The comprehensive discussions in the guide cover, amongst other things:
- gifts, travel and entertainment expenses
- the definition of a foreign official, a department, an agency or an instrumentality of a foreign government
- successor and parent-subsidiary liability
- factors in what the SEC and DOJ consider as an effective compliance programme
- whistleblower provisions and protections.
The resource guide attempts to answer the questions raised in the letter sent to the DOJ by the United States Chamber Institute for Legal Reform (ILR), which detailed areas they believe the guidance should cover, including the definition of an “‘instrumentality”. The guide explains that an instrumentality of a foreign government is not likely to include those entities which are not majority state-owned (i.e. 50 percent or more). It was clarified, however, that there has been an instance where an instrumentality included an entity that was 43 percent owned by the Malaysian Ministry of Finance, as the Ministry had veto power over the company on its major expenses and operational decisions. The key principals of the company were also political appointees. Therefore, just because a third party is not 50 percent owned by the government does not mean it is not an “instrumentality” under the Act; due diligence must be conducted to find out the level of control the government has over that third party.
Gifts, travel and entertainment
What is allowed?
The DOJ and SEC explained that gifts of nominal value and tokens of “esteem or gratitude” are not items which would result in enforcement actions, citing examples such as cab fares and reasonable meal and entertainment expenses. In addition, the guide clarifies that promotional items, such as free snacks at a trade show, never formed the basis of an enforcement action.
The guide gave a hypothetical scenario, where international business-class airfares were provided to senior officials as part of a trip to inspect the company’s overseas facilities. The company also paid for the hotel, a moderately-priced dinner, a baseball game and a play. None of these actions were in violation of the FCPA, as the travel and expenses were all reasonable and bona fide.
What is not allowed?
In the same hypothetical, if the company paid for the senior officials and their spouses to travel first-class to a location where there were none of the company’s facilities, this would constitute as a violation of the FCPA. The trip would be extravagant, and not designed for a business purpose.
Examples of other improper entertainment expenses include US$10,000 on entertainment, dinners and drinks for a government official, and paying bills and airline tickets for the cousin of a foreign official.
These examples tell us that the content and the purpose of trips and entertainment are underlying considerations. Appropriate marketing activities are permitted, as the DOJ and SEC understands these are unlikely to influence a decision. Accurate recording of these expenses suggests that a company has adequate internal controls and procedures.
The guide clarifies that charitable donations are not prohibited, but it specifies that they must not be used as a façade used to bribe government officials. To help determine whether donations could violate the FCPA, the guide proposes five questions to consider:
- What is the purpose of the payment?
- Is the payment consistent with the company’s internal guidelines on charitable gift giving?
- Is the payment at the request of a foreign official?
- Is a foreign official associated with the charity and, if so, can the foreign official make decisions regarding your business in that country?
- Is the payment conditioned upon receiving business or other benefits?
The guide does not give a specific set of controls for businesses to follow to avoid violating the FCPA, as this is particular to each business’s circumstances. What the guide does say is that internal controls should not just include a financial-reporting procedure, but also an effective compliance programme which considers risks and operations of a company, including the products and services being offered, the level of government interaction and the level of regulation. This would differ between a financial-services firm and a manufacturer, according to the guide. Inadequate internal controls will give rise to the risk of corruption and bribery, thus violating the FCPA.
It is also necessary to have a good risk-assessment programme in place. The guide explains that a weak compliance programme focuses on monitoring nominal value gifts rather than large government bids and other excessive payments made to third parties. Although controls should be implemented for all gifts and expenses, those which are larger than usual warrant closer monitoring. The nature of payments should be recorded accurately in a company’s books.
The guide highlights that the FCPA is not the only relevant provision which can be used to prosecute a company in its third party dealings. The Arms Export Control Act (AECA) and the International Traffic in Arms Regulations (ITAR) were cited in Chapter 4 of the guide, explaining that registration and reporting of defence articles must be done with the Directorate of Defense Trade Controls, including the reporting of any fees and commission. Both civil and criminal penalties can arise when these two laws are violated.
Defences and declinations
Not much is provided in the resource guide on defences besides explaining the two existing affirmative FCPA defences – the local law defense and the reasonable and bona fide business expenditure defense – and providing situations where the DOJ has not prosecuted a company. No reference was made regarding implementing a highly-demanded “adequate procedures” defence such as that which exists under the UK Bribery Act.
The DOJ provided examples of when they have not prosecuted companies for violating the FCPA, and these examples show several factors which the DOJ takes into consideration, including:
- voluntary disclosure of the misconduct
- conducting an internal investigation as soon as the breach was discovered
- terminating the employees and third parties who were involved
- moving forward with an improved compliance programme and training.
The FCPA requires a “prevention is better than cure” approach. Terminating misconduct and self-disclosing it to the DOJ and SEC is important, but it is also crucial to have long-term strategies such as enhancing the current compliance structure and conducting training to employees. A culture of commitment and setting the tone on integrity prevents the risk of the improper conduct happening again.
The guide uses a hypothetical scenario to show that the DOJ and SEC have no jurisdiction to prosecute an acquiring company for a target company’s misconduct before an acquisition if that target company was not an issuer or a domestic concern. It was also explained that in many instances the DOJ and SEC have not enforced action against acquiring companies who self-disclose the conduct of a target company and do so in a timely manner. Two tips were given on successor liability:
- Request a merger and acquisition Opinion Procedure Release
- Conduct merger and acquisition risk-based FCPA due diligence.
An effective compliance programme
With regards to having an effective compliance programme, the document warns that there is no “one-size-fits-all” programme, and simply checking boxes “may be inefficient and, more importantly, ineffective”. Compliance programmes should be tailored to each business according to their risks and requirements. Commitment from senior management was noted to be one of the hallmarks of an effective corporate compliance programme, and this commitment should cascade down to the whole organisation. In addition, the DOJ and SEC reiterated that third party due diligence is important, and on-going monitoring should be carried out to mitigate risk.
Lanny Breuer has stated that “The guide is an important illustration of our transparency and a useful reference for companies and individuals who wish to act responsibly and in compliance with the law.”
It is important to note that this resource guide is non-binding, and can be used by beginners who are not too knowledgeable about the FCPA as well as more-experienced compliance personnel who are looking for more answers. Compliance officers will be expected to know this guidance back to back and advise on any required changes in their company’s compliance infrastructure.
See the full resource guide at http://www.sec.gov/spotlight/fcpa/fcpa-resource-guide.pdf.
A factsheet on the guide can be seen at http://www.justice.gov/iso/opa/resources/85120121114101420662750.pdf.