SEC and DOJ Release Long Awaited Joint FCPA Guidance

November 19, 2012



On November 14, 2012, the Criminal Division of the Department of Justice (“DOJ”) and the Enforcement Division of the Securities and Exchange Commission (“SEC”) released FCPA: A Resource Guide to the U.S. Foreign Corrupt Practices Act (“the Guide”).[1] This marks the first time since the enactment of the FCPA that the DOJ and the SEC have issued such joint guidance. The Guide is a comprehensive document — spanning 120 pages and addressing many key subjects, including the principal elements of both the anti-bribery and the accounting provisions, DOJ and SEC enforcement principles, standards for FCPA compliance policies and procedures, a discussion of best practices during corporate mergers and acquisitions, possible penalties, different methods of resolving enforcement action, and applicable whistleblower protections.

Consistent with its stated purpose of providing “helpful information,” and its disclaimer that the Guide “does not constitute rules or regulations,” the Guide provides limited interpretive guidance, beyond that already reflected in existing precedents. The Guide generally does not articulate new policy or more clearly delineate the reach of the FCPA in certain critical areas such as the definition of a foreign official, or the real value of voluntary disclosure. In several areas, such as the discussion of the FCPA’s jurisdictional reach and corporate liability for the acts of subsidiaries and predecessor companies, the Guide restates previously announced government policies that have not yet been litigated.

Key Areas of Guidance 

  • Enforcement Principles

Chapter Five of the Guide sets forth the guiding principles the SEC and DOJ use in deciding whether to pursue FCPA enforcement cases and how those matters may be resolved. These guidelines are generally the same as those previously made publically available in the U.S. Attorney’s Manual and SEC Enforcement Guide.

For example, the DOJ considers the nature/seriousness of the offense, the pervasiveness of wrongdoing, the company’s history of similar misconduct, the company’s timely and voluntary disclosure of wrongdoing and cooperation in investigations, the effectiveness of the company’s compliance program and remedial actions, collateral consequences to other stakeholders (e.g. shareholders or employees), and the adequacy of prosecuting only culpable individuals or other remedies, such as regulatory or civil enforcement actions.[2] The SEC considers similar factors, as well as whether the conduct may indicate a widespread industry problem that needs to be addressed.

The Guide emphasizes the need for an effective compliance program as one of the most important considerations in determining the government’s response to a potential FCPA violation. Moreover, there is a recognition that, “a company’s failure to prevent every single violation does not necessarily mean that a particular company’s compliance program was not generally effective.”[3] Despite these encouraging statements about the benefits of compliance programs, the DOJ has recently emphasized that compliance programs cannot be used as a defense against a criminal FCPA charge because “such a defense strategy could dilute the progress already made against corruption.”[4] 

  • Facilitation Payments

Quoting the statute, the Guide reiterates that only payments for “routine governmental action” qualify as facilitation payments and that the purpose and not the size of the payment is critical.[5] The Guide emphasizes important guidelines in determining whether a payment may qualify under what it describes as a “narrow exception” for facilitation payments. For instance, the Guide clarifies that the size of a payment matters, with larger payments providing more evidence that it is likely not a true facilitation payment. The Guide also clarifies why payments that may appear to be facilitation payments, such as small payments to customs officials that were the basis of multiple recent settlements, cannot be facilitation payments if they are paid to provide the company with something it is otherwise not entitled to, such as reduced duties, preferential treatment, or an official overlooking the company’s lack of required permits. Ultimately, while this exception to the FCPA’s anti-bribery provision remains, the Guide notes that the United States discourages such payments, most notably because they may violate other laws and the Guide notes that care is required to ensure that they are recorded correctly.

  • Extortion Defense

The Guide clarifies that payments arising in situations of extortion and duress will not generally be made with corrupt intent and therefore will not violate the FCPA.[6] For this defense to apply, the threat must be true extortion or duress and not merely economic coercion.[7] To illustrate the difference, the Guide notes that demanding a payment to prevent an oil rig from being dynamited constitutes true extortion, while a demand for a bribe to gain entry to a market is only economic coercion.[8] The presence of a physical threat or the inability for the payor to “turn his back and walk away” are hallmarks of extortion or duress that could obviate corrupt intent under the FCPA.[9] Thus, the Guide confirms for the first time that DOJ and SEC recognize a “health and safety” exception to the FCPA.

  • Compliance Programs

The Guide sets forth useful and practical advice for companies seeking to implement and maintain an effective compliance program. The Guide particularly emphasizes the role that an effective compliance program plays both in preventing and detecting potential violations and in mitigating enforcement consequences for the company involved when such violations occur. Indeed, it expressly states that the adequacy of such programs affects whether the matter will be resolved by an Non Prosecution Agreement (“NPA”) or a Deferred Prosecution Agreement (“DPA”), the duration of such agreements, and the amount of any penalty assessed.[10]

In addition, the Guide emphasizes that the DOJ and the SEC recognize practical differences between companies — in terms of size, resources, structure, and risk profile — will necessarily require different compliance programs. The Guide discourages “one size fits all” approaches that are over-inclusive or have across-the-board requirements for all transactions and business that are unnecessarily burdensome, noting that with such programs “resources are inevitably spread too thin, with too much focus on low-risk markets and transactions to the detriment of high-risk areas.” [11]

The Guide also sets forth the “hallmarks of effective compliance programs,” which companies would do well to use as a starting point in creating or assessing their compliance programs. Although many of these compliance program components have appeared in numerous DPAs and NPAs — as well as the ABB Opinion Release — their application was, in those contexts, limited to the particular companies at issue and their general applicability could only be inferred. The Guide has now affirmed that the DOJ and SEC recommend the following program elements:

    • A clear commitment from senior management, including “tone from the top’ and a clearly articulated policy against corruption 
    • A code of conduct that is clear, concise, accessible to all employees, and kept current 
    • Policies and procedures that outline compliance responsibilities and detail internal controls, auditing practices, documentation policies, and disciplinary procedures 
    • Assignment of oversight and implementation responsibility to one or more specific senior executives with appropriate authority, autonomy, and resources 
    • A compliance approach that is tailored to risk, including involvement in high-corruption jurisdictions, frequency of interaction with foreign officials (including customs and immigration), amount of government oversight/regulation, and size of transactions 
    • Periodic training and certification for “all directors, officers, relevant employees, and, where appropriate, agents and business partners” 
    • Appropriate measures to provide ongoing compliance guidance 
    • A combination of compliance incentives and disciplinary measures applicable at all levels 
    • Third-party due diligence (explained in further detail below) 
    • A mechanism for confidential reporting of suspected violations or misconduct (such as on an anonymous hotline or via an ombudsmen) and a process for investigating such reports
    • Continuous review, testing, and, where necessary, improvement of the program in response to weaknesses or changing risks 
    • Due diligence of any acquisition targets and, where appropriate, training employees of and conducting audits on acquired companies

In addition to general explanations, the Guide provides some concrete tips and red flags — discussed in detail by topic in the following sections — useful for companies seeking to minimize their risks of violations. Although many of these tips have been included in or implied by previous Opinion Releases, NPAs, and DPAs, their inclusion in the Guide affirms DOJ’s and SEC’s belief that they are generally relevant to determining whether risk of violations exists.

  • Reasonable and Bona Fide Expenditures

The Guide discusses reasonable and bona fide expenditures to foreign officials within the context of the statutory criteria of corrupt intent, noting that many small, routine expenditures are extremely unlikely to show intent to exert improper influence on an official. Specifically, the Guide notes that “it is difficult to envision any scenario in which the provision of cups of coffee, taxi fare, or company promotional items of nominal value would ever evidence corrupt intent, and neither DOJ nor SEC has ever pursued an investigation on the basis of such conduct.”[14] The Guide includes a non-exhaustive list of safeguards that companies should use to determine whether expenditures to or on behalf of foreign officials are appropriate to avoid violating the FCPA. These safeguards are a useful aggregation of those identified in various opinion releases addressing promotional activities.[15] Such measures include: 

    • Not selecting officials to participate or selecting them based on “pre-determined, merit-based criteria” 
    • Paying costs directly to vendors and reimbursing costs only with a receipt 
    • Not advancing or paying reimbursements in cash 
    • Ensuring that stipends are “reasonable approximations of costs likely to be incurred” and not providing additional compensation beyond actual expenses 
    • Ensuring that expenditures are transparent within the company and to the foreign government 
    • Not conditioning payment on a foreign official’s action 
    • Obtaining written confirmation that payment of expenses is allowed under local law 
    • Ensuring accurate recording of expenses in the company’s books and records 


  • Third Parties

The Guide provides a list of common red flags associated with third parties — focusing on distributors and agents — which companies doing business with such parties should take into account in their due diligence.[16] For those situations, the Guide states that companies should be concerned about:

    • Excessive commissions or unreasonably large discounts 
    • Consulting agreements in which services are only vaguely described
    • Consultants who operate in a different business line than that for which they have been engaged
    • Close relationships or associations with foreign officials
    • Involvement of the third party at the behest of a foreign official
    • A third party that is merely a shell company in an offshore jurisdiction or that requests payment to offshore bank accounts.

In hypothetical examples, the Guide clarifies that such factors do not necessarily mean that a third party is not suitable. Instead, they warrant careful vetting, including scrutinizing relationships to government officials, potential background and reference checks, amendment of contracts to specify clear services and deliverables and to include audit rights, and potentially providing training to the third party and requiring representations that the party will comply with anti-bribery laws.[17] The Guide also states that companies should clearly understand the qualifications and associations of business partners and the business rationale for engaging a third party before entering the relationship and should engage in ongoing monitoring over the course of the relationship.[18] In addition, companies should engage in transaction-specific due diligence of third parties —including analyzing the propriety of payment terms and amounts — even if a background check on the party itself raises no red flags.[19]

Finally, one of the hypothetical examples very pointedly identifies that representations and certifications may not be enough to compensate for clear red flags regarding a third party’s activities. In general, the Guide’s hypothetical examples in this area provide clear, practical, and easy-to-understand advice on how to vet third parties and how the government will view those efforts.

However, the Guide’s discussion is limited to agents and distributors and does not offer any insight into other business partners such as customers and suppliers, which are dealt with in some detail in the U.K. Ministry of Justice’s guidance for the U.K. Bribery Act.[20] This area presents obvious challenges in understanding the requirements for determining foreign official ownership in a supplier and compliance steps that can be taken to minimize the corruption risks where such an ownership interest exists. 

  • Mergers and Acquisitions - Successor Liability

The Guide clarifies four key points regarding successor liability for companies acquiring or merging with another company that engaged in corruption prior to the merger or acquisition.[21] First, the Guide emphasizes that liability cannot be created by a merger or acquisition. If a company was not subject to the FCPA prior to the acquisition or merger, its past acts do not become violations of the FCPA simply because it was acquired by or merged with a U.S. company or issuer. Second, the Guide emphasizes that the DOJ and the SEC have only pursued an enforcement action against the successor company in limited circumstances, “generally in cases involving egregious and sustained violations or where the successor company directly participated in the violations or failed to stop the misconduct from continuing after the acquisition.” Instead, the government is more likely to pursue an enforcement action against the predecessor company, provided that the predecessor company continues to exist in some form, such as a subsidiary. Third, the Guide explained that, as in past cases, a successor company may seek additional assurances that it will not be subject to a future enforcement action by signing a non-prosecution agreement in connection with the predecessor company reaching a resolution with the government. Finally, the Guide emphasizes that post-acquisition due diligence and remediation can also “decrease the likelihood” of an enforcement action based on the predecessor company’s violations. 

  • Statistics on Declinations

One of the most important questions that has been asked of the government is to provide some insight into cases where the SEC or the DOJ have declined to prosecute companies. Notably, the Guide emphasizes that the DOJ has declined to prosecute “several dozen cases against companies where potential FCPA violations were alleged” in the past two years alone.[22] (The SEC did not provide similar numbers regarding its declination history.) The Guide provides several “anonymized examples” of matters that the DOJ and the SEC have declined to pursue. Of note, many of these examples have the following characteristics in common: (1) “relatively” small payments or instances where the bribe was stopped before it was paid; (2) quick and decisive responses by the companies, including a “thorough independent internal investigation,” termination of the relationship with relevant third parties, termination or discipline of the relevant employees, and comprehensive improvements to the compliance program; (3) disclosure of the conduct to the DOJ and SEC; and (4) cooperation with the government. 

  • Accounting Provisions

The Guide does not provide much new information about enforcement of violations of the accounting provisions but does emphasize three key points that are often overlooked. First, although most past enforcement actions have involved some connection to bribery schemes, the Guide emphasizes that the FCPA’s accounting provisions are not limited to bribery-related violations.[23] Second, the Guide pairs this warning with an explanation that although the books and records provisions have a wide scope, most past enforcement of books and records violations have involved “misreporting of either large bribe payments or widespread inaccurate recording of smaller payments made as part of a systemic pattern of bribery.”[24] Third, the Guide emphasizes that although the FCPA’s accounting provisions are directed at issuers, an issuer is responsible for compliance with those provisions by both the foreign subsidiaries and affiliates (including joint ventures) under its control.[25] 

  • Due Diligence on Third Parties

The Guide provides a list of common red flags associated with third parties — focusing on distributors and agents — which companies utilizing such parties should incorporate into their due diligence. This is an area of significant concern for many companies.[26] Most enterprises however have moved beyond the guidance provided in dealing with third parties, which is primarily limited to typical third-party agents and distributors. The Guide emphasizes that the government only expects a “risk-based” due diligence approach and that the degree of appropriate due diligence may vary based on industry, country, size and nature of the transaction, and the historical relationship with the third party. It also notes that due diligence on all agents, regardless of risk, can be “counterproductive.”[27] The Guide, though, is silent on critical issues that face companies around customers and suppliers. These entities are mentioned in many NPAs and DPAs as “business partners,” and it is suggested that diligence and other risk lowering measures be taken. However, most companies have thousands of customers and suppliers and it is unrealistic to expect diligence for such entities that is comparable to diligence on agents and distributors.

Unanswered Questions

There remain many unanswered questions following the Guide’s publication. 

  • Limits on the Business Purpose Test

One of the key requirements of the FCPA is that the payment be made to assist in obtaining or retaining business. This is known as the “business purpose test” and provides an outer limit on the type of payments covered by the law. The Guide notes that United States v. Kay[28] established that the business purpose test is “broadly interpreted” and acknowledges that “the FCPA does not cover every type of bribe paid around the world for every purpose.”[29] The Guide, however, does not provide much insight into the types of payments that might not meet the “business purpose” test. Kay emphasized that a bribe that simply increases a company’s profits does not automatically satisfy the business purpose test. Instead the government must demonstrate a concrete causal connection between the reduced costs obtained through the bribe and a specific business transaction or opportunity.[30] The Guide does not address how close that causal connection must be or when it will not be present.

  • Modest Versus Lavish Gifts and Reasonable Entertainment

The Guide leaves a fair degree of ambiguity as to acceptable level of gifts or entertainment for foreign officials. Although it explains that “cups of coffee” or “taxi fares” are unlikely to constitute violations,[31] it also emphasizes that “what might be considered a modest payment in the United States could be a larger and much more significant amount in a foreign country.”[32] It further notes that the government has brought enforcement actions based on small payments and gifts that are “part of a long-standing course of conduct that evidences a scheme to corruptly pay foreign officials to obtain or retain business.”[33]

Companies may take some solace in a few of the Guide’s practical examples, such as its common sense recognition that paying for “business class air fare, …a moderately priced dinner, a baseball game, and a play” for a foreign official conducting a legitimate business trip to inspect a facility does not violate the FCPA. Yet there is still quite a bit of uncertainty to the government’s position on other comparable scenarios. For instance, the U.K.’s 2010 guidebook on the U.K. Bribery Act indicated that, absent other facts, a company’s payment of first class airfare, accommodation, and reasonable hospitality costs, including “fine dining and attendance at a baseball match,” for both a foreign official and his or her partner is unlikely to constitute a bribe under the U.K. Bribery Act.[34] The Guide’s examples and explanations do not clarify whether the same is true under the FCPA.[35] 

Definition of an “Instrumentality” of Government

One of the key open questions in FCPA enforcement is when a foreign government’s partial, but not majority, ownership of a foreign company will be deemed sufficient to treat that company as an instrumentality of a foreign government. If a foreign company is deemed an instrumentality of a foreign government, then all of the employees at that company are deemed to be foreign officials for purposes of the FCPA. The government has previously held the position that it is possible for a company with less than 50% government ownership to be an instrumentality of the foreign government. Many companies hoped the Guide would provide more of a bright-line rule on when a foreign company would be treated as an instrumentality.

The Guide provided some guidance on this question, but the government declined to provide such a bright-line rule. The Guide explains that “as a practical matter, an entity is unlikely to qualify as an instrumentality” of a government if “a government does not own or control a majority of its shares.”[36] However, a majority may be less than 50%. The Guide notes that there are “some circumstances” in which an entity would qualify as an instrumentality even if the government owned less than 50% of the company.[37] The example it provides involved a government that was a 43% shareholder with many political appointees on its board and with “special status” that gave it veto power over all major expenditures and control over important operational decisions.[38] The Guide explains that if the totality of the circumstances show the foreign government’s “substantial control over the company,” then the company could be treated as an instrumentality even without majority government ownership.

  • Parent Liability for Anti-Bribery Violations by its Foreign Subsidiaries

The Guide stresses that a parent company may face both civil and criminal liability for its subsidiary’s anti-bribery violations under “traditional agency principles.”[39] If the parent has sufficient control over the subsidiary, “including the parent’s knowledge and direction of the subsidiary’s actions, both generally and in the context of a specific transaction,” the DOJ and SEC will impute the subsidiary’s actions and knowledge to the parent and hold the parent liable for the subsidiary’s anti-bribery violation.

This principle becomes very important in practice because most companies operate outside the United States through wholly owned or controlled subsidiaries. Adopting a default position that those subsidiaries will typically be regarded as agents of the parent company without more analysis is a significant broadening of the FCPA’s scope. While both the SEC and the DOJ have relied on this theory in a few settlements in the past, its infrequent use and untested nature mean that there remain significant open questions about its limits. One critical area of concern is in situations where the parent company has no actual knowledge of or involvement in the violation by the subsidiary’s employees. The Guide does not state that in this situation a parent company is not liable. Rather, the Guide cites one example where the SEC held a parent company liable for its subsidiary’s anti-bribery violations, but that example involved at least one employee at the parent company approving one of the payments at issue.[40] It remains to be seen whether this agency theory will be widely used by either the SEC or the DOJ to hold parent corporations liable for anti-bribery violations by subsidiaries absent any knowledge or involvement by a parent company employee. 

  • Jurisdictional Reach of the FCPA

While the Guide helpfully articulates that one phone call, email, wire transfer, or fax to or through the United States is enough to trigger jurisdiction for U.S. parties or issuers, the Guide does not provide clear answers on questions regarding jurisdiction over foreign parties. Quoting the statute, the Guide notes that the FCPA’s anti-bribery provisions apply to foreign nationals or entities that are neither domestic nor issuers if they engage in “any act in furtherance of a corrupt payment while within the United States.”[41] Nevertheless, the Guide does not clarify what action within the United States is sufficient to meet this test.

The Guide does signal that the government will pursue alternative theories of criminal liability as it has in past enforcement actions, such as aiding and abetting or conspiracy charges, which may lessen the importance of these questions.

[1] The Guide is available online at http://www.sec.gov/spotlight/fcpa/fcpa-resource-guide.pdf.
[2] Id. at 53.
[3] Id. at 56.
[4] Erica Teichert, DOJ Chief Says Compliance Programs Aren't An FCPA Shield, Law360 (November 16, 2012, 7:51 PM ET), available at: http://www.law360.com/securities/articles/394929?nl_pk=a602ba75-bdd2-4981-a7e5-10dd19558864&utm_source=newsletter&utm_medium=email&utm_campaign=securities
[5] Guide at 25.
[6] Id. at 27.
[7] Id.
[8] Id.
[9] Id. (citing United States v. Kozeny, 582 F. Supp. 2d 535, 540 (S.D.N.Y. 2008)).
[10] Id. at 56.
[11] Id. at 58.
[12] Id. at 57-63.
[13] Department of Justice, FCPA Opinion Procedure Release No. 04-02 (July 12, 2004), available at http://www.usdoj.gov/criminal/fraud/fcpa/opinion/2004/0402.html
[14] Guide at 15.
[15] Id. at 24.
[16] Id. at 22-23.
[17] Id. at 63-64.
[18] Id. at 60.
[19] Id. at 64.
[20] 2010 UK Bribery Act, available at: http://www.legislation.gov.uk/ukpga/2010/23/pdfs/ukpga_20100023_en.pdf.
[21] Guide at 28-29.
[22] Id. at 75.
[23] Id. at 38.
[24] Id. at 38.
[25] Id. at 43.
[26] Id. at 22-23.
[27] Id. at 59.
[28] 359 F.3d 738 (5th Cir. 2004)
[29] Guide at 13-14.
[30] United States v. Kay, 359 F.3d 738, 759-60 (5th Cir. 2004).
[31] Robert Khuzami, Director of the SEC’s Division of Enforcement explained a similar point during his remarks at the news brief about the Guide, stating: “We also hope that it will clear up some myths about the type of conduct that gets prosecuted under the FCPA — that it is not the $5 cup of coffee, or the one off $50 gift to a public official, that companies need to be concerned about, but payments of real and substantial value that clearly represent an unambiguous intent to bribe a foreign official to obtain or retain business.” Remarks During News Briefing About SEC-DOJ FCPA Guide, available at: http://www.sec.gov/news/speech/2012/spch111412rk.htm.  
[32] Id. at 15.
[33] Id. at 15.
[34] Ministry of Justice, The Bribery Act 2010: Guidance about procedures which relevant commercial organisations can put into place to prevent persons associated with them from bribing 14, available at: http://www.justice.gov.uk/downloads/legislation/bribery-act-2010-guidance.pdf
[35] Id. at 17-18.
[36] Id. at 21.
[37] Id.
[38] Id.
[39] Id. at 27-28.
[40] Id. (citing as an example a case where an official at the parent company approved one of the payments involved).
[41] Id. at 11.

This memorandum is a summary for general information and discussion only and may be considered an advertisement for certain purposes. It is not a full analysis of the matters presented, may not be relied upon as legal advice, and does not purport to represent the views of our clients or the Firm. Richard Grime, an O'Melveny partner licensed to practice law in the District of Columbia, Greta Lichtenbaum, an O'Melveny partner licensed to practice law in the District of Columbia, Jeremy Maltby, an O'Melveny partner licensed to practice law in California, New York and the District of Columbia, Melissa Jackson, an O'Melveny associate licensed to practice in the District of Columbia, and Beth France, an O'Melveny associate licensed to practice law in Massachusetts, contributed to the content of this newsletter. The views expressed in this newsletter are the views of the authors except as otherwise noted.

Portions of this communication may contain attorney advertising. Prior results do not guarantee a similar outcome. Please direct all inquiries regarding New York's Rules of Professional Conduct to O’Melveny & Myers LLP, Times Square Tower, 7 Times Square, New York, NY, 10036, Phone:+1-212-326-2000. © 2011 O'Melveny & Myers LLP. All Rights Reserved.