The FCPA and Insurance Coverage

In the wake of Watergate and bribery scandals that rocked the country in the 1970s, Congress enacted the FCPA in 1977. The law contains two parts: It prohibits bribing a foreign official for the purpose of “obtaining or retaining
business,” and it requires that public companies file proper financial statements and maintain a system of internal controls. Until recently, the U.S. Department of Justice (DOJ) and U.S. Securities and Exchange Commission (SEC), as the FCPA's main enforcers, only prosecuted a handful of cases every year. In 2010, however, the SEC created a specialized unit to further enhance enforcement of the FCPA, and brought 15 cases that year, followed by another 15 in 2011. See U.S. Securities and Exchange Commission, SEC Enforcement Actions: FCPA Cases (modified May 8, 2012), www.sec.gov/spotlight/fcpa/fcpa-cases.shtml.

The DOJ similarly increased its enforcement efforts, bringing 33 FCPA-related enforcement actions in 2010, and 12 in 2011. See The United States Department of Justice, FCPA and Related Enforcement Actions, www.justice.gov/criminal/fraud/fcpa/cases/2011.

Penalties for FCPA violations can be steep. Companies may be fined up to $25 million, and individuals fined up to $5 million and sentenced to up to 20 years in prison. See Omega Advisor, Inc. v. Federal Insurance Company, 2010 WL 4941457 (USDC, D. New Jersey 2010). There is no private right of action under the FCPA. However, shareholders, employees, corporations, and even foreign sovereigns have brought related civil actions against U.S. companies, including shareholder derivative suits, securities class action suits, ERISA suits, commercial and employment cases, bankruptcy and foreign suits.

With the many different types of civil actions available to eager plaintiffs, even if allegations are false, FCPA-related claims may rack up staggering defense fees. Thus, it is important for officers and directors to understand the risks of FCPA investigations and related civil suits, and know the best strategies to mitigate those risks.

There are five strategies every director and executive should know about insurance and other risk-transfer instruments to protect their companies before, during, and after an FCPA investigation or related lawsuit. Ultimately, protection lies in the right business and insurance approach, and these five strategies can help lead executives in in the best ways to mitigate the financial consequences of the risks of FCPA investigations and related lawsuits.

Strategy 1: Evaluate Your Insurance Coverage Before a Claim Arises

It is paramount to take steps to protect the company and its directors and officers before a claim arises. A good first step is to analyze current insurance policies, indemnities, and other risk transfer tools to evaluate the extent of protection a company has for FCPA-related claims. This analysis should identify the extent to which the company and its directors and executives will be protected under current insurance policies prior to a problem actually occurring.

In reviewing a company's insurance coverage, it is important to look at both the amount and types of policies that the company has. One type of insurance that most companies have is Directors and Officers Liability Insurance (D&O). Because a policy's terms and conditions may vary considerably, whether there exists coverage for certain aspects of potential FCPA violations in any D&O policy will depend on the actual language in the policy and the specific facts and circumstances alleged to have given rise to the FCPA violation.

Some important things to look for are whether the policy covers investigation costs, defense costs, and the types of claims covered. Most D&O policies contain language that may cover certain FCPA claims. Often, coverage is limited to individuals, and coverage may be limited by exclusions in the policy and the definitions of “claim” and “loss.” D&O policies generally cover individual directors and officers, but many policies also provide “entity coverage” for defense and indemnity costs incurred by the company. D&O policies sometimes only cover claims arising from or related to securities claims. The latter may be defined in D&O policies to exclude payment for an FCPA violation. Even where FCPA violations are covered, which can be the case for individuals even if the policy excludes coverage for the company, coverage may be reserved strictly for defense costs.

Upon conducting a pre-claim insurance audit, a company may become concerned that its current coverage is inadequate to cover FCPA-related claims. Some companies have purchased specialty insurance policies that expressly cover FCPA-related claims and liabilities. For example, there are two new FCPA-related insurance products now on the market. The first product is for a company (not directors and officers) and is intended to cover costs arising from SEC investigations, including those related to internal investigations. Coverage often is limited to the costs of defending against or responding to an investigation, and this policy may not cover fines, penalties, or other amounts that may be awarded or have to be paid in settlement.

The second product generally covers the costs of investigation for both the individual and the company. This policy can be triggered by anti-corruption investigations launched under the FCPA, as well as those initiated pursuant to the UK Bribery Act and other foreign regulations to the extent that they are consistent with the FCPA's anti-bribery provisions. In addition, this policy provides policyholders with access to diagnostic and assessment services provided through a panel of consultants fluent in FCPA investigations and related issues.

A pre-claim insurance review allows a company to make an effective business judgment regarding whether its current coverage is sufficient and, if it is not, whether purchasing additional coverage is cost-effective and desirable. As a result, companies can conduct their international business with their eyes open regarding the extent of their financial risk for potential FCPA-related claims.

Strategy 2: Focus on Early Decisions to Maximize Insurance Recoveries

It is a bedrock principle of insurance that a policyholder's early acts after a claim arises can affect its ability to recover, and the amount it can recover, from its insurers. Companies thus should make certain that they have the right procedures in place to ensure insurance recoveries for FCPA-related claims.

First and foremost, after an FCPA-related problem arises, it is important for the company and any potentially liable individuals to give immediate notice to all relevant insurers. Many policies require the policyholder to provide notice immediately when an insured becomes aware of “facts which may subsequently result in a loss of a type of covered by” the policies “even though ' the amount or detail of loss may not then by known.” See 15 U.S.C.A. ' 78ff.

Although many states do not allow insurers to escape their coverage obligations because of late notice (at least absent a showing of prejudice), insureds easily may avoid any fight over the timeliness of notice by providing all potentially implicated insurers with prompt and effective notice. Providing timely notice is particularly significant in the minority of states where late notice is a bar to coverage even absent prejudice. Companies should notice all potentially implicated insurers, even those where there is only a relatively remote likelihood of coverage.

Other early decisions also can affect how the insurer-insured relationship is established at the start of a claim and can be important in determining the rights and duties of the policyholder. In particular, coordination among the insured, their counsel and the insurers may be important to securing coverage for an alleged FCPA violation. Many insurance policies require the insurer to defend the insured, which sometimes can mean that the insurer may take over all aspects of the defense of a claim. Most policies also impose obligations on policyholders to cooperate with the insurer in the underlying claim defense and to obtain the insurer's consent to any settlement.

However, even where insurers have cooperation or consent rights under the policy, the insurer's exercise of those rights must be balanced against the policyholder's best interests in defending claims.

Strategy 3: Carefully Coordinate Defense and Insurance Coverage

In the event of an FCPA-related claim, companies and any implicated individuals should closely coordinate their defense, business, and insurance strategies. It is crucial that companies act strategically from the start so that what they say and do in light of an FCPA investigation will not negatively affect future insurance claims, and vice versa.

For instance, in conducting a company's or individual's defense, counsel should be aware of potentially applicable insurance issues so that they can avoid statements or characterizations that are innocuous in the claim defense but could trigger exclusions or create other hurdles to an insurance recovery. Similarly, insurance counsel must understand defense issues to avoid statements that could create obstacles to the underlying claim defense.

Companies therefore may wish to arrange regular conference calls among counsel handling different aspect of a company's FCPA-related response. Defense and insurance counsel should consider exchanging key pleadings and discovery responses to avoid unnecessary characterizations or admissions that might adversely affect aspects of a company's overall strategy. And, if conflicts arise between what is best for the defense of a claim and for maximizing insurance recoveries, a company should be advised so that it can exercise business judgment to resolve the conflicts, rather than simply leaving it to chance if it fails to identify the conflict.

Strategy 4: Trust But Verify

Insurers may have helpful experience, but their interests may diverge from their policyholders' interests. At their very core, many insurers are claim-handling experts and may be able to help companies navigate the complexities of dealing with a potential FCPA violation. While a company may be a novice at dealing with such situations, insurers often have experience in FCPA-related claims made against other of its policyholders. As a result, insurers often have addressed many of the same issues that a company faces, and thus the insurer may have insightful knowledge and experience that can help companies handle the issue in the most cost-effective manner. The insured should take advantage of that experience.

However, companies also should be cautious where there are potential tensions between the interests of the insurer and the policyholder, such as where an insurer reserves its right to raise coverage defenses. Accordingly, where high-stakes
FCPA-related claims are at issue, defendants should not always rely solely on the advice of their insurers or insurer-appointed counsel. Sometimes it is crucial to receive advice from outside expert counsel where an insurer's interest is not entirely aligned with its policyholder. Even where an insurer has a right and duty to defend, policyholders often have the right to protect their own interests, including in many instances by having independent defense counsel paid for by the insurers.

Strategy 5: Strategically Address Insurers' Defenses to Coverage

In D&O coverage disputes, insurers often argue that coverage for the company's or individual's liability is limited by policy exclusions or other coverage-limiting policy terms. Often, in FCPA-related contexts, insurers assert intent-based exclusions as defenses to coverage such as exclusion for fraud, personal profit or knowing violations of a law. Furthermore, insurers sometimes deny coverage by pointing to definitions of “loss” that specifically exclude “fines and penalties.” And when it comes time for asking for coverage, some insurers might raise multiple defenses and exclusions, such as those for dishonest or criminal acts, failure to give proper notice, or that the FCPA allegations were known to the company at the time it applied for coverage and failed to include those allegations on the application.

Companies should understand that insurers commonly raise defenses to coverage and policyholders sometimes need to resolve such disputes by negotiation or, in some instances, litigation. Policyholders, though, should not be daunted. Often, policyholders will have strong counter-arguments to any that insurers might make. In fact, many of the issues that insurers commonly raise in the FCPA context already have been adjudicated in favor of policyholder positions, although frequently those adjudications are in contexts other than FCPA-related claims.

For instance, although insurers may assert that a company's directors or officers acted with ill intent, triggering fraud or similar exclusion, many D&O policies do not allow insurers to escape liability until and unless that intent has been established by a final adjudication in an underlying case. For example, in National Union Fire Insurance Co. v. Continental Illinois Corp., 666 F. Supp. 1180, 1197-99 (N. D. Ill. 1987), the court held that an insurer was precluded from litigating the issue of dishonesty in a separate declaratory judgment action while the underlying action was pending. Until intent is finally adjudicated, the insurer often must defend for any defense costs. And, if a policyholder settles without admitting the intent to trigger the exclusion, insurers have been held liable to pay for the settlement even in the favor of intent-based allegations.

Because policyholders often have strong counter-arguments to insurers' efforts to avoid coverage, policyholders should not concede coverage without carefully examining the insurers' alleged defenses.

Conclusion

By knowing how to handle an FCPA investigation or lateral private suit before the issue arises, companies can avoid the devastating effects of FCPA claims. By implementing the five strategies discussed in this article, officers and directors can mitigate the potentially crippling monetary effects of FCPA-related claims.

Jonathan M. Cohen, a member of this newsletter's Board of Editors, is a partner at Gilbert LLP, and Katrina F. Johnson is an associate with the firm. They may be reached at [email protected] and [email protected] respectively. The
views expressed in this article are solely those of the authors and do not necessarily reflect the views of Gilbert LLP or any of its clients.

In an era of high-profile Wall Street prosecutions and shareholder derivative suits, the phrase “Foreign Corruption Practices Act” (FCPA) surely should have corporate officers and executives deeply concerned and vigilant. Not so, according to a new survey in which 80% of public company executives and their directors said that it was unlikely they would be sued this year. See Chubb Public Company Risk Survey, (June 18, 2012), www.chubb.com/corporate/chubb15576.html.

This lack of concern is despite the fact that 25% of those same surveyed companies have already been sued, and that 2011 brought a record number of settlements for FCPA violations as well as a record number of enforcement actions against non-U.S. individuals charged in the U.S. See Shearman & Sterling LLP, FCPA Digest of Cases and Review Releases Relating to Bribes to Foreign Officials under the Foreign Corrupt Practices Act (Jan. 3, 2012), http://shearman.symplicity.com/files/68c/68cf1e693fcaa178acbd6d852a86b084.pdf. And, it is despite the fact that costs related to FCPA enforcement can be enormous ' both in fines and penalties, investigation expenses, and in related civil suits. With the growing use of the FCPA in prosecutions and civil suits, companies should take steps to protect themselves and their directors and officers from FCPA-related risks using insurance and other risk-transfer tools. This article describes five strategies to help protect companies against the financial consequences of FCPA-related claims.

The FCPA and FCPA-Related Claims

In the wake of Watergate and bribery scandals that rocked the country in the 1970s, Congress enacted the FCPA in 1977. The law contains two parts: It prohibits bribing a foreign official for the purpose of “obtaining or retaining
business,” and it requires that public companies file proper financial statements and maintain a system of internal controls. Until recently, the U.S. Department of Justice (DOJ) and U.S. Securities and Exchange Commission (SEC), as the FCPA's main enforcers, only prosecuted a handful of cases every year. In 2010, however, the SEC created a specialized unit to further enhance enforcement of the FCPA, and brought 15 cases that year, followed by another 15 in 2011. See U.S. Securities and Exchange Commission, SEC Enforcement Actions: FCPA Cases (modified May 8, 2012), www.sec.gov/spotlight/fcpa/fcpa-cases.shtml.

The DOJ similarly increased its enforcement efforts, bringing 33 FCPA-related enforcement actions in 2010, and 12 in 2011. See The United States Department of Justice, FCPA and Related Enforcement Actions, www.justice.gov/criminal/fraud/fcpa/cases/2011.

Penalties for FCPA violations can be steep. Companies may be fined up to $25 million, and individuals fined up to $5 million and sentenced to up to 20 years in prison. See Omega Advisor, Inc. v. Federal Insurance Company, 2010 WL 4941457 (USDC, D. New Jersey 2010). There is no private right of action under the FCPA. However, shareholders, employees, corporations, and even foreign sovereigns have brought related civil actions against U.S. companies, including shareholder derivative suits, securities class action suits, ERISA suits, commercial and employment cases, bankruptcy and foreign suits.

With the many different types of civil actions available to eager plaintiffs, even if allegations are false, FCPA-related claims may rack up staggering defense fees. Thus, it is important for officers and directors to understand the risks of FCPA investigations and related civil suits, and know the best strategies to mitigate those risks.

There are five strategies every director and executive should know about insurance and other risk-transfer instruments to protect their companies before, during, and after an FCPA investigation or related lawsuit. Ultimately, protection lies in the right business and insurance approach, and these five strategies can help lead executives in in the best ways to mitigate the financial consequences of the risks of FCPA investigations and related lawsuits.

Strategy 1: Evaluate Your Insurance Coverage Before a Claim Arises

It is paramount to take steps to protect the company and its directors and officers before a claim arises. A good first step is to analyze current insurance policies, indemnities, and other risk transfer tools to evaluate the extent of protection a company has for FCPA-related claims. This analysis should identify the extent to which the company and its directors and executives will be protected under current insurance policies prior to a problem actually occurring.

In reviewing a company's insurance coverage, it is important to look at both the amount and types of policies that the company has. One type of insurance that most companies have is Directors and Officers Liability Insurance (D&O). Because a policy's terms and conditions may vary considerably, whether there exists coverage for certain aspects of potential FCPA violations in any D&O policy will depend on the actual language in the policy and the specific facts and circumstances alleged to have given rise to the FCPA violation.

Some important things to look for are whether the policy covers investigation costs, defense costs, and the types of claims covered. Most D&O policies contain language that may cover certain FCPA claims. Often, coverage is limited to individuals, and coverage may be limited by exclusions in the policy and the definitions of “claim” and “loss.” D&O policies generally cover individual directors and officers, but many policies also provide “entity coverage” for defense and indemnity costs incurred by the company. D&O policies sometimes only cover claims arising from or related to securities claims. The latter may be defined in D&O policies to exclude payment for an FCPA violation. Even where FCPA violations are covered, which can be the case for individuals even if the policy excludes coverage for the company, coverage may be reserved strictly for defense costs.

Upon conducting a pre-claim insurance audit, a company may become concerned that its current coverage is inadequate to cover FCPA-related claims. Some companies have purchased specialty insurance policies that expressly cover FCPA-related claims and liabilities. For example, there are two new FCPA-related insurance products now on the market. The first product is for a company (not directors and officers) and is intended to cover costs arising from SEC investigations, including those related to internal investigations. Coverage often is limited to the costs of defending against or responding to an investigation, and this policy may not cover fines, penalties, or other amounts that may be awarded or have to be paid in settlement.

The second product generally covers the costs of investigation for both the individual and the company. This policy can be triggered by anti-corruption investigations launched under the FCPA, as well as those initiated pursuant to the UK Bribery Act and other foreign regulations to the extent that they are consistent with the FCPA's anti-bribery provisions. In addition, this policy provides policyholders with access to diagnostic and assessment services provided through a panel of consultants fluent in FCPA investigations and related issues.

A pre-claim insurance review allows a company to make an effective business judgment regarding whether its current coverage is sufficient and, if it is not, whether purchasing additional coverage is cost-effective and desirable. As a result, companies can conduct their international business with their eyes open regarding the extent of their financial risk for potential FCPA-related claims.

Strategy 2: Focus on Early Decisions to Maximize Insurance Recoveries

It is a bedrock principle of insurance that a policyholder's early acts after a claim arises can affect its ability to recover, and the amount it can recover, from its insurers. Companies thus should make certain that they have the right procedures in place to ensure insurance recoveries for FCPA-related claims.

First and foremost, after an FCPA-related problem arises, it is important for the company and any potentially liable individuals to give immediate notice to all relevant insurers. Many policies require the policyholder to provide notice immediately when an insured becomes aware of “facts which may subsequently result in a loss of a type of covered by” the policies “even though ' the amount or detail of loss may not then by known.” See 15 U.S.C.A. ' 78ff.

Although many states do not allow insurers to escape their coverage obligations because of late notice (at least absent a showing of prejudice), insureds easily may avoid any fight over the timeliness of notice by providing all potentially implicated insurers with prompt and effective notice. Providing timely notice is particularly significant in the minority of states where late notice is a bar to coverage even absent prejudice. Companies should notice all potentially implicated insurers, even those where there is only a relatively remote likelihood of coverage.

Other early decisions also can affect how the insurer-insured relationship is established at the start of a claim and can be important in determining the rights and duties of the policyholder. In particular, coordination among the insured, their counsel and the insurers may be important to securing coverage for an alleged FCPA violation. Many insurance policies require the insurer to defend the insured, which sometimes can mean that the insurer may take over all aspects of the defense of a claim. Most policies also impose obligations on policyholders to cooperate with the insurer in the underlying claim defense and to obtain the insurer's consent to any settlement.

However, even where insurers have cooperation or consent rights under the policy, the insurer's exercise of those rights must be balanced against the policyholder's best interests in defending claims.

Strategy 3: Carefully Coordinate Defense and Insurance Coverage

In the event of an FCPA-related claim, companies and any implicated individuals should closely coordinate their defense, business, and insurance strategies. It is crucial that companies act strategically from the start so that what they say and do in light of an FCPA investigation will not negatively affect future insurance claims, and vice versa.

For instance, in conducting a company's or individual's defense, counsel should be aware of potentially applicable insurance issues so that they can avoid statements or characterizations that are innocuous in the claim defense but could trigger exclusions or create other hurdles to an insurance recovery. Similarly, insurance counsel must understand defense issues to avoid statements that could create obstacles to the underlying claim defense.

Companies therefore may wish to arrange regular conference calls among counsel handling different aspect of a company's FCPA-related response. Defense and insurance counsel should consider exchanging key pleadings and discovery responses to avoid unnecessary characterizations or admissions that might adversely affect aspects of a company's overall strategy. And, if conflicts arise between what is best for the defense of a claim and for maximizing insurance recoveries, a company should be advised so that it can exercise business judgment to resolve the conflicts, rather than simply leaving it to chance if it fails to identify the conflict.

Strategy 4: Trust But Verify

Insurers may have helpful experience, but their interests may diverge from their policyholders' interests. At their very core, many insurers are claim-handling experts and may be able to help companies navigate the complexities of dealing with a potential FCPA violation. While a company may be a novice at dealing with such situations, insurers often have experience in FCPA-related claims made against other of its policyholders. As a result, insurers often have addressed many of the same issues that a company faces, and thus the insurer may have insightful knowledge and experience that can help companies handle the issue in the most cost-effective manner. The insured should take advantage of that experience.

However, companies also should be cautious where there are potential tensions between the interests of the insurer and the policyholder, such as where an insurer reserves its right to raise coverage defenses. Accordingly, where high-stakes
FCPA-related claims are at issue, defendants should not always rely solely on the advice of their insurers or insurer-appointed counsel. Sometimes it is crucial to receive advice from outside expert counsel where an insurer's interest is not entirely aligned with its policyholder. Even where an insurer has a right and duty to defend, policyholders often have the right to protect their own interests, including in many instances by having independent defense counsel paid for by the insurers.

Strategy 5: Strategically Address Insurers' Defenses to Coverage

In D&O coverage disputes, insurers often argue that coverage for the company's or individual's liability is limited by policy exclusions or other coverage-limiting policy terms. Often, in FCPA-related contexts, insurers assert intent-based exclusions as defenses to coverage such as exclusion for fraud, personal profit or knowing violations of a law. Furthermore, insurers sometimes deny coverage by pointing to definitions of “loss” that specifically exclude “fines and penalties.” And when it comes time for asking for coverage, some insurers might raise multiple defenses and exclusions, such as those for dishonest or criminal acts, failure to give proper notice, or that the FCPA allegations were known to the company at the time it applied for coverage and failed to include those allegations on the application.

Companies should understand that insurers commonly raise defenses to coverage and policyholders sometimes need to resolve such disputes by negotiation or, in some instances, litigation. Policyholders, though, should not be daunted. Often, policyholders will have strong counter-arguments to any that insurers might make. In fact, many of the issues that insurers commonly raise in the FCPA context already have been adjudicated in favor of policyholder positions, although frequently those adjudications are in contexts other than FCPA-related claims.

For instance, although insurers may assert that a company's directors or officers acted with ill intent, triggering fraud or similar exclusion, many D&O policies do not allow insurers to escape liability until and unless that intent has been established by a final adjudication in an underlying case. For example, in National Union Fire Insurance Co. v. Continental Illinois Corp. , 666 F. Supp. 1180, 1197-99 (N. D. Ill. 1987), the court held that an insurer was precluded from litigating the issue of dishonesty in a separate declaratory judgment action while the underlying action was pending. Until intent is finally adjudicated, the insurer often must defend for any defense costs. And, if a policyholder settles without admitting the intent to trigger the exclusion, insurers have been held liable to pay for the settlement even in the favor of intent-based allegations.

Because policyholders often have strong counter-arguments to insurers' efforts to avoid coverage, policyholders should not concede coverage without carefully examining the insurers' alleged defenses.

Conclusion

By knowing how to handle an FCPA investigation or lateral private suit before the issue arises, companies can avoid the devastating effects of FCPA claims. By implementing the five strategies discussed in this article, officers and directors can mitigate the potentially crippling monetary effects of FCPA-related claims.

Jonathan M. Cohen, a member of this newsletter's Board of Editors, is a partner at Gilbert LLP, and Katrina F. Johnson is an associate with the firm. They may be reached at [email protected] and [email protected] respectively. The
views expressed in this article are solely those of the authors and do not necessarily reflect the views of Gilbert LLP or any of its clients.