Businesses navigating Foreign Corrupt Practices Act (“FCPA”) compliance have a newly-published resource to assist in their efforts. For the first time since its initial publication almost eight years ago, U.S. enforcement authorities released an updated version of “A Resource Guide to the Foreign Corrupt Practices Act” (the “Guide”). The FCPA prohibits businesses with ties to the United States from paying bribes to foreign government officials and is jointly enforced by the U.S. Department of Justice (“DOJ”) and the U.S. Securities and Exchange Commission (“SEC”).
FCPA compliance is a key part of any company’s risk portfolio. The release of the second edition of the Guide is important, as FCPA enforcement continues to remain a top DOJ and SEC priority. Navigating FCPA compliance can be challenging; few actions under the statute have been litigated so caselaw is sparse. Accordingly, the Guide is the go-to resource for understanding how the government interprets the FCPA and predicting how enforcement authorities are likely to apply its provisions. (Notably, however, the Guide is not binding law. As the SEC and DOJ explain, the Guide is “non-binding, informal, and summary in nature.” Further, enforcement officials clarify that “it is not intended to, does not, and may not be relied upon to create any rights, substantive or procedural, that are enforceable at law by any part, in any criminal, civil or administrative manner.”)
The second edition of the Guide is substantially similar to the first in both substance and structure, but it incorporates developments and clarifications made to the FCPA since 2012. The updates include recent case law (including regarding agent liability and the definition of “foreign officials”), enforcement actions and policies released or revised by the agencies (including the DOJ’s Corporate Enforcement Policy but very little from the SEC).1 The following are a few of the Guide’s important updates.
New Stance on Statute of Limitations for Accounting Actions
The FCPA does not specify a statute of limitations for criminal actions. The first edition of the Guide acknowledged this and stated that “the general five-year limitations period set forth in 18 U.S.C. § 3282 applies to substantive criminal violations of the Act.” The updated Guide changes course. While it continues to apply the five-year limitations period to the FCPA’s bribery prohibitions, “[f]or violations of the FCPA accounting provisions, which are defined as “securities fraud offense[s]” under 18 U.S.C. § 3301, there is a limitations period of six years.”
Internal Controls Provision Informed by “Operational Realities”
The FCPA’s internal controls provisions do not set forth explicit standards or requirements for compliance programs, and instead require a system that “provide[s] reasonable assurances” of compliance. With the updated Guide, the agencies seek to put some teeth on the standard, noting that “the design of a company’s internal controls must take into account the operational realities and risks attendant to the company’s business.” Examples of such “operational realities” include:
“the nature of its products or services; how the products or services get to market; the nature of its work force; the degree of regulation; the extent of its government interaction; and the degree to which it has operations in countries with a high risk of corruption”
Courts have yet to consider the agencies’ new gloss on the statutory requirements. However, companies may protect themselves from enforcement actions by considering these factors in designing their internal controls. Practically speaking, this means companies should consider conducting a detailed risk analysis for each business unit (and documenting the analysis) and then carefully tailoring policies and procedures to address the major risks.
Sanctions: Coordination and Monitors
The updated Guide highlights that the DOJ and SEC work to coordinate between themselves as well as with other authorities internationally and avoid duplicative and unnecessary penalties, fines and disgorgement. As between the DOJ and SEC in settled matters, this often has been translated into the payment of disgorgement to the SEC and the payment of a criminal fine to DOJ. Where an international regulator is a party to the settlement, it is less clear how duplication and increased sanctions are avoided in the division of monetary relief. The Guide’s second edition incorporates a reference to the Policy on Coordination of Corporate Resolution Penalties from 2018 which was intended to avoid “piling on” by prosecutors. The application of this policy should help to bring increased fairness and reduce the outsized penalties and fines.
With respect to the appointment of a compliance monitor or independent consultant, the second edition of the Guide also adds a reference to an updated DOJ pronouncement. In a 2018 memorandum, DOJ provides prosecutors with guidance on matters in which a consultant or monitor should be a required component of a corporate resolution.2
Avoiding Liability—Cooperation is Key
Enforcement authorities have discretion in deciding whether to open an investigation or bring charges under the FCPA. For companies seeking to avoid an enforcement action, the key word is cooperation. The Guide incorporates the FCPA Corporate Enforcement Policy (“CEP”), which was most recently expanded in 2019. Under the CEP, there is a presumption that the DOJ will decline to prosecute companies that voluntarily self-disclose misconduct, fully cooperate during an investigation, and timely remediate identified violations, failures, and weaknesses, unless aggravating circumstances dictate a different approach. The Guide’s anonymized examples of declinations are helpful in explaining how particular circumstances are likely to be treated.
In many other countries, good compliance operates as a defense to liability, strongly incentivizing companies to act amenably. However in the US, neither DOJ nor the SEC view a good compliance system and adherence to those compliance processes as a shield to corporate liability. Instead, even in cases where there is a non-prosecution or deferred prosecution agreement with the government, companies typically are still required to pay disgorgement to the SEC along with a monetary penalty or fine to DOJ. While there is no similar pronouncement reference for the SEC’s practice, the updated Guide illustrates that both DOJ and the SEC will evaluate the “[q]uality of the company’s compliance program at the time of the misconduct” as well as “whether the company’s current compliance program has been fully implemented and tested.” This is helpful guidance in that companies can potentially avoid a costly monitor by improving its compliance processes in response to concerns and discovered misconduct.
Enforcement in the M&A Space and Successor Liability
Another hot area of FCPA enforcement is the Mergers and Acquisitions space. The Guide recognizes that companies undergoing a merger or acquisition may uncover potential foreign bribery either pre-merger in the diligence process, or post-merger when information not previously disclosed comes to light. It acknowledges the difficulty in fully vetting a target company and cites the “potential benefits of corporate mergers,” such as when the acquiring entity has a robust compliance program in place and implements that program as quickly as practicable at the merged or acquired entity. Cooperation is rewarded here, too. The Guide states that “an acquiring company that voluntarily discloses misconduct may be eligible for a declination, even if aggravating circumstances existed as to the acquired entity.”
The Takeaway
Under the current administration, FCPA enforcement is up, and we believe it will continue to remain a top priority for SEC and DOJ officials. This is true despite the fact that enforcement actions as a whole are down. Accordingly, compliance with the FCPA is a key part of any company’s risk mitigation portfolio, and the updated Guide is a valuable tool in navigating those efforts. This alert covers just a few of the considerations companies should focus on and businesses are encouraged to consult experienced counsel when navigating complex FCPA matters.
If you have any questions about your organization’s compliance with the FCPA, contact a member of our FCPA team below. Haynes Boone lawyers regularly represent clients in internal investigations and criminal and civil proceedings brought by the SEC and the DOJ for alleged violations of the FCPA. Additionally, we assist clients in the implementation and review of anti-corruption compliance programs, including internal corporate training, third-party due diligence, financial controls, and other risk mitigation measures. We also counsel buyers and sellers in mergers or acquisitions including performing due diligence, resolving FCPA issues and implementing risk mitigation measures.
Additional information on how we can help you may be found at our Foreign Corrupt Practices Act group page.
1Justice Manual § 9-27.000, https://www.justice.gov/jm/jm-9-27000-principles-federal-prosecution; Justice Manual § 9-28.000, www.justice.gov/usam/usam-9-28000-principles-federal-prosecution-business-organizations.
2Brian A. Benczkowski, US Dep’t of Justice, Selection and Use of Monitors in Deferred Prosecution Agreements and Non-Prosecution Agreements with Corporations (2018), https://www.justice.gov/criminal-fraud/file/1100366/download.