Beyond Reproach has been saved
For much of the last 25 years, the U.S. Foreign Corrupt Practices Act has been on the books and in the background. More recently, its enforcement has begun to be felt worldwide, and multinational business leaders will need to consider the implications.
The United States has led the fight against official corruption in international business transactions for more than 30 years. Congressional passage of the Foreign Corrupt Practices Act (“FCPA” or “the act”) in 1977 established that, at least for U.S. companies and other firms accessing U.S. capital markets, global business would not be a “Wild West” of bribing public officials to win business.
For the first 25 years of the FCPA’s existence, enforcement could be described fairly as languid. The U.S. Department of Justice (DOJ) and Securities and Exchange Commission (SEC) brought few actions against companies for alleged violations. Although there were a number of prominent prosecutions, challenges in obtaining documentary and testimonial evidence from foreign countries made enforcement cumbersome and time-consuming.
Today, it’s a different story. FCPA investigations and prosecutions have increased dramatically, and, as described below, all indications are that this trend will continue in the foreseeable future. Also, after years of inaction, other countries are stepping up their anti-corruption efforts and expanding cross-border cooperation.
The growing intensity of anti-corruption enforcement in the United States and around the world, coupled with the continuing expansion of cross-border commerce, compels global companies to closely examine their anti-corruption compliance programs. If properly designed, implemented and monitored, such programs can enable companies to accurately assess corruption risk and devote appropriate resources to minimizing it. Also, effective compliance programs may provide the best avenue for mitigating criminal or civil liability or both for violations brought to authorities’ attention.
Companies involved in mergers and acquisitions face additional FCPA exposure because they may inherit corruption issues from acquirees or assume them in business combinations. U.S. enforcement authorities have brought a number of cases arising from proposed and completed acquisitions, and have announced repeatedly that acquirers and investors must conduct FCPA due diligence on transactions presenting corruption risk. In an interesting development, the DOJ recently issued an opinion in which it granted a buyer’s (pre-closing) request to conduct post-closing due diligence based on legal obstacles it faced in obtaining relevant information from the target company prior to closing.
Whatever their current FCPA profile, companies can strengthen their anti-corruption efforts by implementing a compliance program tailored to address business-specific and regional risks. As discussed below, key components of such a program would include a risk assessment of global operations; clearly explained policies and procedures; and training and testing of controls. Companies can also benefit by proactively adopting measures that take changing business environments into account (for example, increased government sales in a higher risk jurisdiction) or, through the use of sophisticated data analytics tools, identifying potentially problematic transactions in the accounting data.
The FCPA contains two primary provisions. First, its anti-bribery provision makes it illegal to bribe foreign officials to retain or obtain business or otherwise gain a business advantage. Its second provision requires companies to make and keep books, records and accounts that accurately and fairly reflect their transactions. Companies are also required to maintain a system of controls that can provide reasonable assurances of the propriety and legality of those transactions.
The FCPA began to take on a higher profile in the early 2000s. One key factor in its ascent was the passage of the Sarbanes-Oxley Act of 2002, which emphasized greater corporate transparency, senior management accountability, enhanced control systems, and whistleblower protections. The increased focus on Sarbanes-Oxley requirements and the additional resources dedicated to implementing them in many instances led to the discovery of improper payments and of control and compliance weaknesses that enabled such payments to go undetected. Moreover, companies sought to reduce their potential liability for violations found by voluntarily disclosing such conduct to the authorities and pledging to conduct thorough investigations, report the results of such investigations to the government, and remediate the gaps in their control structures.
The number of FCPA investigations and cases brought by the DOJ and the SEC continues to grow; new corporate investigations rose from 9 in 2003 to 29 in 20071 and, on a cumulative basis, investigations involving 82 corporations remained open at the beginning of 2008.2 Similarly, corporate FCPA anti-bribery prosecutions and enforcement actions rose from 5 in 2004 to 38 in 2007. At mid-year 2008, 16 new prosecutions were underway — more than in any full year prior to 2007.3
As enforcement activity has grown, so have the costs for noncompliance. In a 2007 case, Baker Hughes, a global oilfield services company, agreed to pay US$44 million in penalties and disgorgement of profits for FCPA violations in several countries, the largest U.S. levy to date.4 The size and scale of a number of cases reportedly under investigation, along with an increase in dedicated staffing by U.S. enforcement agencies (including the formation of an FBI FCPA task force), strongly suggest that the number of cases, as well as the frequency and severity of penalties, will continue to grow in the near term.
Efforts by other countries to combat corruption have been expanding since member nations of the Organization of Economic Cooperation and Development (OECD) adopted the OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions in 1997. Some countries also entered into regional pacts in Latin America, Asia and elsewhere to address the problem.
Foreign governments are also beginning to launch investigations that parallel U.S. enforcement efforts. The law firm of Shearman & Sterling identified 17 countries conducting such investigations, as well as six countries conducting investigations into the U.N.’s defunct Iraq Oil-for-Food program. The firm commented, “While the level of coordination between various governments and agencies currently conducting investigations is not fully apparent, the investigative and prosecutorial demands presented by these alleged violations are significant opportunities for the creation of an international standard of business propriety, casting aside any doubts about the strength of the international anti-corruption effort.”5
The law firm of Gibson, Dunn & Crutcher also anticipates growing global cooperation, noting that “…with an enhanced commitment on the part of many nations, coupled with pressure from nongovernmental organizations and a newfound willingness by the DOJ to defer to home state prosecution in appropriate circumstances, we expect anti-corruption enforcement to take on an increasingly global character in the future.”6
Transparency International’s Corruption Perceptions Index, which rates countries’ perceived levels of corruption on a scale from one (highest level) to ten (lowest level), scores nearly half of the world’s nations at three or under.7 Such statistics suggest that many companies are likely exporting to, importing from, merging with, or acquiring businesses from one or more of these high-risk nations.
A poll of business executives provides a mixed picture as to the adequacy of their companies’ anti-corruption programs. In a recent survey of 328 global senior executives conducted by the Economist Intelligence Unit for Deloitte FAS LLP, 72 percent of respondents expressed the belief that their organization’s anti-corruption program adequately addresses the corruption risk in their industry. However, 25 percent of respondents believed that their programs did not adequately address the regional corruption risks their companies faced, and nearly a third said their companies should spend more on their anti-corruption compliance efforts.8
While many companies understand the growing importance of effective anticorruption programs, it appears that a significant number clearly need to consider taking steps to establish or improve their programs. More than half of the executives polled in the Economist Intelligence Unit survey believed that clearer guidance governing employee conduct, as well as the effective communication of those rules to relevant personnel through enhanced training, would be most helpful in improving their anti-corruption programs.
Companies engaged in cross-border transactions can benefit from (1) paying closer attention to the potential impact of the FCPA and other countries’ anti-corruption statutes on their business strategy and operations, and (2) putting in place a compliance program with five key elements:
Companies regularly assess credit, market, SEC compliance and many other kinds of risk. An FCPA risk assessment should become part of this process and lay the foundation for an overall FCPA compliance program.
In designing an FCPA risk assessment process, management should consider developing a framework that is flexible and gives consideration to risk factors including:
When implementing a formal FCPA risk assessment process, management should consider several important success factors, including:
FCPA risk assessments and compliance efforts can be complicated, time-consuming, and expensive for companies with extensive global operations because of differences in languages and accounting systems, cross-border logistics, shortages of qualified personnel, and the sheer volume of data under review. Analytical tools can help companies address these issues by identifying and assessing relevant accounting and financial information. Experienced forensic professionals can then analyze various parts of the business in a targeted manner to assess risk and monitor activity.
As part of the risk assessment and ongoing compliance monitoring, it’s important for companies to identify functional areas that might be prone to problems. For example, a relentless focus on the bottom line, along with aggressive sales targets, could drive sales department behavior into the gray zone, thereby putting companies at risk. As a result, it is critical for sales professionals to receive appropriate training on FCPA compliance to understand the permissible range of conduct and to know when to seek guidance if ambiguous situations arise.
Employees can be trained and their behavior tracked. But how transparent are international sales activities — particularly when government entities and third-party agents, distributors and joint ventures are involved? Signs to watch out for include:
Many FCPA violations are not innocuous mistakes; they are committed by people who are aware of the regulations and impropriety of their actions. Companies need to view FCPA compliance with a heightened level of watchfulness and structure their programs accordingly. This may include examining how the management of sales promotions, sales records, and employees and agents influences behavior. Companies also should consider reviewing the structure of compensation and commissions for agents, consultants and other third parties, such as retainers, bonuses, success fees, and paid and reimbursed expenses.
Companies can improve FCPA compliance through targeted efforts in different parts of the business. Some leading practices to consider include:
Today, financial due diligence accompanying mergers and acquisitions should include procedures that specifically look for red flags that indicate potential corruption. A number of recent FCPA cases have focused specifically on the need for strategic and equity buyers to assess FCPA risk as a routine part of the M&A due diligence process.
FCPA issues have not historically been at the top of the M&A due diligence checklist. Yet in the wake of some recent high-profile FCPA actions and investigations — and with a heightened awareness of successor liability risk — buyers are paying more attention to identifying possible violations.
Failure to perform appropriate due diligence can result in the acquiring firm assuming criminal and civil responsibility for the target firm’s violations. Indeed, a substantial number of current FCPA cases were first flagged during the course of routine financial and legal M&A due diligence procedures.
If and when a problem is discovered, it can affect the timing, structure and pricing of the transaction, or even whether it proceeds at all. In one well-publicized case, Lockheed Martin Corporation walked away from a proposed purchase of Titan Corporation because Titan was unable to resolve outstanding FCPA allegations with the government in a time frame acceptable to Lockheed.
In those instances where the purchaser wishes to proceed with the transaction, transparency can be critical. Violations reported and resolved prior to closing, coupled with a thorough investigation designed to uncover additional potential violations, may enable the purchaser to negotiate an agreement with the government that protects it from liability for the seller’s conduct, even if additional pre-closing violations surface following the transfer of ownership.
In such cases, scrutinizing the target company’s FCPA compliance history carefully can provide a real business benefit. No matter how attractive the deal appears, the purchaser will clearly want to avoid the risk of being saddled with liability for what may have happened in a remote location years before the transaction was even contemplated.
From a practical perspective, there are occasions where access to the kind of information necessary to conduct pre-closing due diligence may not be available. Halliburton, the energy services company, recently found itself in such a situation in connection with its pursuit of a British company specializing in oilfield services. UK tender rules restricted Halliburton’s ability to obtain sufficient information from the target company to conduct appropriate FCPA due diligence. Halliburton sought an advisory opinion from the DOJ that would permit Halliburton to proceed with the transaction and not incur successor liability subject to a thorough post-closing due diligence, the prompt reporting of any violations, and a number of additional conditions.9 Although the DOJ opinion procedure carries no precedential value and applies only to the facts of the case, the government appears willing to take into account certain impediments to conducting due diligence if proper assurances of post-closing due diligence and remediation efforts are made and accepted.
Another critical component of FCPA due diligence focuses on identifying possible foreign government connections and links between individuals and entities, and exploring the backgrounds of those individuals to determine if there are any “red flags” of involvement in potential violations. As part of this process, buyers would seek to identify any direct or indirect foreign government ownership, including ownership through subsidiaries, as well as links between individual shareholders, officers or directors to see if they are related in any way to members of government bodies.
A great deal of information is available through public and proprietary sources. Although the availability of public records varies from country to country, information typically available electronically includes:
In some locales with less developed electronic filing systems or online capabilities, visits to local courthouses or government offices may be required to obtain information.
Implementing a formal FCPA risk assessment process that integrates technology and data analytics can aid attorneys, compliance officers, internal audit, executive management, and ultimately board and audit committee leaders in designing and implementing an effective anti-corruption compliance program. The process can also support the fine-tuning of FCPA compliance programs and the prioritizing of FCPA compliance monitoring efforts.
Relatively recent technological advances have increased companies’ migration of books and records to integrated electronic systems, a move that is likewise shifting their approach to FCPA investigations and associated data analytics. Now companies and their legal counsel not only need to implement legal and investigative strategies, but also to plan for dealing with massive amounts of related electronic transactional data.
Technological innovation is playing a key role in overcoming these challenges. With the standardization of accounting systems, forensic accountants and technology professionals have built tools that can facilitate extraction and analysis of large amounts of data. Location-neutral utilities accessed via secure Internet sites can provide quick, reliable access and capabilities to globally dispersed teams investigating FCPA violations.
Companies may consider anti-corruption requirements a secondary consideration as they rush to capitalize on emerging market opportunities. However, as recent and continuing developments show, governmental authorities view compliance as a top priority. Failing to actively and thoroughly address corruption issues can derail a company’s plans, and may lead to fines and criminal prosecutions.
On the other hand, companies that are forthcoming and careful can benefit from greater transaction transparency and improved regulatory consideration. Today’s enforcement climate heightens the need to identify, manage and respond proactively to FCPA exposure. Implementing an effective compliance program — supported by the right processes and technology — can help companies capture the potential of global business while managing the associated risks.