FCPA is here to stay, now here's how to comply

The long awaited Resource Guide to the U.S Foreign Corrupt Practices Act was released on Nov. 14, by the U.S. Department of Justice and U.S. Securities and Exchange Commission. The Resource Guide serves as a useful compendium of established guidance regarding the Government's enforcement of the FCPA and its applicability to businesses of all sizes and shapes, but it provides few surprises for those counsel and compliance officers who are experienced in the Foreign Corrupt Practices Act practice.

Overall, the Resource Guide offers a helpful summary of the Government's interpretation of the various components of the FCPA, establishes some clearer boundaries on the types of behavior permitted, and provides helpful fact-based examples of the Government's expectations regarding appropriate business conduct. Nonetheless, the Resource Guide clearly reinforces the thought that many of these FCPA issues are fact-based, that there is no clear line in defining what constitutes a transgression or lawful behavior, and that U.S. companies will continue to struggle to incorporate all aspects of the FCPA in conducting themselves internationally.

Investment companies including private equity and venture capital firms and small to medium businesses should especially take note. The Resource Guide reaffirms that all businesses, no matter how small, need to be aware of and comply with the FCPA. It is therefore essential that companies establish FCPA compliance programs and be acutely aware of potential FCPA risks. In addition, when evaluating potential investments and M&A opportunities, investment firms need to examine target companies' FCPA compliance programs and potential for FCPA exposure. As the Resource Guide repeatedly notes, failure to implement adequate compliance programs or to properly address FCPA exposure can drastically decrease the potential value of a company to a potential acquirer or investor, especially given the Government's expansive jurisdiction and the high costs associated with a potential investigation. Guide at 28.

Jurisdictional Issues

The Resource Guide confirms that the Government expansively interprets its jurisdiction under the FCPA. For instance, the Guide clarifies that virtually any activity taken by a business - such as placing a phone call or sending a mere email "from, to, or through the United States" (emphasis added) - will likely satisfy the interstate commerce requirement of the statute. Guide at 11.

Perhaps more importantly, the Resource Guide expressly states that the Government will pursue enforcement actions under the theories of agency and respondeat superior against parent companies for actions taken by foreign subsidiaries and/or foreign employees. While the Government acknowledges that the degree of control exercised by the parent company over the subsidiary (or joint venture) is a factor in determining agency, the Resource Guide offers little clarity as to when a foreign subsidiary or minority-owned joint venture can be considered to be the "agent" of a U.S. company for the purposes of the FCPA. Thus, the acts of a foreign employee of a foreign subsidiary or joint venture, even if occurring wholly outside of the United States, may still lead to liability for the parent company, even where the parent may have limited knowledge of the activity at issue.

This is an expansive take on jurisdiction by the Government and emphasizes the importance of ensuring that parent companies implement robust compliance programs and controls at all subsidiaries, joint ventures, and other entities in which they have a majority interest, and use "best efforts" to do so in entities in which they have a minority or even slight ownership interest.

The Resource Guide does provide some comfort for companies with respect to mergers and acquisitions of foreign companies. The Guide makes clear that the Government does not have jurisdiction to prosecute a foreign company's pre-acquisition misconduct where the foreign company was not independently subject to U.S. jurisdiction. This pronouncement is helpful and clarifies enforcement policy, while emphasizing the need for pre-acquisition due diligence and for companies to ensure that pre-acquisition misconduct does not continue after an acquisition. Guide at 31-32.

Due Diligence

The Resource Guide highlights the Government's focus on proper due diligence regarding third parties and prior to mergers and acquisitions. The DOJ and SEC strongly consider a company's risk-based due diligence in assessing the adequacy of a company's compliance program. Guide at 60.

Although the Guide does not differ from previous pronouncements from the DOJ and SEC, it does offer a helpful summary of what the Government expects from companies in this area.

The Guide lists three "guiding principles" for conducting third-party due diligence:

Diligence should explore the qualifications and associations of its third-party partners, which includes a third party's reputation and relationship with foreign officials;

The company should understand the business rationale for engaging the third party. This includes a review of the underlying contract to ensure that the payment terms appropriately describe the services to be provided; and

The company should monitor the third-party relationship. Where it is appropriate, the company should update its due diligence, exercise contractual audit rights, periodically train the third party, and require from the third party annual compliance certifications. Guide at 60.

In addition to its pronouncements on third party diligence, the Guide also emphasizes the importance of due diligence on a company's acquisition targets. Guide at 62. Specifically, in order to minimize the risk of FCPA prosecution, the Guide encourages companies to:

Conduct risk-based due diligence on potential new business acquisitions;

Ensure the acquiring company's code of conduct and compliance policies regarding the FCPA and other anti-corruption laws quickly apply to new acquisitions or merged entities;

Train directors, officers, and employees of newly acquired businesses or merged entities (and train agents and partners as appropriate);

Timely conduct an FCPA-specific audit of all newly acquired or merged businesses; and

Disclose any corrupt payments discovered. Guide at 29.

Unanswered Questions

While the Resource Guide clarifies the Government's expectations in a variety of areas, it nonetheless fails to address a few of the chief concerns raised by the U.S. Chamber of Commerce. Specifically, the Guide leaves unaddressed the Chamber's criticism of the imposition of corporate liability without proof of willful action. In addition, the Guide fails to endorse a compliance system defense to the FCPA. The DOJ and SEC, however, state explicitly that they will "consider the adequacy of a company's compliance program when deciding what, if any, action to take." Guide at 56.

Finally, as noted above, the Guide makes it plain that the Government will continue to impose successor liability, and although the Guide provides a few fact-specific examples, it does little to establish clear guidelines for U.S. companies with minority interests in foreign companies or joint ventures.

Nonetheless, the Guide serves as a well-organized and helpful aggregation of the Government's views on FCPA enforcement, and should be a valuable resource for compliance professionals. By repeatedly emphasizing the need for all businesses to establish sound FCPA compliance programs, assess FCPA-related risks, and conduct appropriate due diligence, it should fulfill the Government's stated hope of "help[ing] businesses that are unsure of their obligations, and . . . therefore improv[ing] compliance."