Posts later this week will be devoted to 2012 FCPA enforcement statistics.  Many of the statistics were calculated based on the number of corporate FCPA enforcement actions in 2012.

But what is a Foreign Corrupt Practices Act enforcement action?  Let’s start the New Year off with this basic question.

It is a difficult question and an important question given the increase in FCPA Inc. statistical information and the growing interest in empirical FCPA-related research.

How one answers the question is materially significant as it determines the denominator in almost every FCPA computation.  How one answers the question impacts everything from “how many FCPA enforcement actions are there,” to “what country is the site of the most FCPA enforcement actions,” to “what percentage of FCPA enforcement are resolved via non-prosecution or deferred prosecution agreements,” to “what percentage of FCPA enforcement actions involve related individual enforcement actions,” to “what is the average fine/penalty amount in an FCPA enforcement action” and many, many other issues.

How one answers the question may depend on one’s objective and motivation – for instance, is an FCPA Inc. participate marketing its FCPA services in which case more FCPA enforcement actions may be a good thing?  It is not just for-profit industry participants who seemingly have an objective and motivation in categorizing FCPA enforcement actions a certain way.  For instance, the DOJ and SEC would seem to have an incentive to liberally count more FCPA enforcement actions than conservatively to perhaps achieve a deterrent effect.  Likewise, the DOJ and SEC would seem to have the same incentive knowing that its enforcement record will be judged by civil society monitoring organizations.  For instance, did you know that Transparency International’s 2012 Progress Report shows (see here at Table A) that the U.S. (since 1999 – the year the OECD Convention entered into force in the U.S.), has brought 275 “total [FCPA] cases.”  One can only achieve a number like that with creative counting methods.

In this post, my goal is to improve the quality and reliability of FCPA statistics and related information.  Pursuant to this goal, I discuss various ways, using real enforcement actions, to answer the difficult question of what is an FCPA enforcement action.  I then conclude the post with suggested criteria for what is an FCPA enforcement action.

The “Core” Approach

I have long kept my corporate FCPA enforcement statistics by using what I’ve termed the “core” approach.  The core approaches focuses on corporate conduct at issue regardless of whether the conduct at issue involves a DOJ or SEC enforcement action or both (as is frequently the case), regardless of whether the corporate enforcement action involves a parent company, a subsidiary or both (as is frequency the case), and regardless of whether the DOJ and/or SEC bring any related individual enforcement actions (as is occasionally the case).

To demonstrate the core approach and its impact on the quality and reliability of FCPA enforcement statistics, consider the Siemens enforcement action.  In 2008, the DOJ and SEC brought related corporate enforcement actions.  The DOJ component included an action against Siemens AG and separate enforcement actions against Siemens Argentina, Siemens Bangladesh, and Siemens Venezuela.  The SEC component included an action against Siemens AG.  In 2011, the DOJ brought a related enforcement action against 8 individuals and the SEC brought a related enforcement action against 7 individuals.  All of the enforcement actions were based, in whole or in part, on the same core set of corporate conduct. 

Does the above paragraph describe 1 “core” enforcement action or 20 different enforcement actions?  You can see how just using the Siemens example, the denominator in any calculation will be significantly impacted by the answer.  In my mind, the above paragraph describes 1 “core” enforcement action, but many others (perhaps because of the objectives and motivations discussed above) categorize Siemens as 20 enforcement actions – a highly misleading data point in my opinion.  For instance, and assuming that the Siemens corporate enforcement actions comprise the entire universe of corporate FCPA enforcement actions, using a non-core approach, the average fine/penalty amount would be $160 million with a median fine and penalty amount of $500,000.  However, using the core approach, the Siemens corporate enforcement action resulted in $800 million in fine and penalty amounts.

Take the Africa Sting case as another example.  In January 2010, the DOJ announced a manufactured enforcement action against 22 individuals.  All individuals were alleged to have engaged in the same “core” conduct.  Is the Africa Sting enforcement action 1 “core” enforcement action or 22 different enforcement actions?  If you have seen many of the charts and graphs published by FCPA Inc. and have noticed the spike in FCPA enforcement actions in 2010, you know that many in the industry count the Africa Sting case as 22 actions.  Again, how you answer this question will significantly impact the denominator in any calculation.  For instance, if the Africa Sting enforcement actions are counted as 22 different enforcement actions, Gabon is all of a sudden the site of the most FCPA enforcement activity in recent years – a highly misleading data point.

In short, depending on one’s methodology and using just the Siemens enforcement action and the Africa Sting enforcement action, these instances were either 2 enforcement actions or 42 enforcement actions.

High quality and reliable FCPA enforcement statistics, reflecting what is really occurring and without distorting reality, are best achieved by using the “core” approach and categorizing the Siemens enforcement action and the Africa Sting enforcement action as 2 enforcement actions, not 42 enforcement actions.

Non Prosecution and Deferred Prosecution Agreements

For most of the FCPA’s history, the DOJ did one of two things when resolving an instance of FCPA scrutiny.  One option was that a corporate entity was actually charged (whether via a criminal indictment or more often via a criminal information) with an FCPA offense and the entity pleaded guilty via a plea agreement or mounted a legal defense (something that has only happened twice in FCPA history in the corporate context).  The other option was that the DOJ did not charge or prosecute the corporate entity and there was no enforcement action.

However, in 2004, non-prosecution and deferred prosecution agreements were introduced to FCPA enforcement.

Should NPAs (in which criminal charges are not filed against a company) or DPAs (in which criminal charges are technically filed but not actually prosecuted) count as FCPA enforcement actions?

The short answer is that if NPAs and DPAs were not counted, there would be very, very few corporate FCPA enforcement actions.  In recent years, these resolution vehicles have been used in approximately 70%-100% of corporate FCPA enforcement actions in any given year.

Enforcement Actions That Do Not Include Anti-Bribery Charges or Findings

Should an FCPA enforcement action be only those that involve anti-bribery charges or findings (as in the case of non-prosecution agreements and SEC administrative orders)?

In many instances, the enforcement agencies (DOJ or SEC) allege conduct that would seem to implicate the FCPA’s anti-bribery provisions.  However, because the resolution occurs in the context of a negotiated settlement, because the enforcement agencies say they seek to reward voluntary disclosures and cooperation, and because FCPA anti-bribery charges or findings could have potential negative collateral consequences for the company, the enforcement agencies are are often content in resolving the action without actual FCPA anti-bribery charges.  For instance, Siemens and Daimler were never charged with FCPA anti-bribery violations.

Stated differently, should FCPA books and records and internal control charges only (whether criminal or civil) count as an FCPA enforcement action?  Statistically, this is a very important question given the number of Iraqi Oil for Food Cases – actions that, for the most part, did not involve FCPA anti-bribery charges or findings because the kickback payments were made to a foreign government not a “foreign official.”  (See note 115 of the FCPA Guidance for the DOJ/SEC’s similar explanation).

Most people will say “yes,” enforcement actions involving FCPA books and records and internal controls charges or findings do represent FCPA enforcement actions.  However, in order to be consistent and intellectually honest, would not all FCPA books and records and internal control charges or findings have to be considered an FCPA enforcement action?  Recall that the FCPA books and records and internal control provisions are completely generic and can apply in purely domestic cases that have nothing to do with bribery and corruption.  (See here for a prior post for what I’ve called “non-FCPA, FCPA enforcement actions”).  As to these numerous non-FCPA, FCPA enforcement actions (according to one estimate, see here – figure 3, since 1977 there have been approximately 1,000 such actions), not even the SEC includes such actions on its FCPA website.

Enforcement Actions That Do Not Include Any FCPA Charges

As you likely know, FCPA Inc. (as well as the DOJ) classify the BAE enforcement action as an FCPA enforcement and it is included in many FCPA top-ten lists (see here for example).

But why?

BAE was not charged with any FCPA offenses (the conventional wisdom is because of the negative collateral consequences such charges could have resulted in for the defense contractor) even though the alleged facts in the DOJ enforcement action would seem to implicate the FCPA’s anti-bribery provisions.

If enforcement actions that do not result in any FCPA charges or findings are included, to be consistent and intellectually honest, would not all enforcement actions that allege facts that would seem to implicate the FCPA have to be considered an FCPA enforcement action?  For instance, the recent DOJ enforcement action against APEGO Group and its executives (see here for the prior post) alleged foreign bribery and corruption but did not result in any FCPA charges.  Same thing with the DOJ’s prosecution of R. Allen Stanford (see here for indictment).

What is the reasoned rationale for including the BAE enforcement action as an FCPA enforcement action, but not these other enforcement actions?

Now that we are all dizzy thinking about the seemingly easy question of what is an FCPA enforcement action, let’s return to the original question.  What is an FCPA enforcement action?

In an effort to improve the quality and reliability of FCPA statistics and related information, I offer the following criteria for what is an FCPA enforcement action.

(1) An FCPA enforcement action is an instance in which an enforcement agency (whether DOJ or SEC) charges or finds that the FCPA (whether its anti-bribery, books and records, or internal controls provisions) has been violated.

(2) As to FCPA books and records or internal control charges or findings, such actions are only FCPA enforcement actions to the extent categorized as such by either the DOJ or SEC on its FCPA websites.

(3) As to each instance of conduct meeting the above criteria, the “core” approach is to be used in quantifying the number of FCPA enforcement actions.

(4) If an instance of conduct does not meet the above criteria for any reasons (such as an instance of an enforcement action that does not include FCPA charges or findings), the person or organization including such an instance in FCPA enforcement statistics should, in a transparent way, explain the rationale for including such an instance as an FCPA enforcement action.

High quality and reliable FCPA enforcement statistics, reflecting what is really occurring and without distorting reality, are best achieved by following the above criteria.