FCPA Issues in Forefront for Small- to Medium-Sized Businesses

March 14, 2017Articles The Legal Intelligencer

In 2016, the Department of Justice (DOJ) and Securities Exchange Commission (SEC) aggressively enforced the Foreign Corrupt Practices Act (FCPA) to the tune of over $2 billion in fines. Going forward, it is widely predicted that the new administration's DOJ will build on its 2016 success and continue the trend of aggressive FCPA prosecution. In addition, ­resolutions are expected in many ­pre-existing ­enforcement actions against many corporate heavyweights.

While FCPA violations by large ­publicly traded corporations are ideal fodder for the headlines, they also tend to obfuscate the fact that the FCPA applies equally to small- and medium-sized business that do business abroad. But unlike large ­corporations, smaller businesses often do not have the vast resources available to easily remedy what can be large FCPA penalties. Considering the increasingly aggressive posture on FCPA enforcement, the time is ripe for in-house counsel to implement or review their internal FCPA controls.

FCPA Basics and Framework

The FCPA is part of the Securities Exchange Act of 1934. It contains two main parts: an anti-bribery provision and a books, records and internal controls provision. This article is primarily concerned with the anti-bribery provision, which prohibits the corrupt payment of "money or anything of value" to a "foreign official" in order to "obtain or retain business."

The FCPA applies to "issuers," "domestic concerns" and agents who act on behalf of issuers or domestic concerns, see 15 U.S.C. Section 78dd. An "issuer" is an entity that is registered on a public exchange. A "domestic concern" includes other U.S. companies and U.S. citizens, nationals or residents. Nonresident foreign nationals can be subject to the FCPA if they are agents of issuers or domestic concerns or if they commit corrupt acts within the United States. Currently, in United States v. Hoskins, App. No. 16-1010, the U.S. Court of Appeals for the Second Circuit is considering whether a district court correctly dismissed the DOJ's attempt to prosecute a nonresident foreign national via ­general accomplice liability even though that ­individual was not an agent of a U.S. company and did not commit any ­misconduct in the United States.

Not all payments to foreign officials are illegal, only those meant to "obtain or retain business." However, this phrase has been interpreted broadly, most notably in the landmark case of United States v. Kay, 359 F.3d 738 (5th Cir. 2004). In Kay, the Fifth Circuit held that payments to reduce tax benefits fell within the scope of the act. In so holding, the Fifth Circuit overruled the district court's finding that such ­payments were outside the scope of the FCPA because they were not made for the direct purpose of obtaining or retaining business.

For corporations and businesses, each FCPA violation is subject to a $2 million dollar fine and disgorgement of up to twice the amount gained from the bribe. The practical effects of a government investigation and additional nonmonetary penalties can be equally problematic.

Common Exceptions and Defenses

The FCPA provides a carve-out for ­"facilitating or expediting" payments to a foreign official for purposes of expediting or securing "the performance of a routine governmental action," see 15 U.S.C. Section 78dd-2(B). The statute sets forth an enumerated list of "routine governmental action," which includes things such as visa processing and inspection scheduling. The line between acceptable and illegal payments is extremely fact-sensitive. At a minimum, the payer must establish: the payment was made to a government official for purposes of performing a nondiscretionary action, and the payer was otherwise entitled to the action. Other relevant considerations include the size of the payment, whether the prerequisites for governmental action were met, the seniority of the ­governmental ­official and how the payments were recorded internally. Even if a payment does fall within the facilitation carve-out, it still may be barred by the foreign countries own anti-corruption laws. For example, the U.K.'s anti-corruption statute prohibits facilitation payments.

The FCPA also provides affirmative ­defenses where: the conduct is legal in the host country, or the thing of value provided to the foreign official constitutes a bona fide business expenditure. As to the former, there must be a written law or regulation that makes the payment lawful. In other words, the mere absence of a law penalizing a particular payment is insufficient to establish this defense.

As to the latter, the most common bona fide expenditure is for travel and lodging. Such expenditures must be directly related to either the promotion, demonstration or explanation of products or services or the execution or performance of a contract with a foreign government or agency.

The Current FCPA Landscape

In 2014, the SEC fired a warning shot to small- and medium-sized businesses when it brought an enforcement action against Smith & Wesson—a medium-sized ­business. In doing so, the chief of the SEC Enforcement Division's FCPA unit stated, "This is a wake-up call for small- and medium-size businesses that want to enter into high-risk markets and expand their international sales."

Since then, additional developments have led to increased FCPA exposure. Perhaps most notably, the United States has begun teaming up with foreign agencies to ­combat anti-corruption on a scale never seen before. In 2016, these multinational efforts led to a number of large settlements, such as the $3.5 billion settlement involving Olbredcht and Brasem (America, Brazil and Switzerland) and the $800 million global settlement with Rolls-Royce PLC (United States, United Kingdom and Brazil).

Separately, the SEC provided large incentives for whistleblowers to report FCPA violations through the Dodd-Frank whistleblower program. In addition to prohibiting retaliatory actions against whistleblowers, the program provides multimillion-­dollar awards for tips that lead to successful actions. In 2016, FCPA whistleblowing complaints increased 28 percent from the previous year.

Determining Your Company's FCPA Risk

Before a company designs and ­implements its internal FCPA controls, it should analyze its risks and vulnerabilities. While the degree of risk will depend on a broad range of factors, a good starting point is the company's industry and business model. For those that regularly engage with government officials, the FCPA risk is naturally quite high. It should come as no surprise that a large number of FCPA violations arise from payments made to employees and/or officers of state-owned enterprises (considered "foreign officials" for purposes of the FCPA).

Similarly, companies that rely heavily on intermediaries such as sales agents and brokers are more vulnerable to FCPA ­violations. As discussed below, companies should install appropriate safeguards to thoroughly monitor third-party conduct.

Perhaps the greatest risk arises when a company first seeks to enter a foreign market. In many emerging markets, illegal bribes have become essentially a ­prerequisite for doing business. Understand that mere "economic coercion" does not excuse an otherwise unlawful bribe, as in United States v. Kozeny, 582 F. Supp. 2d 535, 540 n.31 (S.D.N.Y. 2008).

Developing Effective Internal Controls

Every company that operates outside of the United States should have a formal FCPA policy. Indeed, the DOJ's analysis of whether to pursue charges is often guided by the quality of the ­suspected violator's internal controls. While the ­specifics of a given ­compliance policy will be ­company-dependent, the below list ­highlights some common safeguards:

Definitions and company standards

Illegal bribes can take numerous forms, including facially innocent payments such as charitable and political contributions. Accordingly, an effective policy should delineate standards for regulating payments such as gifts, travel and meal expenses, contributions and entertainment.


With an eye toward establishing a ­culture of compliance, companies should develop a comprehensive system that trains ­employees on the FCPA's prohibitions. Companies with foreign employees should ensure that they translate and distribute any materials utilized in training.

Monitoring and supervision

A system for tracking and approving payments to foreign officials is paramount. To that end, all payments should be properly recorded in the company's internal books. The accounting portion of the FCPA—which applies only to issuers—contains an array of requirements for company books. Nevertheless, domestic concerns should also ensure that payments to foreign officials are properly recorded.

Whistleblower policies and procedures

Develop a mechanism through which FCPA violations can be reported ­anonymously, as well as procedures for investigating, documenting and following up on those reports.

Third-party vendors

It is imperative that companies conduct adequate due diligence before engaging a third-party to conduct business on their behalf. The hiring company should also instruct the third-party on its FCPA policies and include language in the relevant contract requiring compliance with that policy.

Foreign compliance

Pursuant to the OECD Anti-Bribery Convention, 37 countries have instituted anti-bribery laws. Some of these laws can have regulations beyond those found in the FCPA. If operating within these countries, in-house counsel must be cognizant of the local laws and implement appropriate safeguards.


Once instituted, periodic tests and audits should be conducted to determine whether the system is operating effectively. 

Reprinted with permission from the March 14 issue of The Legal Intelligencer. (c) 2017 ALM Media Properties, LLC. Further duplication without permission is prohibited. All rights reserved.