Significant Updates on the Foreign Corrupt Practices Act Front
White Collar Crime and Internal Investigations Alert 09/15/20 Hector J. Diaz, Tiffany J. Li
Recently the Department of Justice (“DOJ”) and the Securities and Exchange Commission (“SEC”) published the Second Edition of the Resource Guide to the U.S. Foreign Corrupt Practices Act (the “2020 Guide”), the first revision in eight years. The 2020 Guide summarizes new policies applicable to Foreign Corrupt Practices Act (“FCPA”) actions and provides additional, insightful guidance to companies.
The 2020 Guide incorporates several major developments, including, among others: (1) a renewed urgency for companies to have effective corporate compliance programs; (2) an increased transparency in the area of FCPA enforcement; and (3) a stronger emphasis on the need for adequate internal accounting controls.
Corporate Compliance Programs
The 2020 Guide states that a robust compliance program is essential to detecting and preventing FCPA violations. Compliance programs also factor into three key areas of DOJ and SEC decision-making: (1) the form of resolution or prosecution; (2) the monetary penalty; and (3) the compliance obligations to be included in any criminal resolution, such as the need for a monitor and the length and nature of any reporting obligations.
While the DOJ and SEC do not have requirements regarding compliance programs, the DOJ has adopted the FCPA Corporate Enforcement Policy—a new addition in the 2020 Guide—to incentivize companies to self-disclose, cooperate, and remediate for the possibility of a DOJ declination. These published declinations show how the DOJ is likely to assess particular fact patterns.
The 2020 Guide distinguishes the Corporate Enforcement Policy into three areas: (1) confidential reporting and internal investigations; (2) continuous improvement; and (3) due diligence in the context of mergers and acquisitions.
All effective compliance programs should include a mechanism for confidential reporting, such as an anonymous hotline, email, or ombudsmen. Companies should also have an efficient, reliable, and adequately funded process for investigating misconduct allegations and for documenting their responses, including any disciplinary or remedial measures taken. An effective compliance program should also integrate lessons learned from past misconduct and integrate them into policies, training, and controls.
The Corporate Enforcement Policy also recommends that companies regularly review and improve existing compliance programs by identifying potential weaknesses and risk areas. Continuous improvement is critically important because the DOJ and SEC will credit “meaningful efforts” to create and maintain sustainable programs.
The Corporate Enforcement Policy provides that, absent aggravating circumstances (i.e., involvement by executive management in the corruption or bribery schemes, a significant profit generated from such misconduct, pervasiveness of the misconduct within the company, or the presence of criminal recidivism) voluntary self-disclosure and full cooperation with the government may result in the DOJ declining to bring criminal charges. Even when a criminal resolution is appropriate, a company that voluntarily self-discloses, fully cooperates, and timely remediates, may be eligible for a 50 percent sentencing reduction if it has an effective compliance program.
FCPA Enforcement Actions
The 2020 Guide also demonstrates an increased transparency in the area of FCPA enforcement, which can include a combination of fines, imprisonment, forfeiture, or disgorgement among multiple international enforcement authorities. The 2020 Guide addresses the need for coordinated resolutions among these myriad authorities to avoid multiple penalties for the same misconduct.
The “Anti-Piling On Policy” instructs prosecutors to “endeavor, as appropriate, to coordinate with and consider the amount of fines, penalties, and/or forfeiture paid to other federal, state, local, or foreign enforcement authorities that are seeking to resolve a case with a company for the same misconduct.” The 2020 Guide further explains that whether and how much to credit another authority depends on a number of factors, including but not limited to, the egregiousness of the misconduct, the relevant statutory mandates regarding penalties, fines, and forfeitures, and the adequacy and timeliness of a company’s disclosures and cooperation.
Books & Records Controls
Another noteworthy development in the 2020 Guide is an increased emphasis on adequate internal accounting controls, which are not always synonymous with a company’s compliance program. The FCPA’s accounting provisions require issuers to keep books and records in reasonable detail, and to provide reasonable assurance of the management’s control, authority, and responsibility over the company’s assets. See 15 U.S.C. § 78m(b)(2)(B). A company’s internal controls must take into account the “operational realities and risks attendant to the company’s business” such as the types of products and services offered.Given the government’s increasingly aggressive enforcement, qualifying companies would be well-served to reassess the adequacy of its internal accounting controls to ensure compliance. After all, these internal controls are the backbone for most accounting frauds according to the 2020 Guide.
On August 14, 2020, the DOJ issued its first opinion letter in six years. The opinion involved a request by an international investment advisory firm that sought to purchase assets from the foreign subsidiary of a foreign investment bank whose shares were indirectly owned by a foreign government. A different foreign subsidiary of the investment bank helped facilitate the purchase, which was completed in February 2019. The foreign subsidiary that assisted with the transaction later sought a $237,500 fee—approximately 0.5 percent of the value of the asset purchase—for advisory services related to the transaction.
The advisory firm sought an opinion from the DOJ about whether this arrangement would run afoul of the FCPA. The DOJ concluded that it did not and stated that it would refrain from enforcement action because there was “no information evincing a corrupt intent to offer, promise, or pay anything of value to a foreign official” in connection with the payment.
Here are six key takeaways to help navigate the shifting FCPA terrain:
- Paper tiger codes of conduct are insufficient. Compliance programs must be well-designed, effectively implemented, adequately resourced, and consistently enforced. These programs can potentially impact and determine a company’s future.
- Look to increased enforcement in the future. DOJ investigations, corporate resolutions, and prosecutions demonstrate that it continues to aggressively pursue FCPA violations. This appears particularly true when it comes to FCPA enforcement against individuals, which has steadily increased since 2017, resulting in more FCPA trials. Individual charges outpaced corporate charges from 2015 to 2019 (144 individuals were charged, as compared to 126 corporations). Recently a senior DOJ official stated that bribes paid to reopen or circumvent local curfew or quarantine laws abroad during the COVID-19 Pandemic could give rise to new FCPA investigations. This is particularly true given the need by many companies to obtain PPE manufactured abroad. Companies would be well-served to confer with counsel to take reasonable steps to ensure that they are not making payments for these items that may fall within the scope of the FCPA.
- Don’t forget accounting and audit controls. In light of the shifts in the enforcement of internal accounting controls violations, companies should proactively monitor and continuously improve their internal accounting controls, even more so than before, to ensure compliance with the FCPA.
- Be mindful of successor liability. Under the Corporate Enforcement Policy, when a company uncovers corruption or bribery by the merged or acquired entity through thorough and timely pre-acquisition due diligence or post-acquisition audits (where appropriate), and voluntarily self-discloses the misconduct, there will be a presumption that the DOJ will decline prosecution. Conducting fulsome pre-merger or acquisition due diligence may avoid future issues.
- Monitor now or later. The 2020 Guide lays out the DOJ’s approach to selecting monitors which may be appointed as part of a resolution. A monitor is an independent third party who assesses a company’s adherence to the compliance requirements set forth in resolution agreements to reduce the risk of misconduct recurring. Prosecutors have wide latitude in deciding whether to appoint a monitor, including: “(a) whether the underlying misconduct involved the manipulation of corporate books and records or the exploitation of an inadequate compliance program or internal accounting control systems; (b) whether the misconduct at issue was pervasive across the business organization or approved or facilitated by senior management; (c) whether the corporation has made significant investments in its corporate compliance program and internal accounting control systems; and (d) whether the compliance program and internal accounting controls are effective at preventing or detecting similar misconduct in the future.”
- The opinion option: Although DOJ opinion letters are rare, companies should keep in mind that seeking an advisory opinion from the DOJ remains an option if timing and circumstances permit. Although the DOJ issued its first opinion letter in six years, it remains a way for companies to proactively comply with its anti-bribery obligations.
For more information on the FCPA, internal investigations, or compliance programs please contact your Quarles & Brady attorney or: