By Patrick A. De Ridder Partner, Mergers & Acquisitions and Cross-Border Transactions Department Chair, McGuireWoods LLP - Lex Mundi member firm for USA, Virginia
The Foreign Corrupt Practices Act (the "FCPA") was adopted in 1977 and contains two components:
- Prohibition on bribery of foreign officials, political parties or candidates for public office for the purpose of obtaining or retaining business; and
- Companies with registered securities and companies that file periodic reports with the Securities and Exchange Commission must establish and maintain accurate books and records and sufficient internal controls.
The FCPA not only applies to U.S. based companies but also to U.S. citizens working for a foreign subsidiary and, in certain circumstances, to foreign subsidiaries of a U.S. company. The FCPA also applies to individual directors, officers, employees, agents, consultants and any stockholders acting on behalf of a U.S. company.
The consequences of not complying with the FCPA are significant -- the company and its officers, directors and employees are subject to criminal and civil penalties. Additionally, a company that has been found to violate the FCPA may be barred from doing business with the U.S. government and may be ineligible to receive export licenses. Moreover, charges for violating the FCPA often will result in additional charges such as conspiracy, mail fraud, money laundering, as well as penalties (for example, payments cannot be deducted as a business expense and thus may result in tax penalties).
In addition, for U.S. public companies, the FCPA also interplays with the Sarbanes-Oxley Act of 2002 (Sarbanes-Oxley), in particular Section 404 and the certification regarding the company's internal controls over financial reporting. A company's internal controls must provide reasonable assurances that payments and receipts are being authorized by management and the board of directors. Consequently, a bribe payment will also result in a breach of a company's controls over unauthorized payments under Sarbanes-Oxley.
As a result of the foregoing, any U.S. company considering transacting business outside the United States needs to conduct significant due diligence on its partners or targets before embarking on such a venture. FCPA due diligence needs to be part of corporate "Best Practices" for any company conducting business outside the United States. This Top Ten will assist in-house counsel with navigating appropriate FCPA due diligence.
1. Understand the Issues and the Law and Share the Information
In-house counsel must educate senior management regarding the applicability of the FCPA. Management needs to understand
- under what circumstances its foreign subsidiaries may become subject to the provisions of the FCPA; what payments and under what circumstances do any such payments become prohibited by the FCPA; to what extent will a state owned company be deemed an "instrumentality" of a state and thus its officers and employees be deemed to be "foreign officials"; and when can a company be liable for FCPA violations committed by its joint venture company or even its joint venture partner.
Unfortunately, there are not always clear answers to the foregoing questions, and often a fact specific analysis will be required. However, by increasing senior management's knowledge and understanding of potential pitfalls, in-house counsel will be better positioned to monitor compliance and to obtain broad support for conducting critical FCPA due diligence on potential foreign acquisition targets or business partners.
2. Develop a Compliance Program
The company should have a compliance plan and anti-corruption policy in place that is designed to identify and neutralize risk areas. The development of such a compliance program, with compliance officers and reporting procedures, including periodic employee training programs, will assist senior management and in-house counsel in monitoring compliance with the provisions of the FCPA. In most cases, in-house counsel will be able to use such compliance program and manual as a road map for performing its FCPA due diligence on third parties.
3. Perform Due Diligence on Acquisition Targets in An Effort to Limit Successor Liability
In an acquisition or merger, the acquiring company will often inherit many liabilities of the target company. As such, thorough due diligence for compliance with the FCPA must be a mandatory component in every transaction involving a foreign entity, even if such a process may delay the transaction. In-house counsel must examine the target company's full chain of interaction with public officials, including any actions taken by any third party on behalf of the target company. Such due diligence should include in-person interviews, which will take time and may often be very sensitive. Start at the top with the key members of senior management so that you obtain an understanding of how the target company operates and adheres to and monitors compliance. Then interviews with managers, sales and business development directors and employees responsible for invoicing and recording sales and payments should also be conducted. U.S. companies have been able to limit or sometimes even avoid liability under the FCPA by proving that they conducted expansive due diligence prior to the acquisition, and subsequently implemented a robust compliance program with appropriate control mechanisms to monitor compliance. However, if inappropriate acts continue after the transaction has been consummated, then the acquiring company will more than likely remain exposed to significant liability and penalties under the FCPA.
4. Execute Due Diligence on Third Parties in Commercial Transactions
Not only in acquisitions and joint ventures but also in any other commercial transactions that a U.S. company conducts with a foreign entity or individual, including with agents, consultants, distributors, licensees, representatives, it is crucial to conduct FCPA due diligence. First, a thorough background check on each partner should be conducted, including running all parties through The Office of Foreign Assets Control (OFAC) sanctions list and all other officially maintained blacklists. Second, obtain a clear understanding of the exact role and qualifications of such third party individual or company and determine his or her relationship with foreign government agencies or officials. Third, question whether the involvement of a particular individual, consultant or company is required in a commercial transaction and what services or expertise they actually bring to the transaction. In many cases, multiple parties are so-called "needed" to assist a U.S. company overseas in order to obtain successful results, but after more detailed scrutiny, sometimes such entities have only been recently formed and do not provide any real value or services and are used to facilitate payments that violate the FCPA. The development by in-house counsel of a due diligence checklist and questionnaire for commercial transactions will provide practical guidance with such FCPA due diligence on potential third party partners.
5. Spot Red Flags
In-house counsel should be familiar with the environment in which a transaction will take place. Some countries are known to be a bigger risk for corruption. In certain countries corruption may be at the top but in other countries corruption could be mostly at the bottom. As such, the differences between operating environments have to be taken into account. Also, if a target company has no real compliance program in place or is making payments that cannot be fully and appropriately explained, then such elements should immediately rise to the top of the issues list. Do not ignore rumors regarding alleged inappropriate conduct. Investigate the flow of funds and payments that cannot be satisfactorily documented and explained. Try to detect red flags, which can often result from the following circumstances:
- the proposed relationship with a partner is not in accordance with local laws or rules, the use of a partner was strongly recommended or advised by a governmental agency or official, the proposed partner refuses to disclose the identities of its owners or others holding an interest in the company, the partner insists on structuring payments in an unusual manner or to include commissions to third parties who will facilitate the entire process, the partner refuses to grant inspection and audit rights, the partner is a shell company, was only recently formed for this particular transaction with no prior history or experience, or has irregularities in its corporate structure or operations, the partner or a major shareholder has an affiliation with a governmental agency or official, or the partner only brings its influence with governmental agencies or officials to the table.
6. Address Red Flags Immediately
When issues are discovered during FCPA due diligence, in-house counsel may often be subjected to pressure from business people trying to explain away the concerns by pointing to the significant or even critical importance to the company of completing the transaction or commercial agreement. Upon discovery of potential violations of the FCPA, a swift response is required. Consideration should be given as to when to inform the appropriate U.S. governmental agency of potential FCPA violations discovered during its due diligence process. In addition, in-house counsel should address the discovered FCPA violations in the acquisition or joint venture agreement and shift contractually the financial responsibility to the seller(s) or other contract party. When such steps are taken, the Department of Justice will often look favorably towards the acquiror and may often not impose any sanctions or penalties on the acquiror.
7. Include Specific Provisions in the Joint Venture or Other Commercial Transaction Agreements
In-house counsel should ensure that all agreements include appropriate representations, warranties, covenants and certifications regarding FCPA compliance. In addition, any such agreements must include the appropriate inspection and audit provisions allowing the company to periodically audit and investigate the books and records of the joint venture company or of the commercial transaction party for compliance with the provisions of the FCPA. Finally, all agreements must also include termination provisions allowing the company to distance itself from the infringing company and terminate the relationship.
8. Promptly Implement a Compliance Plan and Anti-Corruption Policy at the Target Company or Commercial Partner Following the Closing
Following an acquisition or undertaking a joint venture arrangement or a commercial transaction, in-house counsel should make sure that the acquired company, joint venture company or commercial partner, as applicable, promptly implements the proper (new) compliance programs and policies. In addition, the employees, officers and directors of such entities should be trained periodically and compliance audits should be performed on a regular basis.
9. Follow Up with Third Party Providers Under Commercial Agreements
FCPA due diligence does not end when the company has entered into a commercial agreement with a foreign entity, but must be an on-going process. As such, in-house counsel must provide annual questionnaires to the company's vendors, suppliers and other third parties with whom it has entered into commercial agreements to verify compliance with the provisions of the FCPA. Appropriate representations, warranties and certifications regarding FCPA compliance should be included as part of such questionnaires. The company should continue to run, at least annually, all third party contract parties through the OFAC sanctions list and other officially maintained blacklists. In-house counsel should also establish, as part of its compliance policy, the requirement to conduct periodic audits on each third party with whom the company has a commercial relationship.
10. Implement Proper Reporting Procedures
As previously indicated, upon the completion of an acquisition or joint venture or the execution of a commercial transaction agreement, it is critical to follow-up with periodic audits. Similarly, a compliance climate must be created and a process must be put in place allowing employees and third parties to report potential violations of the company's compliance plan and anti-corruption policies, including potential violations of the FCPA. These steps will include the appointment of appropriate compliance officers, guaranteeing confidentiality when potential violations are disclosed, and an obligation on such compliance officers to take swift action in order to protect the integrity of the company.
The penalties for violating the FCPA are significant and the negative publicity that surrounds any alleged wrongdoing can be devastating to a company's reputation. Taking short cuts in FCPA due diligence is no longer acceptable in today's global economy. The above 10-steps should assist in-house counsel in negotiating the treacherous waters surrounding cross-border transactions and FCPA compliance.