Protecting Your Company and Executives from FCPA Liability in 2013 June 20, 2013 Paul E. Pelletier Jonathan T. Cain Aaron M. Tidman 1
FCPA Is Focus of U.S. Government Combating corruption [is] one of the highest priorities of DOJ... The targets of this enforcement effort are bribe payers of all stripes: large corporations and small companies; powerful CEOs and low-level sales agents; U.S. companies and foreign nationals; direct payers and intermediaries. Attorney General Eric Holder, May 2010 2
DOJ and SEC are committed to enforcing the FCPA Record number of enforcement actions in recent years Aggressive new tactics Dedicated FCPA units at FBI, SEC, and DOJ Fraud Section Record fines and prison sentences (15 years) Focus on individuals Industry sweeps Energy, telecom, pharma, medical device, financial services, retail New FCPA Guide FCPA Enforcement Trends Increased international cooperation 3
Overview of the FCPA Agenda M&A and JV Best Practices Designing an Efficient and Affordable Compliance Program Best Practices for Directors and Executives A Potential FCPA Violation Has Occurred: What Do You Do? 4
Overview of the FCPA 5
Who Is Covered? Any issuer under the U.S. securities laws Public companies, domestic or foreign, that are registered under Section 12 of the 1934 Act or are required to file periodic reports with the SEC pursuant to Section 15(b) Domestic concerns: U.S. companies, citizens, nationals, and residents Any person or entity that engages in any act in furtherance of a corrupt payment while in U.S. territory 6
What Is the Foreign Corrupt Practices Act? Federal statute passed by Congress in 1977 Two provisions: Anti-bribery provision Books and records/internal controls provisions Enforceable by the DOJ and SEC DOJ: Criminal and civil jurisdiction over U.S. companies SEC: Civil jurisdiction over U.S. issuers 7
What Is the Foreign Corrupt Practices Act? Prohibits corruptly making, offering or promising to make, a payment, gift, or anything of value, directly or indirectly, to a foreign official for the purpose of obtaining or retaining business Anything of value is very broadly defined Includes gifts, entertainment, travel, and hospitality; contractual payments; personal favors; donations to an official s favorite charity; cash; stocks/bonds; and more "Indirectly" = through an intermediary (third party) while "knowing" the payment or gift will corruptly be passed on 8
Who Is A Government Official? Very broadly defined Not limited to high-level officials Includes people acting officially on behalf of a government entity Includes employees of government-owned or governmentcontrolled entities (50% ownership and above) "Instrumentality" = fact-specific inquiry Effective "control" of the entity is key May include relatives of government officials Includes employees of international organizations 9
New FCPA Guidance: Gifts, Entertainment, and Travel It is the payor s intent not a threshold monetary value that is the critical factor in determining whether a gift, entertainment or travel expense for a foreign official violates the FCPA Consequently, small items like cups of coffee, taxi fare, or company promotional items of nominal value, which are unlikely to sway any government official, would rarely, on their own, violate the FCPA Common-sense hallmarks of appropriate gift-giving: 1) Given openly and transparently; 2) Properly recorded in the giver s books and records; 3) Provided only to reflect esteem or gratitude; and 4) Permitted under local law 10
Third Parties Managing third-party relationships is critical To reduce FCPA exposure, follow these three steps in managing third-party relationships: 1) Before contracting: Conduct due diligence on the third party's background, reputation, experience, and connections with local government officials 2) During negotiations: Insert contractual provisions (FCPA reps and warranties) that protect your company 3) After contracting: Actively monitor and audit the relationship to ensure third party's commitment to anti-corruption laws
Red Flags Common red flags associated with third parties include: Third-party agents or consultants receive excessive "commissions" Third-party agents or consultants request payment of "success fee" Third-party distributors receive unreasonably large discounts Third-party "consulting agreements" that include only vaguely described services Third-party consultant in line of business different than engagement The third party is related to or closely associated with a foreign official The third party became involved at the request of foreign official The third party is a shell company and/or incorporated in an offshore jurisdiction The third party requests payment to offshore bank accounts The third party requests cash payments, large bonuses or upfront payments 12
Payments Not Barred by the FCPA Reasonable and bona fide expenditures Reasonable expenses associated with the promotion, demonstration, or explanation of products or services, or the execution or performance of existing contracts Fact-specific analysis, but should follow these guidelines: Pay all costs directly to vendors, not officials Reimburse only upon presentation of receipt Do not advance funds or pay in cash Do not condition payment of expenses on any action by official Limit expenses to what is necessary and reasonable Nothing lavish Facilitation payments Payments to government officials to secure or expedite the performance of routine government functions (not functions where the official has discretion) Barred by U.K. Bribery Act; should be barred by your company 13
Companies: Criminal fines up to $2M per violation Civil penalties up to $16K per violation Other civil remedies generally available to SEC (injunctions, cease and desist orders, accounting/disgorgement) Individuals: Anti-Bribery Provision Penalties Criminal fines up to $250K per violation Imprisonment for up to 5 years Civil penalties up to $16K per violation Other civil remedies generally available to SEC Alternative Fines Act If any person derives pecuniary gain from the offense, or if the offense results in pecuniary loss to a person other than the defendant, the defendant may be fined not more than the greater of twice the gross gain or twice the gross loss 14
Only applicable to issuers under the U.S. securities laws BUT: Should still be part of a robust compliance program for private companies Books and Records: Issuers must "[m]ake and keep books, records, and accounts, which, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the issuer" No state of mind requirement No materiality requirement Accounting Provisions Internal Controls: Issuer must "devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances" that transactions are: Appropriately executed, and access to assets is permitted only in accordance with management authorization Recorded in a way to permit financial statements to be prepared in accordance with GAAP 15
Companies: Criminal fine up to $25M Civil fine up to $725K per violation Other civil remedies generally available to SEC (injunctions, cease and desist orders, accounting/disgorgement) Individuals: Accounting Provisions Penalties Criminal fine up to $5M Up to 20 years imprisonment Civil fines up to $150K and remedies generally available to SEC Alternative Fines Act If any person derives pecuniary gain from the offense, or if the offense results in pecuniary loss to a person other than the defendant, the defendant may be fined not more than the greater of twice the gross gain or twice the gross loss 16
Actual Cost of FCPA Enforcement Actions Investigation costs (lawyers, accountants, forensics, data collection and management) Revenue losses (stock price declines, debarment, termination of corrupt contracts) Penalties, fines or disgorgement Government-mandated monitors and compliance remediation Follow-on civil litigation (lawsuits from shareholders) Reputational damage 17
M&A and JV Best Practices 18
Potential areas of liability: Successor liability for pre-acquisition FCPA violations by target company Liability for any continuing or new FCPA violations post-acquisition Keys for M&A deals: M&A Best Practices Documented pre-acquisition due diligence Risk-based and proportional; address any red flags Post-acquisition compliance and cultural integration Include contractual protections (reps and warranties; audit rights; indemnification; termination rights) Halliburton FCPA Opinion Procedure Release from DOJ 19
Potential areas of liability: Majority ownership situations Control-in-fact situations Recognizes that a company can be in "control" of a JV even without majority ownership or voting power (e.g., BellSouth case 49% ownership, but ability to control Board decisions) Even if minority interest, parent company has duty to make "good faith" efforts to prevent violations by: Requiring compliance programs Investigating improper payments Ensuring strong compliance program and internal controls Keys for JV deals: Joint Venture Best Practices Identify who controls your JV partner (e.g., a foreign government); document due diligence; address red flags; include contractual protections 20
Goals: Deal Structure for Risk Mitigation Structure relationship to avoid an element of FCPA liability Structure relationship to insulate U.S. entities from actions of foreign participants Structure relationship to improve transparency of foreign participant's actions 21
Case Study 1 Proposed Structure Gulf States customer Ministry requires joint venture for local manufacture and sales Ministry-selected local company owned by government official as JV partner U.S. company to be paid % of sales Risk Factors Government customer Location Customer-designated JV partner Government official receiving payments from JV based upon sales No visibility into actions of local JV partner 22
Structure Relationship to Avoid FCPA Element Original Structure JV with local company under de facto U.S. control U.S. entity receives commissionbased compensation on sales to foreign government Foreign official receives compensation from JV Modified structure Replace JV with subcontract for parts and technical support Replace % of sales compensation with manufacturing license fee and catalog pricing for parts/tech services No payments to foreign official from any U.S.-controlled entity 23
Case Study 2 Proposed Structure JV between U.S. manufacturer of utility equipment and Chinese construction company U.S. entity controls JV U.S. entity to provide project engineering and components Sales by local company Risk Factors China Construction JV with U.S. control No U.S. control of sales activity Sales to local governments and SOEs Project-based compensation of U.S. entity 24
Structure to Provide Transparency Original Controls Anti-corruption policy U.S. control of JV Modified Controls All sales activity through JV exclusively All JV personnel required to undergo FCPA training and certify Restrictions on hiring of foreign personnel No cash transactions Semi-annual audits of JV books and annual audits of local partner books 25
Designing an Efficient and Affordable Compliance Program 26
Compliance Programs Are the Best Defense The DOJ and SEC understand that most companies will face some FCPA issue sooner or later The question is how your company is prepared to detect, deter, and respond to potential violations in a timely manner New FCPA Guidance Compliance programs should be practically tailored to a company s specific needs, risks, and challenges Guidance states that DOJ and SEC will give company meaningful credit including potential declination of prosecution for creating and enforcing a robust, risk-specific compliance program Global Industries; Morgan Stanley; Zimmer 27
Hallmarks of an Effective Compliance Program Ten Hallmarks described in the FCPA Guidance: 1) Strong commitment from senior management (tone at the top) 2) A code of conduct and clearly-articulated compliance policies and procedures 3) Oversight by a member of senior management with sufficient autonomy and resources to be effective 4) Risk assessment and internal audit procedures 5) Continuing advice and regular training for both new and current employees and third parties 28
Hallmarks of an Effective Compliance Program Ten Hallmarks described in the FCPA Guidance: 6) Enforced disciplinary measures for employees who violate the policy and incentives for employees who follow it 7) Comprehensive, risk-based due diligence on third parties and transactions 8) Mechanisms for employees to confidentially report potential infractions and for an efficient, thorough internal investigation 9) Updating the compliance policy through periodic testing and review 10) Pre-acquisition due diligence and post-acquisition integration for mergers and acquisitions 29
Whistleblower Policy Best Practices Dodd-Frank Act New whistleblower provisions for public companies provides for whistleblower payments from 10%-30% of the total fines assessed by SEC over $1 million Whistleblower must be a natural person who provides original information that is essential or contributes significantly to enforcement action SEC rules seek to encourage, but not require, employees to report internally before going to SEC Key to an Effective Whistleblower Policy Confidential and anonymous Encourage internal reporting through tone at the top and incentives Timely responses to reported violations utilize third-party vendor or special committee; assign Chief Compliance Officer; adopt SOP 30
The Value of a Strong Compliance Program As the FCPA Guidance states: In the end, if designed carefully, implemented earnestly, and enforced fairly, a company s compliance program no matter how large or small the organization will allow the company generally to prevent violations, detect those that do occur, and remediate them properly and appropriately. 31
Best Practices for Directors and Executives 32
Focus on Individuals The SEC and DOJ have more aggressively targeted individuals, including executives and directors, in FCPA cases See, e.g., Kazuo Okada, former director of Wynn Resorts, under investigation for allegedly paying more than $110,000 in bribes to gaming regulators in the Philippines See, e.g., Nature's Sunshine SEC used control person liability against two executives with oversight responsibilities; no allegations of direct knowledge Even greater focus on role and responsibility of directors and executives after Wal-Mart Directors and executives may also be personally liable in shareholder derivative lawsuits that follow FCPA investigations 33
Best Practices for Directors and Executives U.S. Sentencing Guidelines: Boards must "exercise reasonable oversight with respect to the implementation and effectiveness of the compliance and ethics program" DOJ Prosecution Standards consider: 1) Whether directors exercise independent review of the compliance program 2) Whether directors are provided information sufficient to enable the exercise of independent judgment New FCPA Guidance: "[C]ompliance begins with the board of directors and senior executives setting the proper tone for the rest of the company" Chief Compliance Officer should have "direct access to an organization's governing authority, such as the board of directors and committees of the board of directors (e.g., the audit committee)" Caremark; SOX; NYSE; FINRA; and other obligations 34
Best Practices for Directors and Executives Ask the right questions! What "tone at the top" is being communicated to employees? Does the company regularly assess its risk? What compliance procedures are in place to address those key risks areas? When was the compliance policy last evaluated and updated? What due diligence procedures are in place for hiring third parties, M&A transactions, and JVs? Are they documented in practice? How is the compliance policy communicated? Is there routine training? Does the Chief Compliance Officer have sufficient resources and independence? What is the CCO's direct reporting line? Is the monitoring and auditing function executed? What are the internal reporting procedures? Are employees rewarded for compliant behavior and punished for corrupt behavior? What are the internal investigation procedures? 35
A Potential FCPA Violation Has Occurred: What Do You Do? 36
Audit Committee's Role in Responding to Potential Misconduct Audit committees play a prominent role in responding to reports of potential fraud or misconduct Should be promptly informed of complaints that involve fraud or intentional violations of the U.S. securities laws, including the FCPA U.S. Sentencing Guidelines reward audit committees that take reasonable steps to: 1) Remedy the harm resulting from the criminal conduct, including selfreporting, cooperation with government agencies, and remediation; and 2) Prevent further criminal conduct, including assessing the compliance and ethics program and making necessary adjustments The Guidelines note that companies may use outside professional advisor to assessment and implement modifications 37
Audit Committee's Role in Responding to Potential Misconduct Audit committees should keep in mind the following considerations: Act quickly the first 48 hours are key Instruct employees with relevant authority that no action should be taken against a whistleblower Decide the level of investigation warranted by the complaint take all complaints seriously and document the reasons for the chosen level of investigation Conduct an appropriately thorough, independent investigation Retain outside counsel, experts, and advisors if warranted Remain informed about the internal investigation throughout In the early stages, understand the scope of the review, who is conducting the investigation, and how management will be handled Geographical limitations to internal review may not be appropriate 38
Responding to a DOJ/SEC Investigation In the event of a DOJ/SEC-initiated investigation Quickly escalate to the Board and Audit Committee Quickly assess the scope of the DOJ/SEC request Engage the government to determine the actual scope and interest Develop a plan for responding, including: Document retention, collection, and review Interview relevant personnel and third parties Evaluate key risk areas and focus the investigation Identify local laws, including data protection laws Assess collateral effects and costs of the investigation 39
Bottom Line: Best Practices Institute, implement, and periodically evaluate an appropriately risk-based anti-corruption compliance policy Document reasons and methodology for handling complaints Respond responsibly to internal investigation findings 40