Top Menu

Oracle – Another World’s Most Ethical FCPA Violator?

It surprises most people to learn that a company with pre-existing FCPA compliance policies and procedures – and a company otherwise making good faith efforts to comply with the FCPA –  can still face legal liability when a non-executive employee or agent nevertheless acts contrary to the company’s pre-existing FCPA compliance and procedures.  

And rightfully so.  Yet because of respondeat superior principles, the company is exposed to FCPA liability.   Such pre-existing policies and procedures are relevant to charging decisions under the Principles of Prosecution as well as to the ultimate fine amount under the Sentencing Guidelines, but not relevant to liability as a matter of law.

It is even possible for a company to earn designation as one of the “World’s Most Ethical Companies”  yet still, during the same general time period, resolve an FCPA enforcement action.  Ethisphere’s “World’s Most Ethical Companies” designation (see here) “recognizes companies that truly go beyond making statements about doing business ‘ethically’ and translate those words into action.”  As stated by Ethisphere, the designation is “awarded to those companies that have leading ethics and compliance programs, particularly as compared to their industry peers.”  A company only earns the designation after a “methodology committee of leading attorneys, professors, government officials and organization leaders” assist Ethisphere in creating the scoring methodology and after Ethisphere conducts an “in-depth analysis” of the company.  Companies that have earned “World’s Most Ethical Company” designation during the same general time period as also resolving FCPA enforcement actions or being under FCPA scrutiny include the following:  General Electric, Statoil, Deere & Company, Hewlett-Packard, Rockwell Automation, AstraZeneca, Novo Nordisk, and Sempra Energy.

Add Oracle Corporation, a recipient of  “World’s Most Ethical Company” designation more than once, to the list.

Yesterday, Joe Palazzolo and Samuel Rubenfeld broke the story in the Wall Street Journal, “U.S. Probes Oracle Dealings,” that “U.S. authorities are investigating whether Oracle Corp., one of the world’s largest software companies by sales, violated federal antibribery laws in its dealings abroad …”.  According to the report, “agents in the FBI’s Washington field office and fraud prosecutors in the Justice Department’s Criminal Division are handling a criminal investigation, which has been underway for at least a year.”  Palazzolo and Rubenfeld also report that the SEC is also investigating for possible civil violations.  According to the report, “the agencies are examining whether Oracle employees or agents acting on the company’s behalf made improper payments in Africa in order to land sales of database and applications software.”

Time will tell whether the Oracle investigation will lead to an FCPA enforcement action and, if so, the nature and extent of the improper conduct.  If the investigation follows a pattern often seen in FCPA enforcement actions, the improper conduct will have been engaged in by non-executive employees or agents who acted contrary to the company’s FCPA policies and procedures and the company’s otherwise good faith efforts to comply with the FCPA.

While I have no unique insight or knowledge of Oracle’s FCPA compliance policies and procedures, one has got to assume it has been doing the right things to earn, on  more than one occasion, Ethisphere’s highest honor.  Oracle’s “Code of Ethics and Business Conduct” (here) contains a separate section on the FCPA in a Q&A format.  Granted words on paper do not establish much, but the Code also refers to Oracle’s “Anti-Corruption Policy” located on the company’s non-public Compliance and Ethics Program Web Site and indeed what a company’s public website contains as to FCPA compliance is usually just the tip of the iceberg.  Furthermore,  among other things, Oracle has an “Anti-Corruption Training Course” (here) for its partners available in ten languages.

If an FCPA enforcement action against Oracle is indeed forthcoming, such an enforcement action, like previous ones involving other “World’s Most Ethical Companies” highlight the need for an FCPA compliance defense.  As I have highlighted on previous occasions, in the mid-1980’s numerous FCPA reform bills included a specific defense under which a company would not be held liable for a violation of the FCPA’s anti-bribery provisions by its employees or agents, who were not an officer or director, if the company established procedures reasonably designed to prevent and detect FCPA violations by employees and agents.  Such a compliance defense passed the U.S. House, but was never made part of the FCPA’s 1988 amendments.  However, it is likely that an FCPA reform bill will soon be introduced and that it will contain a similar compliance defense.  As I highlighted in this previous post, many of the 38 signatory countries to the OECD Anti-Bribery Convention have compliance-like defenses in their domestic “FCPA-like” legislation.

Nevertheless, Assistant Attorney General Lanny Breuer has, in the past, flatly rejected the need for a compliance defense.  Speaking last March at the Dow Jones Global Compliance Symposium, he said,  “we can’t engage in some sort of formalistic solution from a script that says if you check the following six boxes you’re guaranteed this outcome.” 

More recently, during the June House FCPA Hearing, Greg Andres, testifying on behalf of the DOJ, stated that a potential FCPA compliance defense was “novel and risky” and that the “time is not right to consider it.” 

With another “World’s Most Ethical Company” facing FCPA exposure, the time is right to consider amending the FCPA to include a compliance defense.

Either Enforce the FCPA or Don’t Enforce the FCPA

The DOJ and the SEC (the “Enforcement Agencies”) should either enforce the FCPA or not enforce the FCPA.

For instance, Team Inc. violated the FCPA, but in its August 2nd SEC filing (here) the company stated as follows regarding its previously disclosed FCPA issue.  “In a letter to us dated July 12, 2011, the staff of the SEC informed us that it had completed its investigation and did not intend to recommend any enforcement action by the Commission or impose any fines or penalties against the Company. We have not received formal notification from the DOJ, however in July 2011, the staff of the DOJ informed us that it was likely that the staff would not recommend taking any further action or imposing any fines or penalties against the Company.”

How do we know that Team Inc. violated the FCPA?  Because the company said it did.  For instance, in this August 2010 SEC filing the company said as follows in reference to its previously disclosed internal review regarding its branch operation in Trinidad.  “The report of the independent investigator was delivered to the Audit Committee in March 2010 and to the DOJ and SEC in May 2010.  The investigation concluded that improper payments of limited size were made to employees of foreign government owned enterprises in Trinidad, but determined that the improper payments were not made, or authorized by, employees outside the one TMS Trinidad branch. The investigation of our other foreign operations did not result in any findings of significance and management has remediated or is undertaking remedial action on all matters identified in the investigation. Based upon the results of the investigation, we believe that the total of the improper payments to government owned enterprises over the past five years did not exceed $50,000. The total annual revenues from the impacted TMS Trinidad branch represent less than one percent of our annual consolidated revenues for all years presented. ”  (emphasis added).

Accepting the Enforcement Agencies’ position that payments to government-owned enterprises fall under the FCPA, why didn’t the Enforcement Agencies bring an action?  Sure Team Inc. did voluntarily disclose the conduct at issue and the results of its investigation, but that could also be said for nearly all corporate FCPA enforcement actions.  Sure,  Team Inc.’s  “improper payments” appear to have been isolated, were relatively minor in scope, and were not (per the company) “made, or authorized by, employees outside the one TMS Trinidad branch.”  But again, the same could also be said for a significant percentage of all corporate FCPA enforcement actions

Using the Team Inc. standard, did Rockwell Automation deserve an FCPA enforcement action (see here for the prior post).  Did Comverse (see here for the prior post) deserve an FCPA enforcement action? 

If the FCPA contained a compliance defense (along the lines that a company would not be held vicariously liable for a violation of the FCPA’s anti-bribery provisions by its employees or agents, who were not an officer or director, if the company established procedures reasonably designed to prevent and detect FCPA violations by employees and agents) the end result in Team Inc. would have likely been the same and rightfully so.

But at least the result would have been grounded in law, not in the ad hoc, opaque, non-reviewable discretionary decisions of the Enforcement Agencies.

Compliance Certificates

In relation to the U.K. Bribery Act’s so-called adequate procedures defense, how does a company know whether it has adopted adequate procedures so that it can avail itself of the defense should its conduct come under scrutiny?  It is a darn good question.

Last week,  thebriberyact.com (see here) had a post regarding an adequate procedures certificate.  The post profiled a recent speech by Richard Alderman (Director of the U.K. Serious Fraud Office) on the issue of a lawyer’s certificate for adequate procedures.  As detailed in the post, Alderman stated as follows.  “We know, for example, that some companies believe that all they need is a certificate from a firm of lawyers that they have adequate procedures. We hear about this. We hear as well that the company is not prepared to pay very much for this and expects a certificate of adequate procedures for its worldwide enterprise under say £25,000. This will not impress us very much. This does not mean that we expect companies to spend millions of pounds on this. What we do expect though is a proportionate approach by companies focussing on the key risks and on what they are doing in order to be able to combat those risks. This is what companies should be doing anyway. Indeed some companies have told us that this is a valuable exercise for them for all sorts of reasons that they should have carried out before.  A company that does this but which finds problems will receive very sympathetic treatment at the SFO. A company that closes its mind to the issues while perhaps having some veneer of paper procedures will receive different treatment.”

One of the FCPA reform proposals under consideration – and a reform proposal I support (see here and here for prior posts) – is creation of a compliance defense. If enacted, the same issue will arise as under the U.K. Bribery Act – how does a company know whether it has adopted sufficient measures so that it can avail itself of the defense should its conduct come under scrutiny?

Is a compliance certificate the answer?

In Chile, the answer is yes.  As detailed in this prior “Compliance Defense Around the World” post, Chile is one of several OECD Anti-Bribery Convention countries to incorporate compliance defense principles into its “FCPA-like” law.

Under Chilean law:  in order for a legal person to be held responsible for a foreign bribery offence, the following “three cumulative requirements” must be satisfied: (1) the offence must be committed by a person acting as a representative, director or manager, a person exercising powers of administration or supervision, or a person under the “direction or supervision” of one of the aforementioned persons; (2) the offence must be committed for the direct and immediate benefit or interest of the legal entity. No offence is committed where the natural person commits the offence exclusively in his/her own interest or in the interest of a third party; and (3) the offence must have been made possible as a consequence of a failure of the legal entity to comply with its duties of management and supervision. An entity will have failed to comply with its duties if it violates the obligation to implement a model for the prevention of offences, or when having implemented the model, it was insufficient.”

As to the final element, the OECD report states as follows. “The final cumulative requirement for responsibility stresses that the offence must have been made possible as a consequence of the failure of the legal person to comply with its duties of administration and supervision. The entity will have failed to comply with its duties if it violated the obligation to implement a model for the prevention of offences, or when having implemented the model, the latter was insufficient. It shall be considered that the functions of direction and supervision have been met if, before the commission of the offense, the legal person had adopted and implemented organization, administration and supervision models, pursuant to the following article, to prevent such offenses as the one committed.”

The minimum features of a prevention system under the law are as follows: identify the different activities or processes of the entity, whether habitual or sporadic, in whose context the risk of commission of the offences emerges or increases; establish protocols, rules and procedures that permit persons involved in above-mentioned activities or processes to program and implement their tasks or functions in a manner that prevents the commission of the indicated offences; identify procedures for the administration and auditing that allow the entity to impede their use in the listed offences; establish internal administrative sanctions, as well as procedures for reporting or pursuing pecuniary responsibility against persons who violate the prevention system; introduce the above-mentioned duties, prohibitions and sanctions into the internal regulations of the legal person, and ensure that they are known by all persons bound to apply it (workers, employees, and service providers).

The OECD report states – as to the minimum requirements as follows. “It also aims to introduce a system of self-regulation by companies. Having a code of conduct on paper will not be sufficient to avoid responsibility. If prosecutors can prove that the code does not meet the minimum requirements of or that it is not implemented, the company can be responsible for the offence.”  Under Chilean law, “the failure to comply with duties of management and supervision is an element of the offence rather than a defence. Therefore the burden of proof lies on prosecutors, i.e. it will be up to prosecutors to prove that the entity failed to comply with its duties of management and supervision.”  The OECD report notes as follows. “This will require prosecutors to prove that the company failed in the design and/or implementation of the offense prevention model including why, in the circumstances, the prevention model was insufficient. This would appear to also require the prosecutor to establish that this failure made perpetration of the offence possible.”

Chilean law sets forth a detailed process by which legal persons are able to undergo a certification process on the existence and relevance of their organizational model.  The OECD report states as follows.  “Certification will confirm that the offence-prevention model complies with the minimum requirements [set forth above], taking into account the characteristics of the legal person. The certification is valid as long as the situation of the company does not change. Certification will be carried out by private institutions which have been authorised by public agencies to undertake this role. Two points should be noted. The first is that certification will not, by itself, avoid responsibility, since it will remain possible to convict a legal person if it can be proved that, notwithstanding the certification, the preventive model did not meet the minimum requirements [set forth above]; and/or that the model was not implemented. The second point to note is that, pursuant to [the Chilean law], private institutions carrying our certification will be carrying out public functions, which means that they will be criminally responsible in the event of a failure to act properly in the execution of those functions. The sole function of public agencies will be to authorise institutions to carry out these functions, and to keep record of certifications.”

What do you think?  Is the Chilean certification process the answer?  What are the pros and cons of such an approach?  If anyone can direct me to Chilean counsel knowledgeable about this certification process or the “private institutions” authorized to issue such certifications, please send me an e-mail so that I can inquire and report back any findings.

If the FCPA were amended to include a compliance defense, would Chile’s certification approach work here in the U.S.?

For starters, it is useful to observe that the DOJ is already handing out compliance certificates in at least two respects – even if  not formally called compliance certificates.

First, the FCPA’s Opinion Release Procedure results in the DOJ issuing – for all practical purposes – a compliance certificate in that the DOJ opines whether a proposed course of conduct, based on the requestor’s disclosed information and various representations, complies with the FCPA.  Pursuant to the governing regulations (see here), “there shall be a rebuttable presumption that a requestor’s conduct, which is specified in a request, and for which the Attorney General has issued an opinion that such conduct is in conformity with the Department’s present enforcement policy, is in compliance with those provisions of the FCPA.”

Second, every NPA or DPA contains a clause stating that the DOJ will not bring an enforcement action if the company complies with the undertakings set forth in the agreement – including an appendix which sets forth various compliance obligations.  (See here for the recent Armor Holdings NPA). As with the FCPA Release Procedure, the term compliance certificate is lacking, but in substance that is likewise the end result.

That the DOJ is already issuing “compliance certificates” makes the DOJ’s firm opposition to an FCPA compliance defense (see here for more)  all the more curious – and all the more contradictory.

The Compliance Defense Around The World

As highlighted in this prior post, numerous FCPA reform bills in the 1980’s included a specific defense which stated a company would not be held vicariously liable for a violation of the FCPA’s anti-bribery provisions by its employees or agents, who were not an officer or director, if the company established procedures reasonably designed to prevent and detect FCPA violations by employees and agents. An FCPA reform bill containing such a provision did pass the U.S. House, but was not enacted into law.

Amending the FCPA to include a compliance defense is one of the U.S. Chamber’s FCPA reform proposals (see here). In November 2010, Andrew Weissman, on behalf of the Chamber, testified in favor of a compliance defense (and other reform proposals) during the Senate’s FCPA hearing (see here for the prior post) and during the House hearing earlier this month (see here for the prior post), former Attorney General Michael Mukasey, on behalf of the Chamber, also testified in favor of a compliance defense (and other reform proposals).

During the House hearing, there appeared to be bi-partisan support for consideration of an FCPA compliance defense.

Even so, Greg Andres, testifying on behalf of the DOJ, stated that a potential FCPA compliance defense was “novel and risky” and that the “time is not right to consider it.”

Public debate on a potential compliance defense has thus far focused, from a comparative standpoint, on the United Kingdom and Italy.

The purpose of this post is to further inform the public debate on a potential compliance defense by highlighting various compliance-like defenses around the world in other countries that are signatories (like the U.S.) to the OECD Anti-Bribery Convention.

This post is further to my work in progress – Revisiting an FCPA Compliance Defense – and represents hours of research analyzing 38 OECD Country Reports.

The post provides an overview of compliance-like defenses in the following OECD Convention signatory countries: Australia, Chile, Germany, Hungary, Italy, Japan, Korea, Poland, Portugal, Sweden, and Switzerland. [The U.K. Bribery Act, set to go live on July 1st, also contains a compliance-like defense in Section 7].

A first reaction might be – only 12 of the 38 OECD member countries have a compliance-like defense.

However, this number must be viewed against the backdrop of the following dynamics: (i) in many OECD Convention signatory countries, the concept of legal person criminal liability (as opposed to natural person criminal liability) is non-existent; and (ii) in many OECD Convention signatory countries that do have legal person criminal liability, such legal person liability can only result from the actions of high-level executive personnel or other so-called “controlling minds” of the legal person.

Obviously if a foreign country does not provide for legal person liability, there is no need for a compliance defense, and the rationale for a compliance defense is less compelling if legal exposure can result only from the conduct of high-level executive personnel or other “controlling minds.”

When properly viewed against these dynamics, a compliance-like defense (whether specifically part of a foreign country’s “FCPA-like” law or otherwise generally part of a foreign country’s legal principles) is far from a “novel” idea, but rather common among OECD Anti-Bribery Convention signatory countries that – like the U.S. – have legal person criminal liability that can attach based on the conduct of non-executive officers or other “controlling minds.”

[The below information is based strictly on OECD country reports and is subject to the qualification that in many instances the most recent information concerning a particular country may be several years old. If anyone has more recent information concerning any particular country, how the compliance defense in a particular country has worked in practice, or any other relevant information, please leave a comment on this site or contact me at mjkoehle@butler.edu]

*****

Australia

Australian law implementing the OECD Convention entered into force on December 18, 1999.

Thereafter, a section of the Criminal Code on corporate criminal liability came into full force establishing an organizational model for the liability of legal persons. “Bodies corporate” are liable for offences committed by “an employee, agent or officer of a body corporate acting within the actual or apparent scope of his or her employment, or within his or her actual or apparent authority” where the body corporate “expressly, tacitly, or impliedly authorised or permitted the commission of the offence”.

Pursuant to the Criminal Code, authorisation or permission by the body corporate may be established in the following ways: (1) the board of directors intentionally, knowingly or recklessly carried out the conduct, or expressly, tacitly or impliedly authorised or permitted it to occur; (2) a high managerial agent intentionally, knowingly or recklessly carried out the conduct, or expressly, tacitly or impliedly authorised or permitted it to occur; (3) a corporate culture existed that directed, encouraged, tolerated or led to the offence; or (4) the body corporate failed to create and maintain a corporate culture that required compliance with the relevant provision.

However, under the Criminal Code, “if a high managerial agent is directly or indirectly involved in the conduct, no offence is committed where the body corporate proves that it “exercised due diligence to prevent the conduct, or the authorisation or permission.”

Chile

Chilean law implementing the OECD Convention entered into force on October 8, 2002.

In December 2009, a separate Chilean law entered into force establishing criminal responsibility of legal persons for a limited list of offences including bribery of foreign public officials.

In order for a legal person to be held responsible for a foreign bribery offence, the following “three cumulative requirements” must be satisfied: (1) the offence must be committed by a person acting as a representative, director or manager, a person exercising powers of administration or supervision, or a person under the “direction or supervision” of one of the aforementioned persons; (2) the offence must be committed for the direct and immediate benefit or interest of the legal entity. No offence is committed where the natural person commits the offence exclusively in his/her own interest or in the interest of a third party; and (3) the offence must have been made possible as a consequence of a failure of the legal entity to comply with its duties of management and supervision. An entity will have failed to comply with its duties if it violates the obligation to implement a model for the prevention of offences, or when having implemented the model, it was insufficient.”

As to the final element, the OECD report states as follows. “The final cumulative requirement for responsibility stresses that the offence must have been made possible as a consequence of the failure of the legal person to comply with its duties of administration and supervision. The entity will have failed to comply with its duties if it violated the obligation to implement a model for the prevention of offences, or when having implemented the model, the latter was insufficient. It shall be considered that the functions of direction and supervision have been met if, before the commission of the offense, the legal person had adopted and implemented organization, administration and supervision models, pursuant to the following article, to prevent such offenses as the one committed.”

The minimum features of a prevention system under the law are as follows: identify the different activities or processes of the entity, whether habitual or sporadic, in whose context the risk of commission of the offences emerges or increases; establish protocols, rules and procedures that permit persons involved in above-mentioned activities or processes to program and implement their tasks or functions in a manner that prevents the commission of the indicated offences; identify procedures for the administration and auditing that allow the entity to impede their use in the listed offences; establish internal administrative sanctions, as well as procedures for reporting or pursuing pecuniary responsibility against persons who violate the prevention system; introduce the above-mentioned duties, prohibitions and sanctions into the internal regulations of the legal person, and ensure that they are known by all persons bound to apply it (workers, employees, and service providers).

The OECD report states – as to the minimum requirements as follows. “It also aims to introduce a system of self-regulation by companies. Having a code of conduct on paper will not be sufficient to avoid responsibility. If prosecutors can prove that the code does not meet the minimum requirements of or that it is not implemented, the company can be responsible for the offence.”

Under Chilean law, “the failure to comply with duties of management and supervision is an element of the offence rather than a defence. Therefore the burden of proof lies on prosecutors, i.e. it will be up to prosecutors to prove that the entity failed to comply with its duties of management and supervision.”

The OECD report notes as follows. “This will require prosecutors to prove that the company failed in the design and/or implementation of the offense prevention model including why, in the circumstances, the prevention model was insufficient. This would appear to also require the prosecutor to establish that this failure made perpetration of the offence possible.”

As noted in the OECD report, the Chilean “standard of liability is inspired from the Italian system of liability of legal persons” (discussed below).

Germany

German law implementing the OECD Convention entered into force on February 15, 1999.

German law establishes the liability of legal persons, including liability for the foreign bribery offence, under an administrative (i.e. non-criminal form) act.

Pursuant to the administrative act, “the liability of legal persons is triggered where any “responsible person” (which includes a broad range of senior managerial stakeholders and not only an authorised representative or manager), acting for the management of the entity commits i) a criminal offence including bribery; or ii) an administrative offence including a violation of supervisory duties which either violates duties of the legal entity, or by which the legal entity gained or was supposed to gain a “profit”.”

As noted in the OECD report, “in other words, Germany enables corporations to be imputed with offences i) by senior managers, and, somewhat indirectly, ii) with offences by lower level personnel which result from a failure by a senior corporate figure to faithfully discharge his/her duties of supervision.”

The OECD report states that the “standards for a violation of supervisory duties include consideration of factors such as whether the company has in place a monitoring system or in-house regulations for employees.”

Hungary

Hungarian law implementing the OECD Convention entered into force on March 1, 1999.

In 2004, a separate law was enacted specifying the individuals whose actions can trigger the liability of the legal person.

The OECD report states as follows. “The specific persons and additional conditions for liability are defined as follows: (i) the bribery is committed by one of the members or officers [of the legal entity] entitled to manage or represent it, or a supervisory board member and/or their representatives acting within the legal scope of activity of the legal person ; (ii) the bribery is committed by one of the members of the legal entity or an employee acting within the legal scope of activity of the legal person provided the bribery could have been prevented by the chief executive fulfilling his supervisory or control obligations; and (iii) the bribery is committed by a third party individual, provided that the legal entity’s member or officer entitled to manage or represent the it had knowledge of the facts.”

According to the OECD report, the relevant law does not provide any guidance as to the necessary degree of supervision to avoid liability for bribery.

Italy

Italian law implementing the OECD Convention entered into force on October 26, 2000.

Under Italian law, “criminal liability cannot be attributed to legal persons” however, “administrative liability may be attributed to legal persons for certain criminal offences (including foreign bribery) committed by a natural person.

The relevant administrative decree provides a “defence of organisational models” to a body which makes reasonable efforts to prevent the commission of an offence.

The OECD report states as follows. “… [A] body is not liable for offences committed by persons in senior positions if it proves the following. First, before the offence was committed, the body’s management had adopted and effectively implemented an appropriate organisational and management model to prevent offences of the kind that has occurred. Second, the body had set up an autonomous organ to supervise, enforce and update the model. Third, this autonomous organ had sufficiently supervised the operation of the model. Fourth, the perpetrator committed the offence by fraudulently evading the operation of the model.” The defence of organisation models operates as a full defence which completely exculpates a legal person.

The relevant administrative decree stipulates the essential elements of an acceptable organisational model described in the OECD report as follows. “First, the model must identify activities which may give rise to offences. Second, the model must define procedures through which the body makes and implements decisions relating to the offences to be prevented. It must also prescribe procedures for managing financial resources to prevent offences from being committed. Third, the model must oblige the internal organ responsible for supervision and enforcement to provide information to the body. Finally, the model must include a disciplinary system for non-compliance.”

Japan

Japanese law implementing the OECD Convention entered into force on February 15, 1999 .

“Under Japanese law, criminal responsibility of a legal person is based on the principle that the company did not exercise due care in the supervision, selection, etc. of an officer or employee to prevent the culpable act.

The burden rests on the legal person to prove that due care was exercised. Where a legal person raises the defence, a person must be identified as having exercised due care, etc., and the court must determine whether it was exercised properly having regard to the nature of the legal person and the circumstances of the case.”

Korea

Korean law implementing the OECD Convention entered into force on February 15, 1999.

Korean law establishes the criminal responsibility of legal persons for the bribery of a foreign public official, however, a legal person is exempt from liability where it has paid “due attention” or exercised “proper supervision” to prevent the offence.

The statute itself does not provide information about what constitutes “due attention” or “proper supervision.” A representative of the Supreme Public Prosecutor’s Office informed the OECD that “the exemption is triggered when a director or ‘superior person’ exercises due attention.” The Explanatory Manual published by the Ministry of Justice states that “it is difficult to standardize the extent of attention or supervision in deciding whether a legal person can be exempted from criminal punishment.” The Explanatory Manual further states that whether the exemption applies depends upon “general circumstances such as the motive and background that led to the bribery, intervention of exclusive members of the legal person, whether it was informed earlier, and how much effort was usually made by the corporation to prevent bribery, etc.” and that companies involved in international business must prevent violations of the law by all employees and executives of the company “through sufficient necessary management”.

Poland

Polish law implementing the OECD Convention entered into force on February 4, 2001.

Polish law provides “a noncriminal form of responsibility for collective entities.” Among the requirements for liability is the offence was committed “in the effect of at least absence of due diligence in electing the natural person [committing the act] or of at least the absence of due supervision over this person by an authority or a representative of the collective entity.”

According to the relevant Polish legislative history, “the perpetration of a prohibited act by a natural person will trigger liability of the
collective entity where the act occurred as a result of negligence on the part of the authority or representative of the collective entity.”

Portugal

Portuguese law implementing the OECD Convention entered into force on June 9, 2001.

Under Portuguese law relevant to corruption in international business transactions, legal persons can be liable for conduct committed “on their behalf and in the collective interest by natural persons occupying a leadership position within the legal person structure” or by “whoever acts under the authority” of such natural persons.

However, “[t]he liability of legal persons and equivalent entities is excluded when the actor has acted against the orders or express instructions of the person responsible.”

Sweden

Swedish law implementing the OECD Convention entered into force on July 1, 1999.

Under Swedish Law, only natural persons can commit crimes. However, pursuant to the Swedish Penal Code, a “kind of quasi-criminal liability is applied to an ‘entrepreneur’ (a general term meaning “any natural or legal person that professionally runs a business of an economic nature) for a ‘crime committed in the exercise of business activities.’”

However, one requirement under the Penal Code is that “the entrepreneur has not done what could reasonable be required of him for prevention of the crime.”

Switzerland

Swiss law implementing the OECD Convention entered into force on May 1, 2000.

Article 100quater of the Swiss Criminal Code requires “defective organisation as a condition for corporate criminal liability.”

In order to incur criminal liability, “the enterprise must not have taken all reasonable and necessary organisational measures to prevent the individual from committing the offence.”

Under Swiss law, the burden is on the prosecutor to furnish proof of defective organization and according to Swiss authorities contacted by the OECD “steps should be taken to assess whether employees have been sufficiently informed, supervised and controlled” and “the fact that an enterprise is organised in compliance with international management standards will not be sufficient to rule out all liability on its part; it will be one element to take into consideration among others …”. In the view of Swiss authorities, “ shifting the burden of proof in criminal cases would contravene Article 6 of the European Convention on Human Rights.”

Global Financial Integrity Responds

The goal of FCPA Professor (see here) is to foster a forum for critical analysis and discussion of the FCPA (and related topics) among FCPA practitioners, business and compliance professionals, scholars and students, and other interested persons.

With that goal in mind, I asked Heather A. Lowe, Esq. (Legal Counsel & Director of Government Affairs, Global Financial Integrity (“GFI”)) to consider a guest post to respond to my criticism last week of certain of GFI’s statements in connection with the House FCPA hearing (see here for the prior post).

I am glad she accepted and below is Ms. Lowe’s guest post.

If other readers want to make their voice heard on the topic of FCPA reform as well, please consider FCPA Professor as a suitable forum.

*****

I appreciate the invitation from Prof. Koehler to provide some comments on this forum as a guest blogger.

On June 14, 2011, Prof. Koehler commented (here) on documents provided by Global Financial Integrity and other civil society organizations and GFI’s press release (here) circulated on Monday, prior to the House of Representatives’ hearing on the FCPA. Additional arguments are included in GFI’s formal submission (here) for the record at the hearing. Karen Lissakers, Director of the Revenue Watch Institute, and Corinna Gilfillan, Head of U.S. Office at Global Witness, each provided statements (see here and here) for the hearing record as well. I am sure readers will find our full submissions to be of interest.

One of the primary reasons that GFI wanted to provide a submission for the hearing was to ensure that Members of Congress were aware that (a) businesses and the Department of Justice were not the only stakeholders with views to be considered in this discussion, (b) proposed changes to the FCPA must be considered within an international context, and any changes will have international implications, and (c) there are strong economic arguments for carefully considering changes to the FCPA that might lead to a reduction in enforcement.

Anti-bribery laws are not enacted in this world without years of blood, sweat and tears from anti-corruption campaigners around the world, and I don’t expect that they will be willing to lose ground on this flagship anti-bribery legislation without making their voices heard. When I say “blood, sweat and tears” I literally mean blood, sweat and tears. There are activists around the world who have been threatened with violence, jailed and even killed over the years to achieve the progress that has been made. It would be inaccurate, therefore, to believe that corporations are the only ones with “skin” in this game.

GFI would not presume to speak on behalf of these organizations without their permission, but we did not want to miss the opportunity to provide at least one civil society submission as a place-holder for a critical group of stakeholders.

We appreciated Prof. Koehler’s comments on the documents he posted. We are trying to begin a meaningful dialogue on these issues that more civil society organizations with direct experience in the field, around the world, can join. His comments demonstrate that we have been successful in starting that conversation.

Prof. Koehler did not invite me to blog for my motivational comments, however. He would like me to respond to his post of June 14, 2011.

Apart from quoting the opinion of a former SEC Commissioner in a statement made 20 years ago

• during a hearing on bills proposing changes that the Professor considers to be similar to changes being proposed today,
• which were ultimately never adopted by Congress, and
• during a time preceding the international proliferation of anti-bribery conventions and national laws that we have to support our FCPA enforcement efforts today,

Prof. Koehler seems to be focusing on two main subjects: the proposed amendment to further define “foreign official” and the proposal to include a compliance defense in the FCPA.

The Professor refers to the UK Bribery Act Guidance to shore up his position in support of creating a compliance defense for companies. The U.S. Chamber refers to the UK Bribery Act (the “UK Act”) itself to support its position that a compliance defense is a reasonable amendment to request. The compliance defense in the UK Act should not be taken out of context, however. It must be viewed in light of the other provisions of the UK Act. The UK Bribery Act criminalizes ALL forms of commercial bribery. The FCPA criminalizes only payments made to foreign officials. The UK Act does not permit facilitation payments. The FCPA permits facilitation payments and has an express provision creating an affirmative defense for reasonable travel and lodging and other types of expenses one might incur as a “host” of a trading partner. The UK Act’s extraterritoriality provisions have been described as more far-reaching than the FCPA’s.

The U.S. Chamber’s proposals to amend the FCPA are entitled “Restoring Balance.” The UK Act’s compliance defense could conceivably be seen as an attempt to balance provisions that go well beyond those of the FCPA. A compliance defense in the FCPA would, in fact, be out of balance when viewed in full context. However, if there is a genuine move to bring the FCPA in line with the UK Bribery Act then let’s talk!

I also found it interesting that the Professor referenced the UK Bribery Act Guidance in his support of the compliance defense. The Guidance he refers to is the Guidance from the UK Ministry of Justice. At the very beginning of that document, in paragraph 4, the Ministry states, “The question of whether an organisation had adequate procedures in place to prevent bribery in the context of a particular prosecution is a matter that can only be resolved by the courts taking into account the particular facts and circumstances of the case. The onus will remain on the organisation, in any case where it seeks to rely on the defence, to prove that it had adequate procedures in place to prevent bribery. However, departures from the suggested procedures contained within the guidance will not of itself give rise to a presumption that an organisation does not have adequate procedures.”

So, what does a compliance defense actually accomplish in the UK? A company still has to prove that it had adequate procedures in place to prevent the criminal activity (which means all of the investigation into what actually took place must still be undertaken) and the matter still has to be adjudicated by the courts. Compliance in the UK is not an absolute defense that can be relied upon to avoid the cost of investigation and litigation at all, as seems to be the idea behind the U.S. Chambers’ proposal! The burden on a UK company is, in practical terms, the same as that of a company defending an FCPA violation under the current form of the statute.

Prof. Koehler characterized some of my statements as “unsophisticated” and “naïve,” so I was surprised by his argument that the real reason that companies want a clearer definition of “foreign official” is so that they can more easily determine who they can take out for a round of golf and a few drinks at the 19th without thinking too hard about it. While I do not doubt that this is something companies do have to think about, I stand by my statement that a clearer definition of foreign official can just as easily be used to determine who a company can bribe and who it can’t bribe and I am not naïve enough to think that this isn’t a frequent question. Let’s get on board with the UK on this one and just not bribe anyone.

I will say, however, that I think I have a fairly accurate view of what motivates corporations. Corporations are motivated by their bottom line and their cost/benefit analysis. There are externalities that also factor into decisions, like reputational risk, but in the end the externalities are quantified and factored in. This is not a bad thing – corporations exist to make money and are vital to support a strong economy.

For the reasons set forth in GFI’s submission, I don’t think that most companies set out to engage in bribery, unless they do not have the attributes to be truly competitive in the market they are entering in the first place (which should not be overlooked as a possible motivating factor). When faced with a bribe, however, the choice on the spot may be perceived to be one of paying a bribe or losing business worth many times the value of the bribe. A strongly enforced FCPA makes that bribe much more expensive in any cost/benefit analysis.

The perception that the choice a company is making is whether to pay a bribe or lose the business is where we should be focusing our energy, however. Many companies have created strategies, policies and outreach to governments in the countries in which they operate in order to ensure that it is understood by those with whom they do business that they are subject to the FCPA and cannot pay bribes. We are pretty sure that the whole notion of the FCPA isn’t a surprise to their business counterparts when the subject is raised.

As I stated in GFI’s submission for the hearing, “Some companies, like Newmont Mining, view the FCPA in a positive light. Newmont Mining, based in Colorado, is the second largest gold mining company in the world. Newmont’s Director Corporate & External Affairs for Africa, Chris Andersen, stated during a panel discussion at the Extractive Industries Transparency Initiative Global Conference in March of this year that,

“…Newmont’s experience, particularly in Africa, has been that FCPA has been an enormously valuable protective device for us…when you have a government person saying…‘we’ll give you that license if you buy us a car or something’…it’s not about look ‘I’m a mean guy and I don’t value our relationship, and therefore I’m not going to give it to you,’ you say ‘look, there’s a law out there that means I’m going to go to jail if I do that, I’m not going to go to jail for you or anybody else.’”

There are many more arguments to be made on all sides of this debate, I have no doubt. Let’s make sure that all relevant voices are being heard moving forward.

Powered by WordPress. Designed by WooThemes