In November 2012, the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) issued A Resource Guide to the U.S. Foreign Corrupt Practices Act (the Resource Guide), intended to give companies and practitioners a roadmap for complying with the FCPA. Over the next eight years, both the DOJ and SEC ramped up enforcement efforts, tested the bounds of the FCPA in court, expanded prior jurisdictional limits and enforcement priorities, and brought several cases to trial with mixed results. A natural consequence of the amplified focus on the FCPA is the government’s evolving articulation of its enforcement standards and expectations. On July 3, 2020, the DOJ and SEC released the second edition of the Resource Guide (the Second Edition).

Some parts of the Second Edition recount judicial decisions and publicly-disclosed FCPA resolutions, while other parts incorporate other DOJ guidance, such as the Corporate Enforcement Policy and the Criminal Division’s Evaluation of Corporate Compliance Programs, among others. In sum, with a few exceptions, the Second Edition is largely an aggregation of those judicial decisions, public resolutions, and previously-announced enforcement policies.

Reinforcement of SEC’s Internal Controls Guidance

It is long-established that the SEC may elect to bring an enforcement action for an issuer’s violation of the FCPA’s books and records provisions even in the absence of evidence sufficient to support a finding of criminal conduct violating the anti-bribery provisions. In terms of SEC enforcement of the internal controls provisions, the Second Edition reinforces the important distinction between internal controls and internal accounting controls, noting that “[a]lthough a company’s internal accounting controls are not synonymous with a company’s compliance program, an effective compliance program contains a number of components that may overlap with a critical component of an issuer’s internal accounting controls.” Reference should be made in this regard to the SEC’s enforcement action in December 2018 against Polycom, Inc., in which the SEC stated that: “Polycom also violated Section 13(b)(2)(B) of the Exchange Act by failing to devise and maintain a sufficient system of internal accounting controls to detect and prevent the making of improper payments by Polycom China to foreign government officials.”¹ This enforcement action shows that the point at which gaps in an issuer’s internal accounting controls create exposure for ineffectiveness of its anti-corruption compliance program continues to be blurred.²

Accounting controls require “reasonable assurances” that a company’s financial books and records are reported accurately, including specific controls laid out in the Exchange Act. According to the Second Edition, internal controls, more generally, “must take into account the operational realities and risks attendant to the company’s business, such as: the nature of its products or services; how the products or services get to market; the nature of its workforce; the degree of regulation; the extent of its government interaction; and the degree to which it has operations in countries with a high risk of corruption.”

Polycom is a clear signal that, consistent with the Second Edition, the SEC intends to continue taking a broad view of the internal controls requirements to capture FCPA violations and other internal control violations uncovered in the course of an FCPA investigation. The Second Edition explains that view of the FCPA internal controls provision: “Companies with ineffective internal controls often face risks of embezzlement and self-dealing by employees, commercial bribery, export control problems, and violations of other U.S. and local laws.”

This also raises the question of whether the SEC’s evaluation of “internal accounting controls” for issuers is at odds with the DOJ standards for an “effective” compliance program as defined under DOJ’s compliance program guidance and the U.S. Sentencing Guidelines. The Sentencing Guidelines explicitly state that the mere existence of misconduct does not, in itself, mean that a compliance program did not work or was ineffective at the time of the offense.³ And the Justice Manual goes further in recognizing “that no compliance program can ever prevent all criminal activity by a corporation's employees.”⁴ The SEC, on the other hand, is prepared to bring enforcement actions against issuers for violating the internal controls provisions of the FCPA without any clear conduct prohibited by the substantive provisions of FCPA.

These divergent approaches between the DOJ and the SEC may result in disparate treatment by the government agencies.

Updated Instrumentality Guidance

The FCPA defines a “foreign official” to include “any officer or employee of a foreign government or any department, agency, or instrumentality thereof . . . .” The Second Edition clarifies the government’s position on what constitutes an “instrumentality.” The term “instrumentality” is broad and can include state-owned or state-controlled entities. The Second Edition incorporates the Eleventh Circuit’s decision in Esquenazi,⁵ which addressed the definition of “instrumentality” and provided a non-exhaustive list of factors to determine whether the government “controls” an entity and whether the entity performs a function that the government treats as its own.

“Control” factors include (1) foreign government’s formal designation of that entity; (2) whether the government has a majority interest in the entity; (3) the government’s ability to hire and fire the entity’s principals; (4) extent to which the entity’s profits, if any, go directly into the governmental fiscal accounts, and, by the same token, the extent to which the government funds the entity if it fails to break even; and (5) the length of time these indicia have existed.

“Function” factors include (1) whether the entity has a monopoly over the function it exists to carry out; (2) whether the government subsidizes the costs associated with the entity providing services; and (3) whether the public and the government of that foreign country generally perceive the entity to be performing a government function.

The Second Edition puts to rest any question as to whether the government believes Esquenazi applies outside the Eleventh Circuit. These factors will be critical in determining whether a foreign entity is an instrumentality of any foreign government.

Successor Liability in Mergers and Acquisitions

In recent years, M&A transactions have been fertile ground for potential FCPA violations. The Second Edition recognizes the practical realities of many mergers and acquisitions in which “robust pre-acquisition due diligence may not be possible.” Rather than simply penalizing the acquirer in any transaction, the government will now look to the “timeliness and thoroughness of the acquiring company’s post-acquisition due diligence and compliance integration efforts.” In certain instances, the government may bring an enforcement action against “against the predecessor company (rather than the acquiring company)” when the “acquiring company uncovered and timely remedied the violations or when the government’s investigation of the predecessor company preceded the acquisition.” The compliance key for the buyer is getting this corruption assessment done in a thorough manner, with deficiencies addressed, as immediately following closing as possible.

Aiding and Abetting Liability After United States v. Hoskins

The Second Edition discusses the government’s approach to aiding-and-abetting cases following the Second Circuit’s decision in Hoskins.⁶ In Hoskins, the Second Circuit determined that individuals not directly covered by the FCPA anti-bribery provisions could not be guilty of conspiring to violate, or aiding and abetting the violation of, the FCPA anti-bribery provisions. It follows, then, that an individual can be prosecuted for conspiracy to violate the FCPA anti-provisions or aiding and abetting an anti-bribery violation only if that individual’s conduct and role fall into one of the specifically enumerated categories expressly listed in the FCPA’s anti-bribery provisions.

Even though the Second Circuit has spoken on this issue, the Second Edition nonetheless characterizes the law as in flux by recognizing that at least one other court has rejected Hoskins. Highlighting this potential split in authority may give insight in the DOJ’s willingness to stretch the current limits of the FCPA in other circuits and expand the scope of aiding-and-abetting liability.

Anti-Piling On Policy

In 2018, the DOJ issued guidance signaling it would attempt to enhance coordination among enforcement authorities to avoid duplicative penalties and disproportionate punishment when companies pay fines or other monetary penalties to multiple governments for the same misconduct. When evaluating whether the Anti-Piling On policy will apply, the government will consider several factors, including: (1) the egregiousness of a company’s misconduct; (2) statutory mandates regarding penalties, fines, and/or forfeitures; (3) the risk of unwarranted delay in achieving a final resolution; and (4) the adequacy and timeliness of a company’s disclosures and its cooperation with the Department, separate from any such disclosures and cooperation with other relevant enforcement authorities.

Explanation of SEC Disgorgement Relief Following Kokesh v. SEC and Liu v. SEC

Since 2017, the Supreme Court has twice narrowed the scope and availability of disgorgement as a remedy for the SEC. First, in Kokesh,⁷ the Supreme Court characterized disgorgement as a penalty, thereby fixing a five-year statute of limitations on the SEC’s attempt to disgorge ill-gotten profits. Second, in Liu,⁸ the Supreme Court retained disgorgement as a potential remedy but required a clear causal link between the ill-gotten profits. At the same time, the Supreme Court required that any disgorgement be returned to the victims of the alleged scheme.

The Second Edition makes clear that those principles will now guide the SEC’s efforts to seek disgorgement as a remedy under the FCPA.

Corporate Enforcement Policy

The Second Edition includes a detailed discussion of the FCPA Corporate Enforcement Policy (CEP). Released in June 2020, the CEP states that when a company provides voluntary self-disclosure, full cooperation, and timely and appropriate remediation, the government will apply a presumption of a declination. That presumption may be overcome only if there are aggravating circumstances related to the nature and seriousness of the offense, or if the offender is a criminal recidivist. If aggravating circumstances compel an enforcement action, the DOJ will recommend a 50% reduction off the low end of the Sentencing Guidelines fine range, but again criminal recidivists may not be eligible for such credit.

The CEP also applies a presumption of leniency for when a company is a successor in the context of corporate mergers and acquisitions. For successor liability cases, the DOJ will recommend an up to 25% reduction off the low end of the Sentencing Guidelines fine range. To be eligible for the benefits of the CEP, including a declination, though, the company is required to pay all disgorgement, forfeiture, and/or restitution resulting from the misconduct at issue.

The Second Edition emphasizes the DOJ’s inclination to provide an incentive for good conduct and scrutiny for repeat offenders. Importantly, the CEP applies only to the DOJ—it does not bind or apply to the SEC.

Criminal and Civil Statute of Limitations

The Second Edition clarifies the statute of limitations for criminal and civil cases. For criminal cases, the Second Edition explains that the five-year statute contained in 18 U.S.C. § 3282 applies to anti-bribery offenses, but the six-year statute contained in 18 U.S.C. § 3301 applies to accounting offenses. The statute of limitations may be extended, though, if the company enters into a tolling agreement or the government requests an extension to collect information located in a foreign country. In civil cases brought by the SEC, the general five-year statute of limitations applies, but following Kokesh v. SEC, disgorgement is only allowed for the preceding five years.

* * *

The Second Edition makes clear that the ever-evolving body of FCPA law requires vigilant compliance programs. It also underscores the complexity of FCPA matters and the need for competent counsel to guide companies and individuals through difficult questions, and the independent investigation of potential violations.

1. Polycom, Inc., Exchange Act Release No. 84978 (Dec. 26, 2018).
2. While this concept is reinforced in the Second Edition, the SEC previously charged an internal accounting violation without alleging any improper payment to government officials. SEC v. Oracle Corp., No. 3:12-cv-04310 (N.D. Cal. Aug. 13, 2012); Press Release, U.S. Sec. & Exch. Comm’n, SEC Charges Oracle Corporation With FCPA Violations Related to Secret Side Funds in India (Aug. 16, 2012)
3. See U.S.S.G. § 8B2.1(a) (“[t]he failure to prevent or detect the instant offense does not mean that the program is not generally effective in preventing and deterring misconduct”).
4. Justice Manual, 9-28.800.
5. United States v. Esquenazi, 752 F.3d 912 (11th Cir. 2014)
6. United States v. Hoskins, 902 F.3d 69 (2d Cir. 2018)
7. Kokesh v. SEC, 137 S.Ct. 1635 (2017).
8. Liu v. SEC, 140 S.Ct. 1936 (2020).