Robust FCPA Compliance Program Worth Every Penny

    The U.S. Foreign Corrupt Practices Act of 1977 (FCPA) generally prohibits U.S. companies and citizens, foreign companies listed on a U.S. stock exchange, or any person acting while in the United States, from corruptly paying or offering to pay, directly or indirectly, money or anything of value to a foreign official to obtain or retain business. The FCPA also requires “issuers” with securities traded on a U.S. exchange or otherwise required to file periodic reports with the Securities and Exchange Commission (SEC) to keep books and records that accurately reflect business transactions and to maintain effective internal controls.

    The FCPA is jointly enforced by the Department of Justice (DOJ) and the SEC. Proof of a U.S. territorial source is not required for the FCPA to be implicated against U.S. companies and citizens, and FCPA violations can, and often do, occur even if the prohibited activity takes place entirely outside of the United States. For this reason, business leaders must be knowledgeable about all business activity, including activity that takes place thousands of miles away from corporate headquarters.

    The FCPA has been on the books since 1977. During the last decade, however, government enforcement activity involving the FCPA has increased exponentially. Total fines and penalties paid to resolve cases brought by the DOJ and the SEC involving alleged FCPA violations have exceeded $1 billion annually in recent years. Individual cases are being resolved for tens and even hundreds of millions of dollars. The DOJ increasingly is targeting individuals and seeking prison sentences, in addition to monetary fines and penalties. These trends are expected to continue.

    Enforcement agencies take an aggressive view of the FCPA’s reach. They interpret the phrase “anything of value” broadly. High profile cases often involve million dollar bribes exchanged for multi-million dollar contracts, but there have been FCPA cases involving bribes for as little as $100. The bribes don’t always come in the form of cash payments. Bribes also can come in the form of gifts, entertainment, paid trips and the like.

    The DOJ and SEC also interpret the phrase “obtain or retain business” broadly. The benefit received in exchange for the bribe is not always a multi-million dollar contract. Sometimes the benefit is an approval, a license, a permit, a tax break, or anything else that could be perceived as providing a business advantage.

    Understanding who is considered a “foreign official” under the FCPA can present challenges. It is particularly difficult to distinguish between foreign officials and purely private parties in countries, like China, where there are many state-owned enterprises. The conservative approach is to treat officials of state-owned enterprises as foreign officials for purposes of the FCPA. And it would be wrong to assume that bribes between purely private entities are legal. There are laws on the books in many jurisdictions criminalizing purely private bribery.

    Cases brought under the FCPA are not limited to purely domestic concerns. FCPA cases often are based on the conduct of foreign operating subsidiaries or joint ventures, whose financial performance inures to the benefit of a U.S. parent, holding company, affiliate or joint venture partner. Government agencies sometimes look to hold key U.S. management personnel responsible, both civilly and criminally, for FCPA violations committed by a foreign affiliate. This is particularly true in cases where U.S. management personnel have been made aware of a potential FCPA violation at a foreign affiliate, but have failed to react to the information in a responsible way, such as by conducting an investigation, implementing a compliance program, or enhancing internal controls. Telling a government agency that U.S. management personnel were not aware of what was happening at a foreign subsidiary can be a difficult defense.

    It also is not a defense if a bribe is paid through a third-party agent, consultant or other intermediary. Indeed, many high profile cases involve the use of intermediaries. U.S. companies doing business abroad are expected to know with whom they are doing business and for what they are paying.

    On the other hand, one of the best defenses a company and management personnel can have when it comes to a potential FCPA violation is a robust compliance program. If your company is doing business in a high risk region, such as China, other parts of Asia, eastern Europe, northern Africa, Central and South America, to name a few, then implementing an FCPA compliance program should be at or near the top of your priority list. Introducing a written FCPA policy, providing FCPA training to appropriate personnel, requiring regular attestations of compliance, reviewing internal controls with a view toward FCPA issues, requiring due diligence for third-party agents, and appointing personnel with responsibility for FCPA compliance, are just some of the steps that can be taken to cover off FCPA risks. The program should be implemented consistently throughout the organization, including at the foreign operating subsidiaries or joint ventures.

    For those who have been involved in an internal investigation or a government investigation, you know how costly and disruptive they can be. Implementing an FCPA compliance program is much less costly in the long run. When done properly, a compliance program can help detect and avoid circumstances that might otherwise lead to an FCPA violation and a costly investigation. Plus, if there is an FCPA violation, having a robust compliance program already in place can be a helpful mitigating factor when dealing with the DOJ or the SEC. An ounce of prevention can be worth a pound of cure.

    Scott Seabolt is a partner in the Detroit office of Foley & Lardner LLP. He is a member of the firm’s Business Litigation & Dispute Resolution Practice, the Securities Enforcement & Litigation Practice and the Automotive Industry Team. Contact him at [email protected].