FCPA enforcement trends and compliance program best practices

* Any views expressed in this article are those of the author and not of Thomson Reuters Foundation.

On January 18, 2011, as part of the US Department of Justice's (DOJ's) first foreign bribery investigation making use of undercover federal agents and investigative tactics more commonly reserved for organized crime, 22 executives and employees of companies in the law enforcement and military equipment industries were arrested for violation of the Foreign Corrupt Practices Act (FCPA). The defendants were charged with engaging in a conspiracy to bribe a minister of defense in an unspecified country in Africa to secure contracts to provide military and other law enforcement supplies to the country's presidential guard. Not two months earlier, assistant attorney general, Lanny Breuer, in an effort to debunk a long-held belief that FCPA enforcement actions result largely from companies' voluntary disclosures and whistleblowers, cautioned that while many FCPA cases come to the DOJ through self-disclosure, the majority of its cases "are the result of proactive investigations." Viewing the recent sting operation as evidence of the DOJ's intensified focus on ferreting out foreign bribery and willingness to employ aggressive tactics, many commentators have warned company executives that FCPA cases cannot be viewed as limited to investigations of allegations by whistleblowers, competitors or disgruntled employees. Complinet spoke with Amy Lamoureux Riella, a partner in the Washington, DC, office of the law firm Vinson & Elkins LLP, about the significance of this federal case. She explained that, given the unusual level of resources and coordination of government agencies involved in the FCPA sting, this case should be an eye-opener for firms conducting foreign business. As to whether companies should expect these techniques to be used regularly to investigate and prosecute FCPA matters, she gave a "qualified maybe." Although there can be little doubt of the DOJ's willingness to deploy dedicated resources in matters involving large scale conspiracies, including making use of the special agents in the newly expanded FBI unit dedicated to anti-corruption, limited availability of such resources make this type of coordinated and far-reaching investigation unlikely for all varieties of FCPA matters. Moreover, she explained that in the FCPA context, "success breeds success," and other avenues of DOJ inquiry have proven equally successful for identifying and prosecuting FCPA violations. In the Panalpina investigation, for example, after an initial voluntary disclosure by one Panalpina company, US authorities sent inquiries to several of Panalpina's customers, demanding information and sparking an industry-wide investigation. This tactic, a hybrid of voluntary disclosures and coordinated demands, proved successful and resulted in significant settlements being reached in November 2010, allowing the DOJ to conserve its resources by relying largely on the companies themselves to present the required information. Riella explained that similar tactics are being used in the FCPA investigations involving large pharmaceutical companies. The availability of adequate resources remains a prevalent issue for US enforcement authorities. As this article goes to press, reports indicate there are more than a hundred open FCPA investigations, counter-balanced by numerous open government positions that don't have the funding needed to fill them. The ground floor has been laid in terms of reform efforts in the financial services realm (with the Dodd-Frank Wall Street Reform and Consumer Protection Act, among other measures), but some of the day-to-day enforcement action items, such as monitoring customs payments and the payment of gifts, might lack the manpower needed to be effective. This same may be true with the eventual enforcement of the new UK Bribery Act (Bribery Act, UK Act) – the United Kingdom's version of our FCPA law – which covers a potentially broader swath of activity and has wider extraterritorial jurisdiction than the FCPA. Most recently, amid significant pressure from companies that will be subject to the Act, the UK Ministry announced the delay in the implementation of the law. Not one week later, it was announced that the head of the Anti-Corruption and Proceeds of Crime Unit of the Serious Fraud Office (SFO), the UK enforcement body charged with prosecuting foreign bribery, as well as the head of SFO policy -- a Bribery Act specialist -- would leave to join prominent US law firms. UK commentators began reporting that the UK government was considering plans to replace the SFO as the primary enforcement body in favor of a new national crime agency that would subsume the SFO and include units similar to the FBI. It remains to be seen how the UK government will enforce the Bribery Act. On its face, the current version of the Act is far-reaching. While the FCPA focuses on US registrants, the broader language of the Bribery Act includes any company that conducts business in the UK, both private and public. The UK Act also increases the number of potential transactions at issue by including all transactions involving a bribe; here, the FCPA exclusively targets bribery of foreign government officials, whereas the UK Act includes conduct involving private citizens, akin to US commercial bribery. The Bribery Act prohibits the making, promising or offering of a bribe, which is similar to the FCPA, but it also prohibits the acceptance or request of a bribe. The Bribery Act has an extraterritorial application, whereby a bribe anywhere in the world is not required to be approved or paid through the UK branch of the company for the law to apply. Regardless of what and how many resources the UK government dedicates to enforcing the UK Act, US companies with UK business (and those that employ UK citizens and residents) will be responsible for complying with not only the aggressively prosecuted FCPA, but the Bribery Act as well. To this end, these US companies will have to revise their FCPA compliance programs and take into account the Bribery Act's broader provisions. The message that compliance officers, general counsel and outside lawyers are impressing upon management regimes in companies with international operations is to evaluate existing processes and educate personnel in an effort to change that which has become commonly accepted practices. These practices include providing entertainment and meals to foreign business associates and permitting facilitation payments, both of which are at issue under the terms of the new UK Act. Implementing comprehensive reporting mechanisms remains paramount to detecting early and consistently any would-be violations of the FCPA or the UK Bribery Act and to assuring that a high-level of transparency exists at all levels of operations. As Riella stated: "Companies need to look at their existing compliance programs now and to assure that appropriate training is aimed at all levels – from top management down the line to third-party consultants/contractors – so everyone understands what actions could give rise to FCPA and to UK Bribery Act violations and should be reported to company management. And it is not enough simply to have a compliance program that looks good on paper. Companies need to test their existing policies regularly, engaging your in-house compliance and audit teams fully, to ensure that the policies are well-understood at all levels of company, are followed, and remain effective." Although there remains some question about what constitutes "adequate compliance procedures" for the purpose of the UK Act, on the US enforcement side, there should be little doubt of the components that make for an effective compliance program, the demonstration of which can help companies to minimize potential penalties in the event an enforcement action is pursued. When he was asked about the impact of the African Sting case at a National Forum on the FCPA in 2009, Breuer noted that effective, internal investigations by companies and tips from whistleblowers will be incredibly important in combating FCPA crimes. Many FCPA cases are decided short of trial, and penalties imposed as part of a deferred or non-prosecution agreement may be lessened where companies can show that they have taken immediate steps to remediate any deficiencies in their compliance program and reporting mechanisms, have voluntarily disclosed information pertinent to the investigation of all charges, and have demonstrated exceptional cooperation in the federal investigation of the case. Breuer remarked: "I strongly urge any corporation that discovers an FCPA violation to seriously consider making a voluntary disclosure and always to cooperate with the [DOJ]. The Sentencing Guidelines and the Principles of Federal Prosecution of Business Organizations obviously encourage such conduct, and the Department has repeatedly stated that a company will receive meaningful credit for that disclosure and that cooperation." Such efforts proved successful for Global Industries, Ltd., one of the Panalpina-customer companies investigated as part of the Panalpina investigation. Represented by the lawyers of Vinson & Elkins, Global was able to avoid prosecution by showing how promptly and effectively the company addressed issues detected by its long-standing compliance program and by cooperating with the DOJ and SEC in their investigations. Mary Shaddock Jones, assistant general counsel and director of Compliance for Global Industries, spoke to Thomson Reuters about why Global Industries was able to avoid prosecution last year by demonstrating that it had implemented an effective FCPA compliance program, even before federal authorities began investigating and FCPA allegations had been brought. "We could offer up historical evidence of how we had mandatory FCPA training and clear-cut FCPA policies and procedures that dated back to the year 2000," Jones said. "The language in our contracts had FCPA verbiage in them, and our trainings of employees that could interface with foreign government officials and entities was performed in-person, in the first language of the person receiving it, and with the goal of each trainee understanding the practical application and implications of the law." As she noted, Global Industries also cooperated promptly with the authorities, offering full review of its policies and procedures. The company identified the FCPA issues early on, and took its own, prompt actions to stop any questionable payments before receiving any inquiry from US authorities, and implemented additional, future controls to assure that such issues could be readily identified and averted in the future. Numerous other companies involved in the three-year Panalpina investigation were not as successful. On November 4, 2010, Panalpina and six of its customers entered into deferred and non-prosecution agreements agreeing to pay a total of $236.5m in fines and penalties. Like more than 90 percent of the FCPA settlement agreements imposed in the last several years, the Panalpina agreements included compliance requirements that are understood to represent the components of today's best practices in the FCPA arena. These components include: maintaining a clear, written policy against violations of the FCPA and applicable foreign law, including the Bribery Act; ensuring that senior management strongly, explicitly and visibly support these policies; having standards and procedures, applicable to company and third parties, that pertain to gifts, entertainment, travel, political contributions, charitable donations, facilitation payments, and solicitation and extortion; developing standards after a risk-based assessment that accounts for location, interaction with foreign officials, industry sectors, involvement in joint ventures, licensing and permitting, degree of governmental oversight, significance of goods and personnel clearing through customs and immigration; reviewing and updating such standards and procedures not less than annually; designating at least one senior executive who reports to the Board to oversee the program; ensuring that financial and accounting procedures are designed to produce accurate books and records and that they cannot be used for foreign bribery or its concealment; designing periodic training and require certification for all directors, officers, employees, and, where appropriate, business partners and agents to ensure communication of the policies and procedures; implementing a process for providing guidance to agents on anti-corruption policy violations; instituting disciplinary procedures that address anti-corruption policy violations; performing due diligence on agents and business partners; including standard anti-corruption compliance provisions in any agreements with third parties; and conducting periodic reviews and testing of anti-corruption policies and procedures. As we look to the future, it remains important for companies to evaluate and enhance their existing compliance programs to remain current not only with "best practices" standards, but also today's changing compliance requirements, whether as a result of the new UK Act, or other global anti-corruption initiatives. Renewed training and regular testing of the company's reporting mechanisms and compliance processes are important facets of meeting the objectives of the FCPA and similar global anti-corruption regulations. With US enforcement authorities' recent scrutiny in industries not commonly perceived as FCPA enforcement targets, such as the pharmaceutical, financial and private equity sectors, now is the time for companies in a wide-range of industries to revisit and reevaluate their compliance programs.