The Foreign Corrupt Practices Act continues to be a major enforcement priority for the U.S. Department of Justice and the U.S. Securities and Exchange Commission. As a result, the FCPA remains a significant focus of internal compliance efforts for U.S. companies that do business internationally.

Decisions by corporate boards, senior executives and in-house counsel about how best to investigate suspected international corruption by employees, as well as whether to disclose that kind of illegal conduct to the federal government, are often complicated by the fact that the language of the FCPA can be challenging to apply to particular circumstances with reasonable certainty, even though the DOJ has provided FCPA guidance in recent years. Acknowledging that its previous guidance has been less than clear at times, the DOJ issued public commentary on July 25 that is intended to provide enhanced predictability regarding how the government will exercise its broad prosecutorial discretion as to FCPA violations, particularly when companies “do the right thing” and self-report those violations to the DOJ. The commentary was issued as remarks by Deputy Assistant Attorney General Matthew S. Miner in connection with a global anti-corruption conference. Miner oversees the DOJ's Fraud Section, which includes its FCPA unit.

The FCPA's Broad Reach The FCPA, codified at 15 U.S.C. §78dd-1, et seq., has two main components: the anti-bribery provisions, discussed in this article, and the accounting provisions, which require publicly traded companies to keep accurate books and records and maintain certain internal accounting controls. Generally speaking, the FCPA's anti-bribery provisions prohibit certain entities and persons from making any payment, or any offer of payment, to a foreign government official for the purpose of influencing that official to misuse his or her official position to assist in obtaining or retaining business or any other unfair advantage for a company.

The FCPA's language is broad, creating wide-ranging potential applicability. A closer look at some of the FCPA's key terms illustrates its breadth. For instance, the statute applies to any business that has its primary place of business in the U.S., including any officer, director, employee, agent, or stockholder acting on behalf of that business. It also applies to any company, foreign or domestic, with a class of securities listed on a national securities exchange in the U.S., or that files periodic reports with the SEC.

The term “foreign official” is similarly expansive. It covers any officer, employee, or person acting for or on behalf of a foreign government, agency, department, “instrumentality,” or public international organization. Further, determining whether a legal entity constitutes a foreign “instrumentality” under the FCPA requires the application of a nonexclusive list of 11 factors used to evaluate the entity's ownership, function, and ties to government. Those factors are broad and flexible.

With respect to the payment, the FCPA targets not only an actual giving of value, but also any offer, promise, or authorization to make a payment. Thus, the FCPA can be violated without the making of a payment, so long as the intent to make a payment is manifest. The concept of “payment” is not limited to monetary payments or tangible gifts, but broadly includes “anything of value.”

DOJ's Prior Guidance The challenge presented by the FCPA, however, is not limited to navigating its broad concepts. Equally complex is the decision that company management may face about how exactly to investigate suspected FCPA violations and whether to self-report the misconduct to the DOJ. For most of the FCPA's more than 40-year history, these decisions were made with neither clear standards defining when the DOJ would decide to prosecute an FCPA case nor what credit, if any, a company would receive if it self-reported.

The recent commentary builds on the DOJ's prior FCPA guidance. The public was offered some, but often inconclusive, insight in the “Resource Guide to the FCPA,” which was issued in 2012 by the DOJ and the SEC. Specifically, the resource guide offered the perfunctory observation that “both DOJ and SEC place a high premium on self-reporting, along with cooperation and remedial efforts, in determining the appropriate solution of FCPA matters.”

Thereafter, in 2016, the DOJ's FCPA pilot program was launched. This program articulated strict requirements necessary for obtaining leniency, but adherence to those requirements would not guarantee escaping criminal sanctions. The pilot program left unanswered a number of questions about when the DOJ would decline to prosecute companies and the extent of any leniency that would be given if criminal prosecution were appropriate.

Late last year, the DOJ added §9-47.120 to U.S. Attorneys' Manual (USAM). The USAM is a DOJ resource that contains internal guidance and policies employed uniformly throughout the country by all assistant U.S. attorneys, on both the criminal and civil sides. In that new section, titled “FCPA Corporate Enforcement Policy,” the government advised that it would decline to prosecute “good companies” for FCPA violations. To obtain this pass, the model corporate citizen is expected to respond to suspected internal wrongdoing by: (a) promptly investigating all concerns, (b) voluntarily disclosing misconduct to the DOJ, (c) fully cooperating with the DOJ's investigatory requests, (d) enacting an effective anti-corruption compliance program (or sufficiently revising the terms and enforcement of what exists, and (e) disgorging ill-gotten profits. In comments made the day before §9-47.120 was issued, Deputy U.S. Attorney General Rod J. Rosenstein stated that the “advantage of the policy [reflected in the new section] for businesses is to provide transparency about the benefits available if they satisfy the requirements.”

DOJ's New Commentary The commentary is the latest statement intended to provide the private sector with further clarity on how the DOJ approaches FCPA cases. Such clarity is vital. As the commentary notes, “[b]ecause companies are rational actors, driven by market and financial factors, it was often an impediment to decision-making not to know what consequences a company might face if it chose to self-report and cooperate with the government.” For this reason, the commentary reinforces the DOJ's commitment to leniency toward the companies that self-report, and states that the DOJ will apply those same principles to FCPA violations occurring in the context of mergers and acquisitions.

This means the DOJ will decline to prosecute a company that inherits FCPA violations through a merger or acquisition, so long it promptly and completely self-reports the misconduct to the DOJ and complies with the section's other requirements. Thus, if it appears that the company to be acquired or merged with has engaged in a potential FCPA violation, the DOJ expects the acquirer to conduct comprehensive due diligence to investigate the conduct, take sufficient remedial measures, and fully disclose its findings of wrongdoing to the DOJ in accordance with the principles in §9-47.120. That approach, the commentary explains, will earn the acquirer a presumption that DOJ will decline to institute a criminal action against the company.

As an example, the commentary cites the DOJ's 2018 decision not to prosecute Dun & Bradstreet Inc. for potential FCPA offenses. In making that decision, the DOJ relied heavily on Dun & Bradstreet's:

  • Identification of the misconduct;
  • Thorough internal investigation;
  • Prompt and voluntary self-disclosure of the conduct to the DOJ;
  • Complete cooperation with the DOJ;
  • Enhancement of its compliance program and internal accounting controls;
  • Internal remediation with respect to its employees; and
  • Payment of disgorgement and fines to the SEC.

The commentary also urged companies to use the DOJ's FCPA Opinion Release Procedure. This is a formal process through which the DOJ issues advisory opinions to companies on whether specified prospective conduct would violate the FCPA. To take advantage of this process, a company must submit a signed writing, complete with supporting documents, that describes in detail the situation and the contemplated conduct to the DOJ. The DOJ then evaluates whether the contemplated conduct would violate the FCPA and issues an advisory opinion explaining the facts and its position. The advisory opinion is published on the DOJ's website, but does not name the specific company. Should the DOJ bring an enforcement action against the company and the company acts in accordance with an advisory opinion issued under the Opinion Release Procedure, it will receive a rebuttable presumption that its action was in compliance with the FCPA. As the commentary acknowledges, however, this is a seldom-used procedure for a number of practical reasons, including the aversion of placing one's company on the DOJ's radar.

In all, the commentary is the DOJ's most recent step to provide clearer guidance for companies seeking to operate as ethical corporate citizens. Of importance, it expressly acknowledges that every company is susceptible to having a few rogue actors and vulnerable to inheriting an FCPA violation as a result of a merger or acquisition. Crediting that reality, the commentary reinforces the DOJ's commitment to leniency toward companies that “try to do the right thing.”

Thus, U.S. businesses will best position themselves to avoid criminal prosecution under the FCPA, and resolve misconduct in the least disruptive way, by, first, maintaining comprehensive compliance policies and procedures that deter FCPA violations and, second, swiftly investigating and, when appropriate, promptly self-reporting any such violations to the government.

Edward Heath is a partner who chairs the government enforcement and internal investigations team at Robinson & Cole. Dan Brody is an associate in the government enforcement and internal investigations team at Robinson & Cole.