International Business and the Foreign Corrupt Practices Act (FCPA)
In 2009, prosecutors delivered on their promise to vigorously pursue individuals and corporations who violated the Foreign Corrupt Practices Act (FCPA). Thirty-three individuals and eleven organizations were named in enforcement actions brought by the DOJ or SEC. This year promises more of the same. The current number of indictments has quadrupled compared to 2008, and fines and settlements since 2009 have exceeded $2 Billion. Not only do these enforcement activities frequently result in substantial fines and penalties, but prison time for some individuals is becoming more common. Additionally, investigations sometimes trigger follow-on civil lawsuits. Indeed, many of the most prominent recent FCPA investigations have been followed by shareholders’ derivative lawsuits. The most recent example can be found here: http://www.courthousenews.com/2010/06/07/27856.htm
Any company that engages in international business should pay careful attention to the minefield that FCPA can create. By having protocols for compliance and rapid collection of both physical and electronic evidence, a corporation can vastly decrease its costs of responding as well as its risk of multimillion-dollar fines and a public relations nightmare.
So what is the FCPA? Essentially it is a federal law prohibiting bribes to foreign government officials. To ensure compliance, it requires public companies (and subsidiaries) to:
- maintain accurate books and records in reasonable detail, accurately and fairly reflecting the transactions and disposition of its assets, and
- devise and maintain a system of internal accounting controls sufficient to provide assurances that assets and transactions are accounted for.
When the SEC or DOJ begins an investigation or criminal conduct is suspected, the company should immediately take the following steps to conduct its own internal investigation. This is not optional!
- Determine the scope of the investigation – the SEC and DOJ will consider this in determining whether the investigation was effective
- Secure all evidence: physical, paper and electronic
- Collect evidence
- Conduct on-site employee interviews
- Review evidence
- Determine whether to do a voluntary disclosure if a violation is detected
Electronic evidence is critical in FCPA investigations as most evidence of bribery is found in email and other electronic documents. Given its international nature, electronic evidence will likely be widespread, spanning multiple custodians, repositories, and countries. Email servers, laptops, mobile phones, thumb drives and other types of data could all contain evidence and will all have to be secured and collected no matter the format or language. This can be a herculean effort as most companies facing an investigation ultimately end up securing terabytes of information. As another hurdle to the process, if any of this data is located in a country with data privacy laws, those laws will also have to be navigated when conducting a search and collection. Additionally, if any wrongdoing is suspected, live data search alone may not be enough and a forensic search for deleted data is required.
So what is a company to do to reduce their risk of violations? There are several guidelines that have come forth from past cases:
- Develop clear FCPA policies and programs and communicate those policies through regular training and with acknowledgement by employees and agents
- Enforce those policies through reporting and discipline
- Develop FCPA procedures to help prevent violations:
- through due diligence and oversight of relationships and anti-bribery provisions in contracts with third parties
- have controls in place for accurate maintenance of books and records
- Bring in an independent compliance monitor
- Conduct regular audits to monitor effective implementation of the policies and programs
- When in doubt, request a statement of the Justice Department’s present enforcement intention under the anti-bribery provisions of the FCPA regarding any proposed business conduct.
No action can completely shield a company that does business oversees from an SEC or DOJ FCPA investigation, but by taking a proactive approach to compliance and discovery, it can greatly lessen the sting when it inevitably happens.
Filed under: Uncategorized | Tagged: compliance, e-disclosure, eDiscovery, FCPA, Information Governance, legal, litigation, Risk | Leave a comment »