The Foreign Corrupt Practices Act ("FCPA") prohibits making payments to foreign officials for the purpose of obtaining or retaining business.1 It applies broadly to U.S. companies and individuals, companies that are listed on a U.S. exchange, employees and agents of U.S. businesses, and foreign nationals and businesses that engage in specific prohibited acts while in the territory of the U.S.

At the Securities and Exchange Commission's ("SEC") annual "SEC Speaks" conference last month, Cheryl Scarboro, chief of the FCPA unit, recounted a busy 2010 with more FCPA actions than ever, including more than the number brought in 2008 and 2009 combined. At this same conference, Thomas A. Sporkin, head of the Office of Market Intelligence, discussed the whistleblower program created under Section 922 of the Dodd-Frank Wall Street Reform and Consumer Protection Act ("Dodd-Frank" or the "Act")2 and noted the agency had had an "onslaught" of whistleblower tips and complaints since July, including a marked increase in high-value complaints — one or two a day — leading to more agency actions.

In light of the new whistleblower program that incentivizes employees to report apparent violations externally to government agencies rather than through corporate compliance programs, a company should implement an FCPA compliance program as part of its overall compliance strategy that encourages employee cooperation.

The Employer-Employee Relationship in a Post Dodd-Frank World

Dodd-Frank, which became law in July 2010, applies to all violations of the securities laws, but its provisions have unique implications for FCPA enforcement.3 The provisions implementing the Act offer a bounty to whistleblowers who voluntarily provide original information that leads to a successful enforcement action by the SEC.4 The whistleblower's information must be derived from the whistleblower's independent knowledge or analysis, must not be known to the SEC from any other source (unless the whistleblower is the original source even if the whistleblower is not the first to make the report to the SEC), and must not be exclusively derived from judicial, administrative, or government reports, hearings, audits, or investigations,5 or from the news media. Furthermore, the whistleblower cannot be the wrongdoer. Awards to whistleblowers range from 10 percent to 30 percent of the collected monetary sanctions in excess of $1 million.6

Given many recent multi-hundred-million-dollar FCPA settlements,7 the Act's whistleblower provisions are likely to result in even more FCPA investigations and enforcement actions. Dodd-Frank's whistleblower provisions may cause employees to circumvent their internal reporting/compliance structure and go outside to report to the government. Thus, companies have argued that the Act's incentives undermine their internal compliance structures.8 As such, companies must carefully consider implementing a compliance program that counters the effects of the Dodd-Frank bounties. This compliance program must effectively address issues raised by whistleblowers so that the whistleblowers believe the company takes compliance seriously.9

The Purpose of a Good FCPA Compliance Program

Generally, a good FCPA compliance program serves four complementary purposes with respect to employee participation in it: (1) it provides information for employees regarding the company's antibribery principles and recordkeeping requirements; (2) it communicates with all employees the company's stance and commitment to antibribery initiatives, regardless of the effects of these initiatives on important sales or business relationships; (3) it provides guidance by which employees can distinguish between clear-cut areas where few FCPA concerns are present and those where involvement of experts is necessary; and (4) it provides a means of monitoring policy observance while simultaneously encouraging employees to report any concerns early and up the chain of command.

Key Elements of an Effective FCPA Compliance Program that Promote Employee Cooperation and Participation

There is no single FCPA compliance program that will work for all companies. An effective FCPA compliance program must be tailored to the particulars of the business and the industry for which it is being adopted; it must also be tailored to comply with the local laws of the countries in which the company operates and conducts business. Nevertheless, there are certain key topics that should be addressed in any FCPA compliance program to encourage employee cooperation and participation.

In the end, the goal should be to develop a culture of compliance.10 Among other things, this entails making sure that the written policies are followed and not undermined by the actions of management. A culture of compliance cannot be created overnight. An employer must take affirmative steps to foster this culture. Below are a few affirmative steps that an employer should take to encourage and foster a culture of FCPA compliance.

Corporate Policy Prohibiting Foreign Corrupt Payments

A company's policy statement is the public assertion of its commitment to do business abroad without making corrupt payments. It also serves a dual purpose by informing employees, including new hires, of the company's stance against corruption and compliance with federal laws. The company's policy statement should briefly describe the applicable law and set forth the manner in which the company intends to comply with it. Furthermore, the policy should stress the importance of timely and accurate accounting for all payments, regardless of the purpose.

Standalone Anticorruption Policy

An anticorruption policy may generally include both a complete copy of the company's policies, but also real-world examples of situations that can arise, such as payments for travel and lodging, dealing with foreign officials, the company's policy on facilitating payments, and so forth. The policy may present detailed information about reporting requirements, company procedures for approving payments, standards for entertainment of government officials, and sample forms for proper accounting for expenditures. Even so, the policy should be written in plain, direct language easily understood by non-lawyers. An employer may wish to include a copy of this policy to all new hires, and employers may wish to consider providing updates or refresher presentations as the policy evolves or the company's position changes.

Corporate Policy Regarding Anti-Retaliation

Every company is in a position to influence how employees, as potential whistleblowers, feel about whether they may suffer retaliation. Of course, retaliation for shedding light on apparent violations of legal and/or regulatory requirements is unlawful.11 Section 922 of Dodd-Frank not only confirms this but also may significantly enhance whistleblower protections. However, all employees do not necessarily believe that their employers will always follow the law. Accordingly, companies should consider how they may effectively communicate to their employees that whistleblowers will not be mistreated. Potential whistleblowers should feel confident that if they speak up, they will not face retribution. Effective communication of this message includes providing employees an anti-retaliation policy and subsequent reminders of the policy, so they are aware the company encourages reporting of any actual or perceived impropriety.

Employee Training

Critical components of a compliance program are education and training programs and compliance seminars. A company may consider conducting these programs in a practical setting, where the issues discussed and the advice presented deal with real concerns in a real-world context. It may not be effective to provide abstract ethical standards and guidelines without relevance to the practical settings and realistic nature of their implementation. An effective method for training is to develop hypothetical case studies that mirror the factual settings that a company's employees confront in the international marketplace, and to analyze the appropriate issues and responses that arise in these factual settings.

It is important that a corporate employee learn about FCPA compliance policy from the outset of his or her employment. Thus, a corporation should provide comprehensive training to new hires with regular supplemental training. More intensive training should be considered for key employees, such as those in sales and marketing, those who operate abroad, finance employees, and people who supervise the same.

Written Certification by Relevant Employees

Employees should be required to certify in writing they have been advised of the company's policies regarding foreign corrupt payments and agree to abide by those policies. Likewise, foreign agents, representatives, consultants, and other business partners should be required to provide a similar written certification. A company's policy should state whether these certifications will be required annually or only at the initiation of a relationship. In circumstances where the risk of corrupt practices is extremely high, corporate policy might also require a personal interview by counsel in addition to this written certification. To the extent that the corporate policy requires annual certifications, a company must ensure that the certifications are updated on a yearly basis. Failure to do so may send the wrong message that the company does not take FCPA compliance seriously.12

Internal Mechanisms for Reporting Violations

As a matter of law, under the Sarbanes- Oxley Act of 2002 ("Sarbanes-Oxley"), employees of certain companies must be given adequate opportunities to report violations and to do so anonymously if they wish.13 Under Sarbanes-Oxley, every company whose stock is publicly traded on the New York Stock Exchange or the publicly traded exchange, NASDAQ, is required to implement an anonymous channel for employees to report violations directly to the Audit Committee of the Board of Directors.14 Employees must be made aware of this mechanism for reporting violations and should be assured that any reports will be on an anonymous basis.15

Helpline

Far too often companies focus on an anonymous reporting line, but fail to provide a helpline. What if an employee is not sure whether he or she has witnessed activity that should be reported? A helpline serves this purpose because employees who are expected to implement the company's FCPA compliance program may need guidance from individuals knowledgeable in the law and the organization's policies. Thus, a mechanism that puts such employees in contact with attorneys in the legal department or other individuals capable of providing well-considered and accurate advice may prove to be helpful.

Conclusion

As described above, employee participation in a company's compliance program is an issue of growing significance to all employers that operate or conduct business abroad. While each company can, and should, develop its own approach to employee cooperation with internal compliance programs, certain basic principles encourage employee cooperation. The key topics described in this commentary will help shape the development of an appropriate policy, and our attorneys would be happy to assist with any questions related to FCPA compliance in general or employee cooperation with FCPA compliance programs.

Footnotes

1. Foreign Corrupt Practices Act of 1977, Pub. L. No. 95-213, 91 Stat. 1494 (codified as amended at 15 U.S.C. §§ 78m, 78dd-1, 78dd-2, 78dd-3, 78ff). For a summary of the FCPA's provisions, please see our Client Alert from September 20, 2010, available at http://www.mofo.com/files/Uploads/images/100920-FCPA.pdf.

2. Dodd-Frank Wall Street Reform and Consumer Protection Act, Pub. L. No. 11-203, 124 Stat. 1376 (July 21, 2010).

3. For an analysis of FCPA enforcement post Dodd-Frank, please see our Client Alert from July 21, 2010, available at http://www.mofo.com/files/Uploads/Images/100721SLEW.pdf.

4. Under Dodd-Frank, section 922 (the whistleblower bounty provisions) must be implemented by the SEC by April 21, 2011. The comment period closed on December 17, 2010, and the SEC has announced that it will adopt final rules before that date.

5. Similarly, in-house counsel cannot use information discovered through the discharge of his or her duties.

6. The sanctions can be collected by the SEC or other governmental entities, such as the Department of Justice.

7. On November 4, 2010, the SEC announced a settlement of $236.5 million with seven companies that were charged with making millions of dollars of bribes to foreign officials. Press Release, Securities and Exchange Commission, SEC Charges Seven Oil Services and Freight Forwarding Companies for Widespread Bribery of Customs Officials (Nov. 4, 2010) (available at http://www.sec.gov/news/press/2010/2010-214.htm). Similarly, on December 27, 2010, the SEC announced a settlement of $137 million with Alcatel-Lucent, S.A., which was charged with paying bribes to foreign officials to obtain or retain business in Latin America and Asia. Litigation Release, Securities and Exchange Commission, SEC Files Settled Foreign Corrupt Practices Act Charges Against Alcatel-Lucent, S.A. With Total Disgorgement and Criminal Fines of Over $137 Million (Dec. 27, 2010) (available at http://www.sec.gov/litigation/litreleases/2010/lr21795.htm).

8. See, e.g., Letter from Ethics Resource Center to the Securities and Exchange Commission (Dec. 17, 2010) (available at http://www.ethics.org/files/u5/ ERCCommentS7-33-10.pdf) ("Our review of the proposed rules has focused on the potential impact of the reward fund on corporate [Ethics & Compliance] programs and other voluntary efforts to build strong ethical cultures. We note the concern of other commentators that the proposed rules may incentivize employees with knowledge of misconduct to ignore internal processes for addressing bad behavior.").

9. Jordan A. Thomas, Assistant Director of the SEC's Division of Enforcement, Panel on Internal Reporting of Wrongdoing in the New Era of SEC Whistleblower Rewards, Morrison & Foerster LLP, Dec. 1, 2010 ("I have come across informal sources that have revealed that in many significant whistleblower cases, reporting individuals have gone through the internal reporting channels of their organizations, were dissatisfied with the results, and then turned to the government.").

10. For a detailed analysis of the benefits of a culture of compliance, please refer to our Employment Commentary from January 2011, available at http://www.mofo.com/files/Uploads/Images/110127-Employment-Law-Commentary.pdf.

11. Sarbanes-Oxley Act section 806, codified at 18 U.S.C. § 1514A.

12. Although outside the scope of this commentary, it is important to note that a company must vigorously enforce its own compliance program. Otherwise, employees may conclude that a written compliance program is not taken seriously because the company does not enforce its own policies.

13. Companies operating abroad should be aware of the local laws that may or may not govern certain compliance mechanisms. In France, for example, the Commission Nationale de l'Informatique et des Libertés ("CNIL") states that anonymous reporting is not encouraged, only allowed in very limited resources. Indeed, on June 14, 2005, two American firms' French subsidiaries' requests to implement systems that would allow anonymous reporting, pursuant to the mandates of the Sarbanes- Oxley Act of 2002, were denied. While the 2010 amendments adopted by CNIL have sought to reconcile the competing privacy interests, this example highlights the importance of knowing the laws of all of the jurisdictions in which a company or its subsidiaries operate or conduct business.

14. Sarbanes-Oxley Act section 301, codified at 15 U.S.C. § 78j-1(m)(4).

15. Among other channels to encourage raising concerns, anonymous reporting lines may include an 800 number, web-based hotlines, or an ombudsperson's office.

Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Morrison & Foerster LLP. All rights reserved