The Department of Justice (DOJ) just released an updated version of its Resource Guide to the Foreign Corrupt Practices Act. While the new version does not announce any groundbreaking changes, it now includes updates and references to recently issued policies, such as the DOJ’s Corporate Enforcement Policy, Evaluation of Corporate Compliance Programs, and the Corporate Monitorship Policy. The updated guidance was released with little fanfare on Friday night, July 3, 2020, as the Criminal Division at Main Justice was undergoing a change in leadership. The Guide is largely the same document and limited to a discussion of the FCPA, but it nonetheless is a useful tool for practitioners seeking to understand the government’s corporate charging policies generally. The Resource Guide is lengthy, at almost 200 pages, and the new revisions do not lengthen it further. The DOJ has mostly restructured sections and added more recent cases for discussion but largely left the Guide intact. Nevertheless, certain revisions to the Resource Guide merit emphasis and are highlighted below.
The Aftermath of Hoskins
The DOJ is careful in this guidance to characterize the reach of criminal co-conspirator and aiding and abetting liability as a result of a recent, well-publicized Second Circuit decision that limited the DOJ’s ability to pursue foreign nationals who participate in a bribery scheme. In United States v. Hoskins, 902 F.3d 69 (2d Cir. 2018), the Second Circuit held that a foreign national who was not otherwise covered by the specifically enumerated categories in the FCPA, could not be prosecuted using co-conspirator or aiding and abetting liability. The Court held that the government could proceed on the theory that Hoskins was an “agent” of a “domestic concern” which required the government to prove that Hoskins, who was a foreign national working for a foreign subsidiary, participated in a bribe scheme and took direction from the U.S. subsidiary. The government ultimately persuaded a jury to convict Hoskins on various charges, although post-verdict, the district court acquitted Hoskins on the foreign bribery counts because there was insufficient evidence of “agency.” With these setbacks, the DOJ is now limited in pursuing its expansive view of co-conspirator liability under the FCPA, at least in the Second Circuit.
The DOJ says as much in the Guide, acknowledging the opinion and its application in the Second Circuit, but also noting that a district court in the Seventh Circuit disagreed with the holding and concluded that precedent in the Seventh Circuit would dictate that defendants could be criminally liable for violations of the anti-bribery provisions of the FCPA as co-conspirators or aiders and abettors, even if they did not fall under one of the enumerated categories of liability in the statute. United States v. Firtash, 392 F. Supp. 3d 872, 889 (N.D. Ill. 2019). Although the DOJ cites Firtash, presumably to make the point that the law is not settled, it has cautiously revised the Guide, deleting broad language in its description of the breath of the anti-bribery provisions. Previously, the DOJ stated that a foreign national who attended a meeting in the United States would be subject to the FCPA, as well as co-conspirators or aiders and abettors, “regardless of whether the foreign national or company itself takes any action in the United States.” (Emphasis added.) That reference is deleted. Similarly, in an example in the same section, the DOJ also deleted language indicating that a company and an intermediary working on behalf of an “issuer” would be liable if they had never taken action in the territory of the United States, both as co-conspirators and for substantive violations of the anti-bribery provisions, because the violations were “reasonably foreseeable” and in furtherance of the conspiracy. (Emphasis added.) Although the DOJ will continue to try to limit the applicability of Hoskins in other circuits, it appears to be taking a more restrained approach and pulling back on previously broad assertions of conspiracy liability under the FCPA. In practice, the court-imposed limitation may not mean much because DOJ has many other ways of charging defendants, including the use of money-laundering and various fraud statutes.
Defining a State-Owned or State-Controlled Entity
Before any kind of judicial guidance, practitioners were forced into their own fact-based analysis as to what constituted an “instrumentality” of the state when determining whether a target entity was a state-owned or -controlled company under the FCPA. This analysis was, and is, critical for in-house compliance personnel in determining whether their company’s interactions with employees of these entities were “foreign government officials.” A few years ago, the Eleventh Circuit issued a well-reasoned opinion that will greatly assist in this analysis. United States v. Esquenazi, 752 F.3d 912 (11th Cir. 2014) set forth factors that determined whether a Haitian telecommunications company was a state-owned or controlled company under the control of the Haitian government. The reasoning of the Circuit, including the applicable factors to analyze that question, have now been incorporated into the DOJ’s Guide. The factors in determining whether the government controls an entity include: (1) the government’s formal designation of the entity; (2) whether the government has a majority interest in the entity; (3) the government’s ability to hire and fire principals of the entity; (4) the extent to which the entity’s profits go directly into the government’s fiscal accounts, and if the government has or will fund the entity when it is operating at a loss; and (5) the length of time these factors have existed.
In addition, factors determining whether the entity is performing a function that is essentially a governmental function include: (1) whether the entity has a monopoly over the function it seeks to carry out; (2) whether the government subsidizes the entity’s costs in providing the service; (3) whether the entity provides services to the public at large in the foreign country; and (4) whether the public and the government of the foreign country generally perceive the entity to be performing a governmental function. This second part of the analysis is also important. It is not enough for counsel to analyze whether the entity is state-owned or controlled, but counsel must also evaluate whether the pertinent function it performs has enough government characteristics to be considered a governmental action.
While the analysis in Esquenazi has already been used by FCPA practitioners, it is helpful that the DOJ adopted these factors in its new guidance to further assist outside counsel, as well as companies training their compliance staff. Moreover, the recent cases prosecuted and cited in the DOJ guidance fit squarely within that analysis. In determining whether a company was a state-owned entity in various cases, the DOJ cites factors such as the receipt of special tax advantages, the appointment of management or board members by government officials, the installation of political appointees as managers, or a government’s large ownership stake and veto power over major expenditures.
In adopting the Eleventh Circuit’s analysis and illustrating it with recent cases, the revised Resource Guide provides greater clarity in defining what companies or entities are “instrumentalities” and, as a consequence, who would be a “foreign government official” under the FCPA.
A Parent Company’s Liability for the Actions of Its Subsidiaries
The revised Resource Guide reiterates the government’s position that a parent may be liable for its subsidiary’s conduct under traditional agency principles. While there has been recent discussion about how far the government would take this concept, the outgoing AAG of DOJ’s Criminal Division has assured practitioners that the DOJ does not intend to hold parent companies liable for subsidiaries merely because of corporate ownership, but instead would evaluate each case on its own facts. AAG Benczkowski’s Remarks at ACI’s 36th Conference on the Foreign Corrupt Practices Act, December 4, 2019. The result in Hoskins shows that the government needs a strong showing of control and direction to establish agency in a criminal case.
The revised Resource Guide acknowledges that the government will evaluate the control exercised over the subsidiary, including the parent’s knowledge and direction of the subsidiary’s actions. While the guidance states that “if an agency relationship exists between a parent and a subsidiary, the parent is liable for the bribery committed by the subsidiary’s employees,” that statement is too broad and should be read along with other parts of the guidance and recent remarks by the outgoing AAG. Viewing DOJ ’s guidance in its entirety, the following questions need to be asked in evaluating parental liability: Did an agency relationship exist between the parent and subsidiary? Did the parent have knowledge of, or direct, the actions of the subsidiary generally and related to the specific transactions in question? Did the subsidiary act within the scope of authority conferred by the parent? The revised Guide is clear that DOJ will not be deterred by the formalities of the corporate structure but will focus on a fact-based inquiry into the parent’s conduct in conferring authority and providing direction to its subsidiaries, particularly with respect to the misconduct at issue.
A Nod to Internal Controls
With the emphasis the government has placed on compliance, companies are often asked detailed and specific questions about the state of their financial controls. The government notes in the revised Resource Guide that a compliance program and internal controls are not the same, but both contain a number of components that overlap and should be monitored. When reviewing internal controls, the Guide directs companies to take into account the risks of its business, including the type of products and services it provides, how products and services get to market, the nature of the company’s work force, the degree of regulation, the extent of government interaction, and the degree to which it has business in high risk countries. While these factors are not new, the government’s increasing focus on financial compliance should prompt companies to continue to integrate their compliance and audit functions.
The revised FCPA Resource Guide did not tackle some of the very important issues facing companies today. The Guide notes that the DOJ has coordinated resolutions with foreign governments in ten cases and the SEC has coordinated in five cases which demonstrates that the government is attempting to avoid “piling on” by imposing duplicative penalties. But for multinational companies that often face years of investigation by multiple foreign governments after the DOJ and SEC settle their cases, these statistics are not promising. Foreign authorities can be more disorganized, lack resources, or may not be bound by any statute of limitations. All of these factors can cause unacceptable delays in negotiating separate foreign resolutions and can result in duplicative penalties imposed long after the misconduct occurred. Moreover, data privacy and cyber security concerns for employee and proprietary data are top priorities for companies operating in multiple, high risk regions or in countries with a track record of trade secret theft. Moving data across borders to satisfy U.S. government requests can be problematic under these conditions, but the Resource Guide does not give guidance on these issues. Perhaps in the next set of revisions, the DOJ and SEC will give greater thought as to how companies can meet these challenges when they seek to cooperate in a government investigation.