Many thanks to Dan Harris over at China Law Blog for inviting “me over” to share my thoughts on China FCPA risk. My post can be found here.
A reader recently commented that most companies know “what to do” when it comes to FCPA anti-bribery compliance training, but that when it comes to FCPA books and records and internal controls compliance training most people “scratch their heads.”
Below, I offer some thoughts on books and records and internal controls compliance training, but by no means does this cover the entire landscape.
I think the reader is correct in that most companies do in fact focus compliance efforts (if they have pro-active compliance efforts – see here) on the FCPA’s anti-bribery provisions. The FCPA’s other prong – the books and records and internal control provisions are usually mentioned (if at all) in passing.
An explanation for why likely has to do with the statute itself.
The anti-bribery provisions have specific elements tied to things we can all generally understand such as – things of value, foreign official, and obtain or retain business – and companies can easily tailor compliance training to those elements, or it is probably more accurate to say, DOJ and SEC’s interpretations of those elements.
In contrast, the FCPA’s book and records and internal control provisions are rather generic and have key terms such as “reasonable detail,” “accurately and fairly,” “sufficient,” “reasonable assurances, and “general or specific authorization.”
Tailoring compliance training to such general concepts can be difficult. Moreover, the books and records, and internal control provisions apply to issuers in ALL instances, not just those instances in which the company is doing business or seeking business abroad. Thus, it may be more difficult to frame books and records and internal control issues to training, because the provisions apply to everything an issuer does.
Against this backdrop, what works best I think is to view FCPA compliance as not just a task that company lawyers and selected key positions from an anti-bribery perspective (i.e. sales, marketing, business development) need to be concerned with, but rather a task that internal audit and finance should also be concerned with and actively involved in as well.
This means that internal audit and finance personnel must be specifically trained to approach their specific job functions not only in a traditional way, but also with “FCPA goggles” on.
It is clear from recent FCPA enforcement actions that the SEC expects much more from non-legal personnel when it comes to FCPA compliance, including the ability to spot FCPA issues and display a high degree of (I’ll call it) intellectual curiosity as to certain issues.
For instance, in the 2007 York matter, the SEC alleged in its civil complaint (see here at para 51) that (i) “York International’s management had the ability to review or cause internal audit to review [the problematic contracts] and, had this been done, it would have been immediately apparant that the consultancy agreements were a sham; and (ii) it was “clear that local finance personnel did not provide an independent internal control function, but rather acquiesced in questionable practices and documentation without critical review.”
Again, because the FCPA’s books and records and internal control provisions are rather generic, I think a “best practice” (not only for issuers, but for any company) is to specifically train internal audit and finance personnel to view their job with “FCPA goggles” on.
This means that internal audit and finance personnel should:
(1) Understand the broad interpretations given to the anything of value, foreign official, and obtain or retain business elements of anti-bribery violation so that they clearly understand that conduct other than a “suitcase full of cash to a government official to get a government contract” is problematic. For instance,
excessive travel and marketing expenses, payment of scholarships, etc. can be things of value. Internal audit and finance personnel also need to understand that employees of state-owned or state-controlled companies are considered “foreign officials” by DOJ/SEC (even if that interpretation has not been tested or challenged). This means that things a company does to “wine and dine” its purely private customers can become problematic when state-owned or state-controlled customers receive the same treatment. In terms of state-owned or state-controlled customers, it is also a good idea for a company to maintain a roster of such entities so that heightened review will be triggered when any corporate personnel deals with such customers or prospective customers. Internal audit and finance personnel also need to understand that payments which result in a company securing a foreign license, permit, or certification can satisfy the “obtain or retain business” element of an anti-bribery violation on the theory that such payments help the company, in the general sense, obtain or retain business.
(2) Pay particular attention to employee reimbursement requests and think about FCPA issues in connection with these requests. For instance, if a specific sales and marketing employee is the designated “wine and dine” person, is there any heightened scrutiny of that individuals reimbursement requests?
(3) Be aware of the FCPA’s third-party payment provisions and be able to spot (and follow-up on) the following issues relevant to engaging and supervising a foreign agent or representative: payments made to personal (rather than company) bank accounts; payments to off-shore bank accounts; payments which could be made in one lump sum but are split up to avoid detection; and payments made to an account in a country different than where the service provider is located. When utilizing third parties, commission payments are obviously a big FCPA risk. Thus, internal audit and finance personnel need to ask what steps the company has taken to assure itself that the commission payments are reasonable. Moreover, such personnel should specifically look for evidence that the third party actually provided legitimate value-added services before payment was made by the company.
(4) Figure out who within the company, the relevant business unit, etc. has the authority to authorize large payments and make sure those authorizations are scrutinized. Because of title, prestige and in some countries – gender – certain individuals are subjected to less oversight and scrutiny when it comes to authorizing payments. If any such trends or patterns emerge within a company as to this issue, internal audit and finance personnel must be diligent in understanding why.
(5)Pay particular attention to the following accounts (all of which, per recent FCPA enforcement actions, were used to conceal improper payments) – “additional assessments,” “extra costs,” “extraordinary expenses,” “urgent processing,” “urgent dispatch,” “customs processing,” “importation advances,” . These accounts, and all other accounts described in a vague or ambiguous manner, should be subject to heightened scrutiny by internal audit and finance personnel.
Back to the original issue raised by the reader as to how best to offer FCPA books and records, and internal controls compliance training. Again, because the books and records and internal control provisions are so generic, I think the “best practice” is to couple such training with anti-bribery training and to make sure that internal audit and finance personnel have the FCPA tools necessary to properly execute their jobs.
Internal audit and finance personnel clearly have an FCPA compliance role to play, and the SEC is clearly expecting them to play that role. However, internal audit and finance personnel can only raise FCPA issues if they first know what FCPA issues to look for. Providing internal audit and finance personnel with a good pair of “FCPA goggles” is a good way to achieve books and records, and internal controls compliance.
Over at the wrageblog (see here), Alexandra Wrage, President of Trace International Inc., a leading non-profit membership association focused on anti-bribery compliance, has a good summary post of comments made by Mark Mendelsohn (DOJ’s top FCPA prosecutor) and others at a recent FCPA conference.
Given that the enforcement agencies’ untested and unchallenged interpretation of the “foreign official” element is one of my favorite FCPA issues, I was happy to see that Mendelsohn, in response to a question, apparently acknowledged that there can be difficult assessments of who qualifies as a “foreign official” under the FCPA.
Looks like FCPA trials are over for the year, but I’m guessing that there will be forthcoming appeals from the three FCPA verdicts reached this summer.
A couple of survey/poll results that may be of interest to FCPA followers.
The first survey is courtesy of Deloitte which obtained over 1,000 on-line survey responses from business professionals in various industries in connection with a recent webcast titled “Global Anticorruption: Risks and Strategies for Today’s Global Enterprise.”
Results of interest:
Only 31% of respondents indicated that their company had in place a “comprehensive FCPA compliance program.” When asked why some companies might not have a comprehensive FCPA compliance program, 23% of respondents cited an “unawareness of the severity and consequences of FCPA violations.” Clearly more people need to read this blog (and others) and follow FCPA news!
Only 32% of respondents indicated that their company addresses FCPA risks “proactively.”
Respondents are most nervous about FCPA issues arising from: foreign subsidiaries (35%), agent/consultant relationships (28%) and joint venture/strategic alliances (18%).
And finally, 40% of respondents either said “no” or “don’t know” to the question of whether the increased FCPA enforcement activity will deter future FCPA violations. You have to wonder what goes through the minds of Mark Mendelsohn and others at DOJ when they read a response like that?
The second survey (see here to download) was sponsored by Integrity Interactive Corporation and Compliance Week. The survey (which covers a wide range of compliance and ethics topics – not just the FCPA) collected approximately 230 responses from executives at global public companies and large private entities. Pgs. 38-39 of the survey contain FCPA data and indicate that executives are most concerned about payments to third parties, followed by inappropriate gifts and entertainment, direct bribes, company-financed “business trips” and unlawful political or charitable contributions.
The third FCPA trial of the summer has concluded and Gerald and Patricia Green (two Los Angeles area film executives) have been found guilty by a federal jury of conspiracy to violate the FCPA, substantive FCPA violations, and other charges (see here for the DOJ New Release).
According to the DOJ release, evidence introduced at trial showed that “beginning in 2002 and continuing into 2007, the Greens conspired with others to bribe the former governor of the [Tourism Authority of Thailand] in order to get lucrative film festival contracts as well as other TAT contracts.” According to the release, the evidence also established that the Green’s attempted to disguise the bribe payments by labeling them “sale commissions” and by making the payments “for the benefit of the former governor through the foreign bank accounts of intermediaries, including bank accounts in the name of the former governor’s daughter and friend.”
Reacting to the verdict, Assistant Attorney General Breuer stated that the DOJ “will not waiver in its fight against corruption, whether perpetrated within our borders or abroad” and that the FCPA “is a powerful tool that the [DOJ] will continue to use in an effort to stop individuals like the Greens who seek to further their own business interests through bribes paid to foreign officials.”
The Greens are to be sentenced in December and the conspiracy and FCPA charges each carry a maximum penalty of five years in prison.
As mentioned, the Green trial was the third FCPA trial of the summer.
Leading up to these trials, the FCPA bar and the enforcement officials themselves, predicted that one result of these trials would be greater clarity of some of the FCPA’s murky elements.
While the verdicts were, on balance, pro-DOJ verdicts, the verdicts reached in these trials were not exactly uniform.
Bourke was convicted of conspiracy to violate the FCPA (the case did not proceed to trial on a substantive FCPA violation).
Jefferson was also convicted of conspiracy (although it is not entirely clear if the jury found him guilty of conspiracy to violate the FCPA). However, Jefferson was found not guilty on the substantive FCPA charge (the charge predicated on the “cash in the freezer” allegations).
Have these trials provided any greater clarity as to various FCPA elements as widely predicted?
I think it is far to say that as a result of the Bourke verdict (even though it was not a substantive FCPA trial), the FCPA’s knowledge standard has never been broader, and can be satisfied even when an investor, like Bourke, does not actually pay a bribe, but is merely aware that others may be making bribe payments in a widely viewed corrupt country for the potential benefit of an entity in which he is an investor (see here and here).
Beyond this, I’m not sure that any further clarity as to substantive FCPA elements has resulted from these trials, but I would be interested to hear what others have to say.
Will these trials and the largely pro-DOJ verdicts send a “proceed with caution” message to any individual or corporation faced with an FCPA enforcement action and stiffle legitimate defense theories based on the FCPA’s elements?
I expect so, yet that is indeed unfortunate as a significant portion of FCPA enforcements are based largely on DOJ/SEC’s untested and unchallenged interpretations of the law.