It surprises most people to learn that a company with pre-existing FCPA compliance policies and procedures – and a company otherwise making good faith efforts to comply with the FCPA -  can still face legal liability when a non-executive employee or agent nevertheless acts contrary to the company’s pre-existing FCPA compliance and procedures.  

And rightfully so.  Yet because of respondeat superior principles, the company is exposed to FCPA liability.   Such pre-existing policies and procedures are relevant to charging decisions under the Principles of Prosecution as well as to the ultimate fine amount under the Sentencing Guidelines, but not relevant to liability as a matter of law.

It is even possible for a company to earn designation as one of the “World’s Most Ethical Companies”  yet still, during the same general time period, resolve an FCPA enforcement action.  Ethisphere’s “World’s Most Ethical Companies” designation (see here) ”recognizes companies that truly go beyond making statements about doing business ‘ethically’ and translate those words into action.”  As stated by Ethisphere, the designation is “awarded to those companies that have leading ethics and compliance programs, particularly as compared to their industry peers.”  A company only earns the designation after a “methodology committee of leading attorneys, professors, government officials and organization leaders” assist Ethisphere in creating the scoring methodology and after Ethisphere conducts an “in-depth analysis” of the company.  Companies that have earned “World’s Most Ethical Company” designation during the same general time period as also resolving FCPA enforcement actions or being under FCPA scrutiny include the following:  General Electric, Statoil, Deere & Company, Hewlett-Packard, Rockwell Automation, AstraZeneca, Novo Nordisk, and Sempra Energy.

Add Oracle Corporation, a recipient of  “World’s Most Ethical Company” designation more than once, to the list.

Yesterday, Joe Palazzolo and Samuel Rubenfeld broke the story in the Wall Street Journal, “U.S. Probes Oracle Dealings,” that “U.S. authorities are investigating whether Oracle Corp., one of the world’s largest software companies by sales, violated federal antibribery laws in its dealings abroad …”.  According to the report, “agents in the FBI’s Washington field office and fraud prosecutors in the Justice Department’s Criminal Division are handling a criminal investigation, which has been underway for at least a year.”  Palazzolo and Rubenfeld also report that the SEC is also investigating for possible civil violations.  According to the report, “the agencies are examining whether Oracle employees or agents acting on the company’s behalf made improper payments in Africa in order to land sales of database and applications software.”

Time will tell whether the Oracle investigation will lead to an FCPA enforcement action and, if so, the nature and extent of the improper conduct.  If the investigation follows a pattern often seen in FCPA enforcement actions, the improper conduct will have been engaged in by non-executive employees or agents who acted contrary to the company’s FCPA policies and procedures and the company’s otherwise good faith efforts to comply with the FCPA.

While I have no unique insight or knowledge of Oracle’s FCPA compliance policies and procedures, one has got to assume it has been doing the right things to earn, on  more than one occasion, Ethisphere’s highest honor.  Oracle’s “Code of Ethics and Business Conduct” (here) contains a separate section on the FCPA in a Q&A format.  Granted words on paper do not establish much, but the Code also refers to Oracle’s “Anti-Corruption Policy” located on the company’s non-public Compliance and Ethics Program Web Site and indeed what a company’s public website contains as to FCPA compliance is usually just the tip of the iceberg.  Furthermore,  among other things, Oracle has an ”Anti-Corruption Training Course” (here) for its partners available in ten languages.

If an FCPA enforcement action against Oracle is indeed forthcoming, such an enforcement action, like previous ones involving other “World’s Most Ethical Companies” highlight the need for an FCPA compliance defense.  As I have highlighted on previous occasions, in the mid-1980’s numerous FCPA reform bills included a specific defense under which a company would not be held liable for a violation of the FCPA’s anti-bribery provisions by its employees or agents, who were not an officer or director, if the company established procedures reasonably designed to prevent and detect FCPA violations by employees and agents.  Such a compliance defense passed the U.S. House, but was never made part of the FCPA’s 1988 amendments.  However, it is likely that an FCPA reform bill will soon be introduced and that it will contain a similar compliance defense.  As I highlighted in this previous post, many of the 38 signatory countries to the OECD Anti-Bribery Convention have compliance-like defenses in their domestic “FCPA-like” legislation.

Nevertheless, Assistant Attorney General Lanny Breuer has, in the past, flatly rejected the need for a compliance defense.  Speaking last March at the Dow Jones Global Compliance Symposium, he said,  “we can’t engage in some sort of formalistic solution from a script that says if you check the following six boxes you’re guaranteed this outcome.” 

More recently, during the June House FCPA Hearing, Greg Andres, testifying on behalf of the DOJ, stated that a potential FCPA compliance defense was “novel and risky” and that the “time is not right to consider it.” 

With another “World’s Most Ethical Company” facing FCPA exposure, the time is right to consider amending the FCPA to include a compliance defense.