Editor: Please tell us about your previous government experience and current practice.
Harmon : After clerking on the U.S. Court of Appeals for the Fifth Circuit, I worked for several years at King & Spalding. I joined the Department of Justice in 1998, and during my time at DOJ, I served as a Special Assistant U.S. Attorney (DC), prosecutor in the Tax Division, investigative counsel on the Webster Commission (a Presidential commission that investigated the fallout of FBI Special Agent Robert Hanssen's espionage), trial counsel on the Enron Task Force and finally Counsel to Deputy Attorney General Larry Thompson. Since my return to King & Spalding, I have focused heavily on FCPA matters - global investigations, design and operation of compliance programs, due diligence, and general compliance counseling.
Ryan: Like Zack, I had two stints with the government. Out of law school, I clerked for a U.S. district judge in the Eastern District of New York. After then working at a large law firm, I served from 1994 until 2004 in the SEC's Division of Enforcement, the last three years as an Assistant Director of the Division. One of the FCPA cases I led at the SEC was the 2002 case against the radiopharmaceutical company Syncor International, which resulted in a $500,000 penalty - which seems like chump change now but at the time set a new FCPA penalty record for the SEC. My practice at King & Spalding includes FCPA matters and SEC investigations generally.
Editor: Please explain the reach of the FCPA. What groups come within its orbit?
Harmon: The reach of the FCPA's anti-bribery provisions is complicated because it covers several categories of "persons" and attaches different jurisdictional requirements to each. At the risk of oversimplification, there are three basic categories. First are the entities to which jurisdiction attaches simply by virtue of their U.S. nationality or SEC filing status. This includes both U.S. and foreign companies - "issuers" - that either have securities registered with the SEC or are required to file reports with the SEC; "domestic concerns" - U.S. citizens, nationals and residents, as well as companies organized in the U.S. or with their primary place of business here; and finally, "U.S. persons" serving as officers, directors, employees, agents or stockholders of an issuer or domestic concern. Jurisdiction over these entities exists if they violate the FCPA anywhere in the world.
For the other two categories of persons, there are additional jurisdictional requirements. First, for foreign persons (individuals and entities) serving as officers, directors, employees, agents or stockholders of issuers and domestic concerns, jurisdiction exists when these persons - acting on their company's behalf - employ an instrumentality of U.S. commerce in furtherance of a bribe. For all other foreign persons (e.g., a foreign subsidiary of a U.S. parent company), these entities must commit an act in furtherance of the bribery "while in the territory of the United States." I should note that U.S. FCPA authorities have found many creative ways to meet these jurisdictional requirements.
Ryan: The FCPA also has books-and-records and internal control provisions. Most criminal FCPA cases involve bribery, but the SEC also brings cases alleging only books-and-records and/or internal controls violations, which can be brought against any "issuer" as Zack already defined, regardless of whether the issuer is located in the U.S. or elsewhere. In many circumstances, individuals who work for issuers can be charged with violations such as falsifying books and records, circumventing internal controls, or aiding and abetting their company's violations. Moreover, these books-and-records and internal controls provisions apply to all manner of accounting entries and controls, not just ones related to bribes.
Editor: How has the philosophy of the Act been incorporated by the OECD and its 33 members? Just recently the UK has enacted a more comprehensive piece of legislation, the UK Bribery Act, which has more sweeping provisions prohibiting "facilitation payments" and making bribes recipients also culpable. Do you see this as a portent of future actions by other governments?
Harmon: While enactment of the UK Bribery Act is certainly significant, in my view other governments are already actively rooting out bribes paid to foreign officials. In 2005, there were only 51 investigations and 50 cases brought in 8 OECD countries. By contrast, in 2008 there were 263 investigations and 256 cases brought in 19 OECD countries. It is difficult to pinpoint what is driving this heightened global enforcement, but the eye-popping settlements in the Siemens, Halliburton and BAE cases ($1.6 billion, $579 million and $400 million, respectively) are almost certainly enticing law enforcement organizations to bring cases - both to participate in these enormous sanctions and to avoid embarrassment occasioned by high-profile misconduct occurring in their back yards, and rooted out by other authorities.
Moreover, while international anti-corruption enforcement is clearly on the rise, the legal obligations facing multinational companies appears to be tightening as well. While the FCPA permits "facilitating payments" under certain circumstances, the UK Bribery Act prohibits such payments. There are other provisions of the UK Bribery Act which - based on promised guidance from the UK authorities - may render compliance with the UK Bribery Act and the FCPA different in other important ways. Moreover, it seems possible that other countries could enact or modify their anti-bribery laws to impose obligations that differ even from these. The obvious upshot is that multinational companies will have to evaluate their global compliance obligations and conform their conduct to the most stringent applicable laws. The more stringent the laws become, the more misconduct there will be for authorities to root out - particularly in the short term.
Editor:Followers of the practices of the DOJ and SEC, the two enforcement bodies, have noted that more prosecutions have been made recently of individuals as compared with companies. Do you see this as a salutary step?
Ryan: There's no question that the DOJ and SEC are increasingly seeking to hold individuals accountable for civil FCPA violations, and not just companies. One likely result is that more cases will be litigated rather than filed as settlements, because individuals typically feel less compelled to settle than companies, preferring instead to defend their actions and reputations in court. That may present opportunities to seriously challenge many of the government's aggressive interpretations of the FCPA, something that happens very rarely when only companies are targeted - because companies almost always settle.
Harmon: If we take at face value the pronouncements of senior DOJ personnel, then it certainly appears that the Department's heightened focus on individual prosecutions is here to stay. Assistant Attorney General Lanny Breuer recently characterized individual prosecutions in FCPA cases as "the cornerstone of DOJ's enforcement strategy," and Charles Duross, an Assistant Chief who oversees FCPA cases in DOJ's Fraud Section, has echoed this assertion. As to whether this is a salutary step, we may never be able to measure the impact of this approach on FCPA compliance, but intuitively it seems likely that the widely-publicized and serious threat - and fact - of individual prosecution will reduce the number of FCPA violations. Assistant Attorney General Breuer must believe so as he also recently warned corporate executives, board members and sales agents that DOJ would seek to hold them "personally accountable" for FCPA violations by pursuing "significant prison sentences."
Editor: What precautions do companies take when entering foreign joint ventures? How much control should they demand?
Ryan: The basic precautions include thorough due diligence on the joint venture partner and the individuals who will play key roles in managing the venture; a joint venture agreement that includes or requires certifications of compliance with anti-corruption laws and provides for meaningful access to the joint venture's books and records; education and training of joint venture personnel regarding applicable anti-corruption laws and policies; and close monitoring of the business and third-party relationships of the joint venture. For a U.S. issuer that owns more than 50 percent of a foreign joint venture, even greater precautions and oversight are warranted because FCPA enforcers are likely to view the venture for many practical purposes as no different than a wholly owned subsidiary. Even if a U.S. issuer owns 50 percent of less of a foreign joint venture, Section 13(b)(6) of the Securities Exchange Act of 1934 requires it to use "good faith" and exert its influence, "to the extent reasonable under the issue's circumstances," to cause the joint venture "to devise and maintain a system of internal accounting controls consistent with" those required of U.S. issuers. The statute then provides a conclusive presumption of compliance where an issuer "demonstrates good faith efforts to use such influence" over the joint venture.
Editor: What protections are afforded a company prior to entering upon a joint venture abroad or using a third party intermediary in terms of seeking an advisory opinion from the DOJ?
Ryan: The DOJ has a procedure whereby companies can obtain an opinion as to whether a particular act or transaction conforms with the Department's FCPA enforcement policies. To obtain such an opinion, the act or transaction must be actually contemplated - not merely hypothetical or purely historical - and all material facts must be disclosed in writing. The opinion protects only the company that submitted the request, although other companies and their counsel frequently rely on these opinions to conform their conduct and transactions as closely as possible to those previously blessed. Yet even for the company that obtained the opinion, it provides only a rebuttable presumption of compliance with the FCPA. Thus, an opinion can provide a substantial level of comfort, but the process can be time consuming and will never guarantee an airtight defense to an FCPA charge.
Editor: What elements should companies incorporate into their compliance programs? Should companies demand the same standards for their partners both here and abroad?
Harmon: As already discussed, laws such as the UK Bribery Act will unavoidably impact the specific requirements of global anti-corruption compliance programs. Putting aside the detail, however, effective anti-bribery compliance programs generally contain the following elements: (1) written, stand-alone policies; (2) effective procedures implementing these policies; (3) a clearly-defined organizational structure with formal assignment of program obligations; (4) effective training; (5) meaningful monitoring of compliance; (6) reporting mechanisms; (7) formal processes for documenting and responding to compliance issues; (8) consistent and meaningful enforcement of compliance obligations; and (9) positive incentives for compliant behavior.
Under the FCPA, companies and individuals face significant exposure for the misconduct of their business partners. So, ideally, companies would work only with business partners whose compliance commitment (and programs) mirror their own. Of course, such an approach is not realistic in many situations. Accordingly, companies must weigh the risks posed by each business relationship and gauge accordingly what demands to make on their partners. U.S. partners typically pose fewer problems in this regard because they also understand the demands and stakes of FCPA compliance. However, foreign business partners often lack this perspective - although global awareness is increasing - and so companies face greater challenges in deciding what obligations to insist upon.