An Analysis of the DOJ and SEC's Long-Awaited New FCPA Guidance

On Nov. 14, the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) jointly released the long-promised FCPA guidance, entitled “FCPA: A Resource Guide to the U.S. Foreign Corrupt Practices Act” (hereinafter, referred to as the Guide). While the Guide is lengthy and addresses many topics, it is also carefully written in such a manner as to not limit the DOJ and SEC's future ability to broadly interpret the FCPA. Furthermore, there are several areas where hoped-for clarification did not completely materialize.

There are, however, several useful examples and guidance points in the Guide that will assist practitioners and companies in understanding how the FCPA may be interpreted in the future. This article discusses some of the more significant issues that were addressed as well as the ones that were not addressed in as much detail as was hoped.

Definition of 'Foreign Official'

The term “foreign official” is defined as any officer or employee of a foreign government or any department, agency or instrumentality thereof. The phrase “foreign official” has been broadly construed by the United States government to include employees of state-owned entities or state-controlled entities under the theory that these entities are “instrumentalities” of a foreign government. The Guide allows for the expanded definition and explains that whether a particular entity constitutes an “instrumentality” under the FCPA requires a fact-specific analysis of an entity's ownership, control, status and function. The Guide then explains the limited circumstances in which DOJ or SEC enforcement actions have involved foreign officials employed by entities in which a foreign government has less than 50% ownership, i.e., only where the foreign government has “substantial control” over the entity at issue.

The Guide also provides examples of the following relevant factors to be considered in determining whether a representative of a foreign government is a “foreign official”:

1. The degree or extent of ownership or control the foreign state exercises over the entity;
2. How the foreign state characterizes the entity and its employees;
3. The purposes of the entity's activities;
4. The level of financial support by the foreign state;
5. Whether the governmental end or purpose sought to be achieved is expressed in the policies of the foreign government; and
6. Whether there is a general perception that the entity is performing governmental functions.

Accordingly, although some guidance is added, those who were hoping for a “bright-line” rule for determining when a person is a “foreign official” under the FCPA were disappointed.

'Anything of Value'

While the FCPA's anti-bribery provisions prohibit individuals and businesses from bribing foreign government officials with the “payment of money or anything of value,” the statute expressly permits “reasonable and bona fide” expenditures. There has been a great deal of angst in the business community regarding what payments constitute reasonable and bona fide expenditures in the context of travel, entertainment, and gifts.

The Guide provides examples of the types of payments that are improper under the FCPA, such as:

• A $12,000 birthday trip for a government official that included visits to wineries and dinners;
• $10,000 worth of dinner, drinks, and entertainment for a government official;
• A trip to Italy for eight government officials, including $1,000 of pocket money for each official; and
• A trip to Paris for a government official and his wife that consisted primarily of touring activities with a chauffeur-driven vehicle.

Although the FCPA does not have a de minimus monetary threshold, the Guide explains that items of nominal value (such as cab fare or promotional items) are unlikely to trigger liability without an intent to influence a foreign official.

'Facilitating Payments'

The FCPA's bribery prohibition contains a narrow exception for “facilitating or expediting payments” made in furtherance of routine governmental action. The facilitating payments exception applies only when a payment is made to further “routine governmental action” that involves non-discretionary acts. Defining what exactly would constitute “routine government action” has been difficult in practice. The Guide provides a few examples, such as processing visas, providing police protection or mail service, and supplying utilities like phone service, power, and water. It also indicates that routine government action does not include a decision to award new business to, or to continue business with, a particular party.

The Guide explains that whether a payment falls within this exception is not necessarily dependent on the size of the payment, although it notes that size can be telling, as a large payment is more suggestive of corrupt intent to influence a non-routine governmental action. However, the Guide states that the facilitating payments exception focuses on the purpose of the payment rather than its value. An example given in the Guide is of an Oklahoma-based company that violated the FCPA when its subsidiary paid Argentine customs officials approximately $166,000 to secure customs clearance for equipment and materials that lacked required certifications or could not be imported under local law and pay a lower-than-applicable duty rate. Another example is where three subsidiaries of a global supplier of oil drilling products and services were criminally charged with authorizing an agent to make at least 378 corrupt payments (totaling approximately $2.1 million) to Nigerian Customs Service officials for preferential treatment during the customs process, including the reduction or elimination of customs duties.

The Guide also notes that labeling a bribe as a “facilitating payment” in a company's books and records does not make it one. It further warns that although true facilitating payments are not illegal under the FCPA, they may still violate local law in the countries where the company is operating.

However, as the Guide largely just reiterates the examples already set out in the statute and references cases that have already been adjudicated, it provides little additional guidance for companies and practitioners. Many commentators had hoped for more clarification in this area.

Due Diligence on Third Parties

The Guide reiterates that companies will be held liable for the conduct of their third parties, such as agents, consultants, and distributors. The Guide discusses how third parties, including agents, consultants, and distributors, are commonly used to conceal the payment of bribes to foreign officials in international business transactions. It notes that risk-based due diligence is particularly important with third parties and will also be considered by the government in assessing the effectiveness of a company's compliance program.

The Guide lists the following “guiding principles” it believes are applicable to all third-party due diligence:

• A third party's qualifications and associations should be understood, including its business reputation and relationships with foreign officials.
• Companies should have an understanding of the business rationale for including the third party in the transaction, including understanding the role of and need for the third party.
• Companies should undertake some form of ongoing monitoring of third-party relationships, including: 1) documenting that the third party is actually performing the work; 2) exercising audit rights; 3) providing periodic training; and 4) requesting annual compliance certifications.

Therefore, due diligence on third parties is critical for any M&A transaction and as part of a comprehensive compliance program and particular focus should be given to the guiding principles provided by the Guide.

Hallmarks of Effective Compliance Programs

The Guide notes that compliance programs that employ a “check-the-box” approach may be inefficient and, more importantly, ineffective. Although the Guide acknowledges that each compliance program should be tailored to a firm's specific needs, risks, and challenges, it also provides its own list of ten “hallmarks” of effective compliance programs, as follows:

1. Commitment from senior management and a clearly articulated policy against corruption, noting that compliance begins with the board of directors and senior executives setting the proper tone for the rest of the company.
2. A code of conduct and compliance policies and procedures, which it classifies as the foundation upon which an effective compliance program is built.
3. Oversight by a member of senior management with sufficient autonomy and resources to be effective, particularly looking at whether a company has assigned responsibility for the oversight and implementation of a company's compliance program to one or more specific senior executives within an organization.
4. Risk assessment and internal audit procedures, noting that one-size-fits-all compliance programs are generally ill-conceived and ineffective because resources inevitably are spread too thin, with too much focus on low risk markets and transactions to the detriment of high-risk areas.
5. Continuing advice and regular training for both new and current employees and third parties, referencing the fact that compliance policies cannot work unless effectively communicated throughout a company.
6. Enforced disciplinary measures for employees who violate the policy and incentives for employees who follow it, citing the fact that a compliance program should apply from the board room to the supply room ' no one should be beyond its reach.
7. Comprehensive, risk-based due diligence on third parties and transactions.
8. Mechanisms for an organization's employees and others to report suspected or actual misconduct or violations of the company's policies on a confidential basis and without fear of retaliation, and for an effective, comprehensive internal investigation.
9. Updating the compliance policy through periodic testing and review in light of the constant evolution of a company's business changes over time, as well as changes in the environments in which it operates, the nature of its customers, the laws that govern its actions, and the standards of its industry.
10. Pre-acquisition due diligence and post-acquisition integration for mergers and acquisitions.

These “hallmarks” do not necessarily contain any new ideas, but it is helpful for companies to have a list of issues that it knows the government will certainly look for in their compliance programs.

Conclusion

The Guide does not provide much of the clarification that practitioners and firms were hoping for. Nevertheless, it does offer useful insight into which aspects of FCPA compliance and enforcement the DOJ and the SEC consider most significant, and should serve as somewhat of a minimum standard upon which compliance officers can rely. The Guide is clear that if a company has appropriately invested time and energy into creating and enforcing a comprehensive, effective, and tailored compliance program, the government will give that company credit when making its charging decisions. It also reiterates that the SEC and DOJ will continue to be aggressive in FCPA prosecutions against both companies and individuals.

While Assistant Attorney General Lanny Breuer's description of the Guide as “the most comprehensive effort ever undertaken by either the Justice Department or the SEC to explain [their] approach to enforcing a particular statute” may have been an exaggeration, companies should carefully scrutinize the Guide and consider reevaluating their current FCPA compliance programs in light of the new guidance from DOJ and the SEC.

On Nov. 14, the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) jointly released the long-promised FCPA guidance, entitled “FCPA: A Resource Guide to the U.S. Foreign Corrupt Practices Act” (hereinafter, referred to as the Guide). While the Guide is lengthy and addresses many topics, it is also carefully written in such a manner as to not limit the DOJ and SEC's future ability to broadly interpret the FCPA. Furthermore, there are several areas where hoped-for clarification did not completely materialize.

There are, however, several useful examples and guidance points in the Guide that will assist practitioners and companies in understanding how the FCPA may be interpreted in the future. This article discusses some of the more significant issues that were addressed as well as the ones that were not addressed in as much detail as was hoped.

Definition of 'Foreign Official'

The term “foreign official” is defined as any officer or employee of a foreign government or any department, agency or instrumentality thereof. The phrase “foreign official” has been broadly construed by the United States government to include employees of state-owned entities or state-controlled entities under the theory that these entities are “instrumentalities” of a foreign government. The Guide allows for the expanded definition and explains that whether a particular entity constitutes an “instrumentality” under the FCPA requires a fact-specific analysis of an entity's ownership, control, status and function. The Guide then explains the limited circumstances in which DOJ or SEC enforcement actions have involved foreign officials employed by entities in which a foreign government has less than 50% ownership, i.e., only where the foreign government has “substantial control” over the entity at issue.

The Guide also provides examples of the following relevant factors to be considered in determining whether a representative of a foreign government is a “foreign official”:

1. The degree or extent of ownership or control the foreign state exercises over the entity;
2. How the foreign state characterizes the entity and its employees;
3. The purposes of the entity's activities;
4. The level of financial support by the foreign state;
5. Whether the governmental end or purpose sought to be achieved is expressed in the policies of the foreign government; and
6. Whether there is a general perception that the entity is performing governmental functions.

Accordingly, although some guidance is added, those who were hoping for a “bright-line” rule for determining when a person is a “foreign official” under the FCPA were disappointed.

'Anything of Value'

While the FCPA's anti-bribery provisions prohibit individuals and businesses from bribing foreign government officials with the “payment of money or anything of value,” the statute expressly permits “reasonable and bona fide” expenditures. There has been a great deal of angst in the business community regarding what payments constitute reasonable and bona fide expenditures in the context of travel, entertainment, and gifts.

The Guide provides examples of the types of payments that are improper under the FCPA, such as:

• A $12,000 birthday trip for a government official that included visits to wineries and dinners;
• $10,000 worth of dinner, drinks, and entertainment for a government official;
• A trip to Italy for eight government officials, including $1,000 of pocket money for each official; and
• A trip to Paris for a government official and his wife that consisted primarily of touring activities with a chauffeur-driven vehicle.

Although the FCPA does not have a de minimus monetary threshold, the Guide explains that items of nominal value (such as cab fare or promotional items) are unlikely to trigger liability without an intent to influence a foreign official.

'Facilitating Payments'

The FCPA's bribery prohibition contains a narrow exception for “facilitating or expediting payments” made in furtherance of routine governmental action. The facilitating payments exception applies only when a payment is made to further “routine governmental action” that involves non-discretionary acts. Defining what exactly would constitute “routine government action” has been difficult in practice. The Guide provides a few examples, such as processing visas, providing police protection or mail service, and supplying utilities like phone service, power, and water. It also indicates that routine government action does not include a decision to award new business to, or to continue business with, a particular party.

The Guide explains that whether a payment falls within this exception is not necessarily dependent on the size of the payment, although it notes that size can be telling, as a large payment is more suggestive of corrupt intent to influence a non-routine governmental action. However, the Guide states that the facilitating payments exception focuses on the purpose of the payment rather than its value. An example given in the Guide is of an Oklahoma-based company that violated the FCPA when its subsidiary paid Argentine customs officials approximately $166,000 to secure customs clearance for equipment and materials that lacked required certifications or could not be imported under local law and pay a lower-than-applicable duty rate. Another example is where three subsidiaries of a global supplier of oil drilling products and services were criminally charged with authorizing an agent to make at least 378 corrupt payments (totaling approximately $2.1 million) to Nigerian Customs Service officials for preferential treatment during the customs process, including the reduction or elimination of customs duties.

The Guide also notes that labeling a bribe as a “facilitating payment” in a company's books and records does not make it one. It further warns that although true facilitating payments are not illegal under the FCPA, they may still violate local law in the countries where the company is operating.

However, as the Guide largely just reiterates the examples already set out in the statute and references cases that have already been adjudicated, it provides little additional guidance for companies and practitioners. Many commentators had hoped for more clarification in this area.

Due Diligence on Third Parties

The Guide reiterates that companies will be held liable for the conduct of their third parties, such as agents, consultants, and distributors. The Guide discusses how third parties, including agents, consultants, and distributors, are commonly used to conceal the payment of bribes to foreign officials in international business transactions. It notes that risk-based due diligence is particularly important with third parties and will also be considered by the government in assessing the effectiveness of a company's compliance program.

The Guide lists the following “guiding principles” it believes are applicable to all third-party due diligence:

• A third party's qualifications and associations should be understood, including its business reputation and relationships with foreign officials.
• Companies should have an understanding of the business rationale for including the third party in the transaction, including understanding the role of and need for the third party.
• Companies should undertake some form of ongoing monitoring of third-party relationships, including: 1) documenting that the third party is actually performing the work; 2) exercising audit rights; 3) providing periodic training; and 4) requesting annual compliance certifications.

Therefore, due diligence on third parties is critical for any M&A transaction and as part of a comprehensive compliance program and particular focus should be given to the guiding principles provided by the Guide.

Hallmarks of Effective Compliance Programs

The Guide notes that compliance programs that employ a “check-the-box” approach may be inefficient and, more importantly, ineffective. Although the Guide acknowledges that each compliance program should be tailored to a firm's specific needs, risks, and challenges, it also provides its own list of ten “hallmarks” of effective compliance programs, as follows:

1. Commitment from senior management and a clearly articulated policy against corruption, noting that compliance begins with the board of directors and senior executives setting the proper tone for the rest of the company.
2. A code of conduct and compliance policies and procedures, which it classifies as the foundation upon which an effective compliance program is built.
3. Oversight by a member of senior management with sufficient autonomy and resources to be effective, particularly looking at whether a company has assigned responsibility for the oversight and implementation of a company's compliance program to one or more specific senior executives within an organization.
4. Risk assessment and internal audit procedures, noting that one-size-fits-all compliance programs are generally ill-conceived and ineffective because resources inevitably are spread too thin, with too much focus on low risk markets and transactions to the detriment of high-risk areas.
5. Continuing advice and regular training for both new and current employees and third parties, referencing the fact that compliance policies cannot work unless effectively communicated throughout a company.
6. Enforced disciplinary measures for employees who violate the policy and incentives for employees who follow it, citing the fact that a compliance program should apply from the board room to the supply room ' no one should be beyond its reach.
7. Comprehensive, risk-based due diligence on third parties and transactions.
8. Mechanisms for an organization's employees and others to report suspected or actual misconduct or violations of the company's policies on a confidential basis and without fear of retaliation, and for an effective, comprehensive internal investigation.
9. Updating the compliance policy through periodic testing and review in light of the constant evolution of a company's business changes over time, as well as changes in the environments in which it operates, the nature of its customers, the laws that govern its actions, and the standards of its industry.
10. Pre-acquisition due diligence and post-acquisition integration for mergers and acquisitions.

These “hallmarks” do not necessarily contain any new ideas, but it is helpful for companies to have a list of issues that it knows the government will certainly look for in their compliance programs.

Conclusion

The Guide does not provide much of the clarification that practitioners and firms were hoping for. Nevertheless, it does offer useful insight into which aspects of FCPA compliance and enforcement the DOJ and the SEC consider most significant, and should serve as somewhat of a minimum standard upon which compliance officers can rely. The Guide is clear that if a company has appropriately invested time and energy into creating and enforcing a comprehensive, effective, and tailored compliance program, the government will give that company credit when making its charging decisions. It also reiterates that the SEC and DOJ will continue to be aggressive in FCPA prosecutions against both companies and individuals.

While Assistant Attorney General Lanny Breuer's description of the Guide as “the most comprehensive effort ever undertaken by either the Justice Department or the SEC to explain [their] approach to enforcing a particular statute” may have been an exaggeration, companies should carefully scrutinize the Guide and consider reevaluating their current FCPA compliance programs in light of the new guidance from DOJ and the SEC.