Editor: Why has the passage of Dodd-Frank made it incumbent on U.S. companies to be extremely diligent in employing compliance programs to alert employees to the risks of violating the FCPA?
Shane: The Dodd-Frank whistleblower provisions apply to violations of securities laws by public companies, including the FCPA. Whistleblowers can recover between 10 and 30 percent of any sanctions exceeding $1 million imposed through enforcement actions brought by the SEC and related actions by DOJ. The potential size of the penalties can create a substantial incentive for reporting violations. These provisions take a degree of control away from public companies’ internal compliance personnel and are likely to lead to increasing numbers of FCPA investigations and prosecutions. As a result, it’s even more critical now to shore up compliance programs, not only to reduce the likelihood of a violation but also to maintain control over the process. There are a number of steps companies can take, including emphasizing the importance of compliance with securities laws and reinforcing that employee concerns will be taken seriously. Employers can also clearly and effectively communicate to employees proper reporting procedures for potential violations and can implement user friendly mechanisms for reporting. In addition, companies can enhance existing protections against employee retaliation and the appearance of employee retaliation. They can also ensure that comprehensive policies and procedures are in place to respond to and investigate expeditiously any complaints of wrongdoing.
Roberts: Most of the companies understand that they need strong training and compliance programs. Where some of the programs fall down are in instances where there are not enough tests to see whether the compliance measures are understood and being followed. Many companies that have suffered through significant FCPA problems have missed early opportunities to identify and correct the underlying issues. At the first sign of a potential problem, the issue needs to be raised at a sufficiently high level within the company. Again, with a good compliance program, it’s not just the training or a structured program – it’s the very focused effort to monitor FCPA and make sure that everyone in the company is following it that are the critical elements of compliance.
Editor: One of the most troubling areas of Dodd-Frank is the whistleblowing provision that allows company employees to bypass company reporting procedures. Should personnel go through training as to the company’s established procedures for reporting up the ladder?
Roberts: While you can stress how important it is to emphasize these procedures in terms of their being in place to protect the company and the workforce, you surely can’t prohibit the employees from going directly to the SEC. Whether it’s the False Claims Act or the FCPA or other parts of Dodd-Frank, employees without all the facts sometimes will become whistleblowers, making allegations that if addressed by the company could be quickly resolved. The risk is that by not following the structure of reporting up through the company hierarchy to those who can properly delve into the issue and who understand the facts, such action can cause wasted resources and do a disservice to the whole system. At the same time, you surely can’t prohibit somebody from taking advantage of the whistleblower provision that this statute makes available.
It is important that mid-level managers get out the word to their employees who have concerns that management from the very top down will see that these concerns are properly addressed – the company is not just going through the motions. That is one of the key ingredients of having a successful compliance program.
Editor: In 2011 Great Britain enacted the UK Bribery Act. In what ways is this legislation more far-reaching in affecting U.S. companies doing any business in the UK than the FCPA?
Shane: The UK Bribery Act created a new corporate offense – corporate failure to prevent bribery. Under the Act, any company carrying on business in the UK can be held strictly liable for failing to prevent bribery when a person associated with the organization – an employee, agent or subsidiary – engages in bribery. UK authorities have suggested that they’re going to take a commonsense approach when determining whether a company is subject to UK jurisdiction. Guidance issued by the UK Ministry of Justice in March of last year suggests that the mere fact that a company’s securities have been admitted to the UK’s list likely would not qualify a company as carrying on business in the UK; similarly, having a UK subsidiary will not by itself mean that a parent is carrying on business in the UK. The Serious Fraud Office director has stated a number of times that he would not apply an overly technical interpretation to the term “carrying on business.” While this guidance sheds some light on the jurisdictional reach of the Act, UK enforcement patterns and cases as they move forward will provide greater clarification on this issue.
There are a number of key differences between the UK Bribery Act and the FCPA. The UK Bribery Act explicitly applies to bribery in the private sector, while the FCPA does not. The FCPA contains an explicit exception for facilitating or grease payments. The UK Bribery Act, like many other antibribery laws, does not contain the exception. However, because the grease payment exception is narrowly construed in the U.S., many U.S. companies already prohibit such payments. The Bribery Act, unlike the FCPA, criminalizes the act of receiving a bribe. Rather than use money-laundering statutes as U.S. authorities have begun doing, UK authorities can clearly target recipients of bribes with the Bribery Act. The Bribery Act also does not have an explicit defense for reasonable and bona fide marketing expenses. In contrast to the grease payment issue, however, there may be some wiggle room allowing for reasonable hospitality expenses. The UK Ministry of Justice guidance notes that bona fide hospitality and promotional expenditures that seek to improve the image of the company, better present products and services, or establish cordial relations are an important part of doing business, and it is not the intention of the Act to criminalize this behavior. However, the guidance also notes that these types of expenditures can be employed as bribes, so it remains to be seen how this issue will be addressed by prosecutors in the UK.
Editor: Why in the case of both sets of laws, but especially those of the UK, is it important that U.S. companies (as well as all companies doing business in the UK) have rigorous compliance systems that are actually implemented?
Shane: Robust compliance programs are critical to help prevent and deter violations under the UK Bribery Act. Companies charged with failing to prevent bribery are allowed to show that they had adequate procedures to prevent bribery as an affirmative defense. These procedures can help in cases where a rogue employee or agent acts outside compliance procedures in violation of the Act. U.S. authorities also expect companies to have compliance systems that establish risk-based procedures that provide a top-down, tailored commitment to compliance. Compliance programs are a mitigating factor in criminal prosecutions. U.S. enforcement officials have publicly stated that they also look to see whether a compliance program is more than a paper policy.
Editor: Certain industries have been targeted recently, such as medical devices, pharmaceuticals and oil service companies. Why are these three industries particularly vulnerable to prosecution under the Act?
Shane: I don’t think it’s any surprise that these industries have been the focus of FCPA enforcement action, given the prevalence of foreign, state-owned healthcare systems and oil companies. The significant contact with foreign government officials on a frequent basis certainly raises the risk profile. Under the FCPA’s expansive definition of foreign officials, doctors, lab technicians and other health professionals employed in a state-owned system could potentially be covered by the Act. Also, investigation into one company in a certain industry sector can and often does lead to investigations of other companies in that sector. Other industries at risk for FCPA violations are industries with significant interactions with foreign government officials, through, for example, procurement. These include industries such as defense contracting, communications and transportation.
Editor: Why is it of utmost importance for a company to know and conduct due diligence on its agents, joint venture partners and representatives of any kind who are representing the company in overseas markets?
Shane: These types of entities are a chief way companies run into liability issues under the FCPA. A company considering doing business with a foreign agent or business partner should thoroughly check the business reputation and past conduct of such party. Each due diligence contact or business check should result in a written report or a file memorandum, which can be used to overcome any suggestion of conscious disregard or deliberate ignorance if a problem does occur. It’s also generally a good idea if the third party receives compliance training.
Editor: Why have many companies shied away from making any facilitating payments?
Shane: While that exception remains in the FCPA, facilitating payments come with significant risks. The Fifth Circuit’s decision in United States v. Kay substantially restricts a company’s ability to use this exception. In that case, the Court clarified the scope of the FCPA’s antibribery provisions, holding that payments made to foreign officials for the purpose of gaining an improper advantage, such as reducing taxes and custom duties, can meet the FCPA’s “business nexus” element. U.S. officials have also stated that they view this as a very narrow exception for routine nondiscretionary payments. Further, grease payments are increasingly prohibited in other jurisdictions, for example, under the UK Bribery Act.
Editor: Why is it important for companies to incorporate clear legal terms about avoidance of foreign payments connoting bribes in all contracts, not only with foreign partners but also all sales agents?
Shane: As we mentioned previously, these third parties represent a main area of liability under the FCPA so it’s important that all third parties are aware of and understand compliance requirements. All third parties generally should have written contracts that broadly acknowledge that they understand and will comply with the FCPA, the UK Bribery Act as well as bribery laws and regulations in other jurisdictions.
Editor: I noted in one of your articles recently that eight Siemens employees were recently prosecuted.
Shane: DOJ has made no secret that they are focusing a lot of their efforts on individual prosecutions. DOJ believes such a focus is one of the best ways to get the attention of company officials. While DOJ has suffered a number of setbacks of late, DOJ is likely to continue this focus, although perhaps with a little more caution.
Editor: Is there anything more that you would like to add?
Roberts: Companies must better understand that the government has increased oversight and activity in investigating this area. Not only must companies have meaningful compliance and training programs, but they must actively ensure that the programs are working. We’re seeing that more and more of the companies whom we represent understand the seriousness of compliance and are committed to doing this correctly.