With the announcement of the first U.S. Foreign Corrupt Practices Act enforcement action in 2015 only six days into the new year, the U.S. Department of Justice sent the message to companies with business overseas that it would continue its increased enforcement efforts and that companies should take stock of their compliance programs.
The FCPA was enacted in 1977 in response to revelations of widespread bribery of foreign officials by U.S. companies. The act was intended to halt corrupt practices, create a level playing field for honest businesses and restore public confidence in the integrity of the marketplace.
The FCPA’s anti-bribery provisions prohibit U.S. persons and businesses, U.S. and foreign public companies listed on U.S. stock exchanges or which are required to file periodic reports with the Securities and Exchange Commission, and certain foreign persons and businesses acting while in the territory of the United States from making corrupt payments to foreign officials to obtain or retain business. The act also requires those companies whose stocks are listed on U.S. exchanges to keep accurate books and records and to maintain an adequate system of internal accounting controls.
Both the DOJ and SEC enforce the provisions of the FCPA. Criminal penalties range up to a maximum of five years imprisonment and a $250,000 fine for an individual and up to $2 million in criminal fines for a corporation; civil penalties for both the individual and corporation are $10,000 per violation with the corporation also subject to disgorgement of profits and debarment. Any fines imposed on the individual cannot be paid by the employer.
FCPA recent trends
Several trends in FCPA investigations and enforcement were seen in the past few years:
Enforcement actions are brought on an industry-by-industry basis—Historically, this seems true. For example, the government has been focused on pharmaceutical companies and oil/gas companies for some time. However, as pointed out by a DOJ official at a recent ABA conference, the trend may be more along the lines of similar conduct; that is, when DOJ observes a particular type of conduct, it begins to notice it in other areas.
Enforcement actions are focused on smaller companies—Of the last five major FCPA enforcement actions, two involved very large companies (Alcoa and HP) and featured joint prosecutions by the SEC and DOJ; however, three were prosecuted only by the SEC and against relatively smaller companies and resulted in lesser, but not insignificant, settlements. In the SEC announcement regarding the recent Smith & Wesson FCPA settlement, the FCPA Unit Chief Kara Brockmeyer said the settlement is “a wake-up call for small and medium-size businesses that want to enter into high-risk markets and expand their international sales” to “ensure that the right internal controls are in place and operating.”
Low international revenues do not excuse inadequate FCPA compliance—The Smith & Wesson settlement demonstrates that enforcement officials expect companies to commit to FCPA compliance even when international business accounts for a small portion of their revenue. The SEC alleged that while prioritizing growth in new and high-risk international markets, Smith & Wesson did not perform any anti-corruption risk assessments, conducted very little third-party due diligence and had inadequate compliance and training programs.
There is a focus on a company’s cooperation—The extent of a company’s cooperation, including self-reporting, will affect the settlement and will also be mentioned in the press releases; for example, providing translated documents or real-time transcripts of witness interviews has been cited as a credit when negotiating settlement.
Less emphasis on independent monitors—In the past, as part of a settlement, companies were frequently required to engage independent monitors that would report to the SEC/DOJ. Now, more settlement agreements allow for the company to self-monitor and report directly to the SEC/DOJ.
Effective compliance programs
In order to avoid an FCPA violation and subsequent governmental investigation, a company should identify its risk and institute an effective compliance program.
To identify the risks, evaluate both who and where the foreign companies you deal with are. Your foreign partners may be state-owned or your consultants and agents may interact with the government, which is a huge risk area. Certain countries, such as India and China, have higher risk factors. South America and the Middle East are areas with increased risk as well. The risks are different for everyone and you need to evaluate the situation based on the above two questions and then tailor your compliance program appropriately.
At a minimum, your company should conduct site visits to determine the legitimacy of the foreign company. While it is important to be sensitive to the fact that different cultures may have a different view of what is a legitimate business and what bribery is, you must comply with the FCPA’s definitions. Furthermore, require your foreign partners to complete due diligence questionnaires, so that you can evaluate the past history of a company. Use the questionnaire to identify future risks and continue to monitor these risks. Include FCPA clauses in contracts, which are fairly standard and often non-negotiable. Contracts should include audit rights, termination rights, and term limits and specify the bank account where you know the owner/location. If a party refuses to sign the contract due to these clauses, consider this as a huge red flag that should elicit numerous questions right there and then.
Your company’s FCPA compliance “dream team” should include, at a minimum, legal personnel, financial reporting personnel, and internal audit personnel. While there is no “one-size-fits-all” compliance program, several ubiquitous requirements gleaned from recent DOJ resolution agreements include the following:
High-Level Commitment—Strong, explicit and visible support from senior management and directors.
Policies and Procedures—A written compliance code including appropriate policies and procedures addressing gifts, hospitality, entertainment, customer travel, political contributions, charitable donations and sponsorships, facilitation payments, solicitation and extortion, as well as a reasonably designed financial controls system.
Periodic Risk-Based Review—Risk-based development of the aforementioned policies and procedures, as well as at least annual review and update of these policies and procedures to take into account evolving international and industry standards.
Proper Oversight and Independence—One or more senior executives, who are charged with implementation and oversight of compliance responsibilities and report or have the authority to report to independent bodies, including internal audit, the board, and/or a board committee.
Training and Guidance—Effective communication of the compliance code, policies and procedures throughout the company and its business partners, periodic training on these policies, and annual certifications of compliance with training requirements. A mechanism also should be in place to provide guidance and advice on complying with the code, policies or procedures.
Internal Reporting and Investigation—A system for internal, confidential reporting of policy violations as well as an effective system for investigating these reports.
Enforcement and Discipline—Mechanisms to enforce the compliance program and appropriate disciplinary procedures.
Third-Party Relationships—Risk-based due diligence program pertaining to agents, business partners, or other third-parties, and appropriate contractual guarantees that third parties will comply with anti-corruption laws.
Mergers and Acquisitions—Risk-based due diligence program for mergers and acquisition activity, including the prompt integration of the newly acquired entity into the company’s compliance program.
Monitoring and Testing—Periodic testing and review of the compliance code, policies and procedures, taking into account relevant developments and evolving international and industry standards.
While the FCPA criminal and civil penalties are certainly harsh, the cost to the company related to the investigation, compliance and monitoring can be daunting as well. Investigations can last years and can expand from a limited one into one delving into a company’s business practices and conduct in several countries. The additional significant consequences associated with an investigation and settlement can run into the hundreds of millions of dollars; firing/loss of key executives; shares falling when the investigation or settlement is announced; derivative lawsuits filed against company directors; and immeasurable damage to a company’s reputation.
Understanding the FCPA current trends and implementing an effective compliance program will protect any company whose business operates overseas.
Jeffrey LaBarge is a partner with Nixon Peabody LLP. He developed this column with Charles Tamuleviz, Kevin Saunders and Emily Sy.
3/20/15 (c) 2015 Rochester Business Journal. To obtain permission to reprint this article, call 585-546-8303 or email firstname.lastname@example.org.