New US DOJ / SEC guidance on FCPA offers insight into regulators’ expanded enforcement efforts

On Friday, July 2, 2020, the Department of Justice (DOJ) and the Securities and Exchange Commission (SEC) published the second edition of their Resource Guide to the US Foreign Corrupt Practices Act (Guide), which was initially released nearly eight years ago. The Guide serves as a roadmap to Foreign Corrupt Practices Act (FCPA) enforcement by compiling guidance on the FCPA from various sources, including court cases, settlements, DOJ and SEC guidelines, and the US Sentencing Guidelines.

The DOJ and SEC are the two agencies with the authority to enforce the FCPA. By threading together their collective views of the current FCPA landscape into a single document, the Guide provides valuable insight for lawyers, in-house counsel and compliance professionals tasked with minimizing FCPA risk. The latest iteration of the Guide highlights the regulators’ expanding view of the FCPA’s reach over the last eight years. It also spotlights their willingness to strongly incentivize cooperation by corporate entities that face potential FCPA liability, and an emphasis on effective and robust compliance programs (especially those with provisions for internal investigations, risk assessments, and sufficient resources). While many of these updates and shifts in attitude are not surprising to practitioners in this area, this edition of the Guide clearly sets out the government’s position in a manner similar to the DOJ’s recently updated Corporate Enforcement Policy (updated April 2020) and Evaluation of Corporate Compliance Programs (updated June 2020; see our previous update, New US DOJ guidance on corporate compliance programs emphasizes dynamic program design and implementation).

Key takeaways include:

FCPA enforcement casts an increasingly broad net:

• The anti-bribery provisions of the FCPA prohibit payments, offers, or promises made to a foreign official for the purpose of obtaining or retaining business or an unfair business advantage. Prior guidance cursorily noted that payments must meet the “business purpose test” to fall under the scope of the FCPA. The newest version of the Guide expands its description of the “business purpose test,” recognizing that while most FCPA actions involve bribes to directly obtain or retain business, the FCPA also covers a broader array of conduct. This includes bribes paid in connection with conducting business or to gain an unfair business advantage (e.g., obtain a license or reduce taxes obligations). While not a change in substantive law, regulators’ emphasis on non-traditional forms of bribery highlights broader FCPA enforcement efforts.
  
  
  • The Guide also added examples to underscore the DOJ’s and SEC’s expanded view as to what constitutes a “thing of value” under the FCPA. It notes that enforcement actions can focus not only on actions traditionally viewed as bribery, such as large payments and extravagant gifts (sometimes paid through moneychangers or third-party agents), but also small payments and gifts that comprise part of a systematic or long-standing course of conduct to pay foreign officials. It also cited to the DOJ’s and SEC’s pursuit of hiring practices of financial institutions that offered promotions, internships, and jobs to children and other relatives or friends of government officials in the hope of winning government contracts. In other words, the DOJ and SEC are making clear what well-advised companies have known for a while: it is not just bribery in the traditional sense that can cause FCPA problems for companies, but also conduct that might be viewed as acceptable “business as usual” practices, if the purpose of that conduct is to increase the likelihood of obtaining new or additional business.
    
    
• The Guide stresses the DOJ’s and SEC’s robust efforts to enforce the law so long as there is “corrupt” intent. The Guide highlights a recent criminal prosecution by the DOJ in which a commercial real estate broker paid a bribe to an individual who the broker believed to be an emissary of a foreign government official. The broker himself was a victim of fraud by the recipient of the bribe, who never forwarded the bribe to any foreign government official but rather kept the bribe for himself. The DOJ contended that the broker’s criminal intent was sufficient to establish FCPA liability even though the foreign official never received the bribe.

While these examples serve as useful guidance regarding the government’s priorities in this area of the law, FCPA cases are rarely litigated, and some of the examples highlighted in the Guide reflect the DOJ and SEC’s positions, rather than settled law.¹

• The Guide also cites several recent updates to FCPA case law:
  
  
  • Clarity on the statute of limitations for criminal actions. The FCPA does not specify a statute of limitations for criminal enforcement. Instead, general statutes of limitation apply. The previous edition of the Guide noted that the statute of limitations for both the anti-bribery and accounting provisions of the FCPA was five years as set forth in 18 U.S.C. § 3282. The newest edition advises that, though the anti-bribery statute remains five years pursuant to 18 U.S.C. § 3282, the accounting provisions fall within the six-year statute of limitations for securities fraud pursuant to 18 U.S.C. § 3301, which Congress added as part of Dodd-Frank (and which preceded the original Guide). However, the government may be able to reach older conduct (1) in cases involving FCPA conspiracies if it can prove that one act in furtherance of the conspiracy occurred during the limitations period; (2) if a company enters into a tolling agreement with the government; or (3) if the government obtains a court order suspending the statute of limitations while trying to obtain evidence from a foreign country.
    
    
  • Conflict regarding the applicability of the FCPA to certain categories of foreign individuals. In 2018, the Second Circuit in United States v. Hoskins²,  rejected the DOJ’s argument that the FCPA’s anti-bribery provisions applied to individuals even if the individual was not directly covered by the FCPA (i.e., even if the foreign company or individual is not an issuer or domestic concern, and did not commit a reasonably foreseeable overt act  while in the territory of the United States). The Guide makes clear that the DOJ and SEC take a dim view of this decision by noting its limitations, namely, that it is only binding in the Second Circuit, that another circuit has taken a different view, and that it does not apply to the FCPA’s books and records provisions.
    
    
  • Qualifying as an “instrumentality” under the FCPA. The Guide highlights the 2014 decision in United States v. Esquenazi³,  which defined “instrumentality” as “an entity controlled by the government of a foreign country that performs a function the controlling government treats as its own.” The court also created a non-exhaustive list of factors to determine whether the government “controls” the entity and a separate non-exhaustive list of factors for whether the entity performs a function that the government treats as its own. The DOJ and SEC encourage companies to consider these factors when evaluating FCPA risk and designing compliance programs.
    
    

  Encouraging corporate compliance and cooperation:

  • The Guide incorporates the DOJ’s updated April 2020 Corporate Enforcement Policy, which describes circumstances in which a corporate actor would enjoy the presumption of a declination from prosecution (see our previous legal update, DOJ expands on its processes for evaluations of corporate compliance programs). The Guide emphasizes that corporations have enjoyed most favorable treatment under the policy by demonstrating: (1) self-disclosure; (2) a comprehensive investigation; (3) full and timely cooperation with regulators; (4) willingness to pay disgorgement; and (5) compliance program enhancements and remediation, and / or a showing that the current compliance program is effective (more on that below).
    
    
  • The Guide also signals a potential softening in the DOJ’s and SEC’s stance on successor liability. The previous version of the Guide noted that successor liability “prevents companies from avoiding liability by reorganizing.” The Guide now articulates a more nuanced position by explaining that the “DOJ and SEC recognize the potential benefits of corporate mergers and acquisitions, particularly when the acquiring entity has a robust compliance program in place and implements that program as quickly as practicable at the merged or acquired entity.”  Further, the “DOJ and SEC also recognize that, in certain instances, robust pre-acquisition due diligence may not be possible. In such instances, DOJ and SEC will look to the timeliness and thoroughness of the acquiring company’s post-acquisition due diligence and compliance integration efforts. . . . [I]n fact, under the DOJ FCPA Corporate Enforcement Policy, in appropriate cases, an acquiring company that voluntarily discloses misconduct may be eligible for a declination, even if aggravating circumstances existed as to the acquired entity.”
    
    

  Emphasis on robust compliance operations:

  • The 2012 version of the Guide stated that companies should maintain effective anti-corruption compliance programs. The revised edition now incorporates the DOJ’s Evaluation of Corporate Compliance Program, which defines effective compliance programs as ones that are “well-constructed, effectively implemented, appropriately resourced, and consistently enforced.” In addition, the Guide confirms that when considering a company’s culpability and/or penalty, the DOJ and SEC will consider the effectiveness of a corporate compliance program “at the time of the misconduct and at the time of the resolution.” (emphasis added).
    
    
  • The Guide also goes into much greater detail on the hallmarks of an effective compliance program, including new sections on: confidential reporting and internal investigation, periodic testing and review, M&A diligence and integration, and investigation, analysis, and remediation of misconduct. These updates reveal how seriously the DOJ and SEC take a company’s efforts to maintain a robust and effective compliance framework. It is not enough for a company to engage in compliance window-dressing. Importantly, the Guide makes clear that the DOJ and SEC expect a compliance program to be effective. Companies that put forth good efforts, and constantly analyze and work to improve their compliance infrastructures (including after an incident) will likely be met with much more favorable treatment by the enforcement agencies.

Conclusion

The changes to the Guide highlight the DOJ’s and SEC’s ongoing efforts to broaden the scope of conduct that can fall under the FCPA as well their expansive enforcement efforts in this area. While it is important to understand that some of the examples and policies offered in this Guide simply reflect the DOJ’s and the SEC’s positions, rather than settled law, these examples nonetheless provide guidance as to the regulators’ areas of emphasis. Companies should use the Guide to ensure that their compliance programs are up to date, properly focused, and designed to both minimize FCPA risk and provide mechanisms for investigation, disclosure, and remediation if an issue is discovered.

Special thanks to Senior Counsel John Heath for his assistance in preparing this content.