Philip M. Berkowitz

The Foreign Corrupt Practices Act (FCPA) is often associated with payoffs between shadowy figures for contracts made in remote parts of the world. But a spate of recent prosecutions and civil settlements makes clear that the financial services industry is in fact a significant target for potential violations of this centerpiece compliance legislation.

One need look no further for affirmance of this point than the SEC's July 5, 2018 announcement of a $29.8 million settlement of claims against Credit Suisse Group for (the SEC asserts) hiring “relatives and friends of foreign government officials as a personal benefit to the requesting officials in order to obtain or retain investment banking business or other benefits” for Credit Suisse.

The only reason that the payment was not higher was that the bank had already paid $47 million in fines as a result of a criminal prosecution brought by the U.S. Department of Justice for the same conduct.

Credit Suisse had rigorous hiring and anti-bribery policies in place, and indeed these policies specifically prohibited “Referral Hires.” But the SEC found that the bank “failed to take adequate steps to mitigate knowns risks of bribery and corruption … [or] to meaningfully implement or enforce [its] policies … .”

Credit Suisse is not the first company pursued for these or similar practices. In April 2018, a Japanese electronics company agreed to pay more than $143 million to resolve FCPA charges involving a consulting position it offered to a government official at a state-owned airline to induce the official to help its U.S. subsidiary obtain and retain business from the airline.

In November 2016, JPMorgan Chase & Co. agreed to pay $264.4 million in criminal and regulatory penalties for allegedly seeking to gain advantages in winning banking deals by awarding jobs to relatives and friends of Chinese government officials. The hiring proposal was called the “Sons and Daughters Program.”

And in March 2016, Qualcomm paid $7.5 million to settle charges that it unlawfully hired relatives of Chinese officials deciding whether to select company's products.

The Credit Suisse cease-and-desist order is particularly chilling. It spells out how bank managers allegedly circumvented existing HR policies and warnings from HR and legal department employees so they could score business with the foreign governments.

“Steps were taken,” the SEC said, “to make certain Referral Hires from SOEs [i.e., “state-owned enterprises”] appear to be normal, merit-based hires …. The candidates would undergo interviews and submit their applications through Credit Suisse's human resources department …. However, in some instances, certain senior bankers made decisions to recommend hiring referrals in advance of this process and based on the prospect of business from the referring SOE rather than the merit of the prospective employee.”

As a result, since the bank's internal policies for screening candidates for links to SOEs were not implemented, managers allegedly were able to avoid the normal practice of the bank's legal department of reviewing hires of individuals with connections to SOEs.

FCPA Background

At its core, the FCPA has two provisions: anti-bribery and accounting. The first prohibits any U.S. individual, business entity or employee of a U.S. business entity from offering or providing, directly or through a third party, anything of value to a foreign government official with corrupt intent to influence an award or continuation of business or to gain an unfair advantage. Intent and knowledge are usually inferred from that fact that bribery took place.

The accounting provisions of the FCPA prohibit a company that reports to the SEC from having false or inaccurate books or records or failing to maintain a system of internal accounting controls. The accounting provisions do not require the government to prove intent to establish a violation. Thus, failing to keep clear records of a decision to hire an individual in the circumstances described above could constitute a separate violation of the Act.

FCPA compliance does not necessarily prohibit hiring individuals who are connected with government officials, but it requires employers to identify these individuals and to assess whether their hire would violate the law outright, pose a threat, or create an administratively difficult burden to monitor their activities.

Background Checks

What can HR and legal departments do to prevent these violations? First, they should carefully screen applicants to determine whether they are former foreign officials or if they have criminal records, and be sure all applicants go through the company's standard hiring process and are qualified for their positions. They should employ screening procedures to check a person's background and criminal history, including background checks and following up with prior employers or references in connection with hiring and promoting.

Special Burdens on Banks

Banks and other financial institutions must have enhanced processes to identify “Politically Exposed Persons,” or PEPs. PEPs are people who, through their prominent position or influence, are more susceptible to being involved in bribery or corruption. The term PEP generally includes a current or former senior foreign political figure, their immediate family, and their close associates.

PEPs are not the only individuals who can cause problems for banks, or whose hire banks must screen. Numerous other laws and regulations, including the Federal Deposit Insurance Act,  The Secure and Fair Enforcement for Mortgage Licensing Act (SAFE Act), the Truth in Lending Act (TILA), and applicable FINRA rules and provisions of the Securities Exchange Act of 1934 (SEA) impose additional background check requirements.

Training and Policies

As already noted, FCPA compliance and HR's role does not start and stop with hiring practices. Along with internal and external counsel, HR and employment lawyers need to be involved in taking appropriate steps to comply with the FCPA's bribery and accounting prohibitions. These steps include taking the lead on training, communication, hiring of qualified individuals to oversee FCPA compliance, reviewing compensation and discipline practices to assure that they are consistent with these goals, and being sure that investigation procedures are implemented and carried out with appropriate attention and care.

The U.S. Sentencing Guidelines (Guidelines) encourage companies to “take reasonable steps to communicate periodically and in a practical manner its standards and procedures, and other aspects of the compliance and ethics program … by conducting effective training programs and otherwise disseminating information appropriate to such individuals' respective roles and responsibilities.”

The DOJ and the SEC expect companies to (1) implement anti-corruption policies and procedures; (2) employ dedicated, experienced compliance professionals; (3) train all relevant employees in key business functions, including those in human resources and finance functions; and (4) perform due diligence on agents and consultants acting on behalf of the company.

Human Resources employees and hiring managers must be carefully trained in FCPA compliance. The SEC's order in the Qualcomm case alleged that widespread “internal controls weaknesses were intensified by the absence of someone whose full-time responsibility was to act as a company-wide chief compliance officer and the absence of an FCPA compliance officer in China.”

Compensation and Discipline

DOJ and SEC will scrutinize employee evaluation, bonus policies, and succession planning. Bonus eligibility should depend in part on FCPA compliance. This sends a powerful message to employees regarding the seriousness with which the company takes compliance.

If a company learns of improper conduct, it is imperative that it take reasonable steps to address it and prevent further similar misconduct. The Guidelines encourage this, providing in part: “The organization's compliance and ethics program shall be promoted and enforced consistently throughout the organization through (A) appropriate incentives to perform in accordance with the compliance and ethics program; and (B) appropriate disciplinary measures for engaging in criminal conduct and for failing to take reasonable steps to prevent or detect criminal conduct.”

Hotlines

The Sentencing Guidelines recommend that a company “have and publicize a system, which may include mechanisms that allow for anonymity or confidentiality, whereby the organization's employees and agents may report or seek guidance regarding potential or actual criminal conduct without fear of retaliation.”

Of course, this is also required by Sarbanes Oxley of publicly traded companies, and by the OECD Good Practice Guidance on Internal Controls, Ethics, and Compliance (OCED Good Practices). This requirement is met by having a hotline.

Investigations

An organization should periodically assess the risk of improper conduct within its operations and take appropriate steps to design, implement or modify each element of the program to reduce the risk of improper or unethical behavior (Guidelines, §8B2.1(c)).

HR employees need to be able to recognize activity that might violate the FCPA. This activity must be investigated. Generally, investigations should be directed by counsel, with careful attention given to preservation of the attorney-client privilege.

The question of who should carry out an investigation can be the subject of its own treatise. Companies are currently overwhelmed with internal investigations, and few of them have the resources or expertise to conduct these properly. Often, it is most appropriate for counsel (internal or external) to retain the investigator. Generally, the company's usual outside law firm is not the best choice to investigate, because of the risk that the privilege will be waived, and the law firm disqualified from effectively representing the company. Further, if normal outside counsel are retained, there may be a question raised about their impartiality.

HR professionals and lawyers need to be cognizant that they bear significant responsibility for FCPA compliance. HR and employment lawyers must educate themselves and their clients, and take proactive steps to assure that the organization as a whole is well informed of the risks, and appreciates that practices that may violate the Act are contrary to the organization's policies and culture.

Philip M. Berkowitz is a shareholder of Littler Mendelson and co-chair of the firm's U.S. international employment law and financial services practices. Sixtine Gossellin, an international law clerk at the firm, assisted in the preparation of this article.