Top Ten Basics of Foreign Corrupt Practices Act Compliance for the Small Legal Department

Top Ten Basics of Foreign Corrupt Practices 
Act Compliance for the Small Legal Department

Stephen Clayton
June 2011

The Foreign Corrupt Practices Act [15 U.S.C. § 78dd-1, 15 U.S.C. §§ 78m(b)(2)(A) and (B) of 1977 is a well-established US law which impacts every US company which does business outside the USA. The Obama Administration has set a goal of doubling US exports in the next five years, so FCPA compliance will become important to many small and mid-size US companies.

The FCPA has two provisions - Anti-Bribery and Accounting. In essence, the Anti-Bribery Provisions make it a crime for any US individual, business entity or employee of a US business entity to offer or provide, directly or through a 3rd party, anything of value to a foreign government official with corrupt intent to influence an award or continuation of business or to gain an unfair advantage.  The Accounting Provisions basically make it illegal for a company that reports to the SEC to have false or inaccurate books or records or to fail to maintain a system of internal accounting controls.  

The standard of intent and knowledge in the Anti-Bribery cases is minimal - intent and knowledge are usually inferred from that fact that bribery took place. The Accounting Provisions do not require intent. The SEC brings Accounting cases as civil actions so its burden of proof is a mere preponderance of the evidence. The government does not lose FCPA cases. Below are ten FCPA basics small legal departments need to be aware of to stay compliant.  

1. Corruption in international business is common and frequently ignored.

Managers and lawyers in most companies want to believe they work for clean, ethical organizations that hire law-abiding employees. This positive bias often blinds US business people to the reality of international business, where bribes, kickbacks, and false or unrecorded transactions are common. Corrupt activity also exists in the US of course, but it is more difficult to understand what is going on in foreign countries when your US managers have little or no language ability or cultural context.

Some US business people believe and frequently say "Everyone knows you can't do business in (Mexico, China, India, Russia - pick a country) without paying bribes. It is part of their culture. It is crazy to have a US law that makes paying bribes in foreign countries illegal in the USA."  Even if that were true, the FCPA is part of the legal environment for international business. Compliance is not optional because American management has a low opinion of foreign government officials.

2. Investigation, Prosecution and Punishment under the FCPA are Common.

In 2010 alone, 52 individual business people were indicted, sentenced, or were convicted and awaiting sentencing for FCPA violations. Ten years ago FCPA prosecutions were rare. Since 2008, the government has had around 150 FCPA investigations going on at any one time and has been bringing about 40 cases each year. Lately the cases have been about half against companies and half against individual company managers and employees. The government has stated that individuals will not believe the FCPA has any teeth until they see business people going to jail. They are doing a good job in making that happen.

The Department of Justice, SEC and FBI have well staffed units dedicated to FCPA investigations and prosecutions and are steadily building expertise. FBI agents are assigned overseas to investigate specific industries and countries. In 2010 the SEC established a dedicated FCPA Enforcement Unit with offices in Washington, DC and San Francisco.  

In recent years a high percentage of the total fines imposed by the Department of Justice have come from FCPA cases. Total penalties imposed by the DOJ and SEC for violations of the FCPA:

2008 $893M 
2009 $622M
2010 $1.8B 
2011 $161M (first quarter)

3. Understand your company's risk of being involved in international bribery.

Companies must assess the risk of FCPA violations in their international business. The FCPA’s definition of “Government Official” is extremely broad and includes even low-level employees of government owned companies. Understand every way in which your business has contact with government customers or government employees. Some questions to consider:

- What kind of business does you company do outside the US?
- Do you conduct foreign business through your own employees, through agents, distributors and intermediaries, through joint ventures - all of the above?
- Do you need to get permits or qualify products for sale in foreign countries? 

- Do you ship through freight forwarders and use customs agents? - Do you deal with universities, or use professors in an advisory capacity, or deal with doctors or hospitals?  In many countries education and healthcare are government run and all employees, including doctors and professors, are government officials under the FCPA.

- Are you involved in litigation? In some countries lawyers routinely bribe court officials and judges.

Some countries expose US companies to very high risk of corruption. For example, China, Brazil, India and Mexico are well known corruption risks. There is a lot of corruption in each of those countries, but it pales in comparison to the pervasive illegal activity in countries such as Russia, Vietnam, Nigeria, and Pakistan. The Transparency International Corruption Perception Index is an accurate, useful tool you should know and use:  (

You can also hire outside firms to do risk assessment. If you don’t understand your company's specific risk, you may fail to spend your scarce compliance resources in a cost effective manner. For most companies 80% of the FCPA risk will come from less than 20% of your business. 

4. Your Program requires a Standalone International Anti-corruption Compliance policy, and an Executive who is Accountable and Tone at the Top.

Any company that is doing international business should enact a standalone FCPA Compliance Policy. Do not rely on having a few paragraphs about international corruption buried in your general Standards of Business Conduct; it is not sufficient.

A member of the senior management team of the company must be designated as responsible for FCPA compliance and be accountable for the program.  It may be best if this is not the general counsel. An FCPA Compliance Program is more a “cost of doing international business” than a normal part of the legal department budget. Legal has a key role assisting the business team, but imposing the FCPA compliance program on the already overworked general counsel may be a mistake.

The senior management team sets the company’s tone at the top. If your Board has never mentioned the value of FCPA Compliance to the management team, and the CEO, CFO and other responsible executives have never addressed employees about the company’s commitment to FCPA Compliance – your company’s tone at the top is poor and employees may not believe the company is really committed to FCPA compliance.

5. Train your board, management, employees and third parties who distribute your products.

If you have a constrained budget, at least train your board, managers and employees. Most of them have had no experience with “on the ground” international business, and those who have international experience will likely be out of date with FCPA compliance.

Your training should familiarize your managers and employees with the actual corruption risks in your industry, the countries where you do business and the business model your company is using. Your trained employees should be able to recognize the Red Flags of corruption that are most likely in your business, and to know what to do when they see them.

On-line training is better than no training. But skilled in-person training is superior. A mixture of the two seems to be current best practice, and the proper mix depends on you company's size, geographic disposition and risk profile. In-person training for your board and senior management team is prudent.

Many US companies do not train the third parties who facilitate their international distribution, even though these third parties represent their highest FCPA risk. Smaller companies may think they are safer if they use third parties who also represent major US and multi-national companies. They assume those companies have done proper vetting and provided training, but that may be wishful guessing that may or may not be true. Major US and multinational companies often have weak FCPA compliance programs and do not vet or train their 3rd parties.

6. Know all the 3rd parties your company uses in business outside the USA and conduct due diligence.

In FCPA jargon, an "intermediary" is a third party who assists the company in some aspect of its foreign business. The government assumes you have conducted reasonable due diligence background investigations on your intermediaries and have determined they are not involved in corruption. It is important to understand who your intermediaries are, how many you have, why you are using them, and who in your company has authority to enter into a contract with them.  

Understand that intermediaries do not shield your company from liability – they create liability. 90% of FCPA cases brought by the US government involve conduct by 3rd parties[MSOffice2] . In most cases employees of the US company knew their foreign intermediaries were involved in illegal payments, and frequently  company employees worked with and directed the intermediaries to circumvent company policy and violate the law.

Some intermediaries represent vastly more risk than others. Sales agents, lobbyists and joint ventures are at the top of the risk list. Distributors or resellers who receive variable pricing or variable discounts also represent very high risk. Obviously an intermediary who is also a government employee (or is a close relative of a government official) or an intermediary company that is owned or managed by a foreign government official represents high risk.

7. Establish a set of internal controls over company expenditures and assets.

Finance management in many US companies may have barely heard of the FCPA, and their existing processes will not be tuned to FCPA issues.

THERE IS NO CONCEPT OF MATERIALITY IN THE FCPA. Companies have been prosecuted for vary small bribes and for inaccurate books and records or failures to set up systems of controls - which arguably have no monetary value. The FCPA is a criminal statute. Criminal activity by your employees that impacts your company should always be seen as material.

Your company can have fine GAAP accounting and still fail to detect bribery or false or inaccurate records. You do not hire dumb employees. The employees in your company who are involved in corruption, kickbacks and creating false transactions are smart. Employees in your finance department may be involved in corrupt schemes - they know how the company makes and keeps records and how it audits, so they know how to keep the books looking clean and hide evidence of corruption.

Making sure your company is keeping books and records which accurately document all transactions can help you prevent and detect corrupt payments. If your company has  good control over its books and records, it should have no problem accurately controlling and accounting for gifts, meals, entertainment and travel for government officials.

CFOs and Finance executives may have individual liability for an FCPA violation if the company fails to establish adequate record keeping and a system of controls. Read the terrifying 2009 Nature’s Sunshine Products case in which both a CFO and COO were charged for FCPA violations as “control persons” and paid fines. (SEC v. Nature's Sunshine Products, Inc., Douglas Faggioli and Craig D. Huff, Case No. 09CV672)

8. Do not permit facilitating payments.

Amazingly the FCPA contains an exception for "facilitating payments,” small bribes to secure the performance of routine government action. Many companies, on their own, have established a policy against paying facilitating payments. The reasons:

A) Facilitating payments are actually bribes and are always illegal in the country where your employees pay them.

B) The definition of a facilitating payment under the FCPA is technical. It would be folly to delegate the decision on whether a specific payment is a facilitating payment or a bribe to your sales people on the ground.

C) Facilitating payments are transactions and have to be recorded accurately on the company's books and records, i.e., as “A facilitating payment of $X to government official Y of country Z to provide (a specific service).”  So your company is required to create an accurate financial record, and that record is written proof your company intentionally violated the law of the country where you made the payment - Catch 22?

The facilitating payment exception has never been used in a reported case.

9. Plan for the likelihood you will have to conduct high quality international internal investigations.

Most small to mid-size companies have very little experience conducting international internal investigations. Learning on the job and repeating all the common mistakes can be very costly.

In an FCPA investigation a company is looking for evidence of criminal behavior and very serious fraud among its employees and business associates. In many cases, you may find your own employees working in concert with 3rd parties and government officials. Perhaps your employees are personally receiving kickbacks. If you are lucky, you will “only” find private corruption - payments between commercial companies with no government officials involved. Private corruption still costs your company, and you have to deal with the FCPA issue of intentionally falsified corporate records made by your employees tot cover up the private corruption.

It is very likely you will not be comfortable trusting anyone in your local country management, and you will not want to let your local management know you have suspicions before you actually start your investigation. Even if they are not involved, local managers may not appreciate the danger to the US parent company. They may try to conduct their own amateur investigation – or simply call a meeting of their managers and ask them what happened. In either case they will alert the perpetrators and evidence will be destroyed, documents fabricated or stories aligned so an actual professional investigation will be much longer, more difficult, and expensive.

If you have no experience conducting international internal investigations, engage experienced counsel.

10.  Include clear FCPA terms in every international contract.

This is inexpensive and reinforces the message that your company will not tolerate corruption with both your foreign partners and your own sales staff. Your contracts should specifically mention the importance of FCPA compliance and require your partners to represent that they know the elements of the law and will comply with it. You should have a clearly worded audit clause that requires the partner to provide documents and assistance in an investigation. Finally, you must have the ability to terminate the contract if your partner is in violation of the FCPA.

FCPA Compliance terms are not negotiable. If a potential partner refuses to execute the contract unless you remove your anti-corruption terms, find another partner.

Conclusion: Get your company’s FCPA compliance program in place.

The FCPA is not mysterious. The biggest problem is the failure of US business mangers and in-house counsel to focus on what needs to be done and to dedicate the resources necessary to protect the company. From the government’s point of view, if a US company is doing business outside the US, it is obligated do that business in compliance with the law. The DOJ and SEC have stated the required elements of a reasonable compliance program and expect every company to establish and run an adequate FCPA compliance program.

Final advice to General Counsel:  If your company is unwilling to put in place an adequate FCPA Compliance Program, strongly recommend that it refrain from doing business in high risk environments. If you personally believe your company cannot do business in Russia, China, Argentina, etc., without paying bribes, and the company will not expend resources to put a robust FCPA compliance program in place - why would you allow your company to do any business in those countries?  Aside from the danger to the company, you may have personal responsibility as a control person and be subject to prosecution for failure to put in place a system of controls. The Nature’s Sunshine Products case could easily apply to a GC.