My Agent Did What?

International companies often engage third-party agents or consultants to help them operate more efficiently and effectively in foreign locales. There are many reasons why an agent might be necessary, including the frequent need to navigate complex foreign law requirements. However, outsourcing company activities is not without risk, as U.S. law can create liability for a company, and sometimes even its officers, for the actions of third parties taken on a company's behalf. This article examines the risks presented by the use of third parties when doing business internationally, with a focus on the potential for liability under the United States' Foreign Corrupt Practices Act (“FCPA”). It also offers suggestions for how companies may insulate themselves against FCPA liability for the actions of its agents, and how they should address issues as they arise.

FCPA Enforcement Environment

The FCPA is jointly enforced by the DOJ and the SEC. In recent years, both agencies have increased the number of investigations into, and actions filed against, both corporations and individuals who have violated FCPA provisions. In 2007, the DOJ and the SEC brought 38 enforcement actions; in 2008, 33 enforcement actions; and through November 2009, 31 actions. Moreover, in the first quarter of 2010 alone, the U.S. government brought or resolved charges against 36 companies and individuals. During this time, authorities have brought nearly 100 enforcement actions involving the conduct of intermediaries.

In addition to an increased number of investigations, the amounts of fines and penalties assessed against corporations have increased dramatically. While these amounts vary significantly, they can be substantial. In 2007, the highest fine for an FCPA violation had been assessed against BakerHughes in the amount of $44 million. That number has been dwarfed by recent fines. In December 2008, Siemens paid a fine for violations of the FCPA books and records provisions, consisting of: $450 million to the DOJ, $350 million in disgorged profits to the SEC, and $856 million to German officials, resulting in a total fine of approximately $1.6 billion. Additionally, in February 2007, Halliburton was charged with an internal controls failure to detect and prevent bribery of foreign officials. The company paid a fine of $402 million and disgorged profits in the amount of $177 million.

The trend of increased FCPA enforcement is likely to continue. In November 2009, U.S. Attorney General Eric Holder stated: “We must vigorously enforce our own laws that prohibit bribery of foreign officials, such as . . . the Foreign Corrupt Practices Act.” This sentiment has been paralleled by the SEC, whose Chairman, Mary Schapiro, has stated that “FCPA violations have been and will continue to be dealt with severely by the SEC and other law enforcement agencies. Any company that seeks to put greed ahead of the law by making illegal payments to win business should beware that we are working vigorously across borders to detect and punish such illicit conduct.” In addition to these statements, on July 21, 2010, President Obama signed into law the Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank Act”) which, among other reforms, includes provisions allowing for substantial cash rewards to whistleblowers who voluntarily provide information to the SEC that leads to the successful prosecution of securities law violations. In fact, whistleblowers who report securities violations, including violations of the FCPA, that result in monetary sanctions greater than $1 million, may receive between 10% and 30% of the government's total recovery. Thus, the Dodd-Frank Act has the potential to result in a dramatic increase in the number of enforcement actions.

FCPA Provisions Governing Agent Liability

The antibribery provisions of the FCPA apply to direct conduct by a person or entity as well as to conduct by a third party engaged on behalf of the entity. In countries where it is common, if not necessary, to use agents to do business, the use of third parties not only fails to insulate companies from liability, but the lack of direct control can often create additional possibilities for liability. As a result, it is the company that is responsible for ensuring that improper payments are not made indirectly through intermediaries, because FCPA antibribery violations can be based on the wrongful acts of agents even if the company does not have actual knowledge that an improper payment has been made to a foreign official.

Willful Blindness

Under the FCPA, knowledge is defined broadly and is present when one knows that an event is certain or likely to occur. However, failing to take note of an event, or remaining “willfully blind” about that event, can also be deemed to constitute knowledge. In this context, “willful blindness” refers to deliberate avoidance of the knowledge of a crime, and often is alleged when a company fails to make reasonable inquiries about a suspected wrongdoing, despite becoming aware that such wrongdoing is highly probable. Indeed, several FCPA enforcement actions have been based not on conduct directly engaged in by a company, but rather on conduct engaged in by third parties on behalf of a company, to which the company remained willfully blind.

Red Flags Involving Corporate Agents

While the SEC and DOJ expect all companies to have a system in place that allows them to diligently monitor all subsidiaries, employees, and any third-party agents directly or indirectly under their control, there are factual predicates that, when present, invoke a heightened expectation of diligence. These situations, commonly known as “red flags,” should put companies on notice that it is more likely that the company or its agent has engaged in an FCPA violation. It is common for the DOJ and the SEC to allege that where a red flag has been ignored, a company was attempting to remain willfully blind to an FCPA violation. Indeed the SEC and DOJ have alleged the presence of many of these red flags in their FCPA complaints and indictments. Examples of red flags involving an agent's conduct include:

• The third party is related or otherwise connected to a foreign official.
• The third party places reliance on political/government contacts as opposed to knowledgeable staff and investment of time to promote company interests.
• The third party is unwilling to agree in writing to abide by the FCPA and other relevant laws and company policies.
• The third party is unwilling to agree in writing to subject its books and records to audit by the company.
• The third party wants to keep the representation secret.
• The third party wishes to use anonymous subcontractors.
• The third party wants payment through convoluted or suspicious means.
• The third party includes improper or unexplained “fees” on its invoices.
• The third party refuses to provide a line-item invoice.
• The third party has a poor reputation, or there are rumors of prior improper payments or other unethical business practices by the party.
• The third party is listed in databases cataloging known corruption risks like the World Bank List of Debarred Firms.
• The third party has been investigated for, charged with, or convicted of, corruption allegations.

Responding to Red Flags

The decision of how to appropriately respond to a red flag is difficult and governed by the circumstances of each particular case. A company must tailor its remedial actions to the specific allegations of misconduct it is faced with in each situation. Specifically, when evaluating its response to a red flag, a company must keep several factors in mind. First, a company must determine what “red flags” it is facing. The foregoing delineated several red flags a company should be aware of when operating through an agent in a foreign country. This was of course not an extensive list of red flags, and a company should be vigilant in identifying all circumstances that might lead to the company's reasonable conclusion that the FCPA is being violated. Second, once the red flags are identified, a company must evaluate the seriousness of the red flags.

There are some red flags, such as a refusal to certify FCPA compliance, that should put a company on immediate alert, and therefore require swift remedial conduct. However, there are also other red flags, such as an agent's desire to keep its employment secret, that are more subtle, and require additional investigation prior to remedial action. A company must therefore always consider the seriousness of any red flags before evaluating its remedial options. Finally, a company must consider any countervailing factors suggesting the legitimacy of an agent's conduct. For example, when a red flag such as unexplained or ambiguous fees is present, there always exists the possibility that after explanation, the fees were legitimate expenditures. Fully investigating any red flags that are found, and responding in a manner proportionate to the seriousness of the offense, including terminating an agent when appropriate, is always a best practice, and may even factor into the government's evaluation of whether to bring an enforcement action and its consideration of potential penalties.

Importance of FCPA Compliance Programs

Preventing an agent's improper activities is not something a company can always control. What can be controlled, however, is the efficacy of the company's FCPA compliance program. Indeed, the effectiveness of a company's FCPA compliance program is a factor considered by the government in assessing sanctions for FCPA violations. The Federal Sentencing Guidelines detail what the Sentencing Commission perceives as constituting an effective compliance and ethics program. These are useful guidelines for a company to use in developing its own compliance program. An effective FCPA compliance program must contain a detailed corporate policy prohibiting violations of the FCPA and local or other applicable anti-corruption laws. It also should reflect the implementation of standards and procedures designed to detect and deter compliance violations, likely through a formalized code of compliance. Overall, such a program should promote an organizational culture that encourages ethical conduct and a commitment to compliance. Generally, an effective FCPA compliance program should include standards and procedures that address the following areas:

• Transactions where “things of value” are given or promised, directly or indirectly, to “foreign officials”;
• Facilitating “grease” payments involving foreign officials;
• Promotional or marketing expenses involving foreign officials, including policies addressing expenditures for gifts, meals, travel, and entertainment;
• Political contributions to foreign candidates, parties, or other political activity;
• Donations, scholarships, internships, sponsorships, or other charitable contributions;
• Transactions indirectly involving foreign officials through third parties and intermediaries,
  including pre-transactional due diligence, representations, warranties, contractual clauses, and defined “red flags”;
• Investments in international joint ventures, international mergers/acquisitions, or other international investments;
• Requests for “split” or “offshore” payments; and
• A system of financial and
  accounting procedures, including a system of internal accounting controls, designed to ensure the maintenance of fair and accurate books, records, and accounts.

In addition, an effective corporate compliance policy should require officer, director, employee and as well as agent training and certification of FCPA compliance. There should also be at least one senior corporate official within the organization with day-to-day responsibility for the implementation and oversight of FCPA policies, standards and procedures. The program should also include an effective system for reporting violations, policies that allow an effective response to possible violations, and appropriate disciplinary procedures.

In situations involving third-party consultants, corporate compliance programs should include additional provisions. Specifically, the compliance program should include appropriate pre-retention due diligence, designed to: 1) attempt to weed out agents who are likely to make bribes (or to be otherwise unsuitable for the job contemplated); 2) document the basis for hiring decisions; and 3) in the event of a violation, establish that the company adequately vetted the agent to forestall any claims of willful blindness. Due diligence may be conducted through a variety of mechanisms including the establishment of an independent committee to review contracts retaining agents and consultants and the use of an FCPA questionnaire designed to trigger disclosure of FCPA red flags.

A company should also secure, in writing, the agent's pledge to abide by the company's compliance policies, including potentially requiring annual certifications of FCPA compliance from key agents, distributors, joint venture partners, and employees. A company's FCPA compliance policy should also allow for both post-retention oversight of third parties and the maintenance of complete records and files relating to such due diligence and oversight. Contracts with agents should also include provisions that are reasonably calculated to prevent and detect FCPA violations. These provisions may, depending on the circumstances, include: 1) representations and undertakings relating to compliance with the FCPA; 2) the right to conduct audits of books and records; and 3) termination rights if there is any breach of any anticorruption law or a breach of representations and undertakings related to such matters, including the ability to disclaim and reverse any economic benefit that would otherwise be received based on the actions of the third parties. Additionally, it may be advisable to consider contract clauses establishing an agent as an independent contractor and reserving the company's right to review the third party's retaining of subcontractors. Finally, the program should call for regular compliance training, including the training of agents, distributors, consultants, and other representatives in order to assure FCPA compliance.

Conclusion

Compliance with the FCPA, particularly in the context of dealing with third-party agents, is an ongoing process, and companies should regularly engage in risk assessments of their potential exposure to address any high-risk areas involving agents.

David W. Simon is a partner with Foley & Lardner LLP, the Vice Chair of the firm's Litigation Department, and a member of the Government Enforcement, Compliance & White Collar Defense Practice. Associate Rohan Virginkar is a member of the same practice. Associate Matthew G. White is a member of the firm's Business Litigation & Dispute Resolution Practice.

International companies often engage third-party agents or consultants to help them operate more efficiently and effectively in foreign locales. There are many reasons why an agent might be necessary, including the frequent need to navigate complex foreign law requirements. However, outsourcing company activities is not without risk, as U.S. law can create liability for a company, and sometimes even its officers, for the actions of third parties taken on a company's behalf. This article examines the risks presented by the use of third parties when doing business internationally, with a focus on the potential for liability under the United States' Foreign Corrupt Practices Act (“FCPA”). It also offers suggestions for how companies may insulate themselves against FCPA liability for the actions of its agents, and how they should address issues as they arise.

FCPA Enforcement Environment

The FCPA is jointly enforced by the DOJ and the SEC. In recent years, both agencies have increased the number of investigations into, and actions filed against, both corporations and individuals who have violated FCPA provisions. In 2007, the DOJ and the SEC brought 38 enforcement actions; in 2008, 33 enforcement actions; and through November 2009, 31 actions. Moreover, in the first quarter of 2010 alone, the U.S. government brought or resolved charges against 36 companies and individuals. During this time, authorities have brought nearly 100 enforcement actions involving the conduct of intermediaries.

In addition to an increased number of investigations, the amounts of fines and penalties assessed against corporations have increased dramatically. While these amounts vary significantly, they can be substantial. In 2007, the highest fine for an FCPA violation had been assessed against BakerHughes in the amount of $44 million. That number has been dwarfed by recent fines. In December 2008, Siemens paid a fine for violations of the FCPA books and records provisions, consisting of: $450 million to the DOJ, $350 million in disgorged profits to the SEC, and $856 million to German officials, resulting in a total fine of approximately $1.6 billion. Additionally, in February 2007, Halliburton was charged with an internal controls failure to detect and prevent bribery of foreign officials. The company paid a fine of $402 million and disgorged profits in the amount of $177 million.

The trend of increased FCPA enforcement is likely to continue. In November 2009, U.S. Attorney General Eric Holder stated: “We must vigorously enforce our own laws that prohibit bribery of foreign officials, such as . . . the Foreign Corrupt Practices Act.” This sentiment has been paralleled by the SEC, whose Chairman, Mary Schapiro, has stated that “FCPA violations have been and will continue to be dealt with severely by the SEC and other law enforcement agencies. Any company that seeks to put greed ahead of the law by making illegal payments to win business should beware that we are working vigorously across borders to detect and punish such illicit conduct.” In addition to these statements, on July 21, 2010, President Obama signed into law the Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank Act”) which, among other reforms, includes provisions allowing for substantial cash rewards to whistleblowers who voluntarily provide information to the SEC that leads to the successful prosecution of securities law violations. In fact, whistleblowers who report securities violations, including violations of the FCPA, that result in monetary sanctions greater than $1 million, may receive between 10% and 30% of the government's total recovery. Thus, the Dodd-Frank Act has the potential to result in a dramatic increase in the number of enforcement actions.

FCPA Provisions Governing Agent Liability

The antibribery provisions of the FCPA apply to direct conduct by a person or entity as well as to conduct by a third party engaged on behalf of the entity. In countries where it is common, if not necessary, to use agents to do business, the use of third parties not only fails to insulate companies from liability, but the lack of direct control can often create additional possibilities for liability. As a result, it is the company that is responsible for ensuring that improper payments are not made indirectly through intermediaries, because FCPA antibribery violations can be based on the wrongful acts of agents even if the company does not have actual knowledge that an improper payment has been made to a foreign official.

Willful Blindness

Under the FCPA, knowledge is defined broadly and is present when one knows that an event is certain or likely to occur. However, failing to take note of an event, or remaining “willfully blind” about that event, can also be deemed to constitute knowledge. In this context, “willful blindness” refers to deliberate avoidance of the knowledge of a crime, and often is alleged when a company fails to make reasonable inquiries about a suspected wrongdoing, despite becoming aware that such wrongdoing is highly probable. Indeed, several FCPA enforcement actions have been based not on conduct directly engaged in by a company, but rather on conduct engaged in by third parties on behalf of a company, to which the company remained willfully blind.

Red Flags Involving Corporate Agents

While the SEC and DOJ expect all companies to have a system in place that allows them to diligently monitor all subsidiaries, employees, and any third-party agents directly or indirectly under their control, there are factual predicates that, when present, invoke a heightened expectation of diligence. These situations, commonly known as “red flags,” should put companies on notice that it is more likely that the company or its agent has engaged in an FCPA violation. It is common for the DOJ and the SEC to allege that where a red flag has been ignored, a company was attempting to remain willfully blind to an FCPA violation. Indeed the SEC and DOJ have alleged the presence of many of these red flags in their FCPA complaints and indictments. Examples of red flags involving an agent's conduct include:

• The third party is related or otherwise connected to a foreign official.
• The third party places reliance on political/government contacts as opposed to knowledgeable staff and investment of time to promote company interests.
• The third party is unwilling to agree in writing to abide by the FCPA and other relevant laws and company policies.
• The third party is unwilling to agree in writing to subject its books and records to audit by the company.
• The third party wants to keep the representation secret.
• The third party wishes to use anonymous subcontractors.
• The third party wants payment through convoluted or suspicious means.
• The third party includes improper or unexplained “fees” on its invoices.
• The third party refuses to provide a line-item invoice.
• The third party has a poor reputation, or there are rumors of prior improper payments or other unethical business practices by the party.
• The third party is listed in databases cataloging known corruption risks like the World Bank List of Debarred Firms.
• The third party has been investigated for, charged with, or convicted of, corruption allegations.

Responding to Red Flags

The decision of how to appropriately respond to a red flag is difficult and governed by the circumstances of each particular case. A company must tailor its remedial actions to the specific allegations of misconduct it is faced with in each situation. Specifically, when evaluating its response to a red flag, a company must keep several factors in mind. First, a company must determine what “red flags” it is facing. The foregoing delineated several red flags a company should be aware of when operating through an agent in a foreign country. This was of course not an extensive list of red flags, and a company should be vigilant in identifying all circumstances that might lead to the company's reasonable conclusion that the FCPA is being violated. Second, once the red flags are identified, a company must evaluate the seriousness of the red flags.

There are some red flags, such as a refusal to certify FCPA compliance, that should put a company on immediate alert, and therefore require swift remedial conduct. However, there are also other red flags, such as an agent's desire to keep its employment secret, that are more subtle, and require additional investigation prior to remedial action. A company must therefore always consider the seriousness of any red flags before evaluating its remedial options. Finally, a company must consider any countervailing factors suggesting the legitimacy of an agent's conduct. For example, when a red flag such as unexplained or ambiguous fees is present, there always exists the possibility that after explanation, the fees were legitimate expenditures. Fully investigating any red flags that are found, and responding in a manner proportionate to the seriousness of the offense, including terminating an agent when appropriate, is always a best practice, and may even factor into the government's evaluation of whether to bring an enforcement action and its consideration of potential penalties.

Importance of FCPA Compliance Programs

Preventing an agent's improper activities is not something a company can always control. What can be controlled, however, is the efficacy of the company's FCPA compliance program. Indeed, the effectiveness of a company's FCPA compliance program is a factor considered by the government in assessing sanctions for FCPA violations. The Federal Sentencing Guidelines detail what the Sentencing Commission perceives as constituting an effective compliance and ethics program. These are useful guidelines for a company to use in developing its own compliance program. An effective FCPA compliance program must contain a detailed corporate policy prohibiting violations of the FCPA and local or other applicable anti-corruption laws. It also should reflect the implementation of standards and procedures designed to detect and deter compliance violations, likely through a formalized code of compliance. Overall, such a program should promote an organizational culture that encourages ethical conduct and a commitment to compliance. Generally, an effective FCPA compliance program should include standards and procedures that address the following areas:

• Transactions where “things of value” are given or promised, directly or indirectly, to “foreign officials”;
• Facilitating “grease” payments involving foreign officials;
• Promotional or marketing expenses involving foreign officials, including policies addressing expenditures for gifts, meals, travel, and entertainment;
• Political contributions to foreign candidates, parties, or other political activity;
• Donations, scholarships, internships, sponsorships, or other charitable contributions;
• Transactions indirectly involving foreign officials through third parties and intermediaries,
  including pre-transactional due diligence, representations, warranties, contractual clauses, and defined “red flags”;
• Investments in international joint ventures, international mergers/acquisitions, or other international investments;
• Requests for “split” or “offshore” payments; and
• A system of financial and
  accounting procedures, including a system of internal accounting controls, designed to ensure the maintenance of fair and accurate books, records, and accounts.

In addition, an effective corporate compliance policy should require officer, director, employee and as well as agent training and certification of FCPA compliance. There should also be at least one senior corporate official within the organization with day-to-day responsibility for the implementation and oversight of FCPA policies, standards and procedures. The program should also include an effective system for reporting violations, policies that allow an effective response to possible violations, and appropriate disciplinary procedures.

In situations involving third-party consultants, corporate compliance programs should include additional provisions. Specifically, the compliance program should include appropriate pre-retention due diligence, designed to: 1) attempt to weed out agents who are likely to make bribes (or to be otherwise unsuitable for the job contemplated); 2) document the basis for hiring decisions; and 3) in the event of a violation, establish that the company adequately vetted the agent to forestall any claims of willful blindness. Due diligence may be conducted through a variety of mechanisms including the establishment of an independent committee to review contracts retaining agents and consultants and the use of an FCPA questionnaire designed to trigger disclosure of FCPA red flags.

A company should also secure, in writing, the agent's pledge to abide by the company's compliance policies, including potentially requiring annual certifications of FCPA compliance from key agents, distributors, joint venture partners, and employees. A company's FCPA compliance policy should also allow for both post-retention oversight of third parties and the maintenance of complete records and files relating to such due diligence and oversight. Contracts with agents should also include provisions that are reasonably calculated to prevent and detect FCPA violations. These provisions may, depending on the circumstances, include: 1) representations and undertakings relating to compliance with the FCPA; 2) the right to conduct audits of books and records; and 3) termination rights if there is any breach of any anticorruption law or a breach of representations and undertakings related to such matters, including the ability to disclaim and reverse any economic benefit that would otherwise be received based on the actions of the third parties. Additionally, it may be advisable to consider contract clauses establishing an agent as an independent contractor and reserving the company's right to review the third party's retaining of subcontractors. Finally, the program should call for regular compliance training, including the training of agents, distributors, consultants, and other representatives in order to assure FCPA compliance.

Conclusion

Compliance with the FCPA, particularly in the context of dealing with third-party agents, is an ongoing process, and companies should regularly engage in risk assessments of their potential exposure to address any high-risk areas involving agents.

David W. Simon is a partner with Foley & Lardner LLP, the Vice Chair of the firm's Litigation Department, and a member of the Government Enforcement, Compliance & White Collar Defense Practice. Associate Rohan Virginkar is a member of the same practice. Associate Matthew G. White is a member of the firm's Business Litigation & Dispute Resolution Practice.