This content is informational only and is not intended to provide legal advice.
For U.S. companies that do business overseas, compliance with the Foreign Corrupt Practices Act (FCPA) is a core component of a comprehensive federal compliance program. The FCPA imposes strict penalties for violations, including criminal penalties for company officers, directors, and shareholders who participate in prohibited transactions.
Under amendments to the FCPA enacted in the 1990s, certain domestic transactions can fall within the FCPA’s scope as well. This is a particular concern for publicly-traded entities that fall under the regulatory oversight of the U.S. Securities and Exchange Commission (SEC), although private companies in various industries can also face domestic compliance obligations. Here, federal compliance and defense attorney Nick Oberheiden, PhD answers 10 questions and FCPA compliance, DOJ and SEC investigations under the FCPA, and the potential consequences of facing FCPA scrutiny.
Question 1: What is the Foreign Corrupt Practices Act (FCPA)?
Dr. Oberheiden: The Foreign Corrupt Practices Act (FCPA) is a federal law that Congress enacted in 1977 in order to prevent U.S. companies from offering bribes and other unlawful benefits to foreign government officials in exchange for commercial opportunities. Recognizing that the law prevented U.S. companies from bribing foreign officials but did not criminalize foreign bribery of U.S. officials, Congress enacted significant amendments to the FCPA in 1998.
In a statement accompanying the passage of the 1998 amendments, President Clinton wrote that bribery of government officials in the U.S. or abroad, “is inconsistent with democratic values, such as good governance and the rule of law,” and that the FCPA and its amendments are necessary to preserve, “basic principles of fair competition and . . . to promote economic development.” Since 1998, the U.S. Department of Justice (DOJ) has utilized the FCPA and its amendments to prosecute domestic and foreign businesses for a broad range of bribery-related offenses.
In addition to its anti-bribery provisions, the FCPA also contains accounting provisions that apply to companies that are listed on United States stock exchanges. These accounting provisions are designed to work “in tandem” with the FCPA’s anti-bribery provisions by requiring disclosure of any transactions that qualify as illegal bribes. Companies that violate one or both sets of provisions can face civil or criminal penalties depending on the nature and severity of the violation(s), and corporate officers, directors, and shareholders can potentially face civil or criminal enforcement action as well.
Question 2: What are the Most Common Types of FCPA Cases that Require a Defense Attorney?
Dr. Oberheiden: While it may seem fairly narrow in scope, the FCPA applies to a broad range of companies under a broad range of circumstances. For U.S. companies, any time there is even the slightest risk of efforts (successful or unsuccessful) to assert undue influence over a foreign government official, the transaction needs to be viewed through the FCPA compliance lens. This includes not only direct efforts by the company’s own internal personnel, but also efforts undertaken by other entities which may be imputed to the company or in which the company may be deemed complicit or a “co-conspirator.”
With this in mind, there are many different circumstances in which companies may find themselves needing to engage FCPA defense counsel. Some of the most-common types of FCPA enforcement matters involve allegations of unlawful payments made in connection with efforts to:
- Gain access to non-public information
- Conduct economic espionage
- Obtain or retain government contracts
- Secure tax exemptions or other favorable tax treatment
- Avoid customs duties in connection with import/export activities
- Prevent competitors from receiving government benefits or approvals
- Influence legislative or regulatory action (or the lack thereof)
- Influence judicial decisions
However, a company’s activities do not have to overtly focus on an unlawful end in order to trigger FCPA implications. Foreign investments, foreign government contracting, large-scale transactions with foreign state-owned entities, high-volume importing and exporting, and transactions with cybersecurity implications are all examples of corporate activities that may lead to scrutiny from the DOJ or the SEC.
Question 3: How and When Do the DOJ and SEC Notify Companies that They are Being Targeted in FCPA Investigations?
Dr. Oberheiden: For companies that are subject to the FCPA, understanding how and when the DOJ and SEC initiate investigations under the statute is of critical importance. In order to maintain an advantage in the federal law enforcement process, DOJ and SEC agents often will not disclose FCPA investigations until it becomes strictly necessary to do so. With this in mind, companies cannot assume that they are safe simply because they have not heard from the DOJ or the SEC. Companies need to monitor their FCPA compliance efforts on an ongoing basis, and they must react swiftly if and when potential issues come to light.
With regard to the DOJ’s and SEC’s disclosure of FCPA investigations, companies can learn that they are being targeted in a number of different ways. Depending on the nature of the investigation (i.e. whether it is civil or criminal in nature) and the stage at which the investigation is disclosed, target letters, civil investigative demands (CIDs), warrants, and grand jury subpoenas are all possibilities. Regardless of how a company learns that it is being targeted (or that it may be at risk for being targeted), once this information is received, efforts to defend against any potential allegations need to begin immediately.
Question 4: Are Companies in Certain Industries at Particularly High Risk for Facing FCPA Investigations?
Dr. Oberheiden: Yes and no. Broadly speaking, if a company or individual falls within the FCPA’s enforcement jurisdiction (as an “issuer,” a “domestic concern,” or a foreign entity operating within the United States), then it has an equal chance of being prosecuted for FCPA violations. That said, recently, the DOJ and SEC have been focusing their enforcement efforts in a few key areas. These include violations involving cybersecurity threats, violations with anti-bribery and accounting implications, violations that impact the U.S. democratic process, and violations that entail defrauding the United States.
By the nature of their businesses, government contractors (domestic and foreign) and import/export companies tend to be at relatively high risk for FCPA investigations as well. This is particularly true of companies in the fields of high technology and defense products and services. Once again, however, it is important to emphasize that any and all companies that do business with government entities (or that do business with companies that do business with government entities) need to give due consideration to FCPA compliance.
Question 5: Are There Any Other Laws that Can Come into Play in FCPA Cases?
Dr. Oberheiden: Yes, and this is an important consideration for companies that are facing federal investigations under the FCPA. While the FCPA, as amended in 1998, is one tool that the DOJ and SEC can utilize to fight government bribery and corruption, it is by no means the only tool they have available.
In fact, depending on the specific facts involved, alleged FCPA violations can potentially trigger civil or criminal enforcement action under a variety of other federal statutes and regulations. These include, but are not limited to:
- 18 U.S.C. § 201(b)(1) and 18 U.S.C. § 201(c)(1)(A) (the federal domestic anti-bribery statutes)
- Export Administration Regulations (EAR)
- False Claims Act
- Federal Election Campaign Act (FECA) and Other Federal Campaign Finance Laws
- Foreign Investment and National Security Act of 2007 (FINSA)
- International Traffic in Arms Regulations (ITAR)
- Securities Exchange Act of 1934
This list is nowhere near exhaustive, but rather is simply meant to illustrate the types of federal laws that can come into play in federal investigations targeting alleged anti-bribery and accounting violations under the FCPA.
Question 6: Why Does the DOJ Consider Some FCPA Violations to Constitute Threats to National Security?
Dr. Oberheiden: FCPA enforcement and protection of national security can overlap in a variety of different areas. For example, along with cybersecurity and counter-cybersecurity services offered to foreign entities and transactions involving defense products and services, cryptocurrency transactions are viewed as a key meeting point between FCPA compliance and national security as well. The White House and the U.S. Department of the Treasury have labeled cryptocurrency as a national security concern due to its ability to shield parties to illicit transactions, and this means that any cyber currency transactions that appear to implicate the FCPA are likely to face scrutiny from multiple federal authorities.
The U.S. government also categorizes malign foreign influences seeking to interfere with the United States’ democratic processes as a type of national security threat; and, here too, there is the potential for overlap between FCPA enforcement and the protection of national security. Ultimately, any transactions that appear to involve undue governmental influence in the U.S. or abroad present the risk for broad-scope federal enforcement.
Question 7: What are the Federal Penalties for FCPA Violations?
Dr. Oberheiden: As mentioned earlier, the FCPA provides for both civil and criminal enforcement, and the penalties that are on the table in any particular case will depend on whether the DOJ’s or SEC’s inquiry is civil or criminal in nature. In civil FCPA enforcement matters, potential penalties include statutory fines and additional financial penalties that can easily reach into the millions of dollars for activities involving multiple individual violations (for enforcement purposes, each individual payment or accounting misstep is considered a separate violation of the statute). The SEC may also seek to enjoin companies and individuals from engaging in further FCPA violations.
In criminal FCPA enforcement matters, fines can include $100,000 per violation for individuals and $2 million per violation for corporations and other business entities—although these penalties can be increased to up to two times the value sought to be obtained through the illegal bribe in some cases. Individuals charged with violating the FCPA can also face up to five years of federal imprisonment.
Question 8: What are Some Potential Defenses to Allegations of FCPA Violations?
Dr. Oberheiden: While there are a number of potential defenses to alleged FCPA violations, most of these defenses are highly fact-specific and therefore require a comprehensive assessment of the circumstances underlying the DOJ’s or SEC’s allegations. However, there are two statutory defenses in particular that are worth mentioning:
- Bona Fide Expenditures – If a payment is made for (i) “the promotion, demonstration, or explanation of products or services;” or, (ii) “the execution or performance of a contract with a foreign government or agency thereof,” then it qualifies as a bona fide expenditure and not as an unlawful bribe.
- Compliance with Foreign Law – If a payment to a foreign government entity complies with the laws of the foreign nation, then it cannot be prosecuted as a violation of the FCPA.
Critically, both of these are affirmative defenses, which means that the target of the government’s investigation must prove each element of the defense in order to avoid civil liability or criminal culpability.
Question 9: What Can Companies Do to Mitigate Their Risk of Committing FCPA Violations?
Dr. Oberheiden: In order to mitigate their risk of violating the FCPA, companies that do business with foreign government entities (either directly or indirectly) need to establish and implement effective FCPA compliance programs. An effective FCPA compliance program will touch on all aspects of the FCPA, its amendments, and pertinent related federal regulations and enactments, and it will be custom-tailored to ensure compliance at all levels of the organization.
Question 10: What Tips Do You Have for Companies that are Looking to Build an FCPA Compliance Program?
Dr. Oberheiden: When developing an FCPA compliance program, the keys are (i) to ensure that the program is sufficiently comprehensive, (ii) to develop a customized program that takes the company’s specific operations and risks into account, and (iii) monitor compliance with the program on an ongoing basis. Regardless of how comprehensive and how well-written a compliance program may be, it will be entirely ineffective if it is not implemented and enforced appropriately. Too often, companies view compliance as a one-time event that involves putting policies and procedures into place. While this is certainly one aspect of compliance, it is insufficient on its own to protect against DOJ or SEC scrutiny.
Ultimately, companies that want to ensure they are FCPA compliant can do so with the right approach. This starts with understanding the company’s specific risks under the FCPA (and related laws and regulations), and it continues by taking the steps necessary to prevent violations on an ongoing basis.
This content is sponsored by Jim Bevin.