Any company doing business abroad is subject to the long reach of the Foreign Corrupt Practices Act (“FCPA”). Small or privately held companies, just like large or public companies, are subject to the criminal specter of the FCPA. The operative inquiry is whether the company is operating and/or transacting any type of business abroad with the government, government-owned entities, or involving foreign officials—either directly, through joint ventures, or indirectly, through agents. A foreign official also includes employees of entities owned by the government.
Although the FCPA was first enacted in 1977, it was not widely enforced until the turn of this century; since then, the law has resulted in a steady flow of significant corporate settlements. Indeed, in approximately the last two decades, enforcement of the FCPA has increased exponentially, with the second-largest number of enforcement actions having been brought in 2016 (2008 had the greatest number). Before the FCPA, no country considered bribing a foreign official for business purposes to be illegal—it was simply considered a cost of doing business abroad. The United States was the first country to outlaw the practice and recently published a comprehensive resource guide to compliance with the act.
Presently, for companies that are engaged in international business, some of the countries that are considered high risk for FCPA exposure include Mexico, Panama, Russia, China, Ukraine, Brazil, Nigeria, and Lebanon. The following is a primer about FCPA and its basic provisions.
What Is the Foreign Corrupt Practices Act?
The FCPA targets public corruption and fraud in the international marketplace. It does so in two main ways:
1. The FCPA prohibits any U.S. person or entity (including privately held companies), or any issuer of U.S. securities, from making any corrupt payment or offering anything of value to any foreign official for the purposes of obtaining or retaining business, or gaining any improper advantage. The statute covers U.S. companies, citizens, and permanent residents (and their agents) anywhere they act in the world. The act also specifically covers foreign individuals and entities so long as any aspect of the transaction touches U.S. soil.
2. The FCPA requires all companies whose securities are listed on U.S. stock exchanges to maintain accurate accounting records and implement an adequate system of internal controls. This provision of the FCPA is generally referred to as the “book and records” provision and can have a very broad interpretation.
Very importantly, the FCPA ascribes liability to companies both for the actions of its own employees and for any third-party acting on the company’s behalf, as well as individuals involved or authorizing such conduct.
What Is a “Thing of Value?”
A “thing of value” has had an evolving focus. While the initial FCPA violations involved cash and luxurious gifts, more recent cases have reflected an increasing sophistication of the term to include cash equivalents (gift cards); excessive travel and entertainment; loans; political and charitable contributions or donations; and employment, internships, or scholarships. The “thing of value” may be for the benefit of the official directly, but also includes anyone in their family.
What Are Penalties for Violations of the FCPA?
For companies, violations of the FCPA carry hefty financial penalties that amount to hundreds of millions of dollars. In addition to the financial penalties, negotiated settlements with the government typically require the disgorgement of any profits resulting from the unlawful conduct, an agreement to cooperate with government investigations for a period of multiple years, and the implementation of an enhanced compliance program. Companies can also be fined by multiple countries if the conduct violates the other country’s anti-corruption statute. In recent years, the government has also sought to hold individuals accountable for FCPA violations. Accordingly, corporate resolutions of FCPA investigations are now often accompanied by prosecutions of individuals the government considers responsible for corporate wrongdoing.
How Are FCPA Violations Discovered?
FCPA violations are discovered in numerous ways, both inside and outside of the company. Internally, potential FCPA violations can be discovered through the report of a whistleblower to company management or via a report from an internal compliance hotline. Routine business activities, such as the reimbursement of expenditures, can trigger investigations by a company’s compliance or legal department, as can less routine activities such as compliance audits and due diligence related to company acquisitions. The Securities and Exchange Commission (“SEC”) also has a very user-friendly whistleblower website that is available to individuals across the globe. Externally, FCPA investigations can be triggered by whistleblower reports, court filings in lawsuits brought by private plaintiffs, enforcement actions brought by foreign governments, or even by anonymous tips.
Who Enforces the FCPA?
The FCPA is primarily enforced by the U.S. Department of Justice (“DOJ”) (anti-bribery provisions) and the SEC (books and records and internal controls provisions). The DOJ and SEC have increased their concerted efforts to coordinate their investigations with foreign prosecutorial agencies, an initiative that has been enhanced by the proliferation of anti-bribery laws in other countries. Accordingly, many FCPA investigations now expand into multi-lateral prosecutions and investigations.
What Should a Company Do When a Potential Violation Arises?
If a company suspects that a potential FCPA violation has occurred or that it is being investigated by a government agency, it may, in coordination with its legal counsel, consider one or a combination of several steps. These steps may include, for example, the company conducting its own investigation to assess the scope of the alleged wrongdoing; considering a voluntarily disclosure of unlawful conduct to the government; cooperating with a government’s investigation into a specific industry or number of companies; improving its compliance program; and remediating the harm that has resulted from the alleged unlawful conduct.
How Can a Company Protect Itself?
While a given company’s FCPA exposure depends on various factors, including the industry in which the company operates, as well as the countries in which it does business, FCPA compliance programs typically include the following:
- a clear set of policies and procedures regarding anti-corruption compliance;
- a comprehensive training program to educate employees about anti-corruption laws (including the FCPA) applicable to the company’s operations and compliance of such laws; and
- processes for ensuring that appropriate due diligence is undertaken for new hires, including third-party agents, and for the acquisition of any new ventures, particularly with respect to foreign entities.