Editors’ Note: This is the third in our start-of-year series examining important trends in white collar law and investigations in the coming year. Our previous entry discussed healthcare fraud in 2020. Up next: a look at trends regarding the False Claims Act. Look for additional posts throughout the month of January.
2019 was a blockbuster year for FCPA enforcement. The year was marked by the largest corporate FCPA settlement amount paid to U.S. authorities in history, while prosecutors brought criminal charges for FCPA violations against a wide range of individuals. As we look to the year ahead, below are some of the key trends to watch out for in 2020:
- No Surprise Here – Corporate Enforcement to Remain Active
The Department of Justice (DOJ) and the Securities and Exchange Commission (SEC) brought a total of 14 FCPA-related corporate enforcement actions to conclusion in 2019, and collected over $2.6 billion in criminal and civil penalties and restitution. Three key themes emerge from the top corporate resolutions of 2019.
First, the SEC and the DOJ continue to take an expansive view of the jurisdictional reach of the FCPA. For example, in parallel enforcement actions brought against a German-based provider of medical products and services, prosecutors relied on the fact that the company allegedly “use[d] … internet-based email accounts hosted by numerous service providers located in the United States,” in furtherance of the bribery scheme, to establish U.S. jurisdiction over the foreign issuer.
Second, corrupt agents/intermediaries remain one of the largest FCPA risk areas for companies. In June 2019, Walmart Inc. (Walmart) and its wholly-owned Brazilian subsidiary agreed to pay nearly $300 million to settle FCPA violations arising out of Walmart’s alleged failures to implement and maintain internal anti-corruption controls, which allowed Walmart’s foreign subsidiaries in Mexico, India, Brazil and China to hire third-party intermediaries which made improper payments to government officials in order to obtain permits and licenses to build and operate stores. Similarly, in September 2019, TechnipFMC Technologies plc (TechnipFMC), paid the SEC over $5 million to resolve FCPA violations arising out of over $794,000 in payments made by FMC Technologies (FMC) to a third-party consultant, a portion of which were used to pay bribes to Iraqi government officials to procure business with Iraq state-owned oil companies. FMC allegedly failed to engage in adequate due diligence on the intermediary even though the company had an internal policy requiring third party due diligence, and the company entered into numerous contracts with the intermediary that were renewed over multiple years. FMC also allegedly failed to require adequate supporting documentation prior to making payments to the intermediary.
Third, a company’s self-disclosure, cooperation and remediation after discovering FCPA violations continue to be significant factors in assessing penalties pursuant to the DOJ’s FCPA Corporate Enforcement Policy. This is best exemplified by comparing the results in two cases. First, prosecutors imposed massive penalties on multinational telecommunications company Telefonaktiebolaget LM Ericsson (Ericsson) to settle FCPA violations that occurred in Djibouti, China, Vietnam, Indonesia and Kuwait. Ericsson paid over $1 billion in civil and criminal penalties, the largest net FCPA settlement amount paid to U.S. authorities in history. The large penalty was based on multiple factors, including that the FCPA violations allegedly spanned five countries and included the involvement of high-level executives, but a very significant element was the fact that the company failed to voluntarily disclose the improper conduct, failed to disclose allegations of corruption “with respect to two relevant matters,” produced certain materials in an untimely manner, and failed to take adequate disciplinary measures with respect to employees involved in the misconduct.
Conversely, in February 2019, the DOJ declined to prosecute Cognizant Technology Solutions Corporation (Cognizant) for FCPA violations arising out of an alleged scheme to bribe government officials in India. The DOJ declined prosecution even though – just like in the case of Ericsson – several members of Cognizant’s senior management were allegedly involved in the criminal conduct. Cognizant was able to obtain the declination largely because Cognizant (1) voluntarily self-disclosed the violations within two weeks of learning of the misconduct, (2) provided all facts known to it about the misconduct, including the identities of the individuals involved, and (3) engaged in full remediation, including through terminating and disciplining employees and third-parties involved in the illegal conduct.
- Prosecution of Individuals Will Continue to be a Top Priority
In 2019, the DOJ continued to prioritize the identification and criminal prosecution of culpable individuals in FCPA cases. Prosecutors brought criminal charges against a wide range of individuals (from senior executives allegedly involved in schemes involving millions in bribe payments to an adoption manager in a case involving payments of a few hundred dollars each to facilitate foreign adoptions). Expect the following trends to continue in 2020:
Connection to corporate declinations: As noted above, the DOJ declined to prosecute Cognizant for FCPA violations, but it used information provided by Cognizant as part of the company’s voluntary self-disclosure to investigate and prosecute the company’s former president and former chief legal officer for their involvement in the Indian bribery scheme. This represents a clear example of the DOJ’s FCPA corporate enforcement policy working as intended – providing an incentive for a company to voluntarily disclose information, then using that information to investigate and prosecute individuals.
Focus on foreign executives: Prosecutors continue to bring charges against foreign executives and secure convictions, despite some legal challenges. In November, a federal jury convicted Lawrence Hoskins, a former senior executive with the French power and transportation company Alstom S.A. (“Alstom”), on a number of FCPA charges arising out of Hoskins’ involvement in a scheme to bribe Indonesian government officials to secure a $118 million contract for Alstom’s U.S. subsidiary at the time. Hoskins’ case raised important questions regarding the jurisdictional reach of the FCPA over individuals who are not U.S. persons. Hoskins, a UK national, did not travel to the U.S. while the bribery scheme was ongoing, did not personally engage in any criminal conduct on U.S. soil, and only communicated with US-based conspirators by phone and email from France. In a much-awaited decision in 2018, as reported on here, a federal appellate court rejected some of DOJ’s theories of jurisdiction, but allowed DOJ to prosecute Hoskins based on the argument that Hoskins acted as an “agent” of the U.S. subsidiary in carrying out the bribery scheme. Subsequently, the trial court decided that for FCPA purposes an agency relationship requires simply: (1) “a manifestation by the principal that the agent will act for it,” (2) “acceptance by the agent of the undertaking,” and, (3) “an understanding between the agent and the principal that the principal will be in control of the undertaking.” Defining the agency relationship in this way puts the focus on the control that the principal [here, Alstom’s U.S. subsidiary] had over the undertaking [i.e., the bribery scheme] rather than its control over the agent [Hoskins]. Relying on that instruction, the jury convicted Hoskins. A more detailed analysis of the trial court’s decision can be found here.
Willingness to charge foreign government officials: DOJ continues to demonstrate a willingness to use criminal laws other than the FCPA to charge foreign government officials implicated in bribery schemes with a nexus to the United States. For example, prosecutors brought conspiracy and money laundering charges against:
- the former Venezuelan Minister of Electrical Energy along with the former procurement director for a Venezuelan state-owned electric company in connection with a bribery scheme involving government contracts;
- the former Minister of Finance in Mozambique along with two other government officials, three U.K-based investment bankers and two Lebanese executives in a scheme involving alleged corruption in financing certain maritime projects; and
- the former Minister of Industry (who was also a Member of Parliament) in Barbados in a scheme involving the renewal of insurance contracts.
- Victims’ Rights in FCPA Cases to be an Area of Focus
Restitution awards to foreign governments or their instrumentalities have thus far been rare in FCPA cases. U.S. prosecutors and courts have generally been reluctant to provide restitution to an affected foreign government agency/instrumentality based on the reasoning that the agency/instrumentality is a bad actor or co-conspirator which employed the corrupt officials that were the bribe recipients. However, several 2019 cases have served to bring back the spotlight on victims’ rights in FCPA enforcement actions.
In particular, in August 2019, a federal district court in New York held that shareholders of Canadian mining company Africo Resources Ltd. (“Africo”), could seek restitution pursuant to the Mandatory Victims Restitution Act (18 U.S.C. § 3663A) (“MVRA”) for losses incurred as a result of OZ Africa Management LLC’s (“OZ Africa”) bribery of government officials in the Democratic Republic of the Congo in return for the officials’ assistance in a scheme to acquire Africo’s interests in a copper and cobalt mine. The court agreed that the shareholders qualified as victims under the MVRA, finding that OZ Africa’s fraudulent acquisition of Africo’s mining rights was the “direct and proximate cause” of Africo’s harm. The opinion suggests that there may be a path to restitution for entities (and their owners) claiming victim status in FCPA cases, especially if the entity at issue is a third party with no involvement in the underlying illegal conduct.
Separately, in October 2019, the Instituto Mexicano del Seguro Social (“IMSS”), Mexico’s Social Security Institute, filed a private lawsuit against Stryker Corporation (“Stryker”) in a Michigan federal court for claims arising out of Stryker’s alleged bribery scheme to illegally obtain contracts with IMSS. In 2013, the SEC brought an enforcement action against Stryker for FCPA violations arising out of the same bribery scheme. The Stryker action is one of only a small number of private lawsuits that have been brought thus far by foreign government agencies as victims of corruption and bribery, and thus will be an important case to follow in 2020. Stryker has already indicated that it intends to file a motion to dismiss IMSS’s complaint on multiple grounds, including that Michigan is not an adequate forum for the litigation and that the case should have been brought in Mexico.
- U.S. Authorities Continue Collaboration with Counterparts Abroad While Foreign Regulators Step Up Their Own Anti-Corruption Efforts
In 2019, U.S. authorities continued to work with their counterparts abroad to investigate and resolve FCPA violations. For example, in its enforcement action against TechnipFMC, the DOJ counted on the assistance from no less than seven governments. The trend is likely to continue in 2020.
At the same time, regulators in other countries have continued to step up anti-corruption efforts, including by issuing additional compliance-related guidance. For example, in August 2019, the U.K.’s Serious Fraud Office (SFO) released new guidance aimed at providing greater clarity to companies on the steps they must take to receive cooperation credit. Similarly, in June 2019, France’s anti-corruption agencies released guidelines regarding the use of France’s equivalent of deferred prosecution agreements.
In 2019, DOJ continued what has become a decade-long trend of attempting to provide more guidance as to the factors it will consider when evaluating voluntary disclosure, cooperation, and compliance efforts. Looking forward, expect DOJ to continue to refer to concepts from these policies and expressly discuss their impact when it issues a declination, reaches a non- or deferred- prosecution deal, or completes a plea agreement.
Revisions to the FCPA Corporate Enforcement Policy
Early last year, DOJ published several enhancements and clarifications to its FCPA Corporate Enforcement Policy. Among other changes signaling more flexibility, DOJ relaxed its expectations regarding company oversight of employees’ use of personal communications and “ephemeral messaging platforms” by changing the policy to require only that companies implement “appropriate guidance and controls” over such practices (in contrast with the prior policy language, which expected companies to prohibit the use of such communications in order to receive full cooperation credit). In addition, DOJ reinforced the importance of M&A diligence by formalizing the presumption that a company acting promptly to voluntarily disclose misconduct uncovered during pre-acquisition due diligence or post-acquisition compliance implementation will receive a declination.
Expanded Guidance on Corporate Compliance Programs More Generally
In May 2019, as reported on here, the DOJ’s Criminal Division released expanded guidance on the Evaluation of Corporate Compliance Programs, providing a significantly more detailed statement of DOJ’s views on compliance programs, by drawing heavily on the prior FCPA-specific guidance. The guidance is built around three fundamental questions:
- Is the compliance program well designed? DOJ continues to emphasize the fundamental importance of conducting a thoughtful risk assessment, allocating resources to address the most significant risks, and continuously updating the assessment. The guidance also emphasizes the critical importance of due diligence being performed in two specific high-risk areas: M&A; and third party relationships (e.g., representatives, sales agents).
- Is the compliance program being implemented effectively? The guidance focuses on a commitment to compliance by management (not only at the top, but also in the middle), a compliance program with adequate independence, resources, and stature within the company, and the presence of incentives and disciplinary measures to foster compliant conduct.
- Does the compliance program work in practice? Finally, the guidance asks whether the compliance program adapts as risks change, whether it effectively investigates potential misconduct, and whether it is able to identify the root cause of misconduct and remediate it.