Foreign Corrupt Practices Act (FCPA) Compliance
The Foreign Corrupt Practices Act (FCPA) is a broad but widely misunderstood statute that underlies numerous federal investigations each year. If your company is engaged in (or preparing to engage in) any transaction with FCPA implications, compliance needs to be a top priority.
For companies with overseas operations and foreign interests, the importance FCPA compliance cannot be overstated. Enforced by the U.S. Department of Justice (DOJ) and the U.S. Securities and Exchange Commission (SEC), the FCPA applies to a broad range of corporate and commercial transactions, and companies’ compliance obligations extend to their accounting and disclosure practices as well. While many company owners and executives assume that the FCPA is not a concern due to their efforts to avoid any transactions that might appear “corrupt,” the statute’s broad applicability means that companies can face exposure under a wide variety of different scenarios commonly falling under FCPA compliance in general, and which may result in requiring FCPA lawyers.
As originally enacted, the FCPA applies to transactions between U.S. companies and foreign government officials. However, amendments to the statute have significantly expanded its scope to foreign entities engaging in “corrupt” transactions within U.S. borders. As summarized by the DOJ:
“Since 1977, the anti-bribery provisions of the FCPA have applied to all U.S. persons and certain foreign issuers of securities. With the enactment of certain amendments in 1998, the anti-bribery provisions of the FCPA now also apply to foreign firms and persons who cause, directly or through agents, an act in furtherance of such a corrupt payment to take place within the territory of the United States.
“The FCPA also requires companies whose securities are listed in the United States to meet its accounting provisions. . . . These accounting provisions, which were designed to operate in tandem with the anti-bribery provisions of the FCPA, require corporations . . . to (a) make and keep books and records that accurately and fairly reflect the transactions of the corporation and (b) devise and maintain an adequate system of internal accounting controls.”
The SEC further explains:
“The [FCPA] generally prohibits the payment of bribes to foreign officials to assist in obtaining or retaining business. The FCPA can apply to prohibited conduct anywhere in the world and extends to publicly traded companies and their officers, directors, employees, stockholders, and agents. . . .
“The FCPA also requires issuers to maintain accurate books and records and have a system of internal controls sufficient to, among other things, provide reasonable assurances that transactions are executed and assets are accessed and accounted for in accordance with management’s authorization.”
What Does it Take to Be FCPA Compliant?
With the scope of the FCPA in mind, what does it take for a company to be FCPA compliant? Specifically, when is compliance required, and what are the steps involved in avoiding unwanted scrutiny from the DOJ and SEC?
1. Determining Whether the FCPA Applies to Your Company
The first step toward making informed decisions about FCPA compliance is to determine whether compliance is necessary. As explained in the FCPA Resource Guide jointly published by the DOJ’s Criminal Division and the Enforcement Division of the SEC, the FCPA applies to three types of entities, or “persons”:
- “Issuers” – A company qualifies as an “issuer” under the FCPA if it either (i) is listed on a U.S. stock exchange, or (ii) is required to file SEC reports as a result of over-the-counter trading activity.
- “Domestic Concerns” – A “domestic concern” is any individual or business entity that has its principal place of business in the United States or that is organized under U.S. federal or state law.
- Certain Other Persons in the U.S. – The FCPA also applies to any foreign individual or entity that “engage[s] in any act in furtherance of a corrupt payment (or an offer, promise, or authorization to pay) while in the territory of the United States.”
2. Determining Whether Transactions Raise FCPA Implications
For entities that fall within the FCPA’s jurisdiction, the next question that needs to be answered is whether a particular transaction raises FCPA implications. As explained in the DOJ’s and SEC’s FCPA Resource Guide, “[t]he FCPA applies only to payments intended to induce or influence a foreign official to use his or her position ‘in order to assist . . . in obtaining or retaining business for or with, or directing business to, any person.’ This requirement is known as the ‘business purpose test’ and is broadly interpreted.”
Examples of transactions that may trigger FCPA enforcement under the “business purpose test” include unlawful payments made in order to:
- Obtain or retain government contracts
- Secure favorable tax treatment
- Eliminate customs duties or circumvent regulatory requirements
- Prevent competitors from entering the market
- Win a contract, gain access to non-public bid information, or otherwise influence the procurement process
- Influence the outcome of legislative, regulatory, or judicial proceedings
While a bribe can involve a monetary payment, the FCPA applies to transactions involving “anything of value.” Travel, meals, event tickets, physical gifts, “free” access to venues and benefits, securities, and loans are all examples of items of value that can trigger FCPA enforcement. In several cases, the DOJ and SEC have re-classified payments structured as commissions and consulting fees as unlawful bribes that violated the FCPA.
3. Establishing Policies, Procedures and a Top-Down Culture of Compliance
As you can see, the FCPA is very broad in its scope, and virtually any transaction involving a foreign official has the potential to trigger DOJ and/or SEC scrutiny. As a result, companies that have overseas dealings need to proactively adopt FCPA compliance programs that are designed to ensure that executives and personnel at all levels of the organization avoid making and accepting offers that have the potential to lead to civil or criminal enforcement. An effective FCPA compliance program should generally consist of:
Documented FCPA Compliance Policies and Procedures
In order to establish compliance, companies must adopt standalone FCPA compliance policies and procedures. Just as important as establishing compliance, if not more important in certain respects, implementing effective FCPA compliance documentation will also help to prove good-faith compliance efforts and overcome any allegations of willful non-compliance in the event of a DOJ or SEC investigation.
A “Top Down” Approach to Developing a Culture of Compliance
Emphasis on the importance of FCPA compliance should come from the top down. Communications should be drafted and disseminated in order to demonstrate this top-down approach, and companies should take additional measures to develop and promote a culture of compliance.
Organization-Wide FCPA Compliance Training
Developing a culture of compliance (and demonstrating compliance to the DOJ and SEC) also requires organization-wide FCPA compliance training. Training programs should be custom-tailored to your company’s specific business operations and individual employees’ roles in ensuring compliance in foreign transactions. This is true with regard not only to board members, executives, and other high-level personnel, but also any other employees who might potentially be involved in communications with foreign officials, “intermediaries,” or other third parties.
Third-Party Contract FCPA Compliance Review, Remedies, and Enforcement
When dealing with third parties in connection with foreign investments and other transactions, a key aspect of FCPA compliance involves ensuring that these third parties are committed to compliance as well. While companies can – and should – include warranties, indemnification clauses, and other provisions in their agreements that apportion liability for statutory violations appropriately, it may also be necessary to conduct (and document) due diligence in order to determine whether third parties have adequate compliance policies and protocols in place.
Internal Transactional and Accounting Controls
Any time there is a potential risk of payments being made in violation of the FCPA, companies must implement internal transactional and accounting controls that are designed to both (i) prevent illegal payments whenever possible, and (ii) identify unlawful transactions as soon as possible after they are made. In addition to developing and implementing internal compliance policies and procedures, our attorneys can assist with the establishment of these types of controls as well.
Internal Audits and Investigations
Similar to other corporate compliance efforts, an effective FCPA compliance program will also include internal auditing protocols and procedures for promptly conducting appropriate internal investigations. In the event that an audit or investigation reveals a potential FCPA violation, remedial action must be taken immediately. What is necessary in terms of remedial action will be highly dependent upon the specific facts and circumstances involved.
DOJ and SEC Investigation Preparedness
Finally, an FCPA compliance program should include an immediate action plan for responding to a DOJ or SEC investigation. From whistleblower complaints to questions about the contents of companies’ public filings, FCPA investigations can have several potential triggers. Determining what triggered an investigation is an important early step toward executing a successful defense, and this will typically involve making contact with the federal agents who are handling the inquiry. While there are steps that company leadership and personnel can (and should) take immediately, all communications with the DOJ and SEC should be handled by the company’s FCPA compliance counsel.
Contact the FCPA Compliance Lawyers at Oberheiden, P.C.
If you need more information about FCPA compliance or responding to a DOJ or SEC investigation, we encourage you to get in touch. To speak with one of our FCPA compliance lawyers in confidence, call 888-680-1745 or send us a message online now.