United States: DOJ And SEC Issue Long Anticipated FCPA Guidance

Last Updated: November 16 2012
Article by Paul T. Friedman, D. Anthony Rodriguez and Ruti Smithline


At long last, the United States Department of Justice ("DOJ") and the Securities and Exchange Commission ("SEC") released their guidance on Foreign Corrupt Practices Act ("FCPA") compliance and enforcement issues.

The guidance is not a panacea for the difficult issues that global companies navigate on a daily basis, but the 120-page A Resource Guide to the U.S. Foreign Corrupt Practices Act (the "Resource Guide") will prove to be a valuable resource. It provides a one-stop compilation of information and distillation of principles that will be helpful "from the board room to the supply room."

The guidance presents the views of the regulators on commonly encountered issues. That in itself is valuable, even though it emphasizes (of course) that companies must approach FCPA compliance based on the particular facts of their operations and circumstances. But the guidance does not deliver any of the fundamental reform that the business community has been seeking, likely setting the stage for further attempts to secure statutory reform from Congress.


The FCPA has been on the books since 1977, but it has matured into a regulatory juggernaut over the past several years, during which FCPA enforcement has been a top priority of the DOJ and the SEC. The regulators have secured record fines (amounting to billions of dollars) and people have gone to prison. Just last week, Assistant Attorney General Lanny A. Breuer heralded the DOJ's aggressive FCPA enforcement as a "signature achievement" of President Obama's first term. Mr. Breuer noted that the battle against corruption is one of the "main struggles of our time."

Global businesses have worked hard to comply with the FCPA, while at the same time expressing a desire for clarity and certainty in gray areas. The business community and members of Congress have suggested that reform is needed to curb regulatory excesses.

In this context, Mr. Breuer and the SEC's Director of the Division of Enforcement, Robert Khuzami, announced last year that their agencies would issue guidance about the FCPA. Over the past year, both of these officials have stated several times that the guidance will not represent a retrenchment from aggressive enforcement. Indeed, the Resource Guide delivers on that promise and shows no indication that regulators intend to retreat. The Resource Guide calls FCPA enforcement a "continuing priority" of both agencies and promises "robust enforcement."


Who is a "foreign official" and what is a "foreign instrumentality"

The FCPA prohibits payments or offers of payments to "foreign officials." The definition of "foreign official" includes those who work for an agency or instrumentality of a foreign government. Who qualifies as a foreign official has been a pivotal issue in designing compliance programs. As the issue has been litigated, courts have looked at a host of factors in determining whether a person is a foreign official.

The Resource Guide reaffirms the regulators' longstanding policy that the FCPA applies to government foreign officials irrespective of rank, and notes that the DOJ and SEC "continue to regularly bring" cases based on bribes paid to "employees of agencies and instrumentalities of foreign governments." The guidance does not set any bright-line rules, but instead refers to a long list of factors, mirroring those articulated by the courts that have considered the issue.

Notably, the guidance states that "as a practical matter, an entity is unlikely to qualify as an instrumentality if a government does not own or control a majority of its shares." But the guidance then notes that there can be circumstances in which an entity with minority government ownership would qualify as an instrumentality if the government had "substantial control," such as veto power and operational control. This is not news; it is a reflection of the regulators' views on this issue to date. But it provides no meaningful relief from the fact-specific ambiguities presented in real life.

Gifts and hospitality

The relationship between being a good host or a good guest and what constitutes giving or offering "anything of value" under the FCPA has been an uneasy one. On the one hand, the DOJ and the SEC have refused to announce a de minimis rule that they will not bring enforcement actions based on the giving or providing of gifts or hospitality below a certain value. On the other, they have not brought (and have said they will not bring) enforcement actions based solely on small gifts or modest hospitality expenses.

The guidance recognizes that "[a] small gift or token of esteem or gratitude is often an appropriate way for business people to display respect for each other." The regulators state that "[t]he FCPA does not prohibit gift-giving," but instead "prohibits the payment of bribes, including those disguised as gifts." The guidance does not adopt any de minimis rule, but includes hypotheticals that describe scenarios in which promotional materials and hospitality at a trade show booth, rounds of drinks after the trade show, and a wedding gift to a senior foreign official all could pass muster under the FCPA. The guidance focuses on the purpose of the gift or entertainment. These hypotheticals could turn out to be some of the most useful guidance for day-to-day matters in many compliance departments, though the topic of gift-giving, particularly of cash, should continue to receive careful attention.

The guidance also includes examples of "improper travel and entertainment," such as lavish dinners, luxury gifts, and exotic trips unrelated to training or inspection visits. The regulators also note that small gifts individually are not likely to be prosecuted, but would be subject to enforcement action if they are part of systemic bribery.

"Grease" payments

The FCPA expressly excludes "facilitating or expediting payments" from liability. The guidance repeats the well-known (if less than crystal-clear) tests for distinguishing between one of these "grease" payments and a bribe, e.g., whether the payment is to further one-time, non-discretionary, government action, or to secure or retain business, such as by influencing discretionary acts. The Resource Guide includes examples of "routine government action," such as obtaining permits or licenses, processing visas, scheduling inspections, obtaining police protection, or obtaining utility service. The guidance also provides a hypothetical involving a one-time, small, "grease" payment to ensure that a file clerk "files and stamps permit applications expeditiously" and a "modest cash payment" to a high-ranking government official to make an environmental issue go away. The guidance terms the former a facilitating payment and the latter a bribe.

After discussing facilitating and expediting payments, and affirming the FCPA's exclusion for these payments, the Resource Guide nonetheless notes that facilitation payments violate many local laws, the recommendations of the Organisation for Economic Co-operation and Development's Working Group on Bribery, and other countries' foreign bribery laws, such as the UK Bribery Act.

The standard for corporate liability v. individual liability

The guidance reiterates the regulators' position that there is a different standard for imposing criminal liability on an individual as compared to a company. The FCPA states that an individual must have acted "willfully," but there is no "willful" requirement for corporate criminal or civil liability. "Willful," say the regulators, means that the individual knows generally that his or her conduct is unlawful, not necessarily that it violates the FCPA. The guidance does not state that the regulators will apply a "willful" requirement in considering whether to prosecute a company. However, the guidance notes that "proof of corrupt intent" is required to establish corporate criminal or civil liability. What the regulators see as the difference between "willful" and "corrupt intent" goes unsaid.

On a related topic, the guidance endorses the court rulings that a defendant can be liable for violating the FCPA when he or she showed "willful blindness or "conscious avoidance"—i.e., the "head-in-the-sand" approach.1

Parent-subsidiary liability

The guidance addresses parent liability for a subsidiary's violation of the FCPA's anti-bribery provisions and for violation of the books and records provisions.

Notably, the regulators do not assert that a parent is always liable for its subsidiary's violation of the anti-bribery provisions. The guidance, does not, however, describe situations in which a parent can never be held liable.

According to the guidance, where a parent directed the subsidiary to pay bribes or otherwise participated directly in the scheme, it has direct liability. But if the parent did not take those steps, then the Resource Guide states that "traditional agency principles" determine whether the parent may be liable for its subsidiary's conduct. The regulators describe "control" as the fundamental characteristic of agency. In evaluating the parent's control, the SEC and DOJ will look for the parent's knowledge and direction of the subsidiary's actions in general and in the context of the specific transaction, evaluating both the formal relationship and the "practical realities of how the parent and subsidiary actually interact." If there is an agency relationship, then the parent will be liable for bribery committed by the subsidiary's employees.

The guidance states that an "issuer" (for simplicity, described here as a company whose stock or ADRs trade in the U.S.) is responsible for ensuring that "subsidiaries or affiliates under its control, including foreign subsidiaries and joint venture partners," comply with the FCPA's accounting provisions. This signals that the regulators will continue to pursue parent corporations for civil liability under the accounting provisions when a small subsidiary in a distant land violates the accounting provisions and the false accounting is consolidated into the parent's books and records. However, where a parent company owns less than 50% of a subsidiary or affiliate, the parent "is only required to use its best efforts to cause the minority-owned subsidiary or affiliate to devise and maintain a system of internal accounting controls consistent with the issuer's own obligations under the FCPA." In evaluating those "best efforts," the regulators will take into account all circumstances, including the relative degree of ownership and the laws and practices of the country in which the subsidiary or affiliate is located.

Successor liability after a merger or acquisition

In the area of successor liability, the guidance makes two clear pronouncements: (1) when a company merges with or acquires another company, the successor company assumes the predecessor company's liabilities, including FCPA liability; and (2) successor liability does not create liability where none existed before. The guidance articulates the regulators' long-standing enforcement position that an acquiring company can be held liable for the acts of its predecessor even if the acquiring company may have had no involvement in the pre-acquisition conduct. The guidance also recognizes, however, that FCPA liability cannot be applied retroactively. Therefore, an acquiring company cannot be held liable for the conduct of a company that was not previously subject to the FCPA's jurisdiction.

The guidance also emphasizes that, in cases where the improper conduct continues post-closing, the acquiring company may have direct liability—rather than liability under the theory of successor liability—for the continuing FCPA violations. The guidance also echoes recent enforcement actions and DOJ Opinion Releases in this area that encourage companies to conduct comprehensive pre-acquisition due diligence to the extent possible and to implement swift post-acquisition remediation, including integration of the acquired company into the acquiring company's compliance program. The guidance also notes, several times, the potential upside to an acquiring company that voluntarily discloses FCPA violations that it uncovers at the acquired company.

Setting standards for compliance programs

As expected, the guidance does not state that the FCPA requires a particular set of compliance processes, or that adopting a particular type of program will immunize a company from liability. Indeed, the regulators expressly disclaim doing so, stating "DOJ and SEC have no formulaic requirements regarding compliance programs." The regulators state that they "employ a common-sense and pragmatic approach to evaluating compliance programs," inquiring whether the program is well designed, is applied in good faith, and does it work. Thus, according to the DOJ and SEC, companies have "flexibility" to create and maintain "a system of controls that is appropriate to their particular needs and circumstances." Notably, the guidance also does not adopt the existence of "adequate" procedures as an affirmative defense to FCPA liability.

The regulators call for companies to tailor their compliance programs to their business, such as by factoring in the nature of their products and services, how those products and services get to market, the nature of its work force, the degree of regulation, the extent of its government interaction, and the degree to which it operates in countries with a high risk of corruption. The Resource Guide states that businesses exposed to a high risk of corruption will have different controls than a company that faces a low risk, "just as a financial services company would be expected to devise and employ different internal controls than a manufacturer."

The Resource Guide lists "hallmarks of effective compliance programs," including (1) the "tone at the top" and clearly articulated and implemented anti-corruption policies; (2) a clear and readily available code of conduct and company-wide policies and procedures to prevent and detect bribery; (3) a senior executive who is responsible for overseeing an organization that has the autonomy and resources with which to monitor and enforce compliance; (4) risk assessment practices that prevent unnecessary expenditures of time and effort on low-risk areas to the detriment of monitoring high-risk areas; (5) training and access to immediate advice; (6) the use of incentives and discipline to enforce and strengthen the compliance program; (7) diligence in retaining and working with agents, consultants, and distributors; (8) hotlines and reliable internal investigations; (9) testing and improvement of compliance programs; and (10) diligence in investigating acquisition targets and in incorporating them into the compliance program "promptly" after the acquisition closes.

The guidance states that DOJ and the SEC understand that no compliance program can be 100% effective and that "they do not hold companies to a standard of perfection." The regulators also note that there could be situations in which they "may otherwise seek to reward a company for its program, even when that program did not prevent the particular underlying FCPA violation that gave rise to the investigation," i.e., by not bringing an enforcement action or by adjusting the penalty downward.


Whether and when to self-report a known or suspected FCPA violation is a complex and nuanced decision. The regulators have stated repeatedly that they encourage companies to self-report and that such cooperation results in benefits. The guidance emphasizes that "both DOJ and SEC place a high premium on self-reporting, along with cooperation and remedial efforts, in determining the appropriate resolution of FCPA matters."

The DOJ notes that "in many investigations it will be appropriate for a prosecutor to consider a corporation's pre-indictment conduct, including voluntary disclosure, cooperation, and remediation in determining whether to seek an indictment." The DOJ also notes that it cannot assess an organization's cooperation based on whether the company waived attorney-client privilege or work product protections, but can do so based on whether the company disclosed the relevant facts underlying an investigation. The SEC likewise cites existing statements about whether and when the SEC grants leniency to companies for cooperating in investigations, such as by self-reporting, and states that credit for cooperation by companies may range from taking no enforcement action to reduced sanctions. In this respect, the guidance merely echoes the regulators' repeated endorsements of self-reporting and their statements that doing so could benefit the reporting company.


The guidance responds to the calls for fuller disclosure of declinations—decisions not to take enforcement action against an individual or company—by doing three things. First, the DOJ notes that it has a long-standing policy not to provide, without the party's consent, non-public information about matters that it has declined to prosecute. The DOJ noted that there have been "rare circumstances" in which it prosecuted an individual but disclosed that it was not also prosecuting his or her employer. Second, the guidance discloses that "in the past two years alone, the DOJ has declined several dozen cases against companies where potential FCPA violations were alleged." This is the first time that practitioners have ever learned from the DOJ something about the number of declinations. Third, the guidance lists six anonymized examples of declinations, all of which featured companies that had taken immediate action to stop the misconduct, completed thorough internal investigations, and self-reported.


The Resource Guide is not groundbreaking. There is no sign of the regulators retreating from their expansive views of liability under the FCPA. It does little to address the calls for bright-line rules.

Nonetheless, the guidance is helpful. The guidance provides some clarity in an area that is greatly lacking in precedent or judicial interpretation. Without creating safe harbors, the guidance clarifies circumstances that do not pose significant danger of FCPA liability.

The guidance is far from the last word on the constellation of issues in FCPA enforcement. But it is a step forward towards greater clarity and predictability.


1 For further discussion, see Paul T. Friedman and Ruti Smithline, Is "Conscious Avoidance" Sufficient to Establish Knowledge under the FCPA? Depends Which Court You Ask., Client Alert (Jan. 4, 2012).

Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Morrison & Foerster LLP. All rights reserved

To print this article, all you need is to be registered on Mondaq.com.

Click to Login as an existing user or Register so you can print this article.

Similar Articles
Relevancy Powered by MondaqAI
In association with
Related Topics
Similar Articles
Relevancy Powered by MondaqAI
Related Articles
Related Video
Up-coming Events Search
Font Size:
Mondaq on Twitter
Mondaq Free Registration
Gain access to Mondaq global archive of over 375,000 articles covering 200 countries with a personalised News Alert and automatic login on this device.
Mondaq News Alert (some suggested topics and region)
Select Topics
Registration (please scroll down to set your data preferences)

Mondaq Ltd requires you to register and provide information that personally identifies you, including your content preferences, for three primary purposes (full details of Mondaq’s use of your personal data can be found in our Privacy and Cookies Notice):

  • To allow you to personalize the Mondaq websites you are visiting to show content ("Content") relevant to your interests.
  • To enable features such as password reminder, news alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our content providers ("Contributors") who contribute Content for free for your use.

Mondaq hopes that our registered users will support us in maintaining our free to view business model by consenting to our use of your personal data as described below.

Mondaq has a "free to view" business model. Our services are paid for by Contributors in exchange for Mondaq providing them with access to information about who accesses their content. Once personal data is transferred to our Contributors they become a data controller of this personal data. They use it to measure the response that their articles are receiving, as a form of market research. They may also use it to provide Mondaq users with information about their products and services.

Details of each Contributor to which your personal data will be transferred is clearly stated within the Content that you access. For full details of how this Contributor will use your personal data, you should review the Contributor’s own Privacy Notice.

Please indicate your preference below:

Yes, I am happy to support Mondaq in maintaining its free to view business model by agreeing to allow Mondaq to share my personal data with Contributors whose Content I access
No, I do not want Mondaq to share my personal data with Contributors

Also please let us know whether you are happy to receive communications promoting products and services offered by Mondaq:

Yes, I am happy to received promotional communications from Mondaq
No, please do not send me promotional communications from Mondaq
Terms & Conditions

Mondaq.com (the Website) is owned and managed by Mondaq Ltd (Mondaq). Mondaq grants you a non-exclusive, revocable licence to access the Website and associated services, such as the Mondaq News Alerts (Services), subject to and in consideration of your compliance with the following terms and conditions of use (Terms). Your use of the Website and/or Services constitutes your agreement to the Terms. Mondaq may terminate your use of the Website and Services if you are in breach of these Terms or if Mondaq decides to terminate the licence granted hereunder for any reason whatsoever.

Use of www.mondaq.com

To Use Mondaq.com you must be: eighteen (18) years old or over; legally capable of entering into binding contracts; and not in any way prohibited by the applicable law to enter into these Terms in the jurisdiction which you are currently located.

You may use the Website as an unregistered user, however, you are required to register as a user if you wish to read the full text of the Content or to receive the Services.

You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these Terms or with the prior written consent of Mondaq. You may not use electronic or other means to extract details or information from the Content. Nor shall you extract information about users or Contributors in order to offer them any services or products.

In your use of the Website and/or Services you shall: comply with all applicable laws, regulations, directives and legislations which apply to your Use of the Website and/or Services in whatever country you are physically located including without limitation any and all consumer law, export control laws and regulations; provide to us true, correct and accurate information and promptly inform us in the event that any information that you have provided to us changes or becomes inaccurate; notify Mondaq immediately of any circumstances where you have reason to believe that any Intellectual Property Rights or any other rights of any third party may have been infringed; co-operate with reasonable security or other checks or requests for information made by Mondaq from time to time; and at all times be fully liable for the breach of any of these Terms by a third party using your login details to access the Website and/or Services

however, you shall not: do anything likely to impair, interfere with or damage or cause harm or distress to any persons, or the network; do anything that will infringe any Intellectual Property Rights or other rights of Mondaq or any third party; or use the Website, Services and/or Content otherwise than in accordance with these Terms; use any trade marks or service marks of Mondaq or the Contributors, or do anything which may be seen to take unfair advantage of the reputation and goodwill of Mondaq or the Contributors, or the Website, Services and/or Content.

Mondaq reserves the right, in its sole discretion, to take any action that it deems necessary and appropriate in the event it considers that there is a breach or threatened breach of the Terms.

Mondaq’s Rights and Obligations

Unless otherwise expressly set out to the contrary, nothing in these Terms shall serve to transfer from Mondaq to you, any Intellectual Property Rights owned by and/or licensed to Mondaq and all rights, title and interest in and to such Intellectual Property Rights will remain exclusively with Mondaq and/or its licensors.

Mondaq shall use its reasonable endeavours to make the Website and Services available to you at all times, but we cannot guarantee an uninterrupted and fault free service.

Mondaq reserves the right to make changes to the services and/or the Website or part thereof, from time to time, and we may add, remove, modify and/or vary any elements of features and functionalities of the Website or the services.

Mondaq also reserves the right from time to time to monitor your Use of the Website and/or services.


The Content is general information only. It is not intended to constitute legal advice or seek to be the complete and comprehensive statement of the law, nor is it intended to address your specific requirements or provide advice on which reliance should be placed. Mondaq and/or its Contributors and other suppliers make no representations about the suitability of the information contained in the Content for any purpose. All Content provided "as is" without warranty of any kind. Mondaq and/or its Contributors and other suppliers hereby exclude and disclaim all representations, warranties or guarantees with regard to the Content, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. To the maximum extent permitted by law, Mondaq expressly excludes all representations, warranties, obligations, and liabilities arising out of or in connection with all Content. In no event shall Mondaq and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use of the Content or performance of Mondaq’s Services.


Mondaq may alter or amend these Terms by amending them on the Website. By continuing to Use the Services and/or the Website after such amendment, you will be deemed to have accepted any amendment to these Terms.

These Terms shall be governed by and construed in accordance with the laws of England and Wales and you irrevocably submit to the exclusive jurisdiction of the courts of England and Wales to settle any dispute which may arise out of or in connection with these Terms. If you live outside the United Kingdom, English law shall apply only to the extent that English law shall not deprive you of any legal protection accorded in accordance with the law of the place where you are habitually resident ("Local Law"). In the event English law deprives you of any legal protection which is accorded to you under Local Law, then these terms shall be governed by Local Law and any dispute or claim arising out of or in connection with these Terms shall be subject to the non-exclusive jurisdiction of the courts where you are habitually resident.

You may print and keep a copy of these Terms, which form the entire agreement between you and Mondaq and supersede any other communications or advertising in respect of the Service and/or the Website.

No delay in exercising or non-exercise by you and/or Mondaq of any of its rights under or in connection with these Terms shall operate as a waiver or release of each of your or Mondaq’s right. Rather, any such waiver or release must be specifically granted in writing signed by the party granting it.

If any part of these Terms is held unenforceable, that part shall be enforced to the maximum extent permissible so as to give effect to the intent of the parties, and the Terms shall continue in full force and effect.

Mondaq shall not incur any liability to you on account of any loss or damage resulting from any delay or failure to perform all or any part of these Terms if such delay or failure is caused, in whole or in part, by events, occurrences, or causes beyond the control of Mondaq. Such events, occurrences or causes will include, without limitation, acts of God, strikes, lockouts, server and network failure, riots, acts of war, earthquakes, fire and explosions.

By clicking Register you state you have read and agree to our Terms and Conditions