wrongdoing were not prosecuted. That system has, to a large extent, been abandoned particularly when it comes to FCPA enforcement.
Nearly every FCPA enforcement action against a company in this era of FCPA enforcement is resolved through a non-prosecution agreement (“NPA”) or a deferred prosecution agreement (“DPA”). An NPA (see here for an example) is not filed with a court, but instead is a privately negotiated agreement between the DOJ and the company whereby the DOJ agrees not to prosecute the company if it acknowledges responsibility for the conduct at issue and agrees to a host of compliance undertakings. A DPA (see here for an example) is technically filed with a court and thus has the same appearance as a criminal indictment or information. However, as negotiated between the DOJ and the company, the DOJ agrees to defer prosecution of the company (usually for a two to four year period) if the company acknowledges responsibility for the conduct at issue and agrees to a host of compliance undertakings. After the relevant time period, the DOJ dismisses the criminal charges filed, but never prosecuted. NPAs and DPAs have been used to resolve other substantive criminal offenses, yet approximately 50% of all NPAs and DPAs are used to resolve FCPA enforcement actions. This type of resolution vehicle was first used in an FCPA enforcement action in 2004 and use of these vehicles has steadily risen since then. Given the prevalence of NPAs and DPAs in the FCPA context, a company entering into such an agreement with the DOJ is never required to plead guilty to any charges and is never found to be in violation of the FCPA’s anti-bribery provisions.
In addition, the DOJ has a significant amount of prosecutorial discretion as to its charging decisions. For instance, in 2008, the DOJ stated that Siemens AG engaged in a pattern of bribery “unprecedented in scale and geographic reach” and that “corruption involved more than $1.4 billion in bribes to government officials.” Despite these allegations, Siemens AG was never charged with anti-bribery violations. (See here). Similarly, in 2010 the DOJ alleged that BAE Systems plc “provided substantial benefits,” including through U.S. payment mechanisms, to a Saudi public official “who was in a position of influence regarding” a lucrative fighter jet contract. Despite these allegations, BAE was never charged with anti-bribery violations. (See here). In both the Siemens and BAE actions, the DOJ stated in its sentencing memorandum that debarment from public contracting (both in the U.S. and Europe) was a significant factor in why the DOJ did not charge Siemens or BAE with FCPA anti-bribery violations, despite DOJ allegations seemingly establishing prima facie FCPA anti-bribery violations by both companies.
If a company is not offered an NPA or DPA to resolve an FCPA inquiry, it will likely agree to the filing of a criminal information (that may or may not charge FCPA offenses) that is then resolved through a plea agreement. In the FCPA’s history, only two companies are believed to have challenged the DOJ in an adversary proceeding and put the DOJ to its high burden of proof at trial. In 1991, Harris Corporation (and certain of its executives) prevailed in an FCPA trial when a federal court judge granted a verdict of acquittal after the DOJ’s evidence. In 2011, Lindsey Corporation (and certain of its executives) were found guilty by a federal jury of conspiracy to violate the FCPA and substantive FCPA violations.
Individuals, unlike a company, can be deprived of their liberty and put in jail. Thus, it is not surprising that more individuals elect to put the DOJ to its burden of proof at trial – particularly recently given the increased prosecution of individuals. The DOJ’s record in individual FCPA trials during the FCPA’s history is mixed. An individual FCPA defendant can also agree, as many do, to a plea agreement before trial. By pleading guilty, an individual FCPA defendant will likely receive a lower sentence, particularly if the individual agrees to cooperate in the investigation and prosecution of others.
In terms of SEC enforcement, FCPA inquiries are typically resolved either through a settled civil complaint (see here for example) or an administrative order (see here for example). In both instances, a defendant is allowed to settle the enforcement action without admitting or denying the SEC’s allegations. This is not an FCPA-specific resolution policy, but applicable in other SEC enforcement actions as well. This enforcement policy is subject to controversy as an influential federal court judge recently called this settlement policy “a stew of confusion and hypocrisy unworthy of such a proud agency as the SEC.” (See here). In January 2010, the SEC announced a series of measures “to further strengthen its enforcement program by encouraging greater cooperation from individuals and companies in the agency’s investigations and enforcement actions” including “new cooperation tools” not previously available to the SEC such as NPAs and DPAs (discussed above in terms of DOJ enforcement). (See here). In May 2010, the SEC used such a resolution vehicle in the FCPA context for the first time as Tenaris S.A. agreed to resolve an SEC FCPA enforcement action by entering into a DPA. (See here).
Q. How are FCPA fines, penalties, and sentences calculated?
A. Even though the FCPA does provide criminal and civil fine and penalty amounts, these amounts are often of little importance in arriving at actual fine and penalty amounts assessed in an FCPA enforcement action.
Under the Alternative Fines Act, an FCPA criminal violation can result in a fine up to twice the benefit the payor sought to obtain through the improper payment. Moreover, the advisory U.S. Sentencing Guidelines are used to calculate an advisory penalty range. (See here for the provisions applicable to corporate conduct). Factors under the Guidelines that can affect a criminal fine include: the number of employees in the organization; whether high-level personnel were involved in or condoned the conduct; prior criminal history; whether the organization had a pre-existing compliance and ethics program; voluntary disclosure; cooperation; and acceptance of responsibility. The DOJ’s Guidelines calculations are generally publicly available (see here for an example) at least when a deferred prosecution agreement or plea are used to resolve the enforcement action. When a non-prosecution agreement is used to resolve an FCPA enforcement action, calculations of the fine amount are not transparent. The largest criminal fine in an FCPA enforcement action – $450 million – was issued in December 2008 against Siemens and its related entities. (See here). As to individuals who violate the FCPA, criminal sentences are also based on the advisory Guidelines. Factors under the Guidelines that can affect an individual’s sentence include: the number of bribe payments; the amount of bribe payments; the individual’s role in the scheme; and the individual’s background and criminal history. (See here for example). In April 2010, Charles Paul Edward Jumet received the longest FCPA prison sentence ever imposed – 87 months (60 months for conspiracy to violate the FCPA and 27 months for making false statements to federal agents). (See here) The majority of individual FCPA sentences fall between probation and 24 months in prison – despite much longer DOJ sentencing recommendations.
The SEC enforces the FCPA both through civil complaints filed in a federal court or through an administrative proceeding. The SEC is empowered to seek a variety of sanctions in an enforcement action such as monetary penalties, disgorgement of ill-gotten gains, pre-judgment interest, an injunction, or a cease and desist order prohibiting current and future violations.
The most significant monetary portion of an SEC FCPA enforcement action is often disgorgement and prejudgment interest (including in cases where the SEC does not charge an anti-bribery violation). There is little transparency of monetary settlement amounts in SEC FCPA enforcement actions. For instance, certain enforcement actions include a civil penalty, disgorgement and prejudgment interest; certain other enforcement actions include only disgorgement and prejudgment interest; certain other enforcement actions include only disgorgement and a civil penalty; certain other enforcement actions include only disgorgement; and certain other enforcement actions include only a civil penalty.
The above described DOJ and SEC fine and penalty amounts in FCPA enforcement actions are in addition to pre-enforcement action and post-enforcement action professional fees and expenses. Often times pre-enforcement action plus post-enforcement action fees and expenses greatly exceed the announced fine or penalty amount.
Q. Besides fines and penalties in an FCPA enforcement action, what other business effects can result from FCPA issues?
A. Failure to comply with the FCPA and resulting FCPA scrutiny can have several real business effects on a company, in addition to any ultimate fine and penalty amount announced on enforcement action day. Professional fees and expenses (lawyer fees, forensic accounting fees, data retrieval, analysis, etc) associated with FCPA scrutiny often exceed fine and penalty amounts assessed by the DOJ and/or SEC. FCPA scrutiny has also, in certain instances, adversely affected a company’s stock price and cost of capital as credit rating agencies may downgrade corporate debt. In addition, in certain instances, FCPA scrutiny has delayed or otherwise terminated merger and acquisition transactions. FCPA scrutiny can also impact executive leadership and compensation issues as well as distract executive leadership from other business endeavors.
Q. Why has FCPA enforcement increased?
A. The FCPA is a law most logically implicated when doing business in international markets. Thus, as more companies (large and small and across a variety of industry sectors) have moved into international markets during the past decade, it is not surprising to see FCPA enforcement increase during this period.
The passage of Sarbanes Oxley in 2002 has also impacted FCPA enforcement. Section 404 of SOX requires issuers to assess and report on the effectiveness of its internal controls over financial reporting. As a general matter, this requirement has caused issuers to more actively investigate questionable transactions particularly in foreign subsidiaries whose books and records are consolidated with the issuers for purposes of financial reporting.
Other factors often cited as the cause of increased FCPA enforcement include: increased enforcement agency resources; increased focus on business activity by foreign law enforcement agencies; and increased monitoring of enforcement activity by non-governmental organizations and civil society.
Another reason FCPA enforcement has increased is because of how FCPA enforcement actions are resolved – principally through a non-prosecution agreement (“NPA”) or a deferred prosecution agreement (“DPA”) (topics discussed in more detail in a separate Q&A). A former high-ranking DOJ FCPA enforcement official stated that if the DOJ “only had the option of bringing a criminal charge or declining to bring a case [as opposed to the third option of using an NPA or DPA], you would certainly bring fewer cases.” The OECD, in its Phase 3 Report of the U.S. FCPA Enforcement Program, noted that “it seems quite clear that the use of these agreements is one of the reasons for the impressive FCPA enforcement record in the U.S.” (See here). The FCPA has not changed since 1998, and former high-ranking DOJ FCPA enforcement officials have stated that “what’s really changed is not so much the legislation, but the enforcement and approach to enforcement by U.S. authorities” (see here) and that “the government sees a profitable program, and it’s going to ride that horse until it can’t ride it anymore.” (see here).
The emergence of FCPA Inc. and the prominence of voluntary disclosures have also contributed to the increase in FCPA enforcement. As another former high-ranking DOJ FCPA enforcement official has stated “this is good business for law firms … accounting firms … consulting firms, the media – and Justice Department lawyers who create the marketplace and then get [themselves] a job” in the private sector. (See here). Thus, the increase in FCPA enforcement has both logical and perhaps controversial causes.
Despite the increase in FCPA enforcement actions during the past decade, one needs a proper perspective of FCPA enforcement statistics. In this era of FCPA enforcement, a typical FCPA enforcement action will include a DOJ and SEC enforcement action against the corporate parent, likely a DOJ enforcement action against related subsidiaries, and with increasing frequency related DOJ and/or SEC enforcement actions against culpable individuals. All of these enforcement actions are based on the same core set of conduct. Whether the above scenario describes four or five enforcement actions or one core enforcement action is up to you. Using the core approach, during this era of the FCPA’s resurgence, there have been approximately 10-20 core FCPA enforcement actions per year.
Q. Are companies that resolve FCPA enforcement actions “bad” or “unethical”?
A. In some cases yes, in most cases no.
Certain FCPA enforcement actions are based on allegations that executive management or the board was involved in or condoned the improper conduct at issue. However, this type of FCPA enforcement action is not typical.
A typical FCPA enforcement action involves allegations that a small group of people (or perhaps even a single individual) within a subsidiary or business unit of a business organization engaged in conduct in violation of the FCPA. Yet because of respondeat superior principles, the company is exposed to FCPA liability even if the employee’s conduct is contrary to the company’s pre-existing FCPA policies and procedures. Such pre-existing policies and procedures are relevant to charging decisions under the Principles of Prosecution as well as to the ultimate fine amount under the Sentencing Guidelines, but not relevant to liability as a matter of law.
This theory of corporate criminal liability is subject to much controversy and in conflict with similar corporate criminal liability principles in other countries such as Australia, Italy, and others. For instance, under the United Kingdom Bribery Act (a topic discussed in more detail in a separate Q&A) , the U.K. Ministry of Justice recognizes that “no policies or procedures are capable of detecting and preventing all bribery.” Thus, the Bribery Act provides a “full defense if [a company] can show that despite a particular case of bribery it nevertheless had adequate procedures in place to prevent persons associated with it from bribing.”
In the mid-1980’s numerous FCPA reform bills included a specific defense under which a company would not be held liable for a violation of the FCPA’s anti-bribery provisions by its employees or agents, who were not an officer or director, if the company established procedures reasonably designed to prevent and detect FCPA violations by employees and agents. Such a compliance defense passed the U.S. House, but was never made part of the FCPA’s 1988 amendments.
Also relevant to the question of whether companies that resolve FCPA enforcement actions are “bad” or “unethical” is the fact that most FCPA enforcement actions (as discussed in a separate Q&A) are based on the conduct of third-parties – even if the third-parties were not properly controlled or engaged through ineffective due diligence procedures. Further, certain FCPA enforcement actions are based on successor liability theories whereby an acquiring company is held liable for the acquired company’s FCPA liability. (See here for example). Finally, given the resolution vehicles typically used to resolve an FCPA enforcement – such as non-prosecution and deferred prosecution agreements (“NPAs” and “DPAs”) (topics discussed in more detail in a separate Q&A), companies subject to FCPA scrutiny often decide it is quicker, more cost efficient, and more certain to agree to such a resolution vehicle than engage in long-protracted litigation with the DOJ or SEC. These resolution vehicles do not require the company to plead guilty to anything (or admit the allegations in the SEC context), are not subject to meaningful judicial scrutiny, and do not necessarily represent the triumph of one party’s legal position over the other. Rather resolution via such a vehicle often reflects a risk-based decision often grounded in issues other than facts or the law. Indeed, a former high-ranking DOJ FCPA enforcement official has stated that given the availability of such alternative resolution vehicles, “it is tempting for the [DOJ], or the SEC since it too now has these options available, to seek to resolve cases through DPAs or NPAs that don’t actually constitute violations of the law”
To understand why a company would agree to resolve an FCPA inquiry even if valid and legitimate defenses are available to it, and even if mitigating facts may assist the company, it is necessary to understand the “carrots” and “sticks” relevant to resolving a DOJ enforcement action – namely the DOJ’s Principles of Federal Prosecution of Business Organizations (here).
The Principles of Prosecution, found in the U.S. Attorneys’ Manual, set forth the factors prosecutors “should consider” in determining whether to bring criminal charges against a business organization or negotiate a plea or other agreement (such as an NPA or DPA) with the organization to resolve potential criminal charges. Relevant factors include the company’s “willingness to cooperate” in the DOJ’s investigation. Simply stated, challenging the DOJ’s enforcement theories, its interpretation of the facts, or to raise valid and legitimate legal defenses is not cooperating with the DOJ’s investigation. Given the choice between being criminally indicted (an event that will likely negatively affect the company’s market capitalization and result in other negative collateral consequences) most companies opt to resolve FCPA scrutiny via the resolution vehicles discussed above.
Q. Can private plaintiffs bring FCPA Cases?
A. It is an open question whether Congress intended for the FCPA to have a private right of action. However, various courts, including the Sixth Circuit in Lamb v. Phillip Morris, Inc., 915 F.2d 1024 have held that the FCPA does not confer a private right of action meaning that only the DOJ and SEC can bring FCPA cases.
Q. What about FCPA-related civil litigation?
A. Even though courts have held that the FCPA does not confer a private right of action, a company, board members and executives often face FCPA-related civil litigation when a company is the subject of FCPA scrutiny or after a company has resolved a DOJ or SEC FCPA enforcement action.
Particularly in the last few years, private plaintiffs firms representing shareholders have brought civil causes of action for securities fraud alleging that the company’s securities lost value upon disclosure of an FCPA issue or derivative claims against officers and directors alleging breach of fiduciary duty for allowing the conduct to occur and/or for failure to effectively monitor the company’s operations. For example, see here for a securities fraud class action lawsuit filed against Wal-Mart and here for a derivative claim filed against various Wal-Mart directors and officers.
In addition, if a company is the subject of FCPA scrutiny or has resolved an FCPA enforcement action, competitor companies may bring RICO claims in which an FCPA offense may be a predicate act or antitrust claims and/or federal and state law unfair competition claims in an attempt to hold a company accountable for alleged FCPA violations.
In short, while the DOJ and the SEC carry the big sticks, a company under FCPA scrutiny or resolving an FCPA enforcement action will likely have to tend to FCPA-related civil litigation as well.
Q. What about the bribe-takers?
A. Just as with tango, it takes two in a bribery scheme – the payor and the recipient. However, the FCPA is a supply-side statute in that it has been held only to govern the conduct of the briber payor. (See U.S. v. Castle, 925 F.2d 831 (5th Cir. 1991)).
However, in recent years the DOJ has charged certain “foreign official” bribe recipients with other crimes such as money laundering. (See here for example). In addition, the DOJ has formed a Kleptocracy Asset Recovery Initiative which is designed to target and recover the proceeds of foreign official corruption that have been laundered into or through the U.S.
Q. What is the FCPA Opinion Release Procedure?
A. The FCPA directed the Attorney General to “establish a procedure to provide responses to specific inquiries by [those subject to the FCPA] concerning conformance of their conduct with the DOJ’s present enforcement policy …”.
Pursuant to the governing regulations (here) only “specified, prospective – not hypothetical – conduct” is subject to a DOJ opinion and the DOJ’s opinion has no precedential value, and its opinion that the contemplated conduct is in conformance with the FCPA is entitled only to a rebuttable presumption should an FCPA enforcement action be brought as a result of the contemplated conduct.
Since 1980, the DOJ has issued approximately 60 FCPA Opinion Procedure Releases (see here and here). In nearly every instance, the DOJ’s opinion is that it does not intend to bring an enforcement action based on the disclosed contemplated conduct. This is largely due to the fact that if a requestor senses (through initial discussions with the DOJ) that it will not receive a favorable opinion, it simply withdraws its request and an opinion is never issued.
Q. Do other countries have “FCPA-like” laws?
A. When passed in 1977, the FCPA was a pioneering statute, the first-ever domestic statute governing the conduct of domestic companies in its interactions (both direct and indirect) with “foreign officials” in foreign markets. In enacting the FCPA, Congress also instructed the Executive Branch to seek broad international support for “FCPA-like” laws in other countries.
This call for change was slow to take root. However, in 1997 approximately 35 countries adopted the OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions. (See here). At present, 38 countries have adopted the OECD Convention – countries that account for approximately two-thirds of the world’s exports and approximately ninety percent of foreign direct investment. For ratification status of the Convention, see here. In addition, China, India, Indonesia, and Russia have also adopted or are in the process of adopting “FCPA-like” domestic laws.
However, just because a country has a law like the FCPA does not mean that the law is actively enforced. In fact, many countries that have adopted the OECD Convention have never brought any enforcement action under their domestic statute. Reasons for low enforcement activity can include lack of political will and prosecutorial resources as well as unique attributes of a country’s law. For instance, in many OECD member countries the concept of legal person criminal liability (as opposed to natural person criminal liability) is non-existent and in certain countries that do have legal person criminal liability, such liability can only result from the actions of high-level executive personnel or other so-called “controlling minds” of the legal person. Moreover, the use of non-prosecution and deferred prosecution agreements (resolution vehicles that the OECD has stated “is one of the reasons for the impressive FCPA enforcement record in the U.S.”) is foreign to most jurisdictions.
See here for recent OECD Working Group on Bribery Annual Reports.