For the first time since its original publication in November 2012, on July 3, 2020, the U.S. Department of Justice (“DOJ”) Criminal Division and the U.S. Securities and Exchange Commission (“SEC”) published substantive updates to its Foreign Corrupt Practices Act (“FCPA”) guide in A Resource Guide to the U.S. Foreign Corrupt Practices Act, Second Edition (the “Revised Guide”). The Revised Guide solidifies many recent developments over the years that have already been issued as stand-alone policies such as: DOJ’s FCPA Corporate Enforcement Policy; DOJ’s guidance regarding selecting and using monitors; and DOJ’s Policy on Coordination of Corporate Resolution Penalties (i.e., the anti-piling on policy). Although most of the updates in the Revised Guide were both expected and welcomed by practitioners in the field, some of the updates were particularly noteworthy. For example, DOJ’s approach to updating its guidance on FCPA jurisdiction post-Hoskins, its renewed focus on the FCPA’s accounting and internal controls provisions, and DOJ’s push to update its compliance program guidance all suggest that DOJ is keen on continuing to expand the frequency and outer-bounds of its FCPA enforcement efforts. And, in light of DOJ Acting Criminal Division Chief Brian Rabbitt’s recent remarks that DOJ intends to move forward with a number of key FCPA prosecutions and resolutions in 2020 despite the pandemic, the Revised Guide serves as a useful reminder that companies and executives alike should heed DOJ’s signal and continue to proactively work with experienced counsel to assess and mitigate their FCPA exposure.
I. DOJ’s Broad View of Consiracy/Complicity Jurisdiction Remains Post-Hoskins
Earlier this year, we reported (here) that “DOJ’s recent victory in the closely watched U.S. v. Hoskins case, where the government [initially] prevailed on an ‘agency’ theory of [FCPA] liability against a foreign executive, […] signals a continuation of aggressive individual enforcement actions” by DOJ. We went on to say that while it would take some time to see how the Hoskins decision affects DOJ’s propensity to bringing FCPA enforcement actions against non-US citizens involved with entities that have minimal connections to the US, our view was that DOJ is undeniably trending in that direction. The Revised Guide’s approach to addressing the 2018 decision by the Second Circuit in Hoskins confirms our warning that boards of directors, special committee members, and corporate executives alike have reason to be circumspect and think more broadly about their potential FCPA exposure as DOJ appears to ramp up enforcement actions against individuals.
As practitioners will recall, in 2013, DOJ announced an indictment of Lawrence Hoskins, a former senior vice president of French power and transportation company Alstom S.A., for conspiring to violate the FCPA, launder money, and other substantive FCPA and money laundering violations. According to the charges, Hoskins engaged in a conspiracy to pay bribes to government officials in Indonesia in exchange for assistance in securing a $118 million contract for an Alstom subsidiary, Alstom Power Inc. of Connecticut (“Alstom CT”), and its consortium partner, to build power plants in Indonesia. Hoskins, however, was not a US citizen, not employed by a US company, and apparently never set foot in the US while working for Alstom, and thus, Hoskins did not fall within one of the three categories of persons covered by the FCPA’s anti-bribery provisions. Accordingly, on interlocutory appeal prior to trial, in 2018 the Second Circuit held that if Hoskins could not be charged for the substantive FCPA anti-bribery violations as a principal, then he likewise could not be charged for the corresponding FCPA violations under a conspiracy / complicity theory. See United States v. Hoskins, 902 F.3d 69, 76–97 (2d Cir. 2018).
Faced with the Second Circuit decision prohibiting DOJ from proceeding on a FCPA conspiracy / complicity theory alone, the government nevertheless put Hoskins on trial in 2019 on the theory that Hoskins acted as an agent of Alstom CT and thus may be held criminally liable because the FCPA’s prohibitions on issuers and domestic concerns apply to “any officer, director, employee, or agent of” the entity. After a two-week trial, the jury found that Hoskins had acted as an agent of Alstom CT and convicted him of seven counts of violating the FCPA, among other things. In February 2020, however, the trial court granted Hoskins’ post-trial motion for a judgment of acquittal on the seven FCPA convictions, finding that the government failed to establish Hoskins was an agent of Alstom CT.
Despite the Second Circuit’s restrictions in Hoskins, and perhaps (at least in part) because of the post-trial acquittals of the FCPA convictions by the District Court in Hoskins in February 2020, the Revised Guide’s default position remains that “under normal principals of conspiracy liability, individuals and companies, including foreign nationals and companies, may  be liable for conspiring to violate the FCPA […] even if they are not, or could not be, independently charged with a substantive FCPA violation.” Although the Revised Guide acknowledges that “an individual can be criminally prosecuted for conspiracy to violate the FCPA anti-bribery provisions or aiding and abetting an FCPA anti-bribery violation only if that individual’s conduct and role fall into one of the specifically enumerated categories expressly listed in the FCPA’s anti-bribery provisions,” DOJ made sure to handicap the acknowledgment by suggesting the limitation is confined only to the Second Circuit. Indeed, the Revised Guide also references a District Court case in Illinois (U.S. v. Firtash, 392 F. Supp. 3d 872 (N.D. Ill. 2019)) that rejected the Second Circuit’s reasoning in Hoskins, appearing to signal that a circuit split could be on the horizon as DOJ continues to apply the broader interpretation of FCPA anti-bribery conspiracy / complicity liability outside of the Second Circuit.
II. Using The FCPA’s Accounting Provisions To Expand Enforcement
The Revised Guide also sees DOJ double down on the use of the FCPA books and records and internal controls provisions (“Internal Controls Provisions”), long considered by many to be largely the province of the SEC (Sections 13(b)(2)(A) and 13(b)(2)(B) of the Securities Exchange Act of 1934). Instead, a number of changes and points of emphasis in the Revised Guide illustrate that DOJ is looking to aggressively enforce the Internal Controls Provisions. These changes are particularly important for all U.S. issuers, especially those with foreign subsidiaries that have not yet fully been brought within their FCPA compliance program.
These changes dovetail with DOJ’s and the Revised Guide’s emphasis on more robust compliance programs (discussed further below). Although the Revised Guide acknowledges that “internal controls” are not synonymous with a compliance program, it is clear that the lines remain subject to blurring. The Revised Guide expressly acknowledges that there is significant overlap between the requirements of the two and that an effective compliance program will likely include many of the measures that also function as internal controls.
The Revised Guide also makes clear that DOJ will not hesitate to criminally charge U.S. issuers that fail to implement the necessary internal controls. It makes special reference to the 2016 Deferred Prosecution Agreement (“DPA”) DOJ entered into with Och-Ziff Capital Management Group LLC (“Och-Ziff”), a New York based hedge fund, resulting from internal control violations in selecting and retaining consultants abroad. Similarly, it notes the 2018 DPA with Panasonic Avionics Corp. (“PAC”), the US subsidiary of Panasonic Corp. in Japan, in which PAC admitted to retaining third parties out of a special budget over which a senior executive had complete control and discretion.
These examples are telling in that they show DOJ is using the less-demanding elements of the Internal Controls Provisions to extract criminal settlements from companies in instances where DOJ cannot make out a substantive violation of the Anti-Bribery Provisions. In the case of PAC in particular, according to publicly filed documents, there was no suggestion that PAC intended to pay bribes to the third parties, or that the amounts given to the third parties were ultimately used as bribes. Nevertheless, DOJ secured a DPA solely based on PAC’s lax internal controls that allowed such a “slush fund” to exist in the first place, and the fact that PAC caused its parent Panasonic Corp. (an Issuer under the FCPA) to record the payments as “consulting payments.” In essence, despite the requirement (which the Revised Guide acknowledges) that any violation be both knowing and “willful,” DOJ essentially can use the Internal Controls Provisions to extract settlements whenever it detects deficiencies in a company’s internal control provisions, regardless of whether it can prove that a bribe took place.
The Revised Guide explicitly highlights the ways in which DOJ has additional latitude to bring criminal charges under the Internal Controls Provisions. In particular, it notes that the Internal Controls Provisions apply to “any person” and therefore should not be constrained by the Second Circuit’s decision in Hoskins regarding the Anti-Bribery Provisions. Additionally, the Revised Guide puts forth DOJ’s and SEC’s position that a breach of the Internal Controls Provisions is a “securities offense” under 18 U.S.C. § 3301, and that therefore the applicable statute of limitations is six years, not five years as for the Anti-Bribery Provisions.
III. Renewed Due Diligence & Compliance Guidance
Finally, the Revised Guide continues DOJ’s recent push to update their guidance on corporate compliance programs. Many of the changes to the Revised Guide in this area were previewed in the revisions to DOJ’s June 30, 2020 update to the Evaluation of Corporate Compliance Programs policy (“Compliance Program Policy”). The key takeaway in the Revised Guide appears the same as in the policy update—the government is attempting to incentivize corporations to invest in their compliance programs by providing real benefits to doing so.
The investments the Revised Guide envisions are ones that make a company’s compliance program more robust, independent, and effective. In particular, the Revised Guide highlights the need for adequate funding for the compliance department, and to provide it with the autonomy it needs to effectively carry out its mandate free from interference by other departments. Additionally, the Revised Guide emphasizes the need for “continuous improvement,” prodding companies to evaluate and update their compliance programs periodically in light of both their own histories and the history of the industry.
The Revised Guide also clarifies DOJ’s and SEC’s stance on due diligence in the Mergers & Acquisition (“M&A”) context, a point which DOJ made separately in the latest update to its Compliance Program Policy. M&A transactions have long been marked by furious pre-deal due diligence periods in which the acquiring company rushes to evaluate the legal risk of the target company, including potential FCPA risk, and DOJ and SEC have taken a broad view of successor liability in instances where misconduct at the target company continues after the acquisition. The Revised Guide clarifies that DOJ and SEC consider the acquisition due diligence process to be a holistic one, about more than just determining whether the target company engaged in misconduct prior to the transaction. The acquiring company also must prioritize incorporating the target company into its overall compliance program on an ongoing basis.
The Revised Guide would have companies believe that the benefits of making these investments are significant. It includes a case study on the example of a financial institution’s real estate transaction with a government agency in China. Despite the financial institution’s best efforts to ensure that the transaction presented no FCPA risk—efforts which were substantial, as detailed by DOJ—the financial institution failed to discover that a Chinese government official secretly owned nearly 6% of the entire transaction, when one of the financial institution’s executives and a series of attorneys and bank officers in China colluded to deceive the financial institution. In that instance, DOJ and SEC both declined to prosecute the financial institution, and instead targeted the executive (who ultimately pleaded guilty). While hardly a “get out of jail free card,” the message is clear—if a company invests in compliance and truly exerts best efforts to root out misconduct before it happens, DOJ and SEC are open to declining to prosecute the company altogether.
The Revised Guide conclusively shows that the principles espoused in the government’s recent guidance on compliance programs and corporate enforcement priorities are here to stay. Given DOJ’s and SEC’s emphasis on a robust, effective compliance program and demonstrated willingness to use the Internal Controls Provisions even in situations where they cannot prove a bribe took place, all companies should take proactive steps to ensure their compliance programs will not be a source of concern should the government take an interest in them.
We frequently help clients in a variety of industries evaluate and update their compliance programs to bring them in line with government policies and industry best practices, using our partners’ DOJ and SEC prosecutorial experience to identify and resolve potential compliance headaches before they become the focus of a government investigation. Managers can rest easier knowing they have a best in class compliance program and focus on what they do best—running their business.
If you have any questions about the adequacy of your compliance program or any of the topics addressed here please do not hesitate to contact us.
Sandra L. Moser
Phone: +1 202-538-8333
Michael E. Liftik
Phone: +1 202-538-8141
Jeffrey R. Ober
Phone: +1 202-538-8213
Alexander J. Merton
Phone: +1 202-538-8226