You're Innocent, Right? What You Don't Know About The FCPA Could Mean Trouble For Your Well-Meaning Business
Written by Geoff Grifffin for Utah CEO, October 2008.
You're the type of executive who takes pride in your personal ethics and the way your philosophy is reflected in the culture of your company. You strive to be honest in your personal life while trying to give something back to the community. And, by the way, you might be working for a company that is violating the Foreign Corrupt Practices Act (FCPA) or other federal laws without even being aware of it.
The short explanation of the FCPA is that it is illegal for U.S. companies to bribe foreign officials to get business moving in another country. The longer explanation is that the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) are responsible for prosecuting activities that attorney Loren Weiss describes as "pretty ethereal. It's not a bank robbery. It can be things most people would never be aware of. You could easily be violating the law and not realize it."
Weiss — who practices with the Salt Lake City firm of VanCott, Bagley, Cornwall & McCarthy — hesitates to describe himself as a white-collar criminal lawyer to business people because it gives them the wrong idea, particularly when they think they could never be involved in any sort of "criminal" activity. Instead, he says, "I'm a sophisticated financial litigation expert," dealing in cases that just might result in companies getting hit with massive fines, for just doing business with, or even being somehow associated with, somebody who wasn't on the up and up.
The FCPA is an area where criminal prosecution of companies is growing. Benjamin Bates, an attorney with the Salt Lake office of the Stoel Rives law firm, cites figures showing that while there were a total of 50 enforcement actions between 1977 and 1997, there were 38 in 2007 alone. Furthermore, 2007 saw the DOJ impose a record $44 million in civil and criminal penalties against Baker Hughes Inc., with Chevron Corporation not far behind at $30 million in total penalties. Part of this rise is due to the increasing amount of international business being conducted in our globalized world, but it also reflects that the enforcers of the FCPA have increased access to what Weiss calls the "powerful tools" of investigation unleashed by computer and technological advances. "They are able to view business practices in a fashion never before achieved," he says.
Despite the increased potential for criminal liability, the good news is that companies seeking to do the right thing can help protect themselves up front under the FCPA, as well as the broader Federal Sentencing Guidelines by developing effective compliance and ethics programs that can not only help keep a company out of trouble in the first place, but can also help mitigate penalties if something somehow does go wrong.
"One of the most significant mitigating factors considered when determining the appropriate sanction is the existence of an effective program to prevent and detect violations of the law," Bates notes, while also adding, "If a company with an effective compliance and ethics program is indicted for a federal crime, such a program can reduce the applicable fine range under the sentencing guidelines by millions of dollars."
In 2004, the Sentencing Commission amended the guidelines to, as Bates puts it, "enhance the strictness of these requirements," while that same year also saw the DOJ list elements required in an effective anti-bribery compliance policy under the FCPA. There are many areas of overlap between the two. When developing policies and guidelines for your company under either the Federal Sentencing Guidelines or the FCPA, consider the following:
Do more than write it down
"It is clear that written documentation alone is not enough for the compliance program to be 'effective,'" Bates says. "In other words, a company cannot simply draft a code of conduct, e-mail it to employees and expect to receive leniency in connection with subsequent criminal conduct by the employees." The company has to keep an eye on the program in a number of ways to ensure its effectiveness. One way to do this is to…
Have a solid reporting system
This includes setting up monitoring and auditing systems along with a confidential reporting system for whistleblowers. Under FCPA, there must be a "helpline" that employees can call to report suspected violations. Weiss recommends, "Companies can, and probably should, strengthen the independence of their audit committee." This could include, "Seeking independent counsel to represent the audit committee," he says.
Get executives and the board involved
Under the FCPA, a senior corporate officer must oversee the program and report to an audit committee of the board of directors. As for the 2004 amendments to the sentencing guidelines, Bates points out, "The amendments require boards of directors and executives to assume responsibility for the oversight and management of compliance and ethics programs."
Keep reminding employees of expectations
Employees need to be taught the legal standards and obligations they will be expected to meet, while also offering periodic retraining sessions. This includes training consultants and other third parties.
Check up on those you are associated with
This is particularly true under the FCPA. Bates states, "For a company that uses consultants or other third parties to procure contracts overseas, the company should perform adequate due diligence on such third parties and should get contractual representations and covenants from such third parties." Or as Weiss puts it, make sure you don't get charged with "shoulda known better."
The ironic aspect of creating compliance and training procedures is that the more a company puts in to making such policies effective, the less likely it is that the company will need to point to them after being named as a defendant in a criminal charge.
"History has shown that effective compliance and ethics programs have rarely been used as a mitigating factor when corporate defendants have been sentenced under the organizational sentencing guidelines," Bates says. "This seems to indicate compliance and ethics programs have been successful in helping companies to prevent crime."
Are 'secondary actors' liable?
What the Supreme Court said about the matter this year
While the trend seems to be that the Department of Justice and the Securities and Exchange Commission are prosecuting more cases under the Foreign Corrupt Practices Act, another federal entity — the Supreme Court — gave those involved with companies issuing stock a bit of a break from potential liability during its last session.
The issue before the court in the 2008 case of Stoneridge Investment Partners v. Scientific-Atlanta Inc. was whether secondary actors — such as accounting firms, lawyers, investment banks and others — could be sued as part of a scheme to defraud investors brought as a private cause of action under section 10(b) of the Securities Exchange Act or the SEC's Rule 10b-5.
"The Court held there is no scheme liability," says Erik Christiansen of the Salt Lake City law firm of Parsons, Behle & Latimer. The secondary actors, who typically consult on a variety of issues related to the process involved in issuing stocks, "have to be direct participants who made a misrepresentation upon which an investor relied. In other words, they have to make a misrepresentation about the stock, you can't get them for turning a blind eye."
Not that Christiansen recommends turning a blind eye. Even after the Stoneridge decision, he encourages clients more than ever to make sure they know who they are linked to.
Christiansen says that, "What happens to people is they become unwittingly involved" with fraudulent parties by "giving them the benefit of the doubt," when those bad actors are simply using an association with a company to "try to prop up their own credibility by surrounding themselves with legitimate businesses." He therefore advises having a thorough knowledge of the businesses one associates with.