Recent changes to the US FCPA resource guide: legal and practical considerations

On July 3, 2020, the US Department of Justice (DOJ) and Securities and Exchange Commission (SEC) published the second edition of the Resource Guide to the U.S. Foreign Corrupt Practices Act ("the guide"). This is the first significant update to the guide since it was published in 2012.

The key changes:

• reflect important case law developments over the last eight years, including the Second Circuit’s ruling on the extraterritorial reach of FCPA’s in US v. Hoskins and the Eleventh Circuit’s criteria for identifying “foreign officials” in US v. Esquenazi;
• emphasize the importance of effective compliance programs, comprehensive pre-M&A diligence, and other risk mitigation measures; and
• incorporate recent guidance documents issued by DOJ in other contexts, including the corporate enforcement policy.

The guide is “non-binding, informal, and summary in nature,” but it provides helpful insights into the agencies’ approach to interpreting and enforcing the FCPA. It also exhibits the agencies’ expectations for how companies should monitor and mitigate their potential FCPA risk.

Updates from case law: the FCPA’s metes and bounds

The revisions to the guide refer to several enforcement actions that have occurred since the guide first came out in 2012. The most important updates, however, focus on key court decisions regarding:

• the FCPA’s application to non-US persons;
• the types of “foreign officials” the statute covers; and
• the remedies that the SEC can seek.

Extraterritoriality: Hoskins, Firtash, and beyond

The guide discusses conflicting court decisions on the FCPA anti-bribery provisions’ application to non-US persons.

As we’ve discussed in detail elsewhere, the Second Circuit’s Hoskins ruling held that to be liable for aiding and abetting or conspiring to commit FCPA violations, a defendant must fall within one of the categories of persons directly subject to the FCPA (e.g. they must act as an agent of a US issuer or domestic concern).

In the Firtash case, however, Judge Pallmayer of the Northern District of Illinois held that foreign nationals could be liable for aiding and abetting FCPA violations, even where they were not directly subject to the FCPA themselves.

The second edition of the guide implies that DOJ does not consider this question settled. For example, the guide notes that “at least in the Second Circuit, an individually can be criminally prosecuted for conspiracy” or aiding and abetting liability “only if that individual’s conduct and role fall into one of the specifically enumerated categories expressly listed in the FCPA’s anti-bribery provisions” (emphasis added).

The guide continues on to note that “[a]t least one district court from another circuit [i.e. the Firtash court] has rejected the reasoning in the Hoskins decision.” The guide also notes – as it did before Hoskins – that under general principles of US criminal law, conspirators and accomplices can be held liable for violations of the statute, “even if they are not, or could not be, independently charged with a substantive FCPA violation.” Accordingly, this remains an important, developing topic.

The guide also notes that “[u]nlike the FCPA anti-bribery provisions, the accounting provisions apply to ‘any person,’ and thus are not subject to the reasoning in the Second Circuit’s decision in United States v. Hoskins limiting conspiracy and aiding and abetting liability under the FCPA anti-bribery provisions.”

Meaning of “foreign official”

The agencies have also taken the opportunity to update the guide to refer to the Eleventh Circuit’s 2014 decision in US v. Esquenazi.

That decision set out a non-exhaustive list of (now well-established) factors that the agencies and courts examine when conducting the “fact-bound inquiry” into whether an entity is controlled by a foreign government and, therefore, its officers and employees fall within the definition of “foreign officials” for the purposes of the FCPA. These factors include, for example, “whether the government has a majority interest in the entity” and “whether the public and the government of [the] foreign country generally perceive the entity to be performing a governmental function.”

Disgorgement

Finally, the updates to the guide discuss recent decisions on the SEC’s power to seek disgorgement of ill-gotten profits as a remedy for securities law violations.

Specifically, the guide now refers to:

• Kokesh v. SEC, in which the Supreme Court ruled that disgorgement is a “penalty,” and thus is subject to a five-year statute of limitations; and
• SEC v. Liu, another Supreme Court case holding that (in the guide’s language) “disgorgement is permissible equitable relief when it does not exceed a wrongdoer’s net profits and is awarded for victims.”

The revisions also add a detailed discussion of 28 U.S.C. § 2462, which provides for a five-year statute of limitations on civil enforcement actions brought by the SEC. The guide notes, however, that this five-year statute of limitations will be tolled “for any period when the defendants are not ‘found within the United States in order that proper service may be made thereon’” (quoting 28 U.S.C. § 2462).

Compliance programs, prevention, and due diligence:

Due diligence and integration

The updates emphasize the importance of pre-acquisition due diligence. The guide recognizes that robust pre-acquisition due diligence is not always possible, so the agencies may review the timeliness and thoroughness of post-acquisition due diligence and compliance integration efforts in deciding the extent of successor liability. This reflects the approach in DOJ’s FCPA corporate enforcement policy.

Focus on investigation, analysis and remediation of misconduct

According to the updated guide, “[t]he truest measure of an effective compliance program is how it responds to misconduct”—and this is reflected in a new section under the “Hallmarks of Effective Compliance Programs.”

Similar to the approach outlined in the recently revised DOJ compliance guidelines, the updated guide emphasizes the need for timely and thorough internal investigations, with proper structures to ensure that lessons learned are incorporated into a company’s activities going forward.

Approach to accounting controls and compliance programs

The guide recognizes that the internal accounting controls required under the FCPA books-and-records provisions are different from a company’s overall compliance program.

The updates note, however, that both systems should reflect the company’s specific risk profile, based on (for example) the jurisdictions in which it operates and the nature of its activities.

The guide now even suggests a list of specific safeguards that companies can employ to “evaluat[e] whether a particular expenditure is appropriate or may risk violating the FCPA.”

Recent DOJ guidance

The revisions integrate the guide with other guidance documents outlining the DOJ’s approach to enforcement more generally.

These documents include the:

• DOJ’s FCPA corporate enforcement policy;
• guidance on the selection of monitors in Criminal Division matters;
• co-ordination of corporate resolution penalties (or anti-piling on) policy (which has proven especially relevant in light of the agencies’ increasing cooperation with non-US authorities in recent years); and
• Criminal Division’s guidance on the evaluation of corporate compliance programs

The guide has also added references to other sources on effective compliance programs, including the SEC’s whistleblower program and best-practice recommendations from international bodies.

Notably, the guide now emphasizes the favorable treatment that the FCPA corporate enforcement policy affords companies that self-report misconduct to DOJ; in the M&A context, the guide cites to the policy’s provision that "an acquiring company that voluntarily discloses misconduct may be eligible for a declination" in appropriate cases.

Conclusions

The key changes to the guide reflect developments that were already well known to experienced practitioners.

Nevertheless, the updated guide emphasizes the importance of effective (and “adequately resourced”) compliance programs, risk-based diligence efforts, and voluntary self-disclosures.