Business organizations large and small are subject to the anti-bribery provisions of the Foreign Corrupt Practices Act.
Although the books and records and internal controls provisions only apply to issuers, issuers are not always large companies. These provisions make no explicit distinctions regarding the size of an issuer, but in the FCPA Guidance the DOJ and SEC sensibly acknowledge that a factor the enforcement agencies consider when evaluating an organization’s compliance program is the size of the organization. Specifically the Guidance states: ” small- and medium-size enterprises likely will have different compliance programs from large multi-national corporations, a fact DOJ and SEC take into account when evaluating companies’ compliance programs.”
Similarly, the DOJ’s November 2017 FCPA Corporate Enforcement Policy states: “implementation of an effective compliance and ethics program, the criteria for which will be periodically updated and which may vary based on the size and resources of the organization …”.
Despite this sensible FCPA enforcement agency guidance, does size actually matter?
Like many issues in the FCPA space, we know what we know and we don’t know what we don’t know.
What we know is that there appears to be no meaningful difference in enforcement agency theories (ranging from third party compliance best practices to internal controls best practices including the finance and audit function and training best practices) in large issuer enforcement actions compared to small issuer enforcement actions.
For instance, Nu Skin Enterprises (a small Utah based issuer) was held liable (seemingly on a strict liability theory see here, here and here for previous posts) for charitable donations made by a foreign subsidiary just like Schering-Plough (a large issuer) was held liable (see here for the prior post).
Likewise, Analogic (a small issuer in the medical device industry) was held liable (seemingly on a strict liability theory see here and here for prior posts) for third parties engaged by a foreign subsidiary) just like numerous large issuers have been.
Similarly, Akamai Technologies (a small issuer) was held liable (seemingly on a strict liability theory see here and here for prior posts) in ways indistinguishable from large issuer enforcement actions in connection with its Chinese subsidiary and alleged lack of formalized due diligence, proactively exercising audit rights, monitoring certain transactions, and employee training.
Finally (and several other enforcement actions could also be highlighted) SciClone Pharmaceuticals (a small issuer) was held liable (once again seemingly on a strict liability theory see here and here for prior post) in ways indistinguishable from large issuer enforcement actions in connection with the marketing and promotional activities of a Chinese subsidiary (including “golf in the morning and beer drinking the evening).
It is not just the enforcement theories in small issuer enforcement actions that seem indistinguishable from large issuer enforcement actions, but also the post-enforcement action compliance obligations imposed on settling companies as well.
For instance, Attachment C “Compliance Obligations” in the Dallas Airmotive (a small provider of aircraft engine maintenance, repair and overhaul services) DPA is substantively indistinguishable from Exhibit C “Corporate Compliance Program” in the Alstom (a large multinational with 30,000+ employees) plea agreement.
Likewise, Attachment B “Corporate Compliance Program” in the PTC (a small software company) NPA is substantively indistinguishable from Attachment C “Corporate Compliance Program” in the Teva Pharmaceuticals (a large multinational with 40,000+ employees) DPA.
In short, the DOJ and SEC have sensibly stated that size matters, but to what extent (based on enforcement theories and post-enforcement action compliance obligations) is the open question?
Save Money With FCPA Connect
Keep it simple. Not all FCPA issues warrant a team of lawyers or other professional advisers. Achieve client and business objectives in a more efficient manner through FCPA Connect. Candid, Comprehensive, and Cost-Effective.