DOJ and SEC Revise FCPA Resource Guide: What’s New and What Stayed the Same?

As we discussed earlier this year, the FCPA Resource Guide was in need of an update.  It was nearly eight years ago when the U.S. Department of Justice (“DOJ”) and the U.S. Securities and Exchange Commission (“SEC”) first released the Guide to much fanfare . . . and scrutiny. A lot has happened since then, in the United States and abroad. There have been case law developments (most favorable to the government, some not so much), dozens of major corporate resolutions (resulting in billions of dollars in penalties), numerous individuals charged and convicted, policy changes and enhancements, and vastly increased international cooperation (with its own benefits and challenges). In the meantime, the same units at DOJ and SEC who wrote the FCPA Resource Guide remain at the center of U.S. enforcement (though their resources have been expanded and their law enforcement partnerships broadened to include multiple dedicated FBI squads, and agents from Homeland Security Investigations (“HIS”), the U.S. Postal Inspection Service (“USPIS”), and the IRS Criminal Investigations (“IRS-CI”), as well as regulatory partners in the Commodities Futures Trading Commission (“CFTC”) and even the Federal Reserve).  It is this core group, as caretakers and overseers of FCPA enforcement, who on July 3, 2020, issued a second edition of the FCPA Resource Guide. Much credit goes to this relatively small group of people to find the time to update the Guide in the midst of a pandemic while still investigating and prosecuting hundreds of cases. 

Notably, much of the original substance of the first edition of the Guide remains intact in the second edition, both a testament to the collaborative efforts of DOJ, SEC, and other partners eight years ago and a reflection that the second edition truly is an update rather than a rewrite. That said, there are important updates, enhancements, and even corrections in the second edition that are worth examining and understanding, which we do below.

FIRST EDITION

On November 14, 2012, DOJ and SEC released “A Resource Guide to the U.S. Foreign Corrupt Practices Act” (the “2012 FCPA Resource Guide” or “2012 Guide”). Responding to a 2010 recommendation from the Organization for Economic Cooperation and Development and to criticism from the business community about the lack of transparency in FCPA enforcement, the 2012 FCPA Resource Guide was intended to replace the six-page Lay Person’s Guide to the FCPA and consolidate and summarize all relevant sources regarding the interpretation of the FCPA in one, easily accessible document. The 2012 Guide was developed based on extensive consultations with the private sector and civil society, as well as input from the U.S. Departments of Commerce and State. At 120 pages, the 2012 Guide covered a variety of topics related to the FCPA and included hypothetical fact patterns, examples of enforcement actions, and summaries of case law and DOJ opinion releases. It explained key elements of the FCPA’s anti-bribery and accounting provisions and summarized potential penalties and sanctions, types of resolutions, and factors considered by DOJ and SEC when deciding whether to open an investigation or bring charges. Perhaps most importantly, the 2012 Guide also described DOJ’s and SEC’s view on the components of an effective compliance program, grouping them into ten separate categories referred to as the “Hallmarks of Effective Compliance Programs.”

SECOND EDITION

As we noted earlier this year, given the development of additional case law, enforcement experience, compliance guidance, and international enforcement, we believed that the 2012 Guide should — and likely would — be updated. With the OECD’s Phase 4 Review of the United States underway, we predicted that a revised Guide would be released to address issues raised during the review process. Our prediction proved largely correct. Recognizing that “the last eight years have . . . brought new cases, new law, and new policies,” DOJ and SEC released “A Resource Guide to the U.S. Foreign Corrupt Practices Act, Second Edition” (the “2020 FCPA Resource Guide” or “2020 Guide”) on July 3, 2020.  Although the 2020 Guide does indeed update certain aspects of the 2012 Guide, our first observation is that the structure and substance of the original guidance is left largely intact, which is a testament to the thoroughness and continued importance of the original Guide itself. Below we discuss some of the more significant revisions – and non-revisions – in the 2020 Guide.

Incorporation of More Recent Cases and Policies

In many instances, the interpretation of the FCPA’s elements and the discussion of enforcement policies and practices from the 2012 Guide remain the same in the 2020 Guide, but with updated case examples and the inclusion of policies enacted since the 2012 Guide was published. For example, in the “What Does ‘Anything of Value’ Mean?” section, the 2020 Guide replaces the infamous “cash desk” example from a 2008 enforcement action with a more recent action in which a U.S. issuer would transfer funds to Brazilian money changers, who would then withdraw the amounts in cash and deliver the cash to officials. Similarly, the 2020 Guide replaces an example of improper travel and entertainment expenses from a 2009 enforcement action with a more recent example from 2019. The 2020 Guide also includes discussions of DOJ’s FCPA Corporate Enforcement Policy, Piling On Policy, Monitor Selection Criteria, and Evaluation of Corporate Compliance Programs, all of which were enacted in the last several years.  The 2020 Guide also incorporated extended discussions of several significant cases decided after the 2012 Guide was published.  We discuss these in the following subsections.

1. United States v. Esquenazi – Instrumentality  

The term “foreign officials” under the FCPA includes officers or employees of a department, agency, or “instrumentality” of a foreign government. The FCPA does not define the term “instrumentality,” nor were there any appellate court decisions interpreting that term as of November 2012. The 2012 Guide listed 11 non-exclusive factors, collected from various district‑court-approved jury instructions, that companies could use to conduct a “fact-specific analysis of an entity’s ownership, control, status, and function” to determine whether a particular entity, such as a state-owned enterprise, would be considered an instrumentality under the FCPA. Two years later, in United States v. Esquenazi, the Eleventh Circuit defined “instrumentality” under the FCPA as “an entity controlled by the government of a foreign country that performs a function the controlling government treats as its own.”[1] The Eleventh Circuit then provided two lists of non‑exclusive factors to determine whether the requisite “control” and “function” prongs were satisfied. The 2020 Guide sets out the Esquenazi instrumentality test and replaces the 11 factors listed in the 2012 Guide with the Esquenazi factors, while noting that “a number of courts in other circuits have approved final jury instructions providing a similar non-exclusive list of factors to be considered.”[2]

2. United States v. Hoskins – Jurisdiction and Agency

The 2012 Guide stated that foreign nationals and companies “may . . . be liable for conspiring to violate the FCPA . . . even if they are not, or could not be, independently charged with a substantive FCPA violation.”  In August 2018, the Second Circuit rejected this position in United States v. Hoskins, holding that foreign nationals who cannot be charged as principals under the FCPA cannot be held liable for violating the statute based on secondary liability theories, such as conspiracy or aiding and abetting. In light of Hoskins, the 2020 Guide omits the sentence quoted above. But this does not mean that DOJ has conceded the point. The 2020 Guide states that, “at least in the Second Circuit, an individual can be criminally prosecuted for conspiracy to violate the FCPA anti-bribery provisions or aiding and abetting an FCPA anti-bribery violation only if that individual’s conduct and role fall into one of the specifically enumerated categories expressly listed in the FCPA’s anti-bribery provisions.” The 2020 Guide then notes that, in United States v. Firtash, a district court from another circuit rejected the reasoning from Hoskins. The 2020 Guide thus indicates that DOJ may still consider using a conspiracy or aiding and abetting theory outside of the Second Circuit (though DOJ will likely try to avoid the issue in practice).[3]

Another aspect of the Hoskins decision that does not get quite as much attention in the 2020 Guide relates to the Second Circuit’s additional holding that DOJ could nevertheless secure an FCPA conviction of Mr. Hoskins if it could prove that he was acting as an “agent” of a domestic concern during the alleged bribery scheme. The jury instructions on “agency” were heavily litigated, and the district court controversially granted Hoskins’ post-judgment motion for acquittal, finding that there was not enough evidence for a jury to find that he was an agent of a domestic concern. DOJ has indicated that it intends to appeal that ruling. (See our extended analysis on the jury instructions and the acquittal. Perhaps not surprising given this procedural thicket, the 2020 Guide does not greatly expand the 2012 Guide’s discussion of “agency.” For example, the 2020 Guide does not discuss the Hoskins jury instructions on agency or cite to any of the factors courts use to make agency determinations. Rather, the only substantive change in the 2020 Guide is to clarify that, not only must an agency relationship exist in order for a parent to be held liable for a subsidiary’s FCPA violation under an agency theory, but also the subsidiary must have been “acting within the scope of the authority conferred by the parent.” In this regard, the 2020 Guide does not shed much light onto when DOJ will use the agency theory in corporate enforcement actions—which has caused concern in the FCPA defense bar. (See, e.g., our discussion at #6 of our Top 10 International Anti-Corruption Developments for December 2019.)[4]

3. Kokesh v. SEC and SEC v. Liu – Disgorgement

The 2012 Guide stated that the five-year statute of limitations period set by 28 U.S.C. § 2462 “does not prevent SEC from seeking equitable remedies, such as … the disgorgement of ill-gotten gains, for conduct pre-dating the five-year period.”  But in June 2017, a unanimous U.S. Supreme Court held in Kokesh v. SEC that the 5-year limitations period does apply to disgorgement. The 2020 Guide recognizes this limitation, both in the original section, “Statute of Limitations in Civil Actions,” and in a new section, “Forfeiture and Disgorgement.” The latter section also addresses Liu v. SEC, a follow-on case to Kokesh decided less than two weeks before the 2020 Guide was released, in which the U.S. Supreme Court held that disgorgement is permissible equitable relief in a federal district court action, at least to the extent that it does not exceed a wrongdoer’s net profits and is awarded for victims. Given the late-breaking nature of the Liu decision, it is not surprising that the 2020 Guide has only a high-level reference to the case. [5]

4. United States v. Ng Lap Seng – Local Law Defense

In 1988, Congress added the affirmative local law defense, which requires a defendant to establish that the payment at issue was lawful under the foreign country’s written laws and regulations at the time of the alleged offense. The 2012 Guide included an extended discussion of United States v. Kozeny, a 2008 case in which the Southern District of New York held that a foreign law relieving the defendant from potential prosecution did not render the improper payment lawful under the local law defense. The 2020 Guide keeps the discussion of Kozeny and adds to it a discussion of United States v. Ng Lap Seng, a 2017 case in which the Southern District of New York refused to give a proposed local law defense jury instruction that was “inconsistent with the plain meaning of the language of the written laws and regulations affirmative defense contained in the FCPA” and “would lead to impractical results.” (Ng was convicted in July 2017 and the Second Circuit affirmed his conviction on appeal on other grounds in August 2019.) Thus, unlike the cases above, this addition of a more recent court decision here does not substantively change anything from the 2012 Guide.[6]

Corrections

The 2020 Guide also contains revisions or clarifications related to certain aspects of the statute. The 2020 Guide clarifies that the applicable statute of limitations for criminal violations of the FCPA’s accounting provisions is six years (not five years as stated in the 2012 Guide).[7] The error stems from the fact that the FCPA, like most criminal laws, does not contain a specific statute of limitations within the statute itself. The typical default statute of limitations period is five years pursuant to 18 U.S.C. § 3282. That default limitations period, however, is only applicable to the anti-bribery provisions. Because the accounting provisions are considered “securities fraud offenses” for purposes of 18 U.S.C. § 3301 (the FCPA’s anti-bribery provisions are actually carved out of this definition), the statute of limitations for violations of those provisions is six years.[8] 

The 2020 Guide also clarifies that the mens rea required for criminal liability under the FCPA’s accounting provisions is knowingly and willfully.  Prior enforcement had been inconsistent in this regard, and while a somewhat technical point that may have limited impact in practice, it is an important and helpful clarification.[9] 

Hallmarks of Effective Compliance Programs: Largely Unchanged

As discussed above, we believe that the 10 “Hallmarks of Effective Compliance Programs” were one of the most significant aspects of the 2012 Guide because they provided a useful tool for companies to benchmark their compliance programs against DOJ and SEC expectations. As described in the 2012 Guide, these hallmarks are:

1. Commitment from Senior Management and a Clearly Articulated Policy Against Corruption
2. Code of Conduct and Compliance Policies and Procedures
3. Oversight, Autonomy, and Resources
4. Risk Assessment
5. Training and Continuing Advice
6. Incentives and Disciplinary Measures
7. Third-Party Due Diligence and Payments
8. Confidential Reporting and Internal Investigation
9. Continuous Improvement: Periodic Testing and Review
10. Mergers and Acquisitions: Pre-Acquisition Due Diligence and Post-Acquisition Integration

The 2020 Guide keeps all 10 of these recommendations in place with few changes, demonstrating and reinforcing their continued importance and relevance. The 2020 Guide also adds an 11th hallmark, “Investigation, Analysis, and Remediation of Misconduct.” In truth, this hallmark largely restates much of the substance of the “Confidential Reporting and Internal Investigation” hallmark, which the new Guide keeps, but it adds that a company should “analyze the root causes of the [investigated] misconduct to timely and appropriately remediate those causes to prevent future compliance breaches.”  Root cause analyses have been a prominent feature of recent DOJ policy guidance, including the FCPA Corporate Enforcement Policy and the Criminal Division’s Evaluation of Corporate Compliance Programs. Thus, this new addition brings the hallmarks into further alignment with recent guidance from DOJ.[10]

In introducing the hallmarks, the 2020 Guide also restates the original Guide’s focus on compliance programs that are tailored to a company’s specific needs, risks, and challenges and do not merely rely on a “check-the-box” approach.[11]

Declinations:  The Same and Different

On a related note, and welcome news to compliance professionals, the 2020 Guide maintained the previous Guide’s position that “[i]n appropriate circumstances, DOJ and SEC may decline to pursue charges against a company based on the company’s effective compliance program, or may otherwise seek to reward a company for its program, even when that program did not prevent the particular underlying FCPA violation that gave rise to the investigation.”[12] Consistent with this approach, the 2020 Guide retains a “Compliance Program Case Study” based on the Garth Peterson case, in which DOJ and SEC declined to take enforcement action against Peterson’s employer to “illustrate the benefits of implementing and enforcing a comprehensive risk-based compliance program.”[13]

Similarly, the 2020 Guide retains the six anonymized declinations that were featured in the 2012 Guide. Several of these investigations involved instances where an internal investigation determined that bribe payments had been made but DOJ and SEC nevertheless fully declined to take enforcement action for various factors, including the company’s self-reporting and remediation of the misconduct.[14]

The 2020 Guide, however, adds a new section related to DOJ’s FCPA Corporate Enforcement Policy (“CEP”), including a discussion of “declinations with disgorgements” under the CEP. The 2020 Guide explains the effect of the CEP, most importantly that where a company voluntarily self-discloses misconduct, fully cooperates, and timely and appropriately remediates, there will be a presumption (absent aggravating circumstances) that DOJ will decline prosecution. The 2020 Guide further notes that, “To be eligible for the benefits of the CEP, including a declination, the company is required to pay all disgorgement, forfeiture, and/or restitution resulting from the misconduct at issue.” The 2020 Guide provides three examples of declinations under the CEP, all of which involved disgorgement to U.S. or foreign enforcement authorities.[15] 

As we noted in our December 2017 client alert, we believe that the creation of “declinations with disgorgement” was the most significant aspect of the FCPA Pilot Program and its successor, the FCPA Corporate Enforcement Policy. As we explained, DOJ had never required disgorgements in previous declinations, and we questioned whether outcomes like that in the Garth Peterson case were still possible. If not, then certain parts of the 2020 Guidance may not accurately reflect the current state of DOJ and SEC enforcement policy. On the other hand, the retention of the Garth Peterson declination example and the six anonymized declinations might suggest that a declination without disgorgement may still be possible in appropriate cases even when some amount of profit resulted from the underlying improper conduct.

Revisions regarding the FCPA’s Accounting Provisions

The 2020 Guide makes some interesting revisions to the discussion of the FCPA’s accounting provisions. First, the 2012 Guide stated, “As with the anti-bribery provisions, DOJ’s and SEC’s enforcement of the books and records provision has typically involved misreporting of either large bribe payments or widespread inaccurate recording of smaller payments made as part of a systemic pattern of bribery.” The 2020 Guide adds, “and both DOJ and SEC look to the nature and seriousness of the conduct in determining whether to pursue an enforcement action.” While “nature and seriousness of the conduct” are common enforcement considerations, one wonders whether this section was added to respond to criticism that books-and-records resolutions are often pursued when the agencies cannot establish an anti-bribery charge, either for jurisdictional reasons or as a matter of proof.[16]

Second, although the FCPA requires public companies to “devise and maintain a system of internal accounting controls,” the 2012 Guide repeatedly used the term “internal controls,” including in the title of the subsection addressing this provision. Some critics have argued that the loss of the word “accounting” is more than symbolic and that certain enforcement actions have penalized companies for shortcomings in compliance programs that go beyond the more limited reach intended by the term “internal accounting controls.” It is thus notable that the 2020 Guide adds the word “accounting” back into the phrase “internal accounting controls” at various places throughout the text. On a similar note, the 2020 Guide newly states that “a company’s internal accounting controls are not synonymous with a company’s compliance program,” but then goes on to state that “an effective compliance program contains a number of components that may overlap with a critical component of an issuer’s accounting controls.” Again, one wonders whether this statement was meant to respond to concerns that internal controls charges were being used to pursue compliance shortcomings not intended by Congress when passing the FCPA.[17]

TAKEAWAYS

• The 2020 Guide is a welcome refresh of a document that has largely withstood the test of time. By adding more recent case examples and policy announcements and by correcting and clarifying certain sections, the revisions ensure that the Guide will continue to be relevant and useful for years to come.
• The Hallmarks of Effective Compliance Programs continue to be a key source for compliance practitioners looking to build a compliance program or to benchmark a compliance program against DOJ and SEC expectations.
• The 2020 Guide leaves open some key questions: What factors do DOJ and SEC consider when determining whether a subsidiary is acting as an agent of its parent? Is a declination without disgorgement still possible? Do the revisions to the Guide’s books and records and internal accounting controls sections signal an intention to more strictly construe the FCPA’s accounting provisions in future enforcement actions? The answers to these questions, as well as other (perhaps unanticipated) questions, will likely evolve over the next several years—at which point a third edition of the Guide may be released. 

[1] United States v. Esquenazi, 752 F.3d 912, 925 (11th Cir. 2014)

[2] Compare 2012 Guide at 20 with 2020 Guide at 20.

[3] Compare 2012 Guide at 34 with 2020 Guide at 35-36.

[4] Compare 2012 Guide at 27 with 2020 Guide at 28.

[5] Compare 2012 Guide at 35 with 2020 Guide at 37, 71.

[6] Compare 2012 Guide at 23-24 with 2020 Guide at 24.

[7] Compare 2012 Guide at 34 with 2020 Guide at 36.

[8] This five-year versus six-year limitations period distinction between the anti-bribery provisions and the accounting provisions appears to have been overlooked for decades, as reflected in every prior U.S. submission to the OECD Working Group on Bribery in Phases 1, 2, and 3. See, e.g., Response of the United States to Questions Concerning Phase 3 (May 3, 2010) (“The statute of limitations for criminal prosecutions of the FCPA remains five year.”); Response of the United States to Questions Concerning Phase 2 (2002) (“FCPA criminal investigations are governed by the five-year statute of limitations that applies to the vast majority of U.S. criminal offenses, including domestic bribery.”); Response of the United States to the Phase I Questionnaire (Oct. 30, 1998) (“The statute of limitations for FCPA offenses is five years. See 18 U.S.C. § 3282.”).

[9] Compare 2012 Guide at 44 with 2020 Guide at 45.

[10] Compare 2012 Guide at 57-62 with 2020 Guide at 58-67.

[11] Compare 2012 Guide at 57 with 2020 Guide at 58.

[12] Compare 2012 Guide at 56 with 2020 Guide at 57.

[13] Compare 2012 Guide at 61 with 2020 Guide at 68.

[14] Compare 2012 Guide at 77-79 with 2020 Guide at 79-81.

[15] See 2020 Guide at 51-54.

[16] Compare 2012 Guide at 39 with 2020 Guide at 39.

[17] Compare 2012 Guide at 40-41 with 2020 Guide at 40-42.