View Page As PDF
Share Button
Tweet Button

Doing business in international markets presents lucrative business opportunities for U.S. companies, but it also presents potentially devastating compliance risks for the unwary.  Here are five key points about the Foreign Corrupt Practices Act (“FCPA”) you should know:

  1. The FCPA prohibits a company or individual from corruptly offering, promising, or giving anything of value to a foreign official to assist the company or individual in obtaining or retaining business or to secure any improper advantage.  A “foreign official” is broadly defined to include officials of a foreign government, public international organization, foreign political party, or any agent or intermediary.  It also applies to officers and even low-level employees of government-owned corporations.  In many countries, education and healthcare are government-run and all employees, including doctors and professors, are government officials under the FCPA.  Any doubts about whether a person qualifies as a “foreign official” should be resolved by assuming that is the case.
  2. FCPA violations can lead to serious civil and criminal penalties, sanctions, and remedies, including fines, disgorgement, and implementation of a corporate monitor.  Individuals can also be prosecuted for FCPA violation, and penalties include 5 years in prison, $10,000 per violation, or both.  In 2013, the SEC collected over $720 million from FCPA enforcement actions, a marked increase from the $260 million collected in 2012 and the $503 million collected in 2011.  In addition to paying millions of dollars to the government in FCPA settlements, companies such as Avon (click here for my recent blog post providing more detail about this enforcement action) have also incurred significant legal fees ($300 million since 2009), been hit with shareholder derivative actions, and suffered reputational damage.
  3. Investing in a robust FCPA compliance program can save your company enormous costs by potentially avoiding corporate prosecution for FCPA violations by rogue employees.  For example, both the DOJ and SEC recently elected not to charge Morgan Stanley - even though it criminally prosecuted one of its managing directors for FCPA violations – citing in a press release the company’s effective ethics and compliance program as the primary basis for the decision.  Specifically, Morgan Stanley’s internal policies, which were updated regularly to reflect regulatory developments and specific risks, prohibited bribery and addressed corruption risks associated with the giving of gifts, business entertainment, travel, lodging, meals, charitable contributions and employment.  Morgan Stanley frequently trained its employees on its internal policies, the FCPA and other anti-corruption laws.  Between 2002 and 2008, Morgan Stanley trained various groups of Asia-based personnel on anti-corruption policies 54 times.  Morgan Stanley’s compliance personnel regularly monitored transactions, randomly audited particular employees, transactions and business units, and tested to identify illicit payments.  Moreover, Morgan Stanley conducted extensive due diligence on all new business partners and imposed stringent controls on payments made to business partners.
  4. As set forth in an article by Stephen Clayton through the Association for Corporate Counsel ("ACC"), the most common reason for FCPA violations is the use of “intermediaries.” In FCPA jargon, an “intermediary” is a third party who assists the company in some aspect of its foreign business.  In a recent survey of GCs, only 43% of companies regularly conduct due diligence on intermediaries.  But these intermediaries don’t shield your company from liability … they create liability.  Ninety percent of FCPA cases brought by the U.S. government involve conduct by third parties.  A list of common red flags you should be aware of when your company is thinking of doing business with third party intermediaries are set out in my recent blog here.
  5. As noted by Clayton, your company should consider implementing these practical tips to implement an effective FCPA compliance program
    • Understand your company’s FCPA risk because if you don’t, you may fail to spend your compliance resources cost-effectively. For most companies, 80% of the FCPA risk will come from 20% of your business.
    • Have a stand-alone corruption policy.  It is not sufficient to have a few paragraphs buried in your Code of Conduct.
    • Designate a member of your company senior management team to be responsible for FCPA compliance and accountable for the program.  Tone starts at the top, so your Board, CEO, and CFO should communicate their commitment to FCPA compliance.
    • Train your managers and employees with the actual corruption risks in your industry, the companies where you do business, and the business model your company is using. Online training is better than no training, but skilled in-person training is most effective.  A mixture of the two seems to be the current best practice. However, in-person training for your board and senior management is recommended.
    • Design effective hotlines that internal whistleblowers can use to report suspected violations and impress upon employees that their identity will be kept confidential and there will be no retaliation. Whenever possible, follow up with employees after the investigation to demonstrate that whistleblower reports are taken seriously.
    • Train the third parties who facilitate international distribution and conduct due diligence, because they represent the highest FCPA risk.  Some small companies think they are safe if they use third parties who also represent U.S. multinational companies; they assume larger companies have done proper vetting and training.  That may be wishful thinking.  Major US and multi-national companies often have weak FCPA compliance programs and do not vet or train their third parties.
    • Include clear FCPA terms in every international contract. Specifically mention the importance of FCPA compliance in your contracts and require your partners to represent they know the elements of the law and will comply with it.  Insert a clearly worded audit clause that requires the business partner to provide documents and assistance in an investigation. Finally, you must have the ability to terminate the contract if your business partner violates the FCPA.