[This post is part of a periodic series regarding “old” FCPA enforcement actions]
In March 2005, the DOJ announced that Micrus (a medical device company based in California) agreed to non-prosecution agreement and to pay a $450,000 criminal penalty to resolve its Foreign Corrupt Practices Act liability. The conduct at issue largely focused on stock option grants provided to physicians at publicly owned and operated hospitals in France, Turkey, Spain, and Germany.
German healthcare firm Fresenius Medical Care AG (a company with American Depositary Receipt shares traded on the NYSE) has been under FCPA scrutiny since 2012 (no that is not a typo).
Today the DOJ and SEC announced (here and here) an approximate $232 million enforcement action ($84.7 million to the DOJ and $147 million to the SEC) against the company for alleged bribery schemes involving physicians and other healthcare personnel in Angola, Saudi Arabia, Morocco, Spain, Turkey, Gabon, Benin, Burkina Faso, Senegal, Ivory Coast, Niger, Cameroon China, Serbia, Bosnia, and Mexico.
While not specified in any of the resolution documents, the DOJ’s non-prosecution agreement and SEC’s administrative order make generic reference to the Angola and Saudi Arabia conduct involving ‘agents and employees utiliz[ing] the means and instrumentalities of U.S. interstate commerce, including the use of internet-based email accounts hosted by numerous service providers located in the United States.”
The article “Revisiting a Foreign Corrupt Practices Act Compliance Defense” highlights, among other things, that several countries like the United States that are signatories to the Organization for Economic Cooperation and Development Convention on Combating Bribery of Foreign Public Officials in International Business Transactions (OECD Convention), have a compliance-like defense in their domestic laws.
The article discussed compliance-like defense concepts in the laws of the following OECD Convention countries: United Kingdom, Australia, Chile, Germany, Hungary, Italy, Japan, Korea, Poland, Portugal, Sweden, and Switzerland.
As noted in the article:
“That additional OECD Convention signatory countries [do not have compliance defense concepts] does not mean that those countries rejected compliance-like defenses relevant to their “FCPA-like” law. Rather, in many OECD Convention countries the concept of legal person criminal liability (as opposed to natural person criminal liability) is non-existent. Further, in many OECD Convention countries that recognize legal person criminal liability, such legal person liability can only result from the actions of high-level personnel or other so-called “controlling minds” of the legal person. If a foreign country does not provide legal person liability, there is no need for a compliance defense, and the rationale for a compliance defense is less compelling if legal exposure of the legal person can only result from the conduct of high-level executive personnel or other “controlling” minds of the legal person.”
“Revisiting a Foreign Corrupt Practices Act Compliance Defense” was published in January 2012 and since then several other OECD Convention countries (and other countries) have adopted or are considering adopting compliance-like defense concepts in their domestic laws.
Prior posts here and here highlighted developments in Singapore and Ireland.
The point is – a compliance-like defense applicable to the offense of bribery of foreign officials is not novel, risky, or dangerous as the DOJ and others have argued.
The latest country to recognize this – and become smart as to enforcement of anti-bribery laws – is Spain.
In this recent post published on Global Compliance News (a news platform moderated by Baker & McKenzie), Brian Whisler and Rafael Jimenez-Gusi write:
“Pursuant to amendments to the Spanish Criminal Code approved on March 26, 2015 by the Spanish Congress and scheduled to take effect on July 1, 2015, a company’s directors are legally obligated to adopt a compliance program and the program must be supervised by a body or individual authorized to exercise high-level control. The amended code provides companies with an exemption from criminal liability for crimes committed by their officers or employees, provided the company meets certain requirements set forth under the new law. Specifically, Article 33 of the amended code exempts companies from criminal liability under the following conditions:
- the directors have adopted a compliance program that meets the legal requirements under Spanish law,
- the supervision of the program is entrusted to a company´s body or individual with authorized powers of initiative and control (Compliance Body),
- the officers or the employees have committed a crime by intentionally violating the compliance program, and
- the Compliance Body did not neglect its duties of supervision, oversight and control.
The amended Spanish code also lists six key elements that a compliance program must include in order to insulate a company from criminal liability (provided that the compliance program has been adopted before a crime was committed by any of its officers or employees). These six elements, as enumerated in Article 33 bis 5, are:
- Risk assessment,
- Standards and controls to mitigate any criminal risks detected,
- Financial controls to prevent the crimes,
- Obligation to report to the Compliance Body any violations of the standards and controls (a whistleblowing channel),
- Disciplinary system to sanction violations of the compliance program by officers and employees, and
- Periodic review of the compliance program, making the necessary adjustments when serious violations occur or when the company undergoes organizational, structural or economic changes.
Since the amended code requires an effective compliance program, companies will also need to demonstrate that their officers and employees have received proper training.
Prior to this development, in 2010, Spanish legislation introduced corporate liability for a number of crimes, including corruption. Directors could be held criminally liable if a crime was committed that could have been avoided. However, that legislation did not address the consideration a judge could give to a company’s compliance program. The 2015 Spanish legislation now places great weight on effective compliance programs, following the global trend toward mandating compliance programs reflecting core elements for such programs.
Additionally, much like in the U.K., the recent Spanish legislation is designed to provide an affirmative compliance defense for companies that can demonstrate the six elements of an effective compliance program described in the new law.”
