A dramatic surge in enforcement actions under the Foreign Corrupt Practices Act ("FCPA") over the last two years has highlighted a number of enforcement issues that warrant policy review. With a transition of enforcement responsibility having just occurred at both the Justice Department and the Securities and Exchange Commission, a fresh look at how this 28-year old law is administered and enforced is timely.
The FCPA, which broadly prohibits U.S. companies from bribing or conferring other economic benefits on foreign government officials, generated relatively few cases during its first 15 years. In 2004, by contrast, enforcement agencies brought the largest number of enforcement actions ever, including record level fines and an unprecedented variety of additional criminal and civil sanctions. Propelled by mandatory disclosure obligations under the Sarbanes-Oxley legislation, high-profile enforcement actions have given this law unprecedented prominence, and created new levels of private sector anxiety.
With this wave of investigations, indictments, subpoenas, and new penalties, deficiencies in prior enforcement policies and innovative new practices should receive careful review. With a host of new international anti-bribery conventions in place, the first objective of U.S. enforcement policy should now be maximizing compliance by companies subject to the FCPA, not stretching the jurisdictional limits of the law, inventing new sanctions, or maximizing penalties imposed.
With these goals in mind, several traditional and several new enforcement practices should be re-visited and re-evaluated.
1. Administrative Guidance
Historically, the Department of Justice has declined to issue regulations or to provide administrative guidance to clarify ambiguous provisions of the FCPA. Indeed, the Department declined an express invitation from Congress in the Act's 1988 amendments to issue "general guidelines describing examples of activities that would or would not conform with the Justice Department's enforcement policy regarding FCPA violations."
As a result, many provisions of the FCPA remain undefined and ambiguous. Limited case law, skimpy Justice Department opinions, and divergent Justice Department and private sector views have left in doubt the proper definition of such basic concepts as government ownership or control, reasonable business promotional expenses, corrupt intent, impermissible political contributions, and facilitating payments. Reasonable guidelines, published following a notice and comment process, could provide helpful guidance. Examples could include acknowledging that a ten percent government interest in a corporation does not automatically make the company a government "instrumentality," that an "effect" on U.S. commerce is not sufficient to bring a matter within the territorial jurisdiction of the United States; and that certain customary business promotional expenditures are not prohibited by the FCPA.
2. Improved Justice Department Opinions
Justice Department interpretive guidance now comes through formal FCPA opinions on "whether certain specified, prospective - not hypothetical - conduct conforms with the Department's present enforcement policy regarding the [FCPA's] anti-bribery provisions." A chronic Justice Department lament has been that fewer than two companies a year, on average, have availed themselves of this procedure even though a favorable opinion creates a "rebuttable presumption" that the requestor's conduct is in compliance with the FCPA.
The process is hampered by the perception that Justice Department interpretations of the statute are often so conservative as to render the process of little practical use. And although the Department is mindful of external deadlines, the opinion process can extend well beyond the promised 30-day turnaround limit. A more fundamental defect in the opinions, however, is that they are typically devoid of legal reasoning, so their value in providing public guidance is limited, even though Justice Department opinions, in the absence of significant case law, comprise a substantial portion of FCPA "jurisprudence."
Justice could significantly improve the opinion process by articulating its reasoning, withdrawing or modifying opinions it no longer views as sound, and providing binding public guidance of the type given in IRS Revenue Rulings.
3. Predictable Credit For Responsible Corporate Behavior
The recent insistence by enforcement officials that companies should immediately disclose both actual and possible violations raises the question of how companies that do disclose will be treated. Although enforcement officials are categorical that voluntary disclosure and cooperation will be rewarded, many in the private sector remain skeptical that the benefits of voluntary disclosure are certain or predictable.
The Justice Department's "Thompson Memorandum" sets forth principles for determining whether to charge a corporation criminally; however, its standards remain somewhat opaque and leave prosecutors with broad discretion. In addition, although a recent 21(a) report by the SEC identifies four mitigating factors, practitioners note wide discrepancies in the treatment of different companies that have reported FCPA violations.
The recurring question is what type of corporate behavior earns, or should earn, credit from the government. With Sarbanes-Oxley effectively mandating disclosure in certain circumstances, enforcement officials emphasize the importance of prompt voluntary disclosure and cooperation, both of which also assist government enforcement efforts.
Unless mandated by law, voluntary disclosure should be an option for companies, not a litmus test of a company's good faith. So, too, should waiver of attorney-client privilege. Arguably far more important than either are whether the company previously had in place a strong compliance program, whether the company's own program led to the detection of a violation, and whether the company promptly took effective remedial and disciplinary actions. The policies underlying the FCPA are advanced when companies, not just government agencies, deal strongly with violations.
At a time when enforcement obligations are increasingly being shifted from enforcement agencies to companies themselves, compliance systems that detect and punish misconduct are achieving their intended purposes. A company that uncovers wrongdoing by one or more employees or agents and responds immediately with strong corrective and disciplinary action is doing what enforcement officials would otherwise do. That behavior, along with compliance program enhancements tailored to address any program weaknesses, should earn a company considerably more credit in mitigation than should voluntary disclosure. In certain situations, voluntary disclosure may appropriately lead to criminal sanctions against wrongdoers, but the fact that a company has effectively exercised enforcement responsibilities should weigh heavily in considerations of whether the company - and its shareholders - should be additionally punished and, in particular, whether the company should face criminal charges.
4. Independent Compliance Monitors
In five of the last six enforcement actions, the sanctions or settlement terms included a requirement that the company involved retain an independent compliance expert or monitor for a period of 90 days to three years. Enforcement officials have signaled that such compliance monitors may become routine elements of future dispositions.
As the use of FCPA compliance consultants and monitors is as yet in its infancy, it is perhaps premature to do more than to identify some of the questions that such new monitors will present. The questions, however, are many.
Conceptually, to what extent are "independent" compliance consultants or monitors truly independent, as contrasted with either a purely private advisor or a deputized enforcement official? (Could incorrect information provided by a company to a monitor ever be treated as a criminal "false statement" as the SEC recently characterized statements to an independent investigator?) Can, or should, monitors serve as neutral intermediaries between a company and the government with respect to the obligations the company has assumed? The initial monitor appointments provide that the company is ultimately obliged to implement the recommendations of the monitor. What if the company refuses? Conversely, if a monitor insists on actions the company considers disproportionately costly, may the company appeal to the government?
The arrangement also raises competing considerations with respect to attorney-client privilege, which, thus far, companies have been prohibited from invoking with respect to information the monitor chooses to share with the government. On the one hand, the government's interest is for the monitor to become intimately familiar with the operations and the compliance program of the company; at the same time, a company must consider what implications waiving the privilege might have in any future third-party litigation. Thus a broad mandatory waiver requirement could impede a full and uninhibited information flow to the monitor and thereby limit the benefit that he or she can provide to the company.
In addition, there are practical questions about how the costs of monitors, which are borne by the company, can appropriately be managed. While appointed monitors can be expected to exercise restraint, judgment, and good faith, companies and enforcement agencies may well have different views on issues of staffing and costs of compliance monitors. How and between whom should issues of cost be managed? Can a company, for example, question the scope of a monitor's document requests or monitoring plans without risk of being seen as uncooperative? It is already clear that in some cases, the cost of a monitor may comfortably exceed the costs of the fine imposed.
Finally, there is the question of whether a monitor is appropriate in all cases. Monitors have been imposed in some cases in which a company has had no effective compliance program or where violations were egregious or intentional. One can imagine situations in which the term or mandate of a monitor might need to be lengthened or expanded.
By contrast, what of a case in which a company had in place an effective program that led to the discovery of the violation? Or suppose a company, or its Audit Committee, has already responded to the violation by retaining expert FCPA counsel, taking remedial actions, and putting in place compliance enhancements? In such a case, a monitor might add only marginal value and, given the cost, disserve rather than advance shareholder interests. Where a violation is already under scrutiny by an active Audit Committee, new retained expert counsel, and government enforcement agencies, does a fourth layer of oversight always make policy sense?
With the acceleration of FCPA enforcement in the U.S., an anticipated up-tick in the enforcement of similar laws abroad, and dramatically heightened attention to the FCPA by foreign and domestic companies, U.S. enforcement policies and practices are more important than ever. A careful re-assessment of critical issues by enforcement officials and the bar is timely, and could have the effect of advancing the policies that underlie the FCPA.
Published June 1, 2005.