To best understand (and place in context) current SEC FCPA enforcement positions and policies, it is useful to understand past SEC FCPA enforcement positions and policies.
The year was 1981, the event was the American Institute of Certified Public Accountants, and the speaker was Harold Williams, the Chairman of the SEC.
Williams focused his remarks (here) “solely to one major auditing development of recent years: the accounting provisions of the Foreign Corrupt Practices Act of 1977.”
Williams began has remarks as follows.
“When viewed from an abstract perspective, the Act’s accounting provisions seem merely to codify a basic and uncontroversial management principle: no enterprise of any size can operate successfully without maintaining effective controls over its transactions and the disposition of its assets. Perhaps in part because these provisions were considered truisms, the Act was passed without Congressional dissent. However, practical experience with new legislation – even a law thought to be noncontroversial – often will reveal unanticipated problems. Newly enacted standards, for example, may be subject to differing constructions or raise compliance difficulties and ambiguities unforeseen by their draftsmen. And, until these problems are resolved by an agency, the courts or the Congress, those who are subject to these laws are often faced, unfortunately, with some disquieting circumstances. The anxieties created by the Foreign Corrupt Practices Act – among men and women of utmost good faith – have been, in my experience without equal.”
Williams noted that “such uncertainty can have a debilitating effect on the activities of those who seek to comply with the law. My sense is that, as a consequence, many businesses have been very cautious – sometimes overly so – in assuring at least technical compliance with the Act. And, therefore, business resources may have been diverted from more productive uses to overly-burdensome compliance systems which extend beyond the requirements of sound management or the policies embodied in the Act. The public, of course, is not well served by such reactions.”
Unlike many SEC speeches that contain the usual – this is only my personal opinion disclaimer – Williams specifically noted that he “conferred” with his “colleagues before presenting these remarks, and they have authorized me to advise you that these remarks constitute a statement of the Commission’s policy.”
As to the FCPA’s books and records provisions, Williams stated as follows.
“This provision is intimately related to the requirement for a system of internal accounting controls, and we believe that records which are not relevant to accomplishing the objectives specified in the statute for the system of internal controls are not within the purview of the recordkeeping provision. […] nor could a company be enjoined for a falsification of which its management, broadly defined, was not aware and reasonably should not have known.”
As to the FCPA’s internal control provisions, Williams stated as follows.
“The Act does not mandate any particular kind of internal controls system. The test is whether a system, taken as a whole, reasonably meets the statute’s specified objectives. ‘Reasonableness,’ a familiar legal concept, depends on an evaluation of all the facts and circumstances.”
Under the heading “deference” Williams stated as follows.
“Private sector decisions implementing these statutory objectives are business decisions. And, reasonable business decisions should be afforded deference. This means that the issuer need not always select the best or the most effective control measure. However, the one selected must be reasonable under all the circumstances.”
Under the heading “state of mind” Williams stated as follows. “The accounting provisions principal objective is to reaching knowing or reckless conduct.”
As to the “purposes of the Act,” Williams provided a brief review of the “events which led to the [FCPA].” He stated as follows.
“Clearly, Congress went further than determining whether the payments which gave the new law its name were ethically and commercially justifiable. It also chose to consider the corporate accounting and control deficiencies which had been breeding grounds for these practices. And, by doing so, it addressed the far more serious issues raised by these disclosures. […] These payments and falsifications were not only previously unknown to public investors and independent auditors, but many were also unknown to the payor’s board and, in numerous examples, even to its senior management. In some of these instances, internal controls existed, but they were shown to be ineffective or easily subverted. Unauthorized payments and related falsifications of corporate records seemed to evidence – indeed, were fostered by – a lack of adequate accounting records and controls. Consequently, in the legislation which ultimately emerged from Congress, prohibiting questionable payments and mandating control and recordkeeping were inexorably interconnected.”
Williams stated as follows.
“The primary thrust of the Act’s accounting provisions, in short, was to require those public companies which lacked effective internal controls or tolerated unreliable recordkeeping to comply with the standards of their better managed peers. That is the context in which these provisions should be construed.”
Williams then addressed “four of the most important” interpretative questions concerning the then-young FCPA: “first, the degree of exactitude in recordkeeping mandated by the Act; second, the deference it affords business decisions concerning internal controls; third, whether a particular state of mind is necessary for a violation to exist; and finally, liability for compliance by subsidiaries.”
As to the “degree of exactitude” Williams stated as follows.
“I turn first to the question of whether the Act’s text or purpose mandates that business records and controls conform to a standard of absolute exactitude or that a company’s control system meet some absolute ideal. The answer is ‘no.’ Both of the Act’s accounting provisions, it should be noted are modified by the key term ‘reasonable.’ […] In essence, therefore, the Act does provide a de minimus exemption, though not in absolute quantitative terms.”
Williams noted that Congress specifically declined to adopt a materiality test and stated that “internal accounting controls are not only concerned with misconduct that is material to investors, but also with a great deal of misconduct which is not.” He noted that while materiality is “appropriate as a threshold standard to determine the necessity for disclosure to investors, [it] is totally inadequate as a standard for an internal control system.”
Williams stated that “procedures designed only to uncover deficiencies in amounts material for financial statement purposes would be useless for internal control purposes” and noted that “systems which tolerated omissions or errors of many thousands or even millions of dollars would not represent, by any accepted standard, adequate records and controls.” Indeed, Williams noted that many of the “questionable payments that alarmed the public and caused Congress to act” […] were in most instance of far lesser magnitude than that which would constitute financial statement materiality.”
“Reasonableness, rather than materiality, is the appropriate test,” Williams stated. He noted as follows.
“Reasonableness, as a standard, allows flexibility in responding to particular facts and circumstances. Inherent in this concept is a toleration of deviations from the absolute. One measure of the reasonableness of a system relates to whether the expected benefits from improving it would be significantly greater than the anticipated costs of doing so. Thousands of dollars ordinarily should not be spent conserving hundreds. Further, not every procedure which may be individually cost-justifiable need be implemented; the Act allows a range of reasonable judgments.”
As to the “specific recordkeeping requirement” in the FCPA, Williams stated as follows.
“… [T]his provision is not an independent unrestrained mandate to the Commission to establish novel or unprecedented corporate recordkeeping standards; it is, rather, an integral part of Congress’ efforts to assure that the business community records transactions and assets in such a way as to maintain adequate control over them. And this leads to two important conclusions: First, the Act does not establish any absolute standard of exactitude for corporate records. And, second, records which are not related to internal or external audits or to the four internal control objectives set forth in the Act are not within the purview of the Act’s accounting provisions.”
As to “deference” with respect to “issuer liability for recordkeeping violations” Williams stated that the SEC “will look to the adequacy of the internal control system of the issuer, the involvement of top management in the violation, and the corrective actions taken once the violation was uncovered.”
In a sign of just how much FCPA enforcement has changed, Williams then stated:
“If a violation was committed by a low level employee, without the knowledge of top management, with an adequate system of internal control, and with appropriate corrective action taken by the issuer, we do not believe that any action against the company would be called for.”
Williams next turned to the “state of mind needed to violate the Act’s accounting provisions.” He reiterated that the “Act’s principal purpose is to reach knowing or reckless misconduct.”
In another sign of just how much FCPA enforcement has changed, William stated:
“… [D]epending on the circumstances, intentional circumventions of a company’s system of records and of accounting controls by a low-level employee would not always be considered violations of the Act by the issuer. No system of adequate records and controls – no matter how effectively devised or conscientiously applied – could be expected to prevent all mistaken and improper transactions and disposition of assets. Given human nature, regardless of the adequacy of the system, a bookkeeper may still erroneously post entries, an overzealous agent may make unauthorized payments, or an unscrupulous employee may falsify records for his own purposes. The Act recognizes each of these limitations. Neither its text and legislative history nor its purposes suggest that occasional, inadvertent errors were the kind of problem that Congress sought to remedy in passing the Act. No rational federal interest in punishing insignificant mistakes has been articulated. And, the Act’s accounting provisions do not require a company or its senior officials to be the guarantors of all conduct of company employees.”
In concluding this portion of his speech, Williams stated:
“The test of a company’s internal control system is not whether occasional failings can occur. Those will happen in the most ideally managed company. But, an adequate system of internal controls means that, when such breaches do arise, they will be isolated rather than systemic, and they will be subject to a reasonable likelihood of being uncovered in a timely manner and then remedied promptly. Barring, of course, the participation or complicity of senior company officials in the deed, when discovery and correction expeditiously follow, no failing in the company’s internal accounting system would have existed. To the contrary, routine discovery and correction would evidence its effectiveness.”
As to subsidiaries, Williams stated:
“Where the issuer controls more than 50 percent of the voting securities of the subsidiary, compliance is expected. So, too, would it be expected if there is between 20 percent and 50 percent ownership, subject to some demonstration by the issuer that this does not amount to control. If there is less than 20 percent ownership, we will shoulder the burden to affirmatively demonstrate control.”
As to the SEC’s enforcement policy, Williams concluded his remarks as follows.
“The genius – and challenge – of [the FCPA’s accounting provisions] , it should be remembered, is their reliance on private sector decisionmaking – rather than specific federal edicts – to address an area of public concern. The Act’s eventual success or failure will, therefore, depend primarily upon business’s response. The Commission’s obligation, in turn, is to provide a regulatory environment in which the private sector can address these issues meaningfully and creatively. In this regard, we must encourage public companies to develop innovative records and control systems, to modify and improve them as circumstances change, and to correct recordkeeping errors when they occur without a chilling fear of penalty or inference that a violation of the Act is involved.”