FCPA Compliance Now Essential for All Companies That Do Business Internationally

For corporate counsel whose clients do any business internationally, the U.S. Foreign Corrupt Practices Act (“FCPA”) recently has become a pressing issue. U.S. Department of Justice (“DOJ”) officials have stated that enforcing the FCPA has become one of the DOJ's top priorities. Since mid-December, companies have paid more than $1.3 billion to settle FCPA charges. Multiple executives have also recently pleaded guilty to FCPA violations and are facing years in prison and/or millions in financial penalties.

Although the hundreds of millions of dollars in FCPA penalties assessed against huge entities like Siemens AG, Halliburton Co. and Kellogg Brown & Root LLC garner the most press, even small- and mid-sized companies with limited overseas sales are facing increased FCPA enforcement. For example, AGA Medical Corporation (“AGA”) settled charges related to alleged FCPA violations in China. During the time of the alleged violations, AGA's Chinese sales totaled an average of only about $1.5 million per year.

FCPA Requirements and What They Mean to You

For those who are unaware of its requirements, the FCPA prohibits corruptly offering anything of value to any foreign official for the purpose of retaining or obtaining business and includes record keeping and control provisions. Its provisions are expansive in scope. For example, the definition of “foreign official” has been construed to include employees of state-owned entities and physicians working in government-operated hospitals. Also, some business activity that is common and lawful with private clients ' such as providing meals, travel, gifts and entertainment ' may be felonies under the FCPA. Companies can also face FCPA liability for the acts of their third-party agents and foreign subsidiaries.

Not surprisingly, there has been a groundswell of interest in the FCPA from board members, executives, and compliance officers in companies of all sizes ' which, as a result, has meant a much greater prioritization of FCPA issues for in-house counsel. The FCPA's massive penalties, non-intuitive requirements and limited caselaw have led many boards and management teams to determine that the costs of implementing and maintaining an effective compliance program greatly outweigh the potentially devastating consequences of an FCPA problem.

Maintaining an Effective Compliance Program

There are numerous benefits to establishing and maintaining an effective FCPA compliance program. First and foremost, an effective program can help employees avoid conduct that may be considered an FCPA violation. Employees and third-party agents may be engaging in conduct that they do not even realize is a FCPA violation. Second, a program can help detect and address an FCPA problem before it becomes a major issue. Early detection can also afford a company the opportunity to gain the benefits of self-disclosure. Third, even when a violation has occurred, a program can reduce or eliminate penalties a company or executives may face. For example, under DOJ policy, federal prosecutors should consider the effectiveness of the compliance program, along with other applicable factors, in deciding whether to bring charges against the company or only against the culpable employees. The existence of a robust compliance program before an FCPA problem arises can help a company to convincingly argue that the “tone at the top” ' a factor routinely cited by enforcers when considering penalties ' is one of compliance.

In the current economic climate many executives understandably would prefer to avoid or defer any legal expense, inside or outside. Government enforcers, however, do not view FCPA compliance as optional. Enforcers have repeatedly stated that companies that cannot afford an effective FCPA compliance program simply may not be able to afford to do business internationally. Indeed, the cost of implementing and maintaining an FCPA compliance program pales in comparison to even a limited investigation of an FCPA allegation.

Implementation

The role of corporate counsel in developing and implementing such programs is crucial and in-house counsel should be aware of the elements of an effective compliance program. Though there is no single answer for all companies, the following are components of most effective programs:

• a specific foreign anti-corruption policy that provides important details, such as an identification of company-affiliated individuals subject to the policy, a comprehensive definition of prohibited payments to foreign officials, information regarding accessible resources for help in addressing FCPA issues, and which addresses the consequences for violations;
• a hotline and/or other means whereby possible FCPA violations can be reported confidentially and anonymously;
• reasonable due diligence measures to vet foreign agents;
• periodic foreign anti-corruption training for employees involved in or who support international business activities;
• a record-keeping policy that specifically acknowledges the company's record-keeping obligations under the FCPA and describes the company's methods for discharging those obligations;
• periodic audits and testing of the company's accounting and internal controls; and
• diligent internal investigations of alleged FCPA violations with appropriate sanctions imposed against violators.

'Less Formality'?

Anti-corruption compliance programs can and should be tailored to the individual risk factors a company faces. The United States Sentencing Guidelines expressly recognize that “a small organization may meet the requirements of this guideline with less formality and fewer resources than would be expected of large organizations.” How much “less formality and fewer resources” are appropriate? While most companies probably cannot afford all of the controls and procedures put in place by huge entities like General Electric or Coca-Cola, a hotline and a few paragraphs in the company's code of conduct are unlikely to satisfy enforcers if an FCPA problem occurs. Small- and mid-sized companies must walk a careful line between exposing themselves to the potentially devastating consequences of an FCPA investigation and having a compliance program that is so burdensome that it will not be fully implemented or maintained.

The most successful programs properly focus the firm's available compliance resources in the geographic areas and operations most at risk for FCPA violations. Achieving the right balance requires careful analysis of a company's risk factors; the company's business activities, practices, organizational structure; and the foreign jurisdictions in which it operates.

As a starting point, corporate counsel should help executives and board members consider the following questions:

• Do our employees and foreign third-party agents know the requirements of the FCPA?
• Do we have effective procedures in place to enable the early detection and correction of FCPA issues?
• Can the employees and representatives of the international companies or organizations with which we deal be considered “foreign officials” under the FCPA's expansive definition?
• Is our foreign anti-corruption compliance program tailored to our business activities and the foreign jurisdictions in which we operate?
• How would our employees, third-party agents, consultants and business partners describe our FCPA compliance program if questioned by an enforcer?

Ross Booher is a partner at Bass, Berry & Sims PLC, Nashville, TN, where he practices in the Antitrust & Trade Practices Group. He represents and counsels businesses in complex litigation, internal investigations and FCPA compliance. Taylor Phillips is an associate at the firm, where he also practices in the Antitrust & Trade Practices Group.

For corporate counsel whose clients do any business internationally, the U.S. Foreign Corrupt Practices Act (“FCPA”) recently has become a pressing issue. U.S. Department of Justice (“DOJ”) officials have stated that enforcing the FCPA has become one of the DOJ's top priorities. Since mid-December, companies have paid more than $1.3 billion to settle FCPA charges. Multiple executives have also recently pleaded guilty to FCPA violations and are facing years in prison and/or millions in financial penalties.

Although the hundreds of millions of dollars in FCPA penalties assessed against huge entities like Siemens AG, Halliburton Co. and Kellogg Brown & Root LLC garner the most press, even small- and mid-sized companies with limited overseas sales are facing increased FCPA enforcement. For example, AGA Medical Corporation (“AGA”) settled charges related to alleged FCPA violations in China. During the time of the alleged violations, AGA's Chinese sales totaled an average of only about $1.5 million per year.

FCPA Requirements and What They Mean to You

For those who are unaware of its requirements, the FCPA prohibits corruptly offering anything of value to any foreign official for the purpose of retaining or obtaining business and includes record keeping and control provisions. Its provisions are expansive in scope. For example, the definition of “foreign official” has been construed to include employees of state-owned entities and physicians working in government-operated hospitals. Also, some business activity that is common and lawful with private clients ' such as providing meals, travel, gifts and entertainment ' may be felonies under the FCPA. Companies can also face FCPA liability for the acts of their third-party agents and foreign subsidiaries.

Not surprisingly, there has been a groundswell of interest in the FCPA from board members, executives, and compliance officers in companies of all sizes ' which, as a result, has meant a much greater prioritization of FCPA issues for in-house counsel. The FCPA's massive penalties, non-intuitive requirements and limited caselaw have led many boards and management teams to determine that the costs of implementing and maintaining an effective compliance program greatly outweigh the potentially devastating consequences of an FCPA problem.

Maintaining an Effective Compliance Program

There are numerous benefits to establishing and maintaining an effective FCPA compliance program. First and foremost, an effective program can help employees avoid conduct that may be considered an FCPA violation. Employees and third-party agents may be engaging in conduct that they do not even realize is a FCPA violation. Second, a program can help detect and address an FCPA problem before it becomes a major issue. Early detection can also afford a company the opportunity to gain the benefits of self-disclosure. Third, even when a violation has occurred, a program can reduce or eliminate penalties a company or executives may face. For example, under DOJ policy, federal prosecutors should consider the effectiveness of the compliance program, along with other applicable factors, in deciding whether to bring charges against the company or only against the culpable employees. The existence of a robust compliance program before an FCPA problem arises can help a company to convincingly argue that the “tone at the top” ' a factor routinely cited by enforcers when considering penalties ' is one of compliance.

In the current economic climate many executives understandably would prefer to avoid or defer any legal expense, inside or outside. Government enforcers, however, do not view FCPA compliance as optional. Enforcers have repeatedly stated that companies that cannot afford an effective FCPA compliance program simply may not be able to afford to do business internationally. Indeed, the cost of implementing and maintaining an FCPA compliance program pales in comparison to even a limited investigation of an FCPA allegation.

Implementation

The role of corporate counsel in developing and implementing such programs is crucial and in-house counsel should be aware of the elements of an effective compliance program. Though there is no single answer for all companies, the following are components of most effective programs:

• a specific foreign anti-corruption policy that provides important details, such as an identification of company-affiliated individuals subject to the policy, a comprehensive definition of prohibited payments to foreign officials, information regarding accessible resources for help in addressing FCPA issues, and which addresses the consequences for violations;
• a hotline and/or other means whereby possible FCPA violations can be reported confidentially and anonymously;
• reasonable due diligence measures to vet foreign agents;
• periodic foreign anti-corruption training for employees involved in or who support international business activities;
• a record-keeping policy that specifically acknowledges the company's record-keeping obligations under the FCPA and describes the company's methods for discharging those obligations;
• periodic audits and testing of the company's accounting and internal controls; and
• diligent internal investigations of alleged FCPA violations with appropriate sanctions imposed against violators.

'Less Formality'?

Anti-corruption compliance programs can and should be tailored to the individual risk factors a company faces. The United States Sentencing Guidelines expressly recognize that “a small organization may meet the requirements of this guideline with less formality and fewer resources than would be expected of large organizations.” How much “less formality and fewer resources” are appropriate? While most companies probably cannot afford all of the controls and procedures put in place by huge entities like General Electric or Coca-Cola, a hotline and a few paragraphs in the company's code of conduct are unlikely to satisfy enforcers if an FCPA problem occurs. Small- and mid-sized companies must walk a careful line between exposing themselves to the potentially devastating consequences of an FCPA investigation and having a compliance program that is so burdensome that it will not be fully implemented or maintained.

The most successful programs properly focus the firm's available compliance resources in the geographic areas and operations most at risk for FCPA violations. Achieving the right balance requires careful analysis of a company's risk factors; the company's business activities, practices, organizational structure; and the foreign jurisdictions in which it operates.

As a starting point, corporate counsel should help executives and board members consider the following questions:

• Do our employees and foreign third-party agents know the requirements of the FCPA?
• Do we have effective procedures in place to enable the early detection and correction of FCPA issues?
• Can the employees and representatives of the international companies or organizations with which we deal be considered “foreign officials” under the FCPA's expansive definition?
• Is our foreign anti-corruption compliance program tailored to our business activities and the foreign jurisdictions in which we operate?
• How would our employees, third-party agents, consultants and business partners describe our FCPA compliance program if questioned by an enforcer?

Ross Booher is a partner at Bass, Berry & Sims PLC, Nashville, TN, where he practices in the Antitrust & Trade Practices Group. He represents and counsels businesses in complex litigation, internal investigations and FCPA compliance. Taylor Phillips is an associate at the firm, where he also practices in the Antitrust & Trade Practices Group.