By Harvey L. Pitt, Compliance Week Columnist—April 24, 2007

In the movie, “Syriana,” a lawyer investigates irregular payments by a U.S. oil company to secure concessions in Kazakhstan. When the lawyer confronts Danny Dalton, one of the oil company’s directors, Dalton retorts: "Corruption? Corruption ain't nothing more than government intrusion into market efficiencies in the form of regulation … We have laws against it precisely so we can get away with it. Corruption is our protection … Corruption is how we win." Dalton’s appalling and cynical characterization of bribery and corruption is, unfortunately, not that far-fetched. It’s widely believed that a 2003 Justice Department investigation into payments made by oil companies to the president of Kazakhstan and other senior officials in connection with their purchase of an oil field were the movie’s inspiration.

In 1977, when the Foreign Corrupt Practices Act became law, many feared compliance with the FCPA would subject U.S. companies to a competitive disadvantage, particularly because many foreign companies weren’t subject to similar legal constraints. In the end, of course, not complying with the FCPA put companies at a competitive disadvantage. The foreign bribery provisions of the FCPA make it unlawful for any U.S. person, and certain foreign issuers, to make a corrupt payment to a foreign official for the purpose of obtaining or retaining business. Since 1998, these

anti-bribery provisions also apply to foreign firms and persons that take any act in furtherance of such a corrupt payment while in the United States. (In the wake of the current criticism of the Sarbanes-Oxley Act, it’s easy to overlook the fact that the FCPA also required U.S. public companies to maintain appropriate internal controls, and to maintain books and records that accurately and fairly reflect the company’s transactions—requirements enacted over two decades prior to the passage of SOX).

Violating the FCPA can result in serious repercussions. Criminal sanctions can arise either from violations of the anti-bribery provisions or the FCPA’s accounting provisions. Companies that violate the FCPA are subject to fines of up to $2 million; and individuals making corrupt payments may be fined up to $100,000 and imprisoned up to five years. Under the Alternative Fines Act, the fines may actually be much higher—up to twice the benefit that the defendant(s) sought to obtain by making the corrupt payment(s). Fines imposed on individuals may not be paid by their employers or principals. In addition, the FCPA can lead to criminal sanctions for individual officers, directors, employees and agents.

And yet, at some companies, paying bribes is still viewed as the only way to succeed at business overseas. That’s not only short sighted, it’s wrong. Although enforcement of the anti-bribery provisions of the FCPA has been sporadic, the SEC and Department of Justice are bringing cases with renewed vigor and seeking the imposition of unprecedented fines. And, following the passage of SOX, there’s been a dramatic increase in the number of FCPA investigations and enforcement actions brought under the FCPA’s accounting provisions.

However, according to research of FCPA enforcement actions from its inception through 2002, conducted by Texas A&M University's Private Enterprise Research Center a few years ago, far fewer actions were being brought under the FCPA’s anti bribery provisions than actions for accounting misrepresentations, and legal penalties for the anti-bribery cases tended to be much smaller. In addition, the study found that reputation concerns served to ward against accounting violations but not bribery violations.

However, with FCPA prosecutions under the anti-bribery provisions of the FCPA picking up steam, companies can no longer afford to adopt or maintain a lax attitude toward corrupt payments overseas. Several high-profile FCPA cases were brought in 2006, and the pace has only picked up since year end. A speech by Attorney General Alberto Gonzales on March 1 confirmed that enforcement of the FCPA is a high priority for the Department of Justice. In February alone, the DoJ and SEC brought three high profile FCPA enforcement cases against Vetco Gray, El Paso and Dow.

Vetco Gray illustrates the importance of conducting FCPA due diligence in an acquisition context. On Feb. 6, 2007, as part of their plea agreements, three subsidiaries of Vetco International Ltd. agreed to pay $26 million in criminal fines—the largest fine ever paid in an FCPA criminal enforcement action—and a fourth subsidiary entered into a deferred prosecution agreement. These entities admitted to making approximately $2.1 million in corrupt payments to Nigerian customs officials over a two-year period. Notably, the size of the fine reflects these companies’ recidivism—on July 6, 2004, they admitted to paying more than $1 million in bribes to the Nigerian government agency that approves potential bidders for contract work on oil exploration projects. This matter was settled in connection with the sale of these entities to Swiss parent ABB. The acquiring group agreed to adopt and implement a rigorous FCPA compliance program, and thereby obtained an opinion from the Department of Justice that protected them from successor liability for Vetco’s disclosed violations. However, the government found that the corrupt payments continued unabated from the period prior to the acquisition until at least mid-2005, notwithstanding the acquiror’s commitments to the Justice Department. As part of the recent plea agreements, the companies were required to hire an independent monitor to oversee creation of a robust compliance program and to ensure that, in the event any of the companies are sold, any future purchaser will remain bound to the monitoring and investigating obligations. GE has agreed to buy the Vetco entities and will succeed to these obligations.

In the Dow Chemical case, brought by the SEC on Feb. 13, 2007, the U.S. parent company was held responsible for the books and records of a fifth-tier foreign subsidiary, even though the parent ostensibly had no knowledge of the illicit activity. Approximately $200,000 in improper payments were made by the Dow subsidiary to Indian government officials from 1996 through 2001. Dow paid a $325,000 fine and entered into a cease-and desist order, but was not required to hire a compliance monitor, which has been a trend in recent FCPA cases. Dow’s lighter treatment was due in part to several important remedial steps that it took.For example, Dow self-reported to the government after an extensive internal investigation, restructured its global compliance program to focus on the FCPA, took disciplinary actions against the responsible employees, provided FCPA compliance training to employees, and hired an independent consultant to review its FCPA compliance program.

And, last February, El Paso Corporation settled an SEC enforcement action and a separate action brought by the DOJ in connection with allegations that it paid approximately $5.5 million in kickbacks to the former government of Iraq in connection with purchases of crude oil from third parties under the United Nations Oil-for-Food program. The SEC charged that El Paso failed to maintain an adequate system of internal controls and accurate books and records in violation of the FCPA’s accounting provisions. In addition, charges were filed by the DoJ under statutes other than the anti-bribery provisions of the FCPA because the payments were made to the Iraqi government rather than individual government officials as required under the FCPA. El Paso settled the SEC action by agreeing to pay $2.25 million in fines, and entered into a nonprosecution agreement with the U.S. Attorney’s Office for the Southern District of New York in which it agreed to disgorge an additional $5.48 million.

With this new regulatory environment in mind, here are some practical guidelines that companies may wish to heed in order to assure compliance with the FCPA’s anti-bribery provisions:

1. Companies Should Establish And Implement An Effective FCPA Compliance Program. Comprehensive written policies that affirm the company’s commitment to complying with the FCPA and maintaining the highest ethical standards should be adopted, then implemented, by putting in place strong internal controls and procedures tailored to the company’s business operations. A designated corporate officer (usually the chief compliance officer) should monitor the program’s effectiveness, and should assist the company in securing periodic external reviews of FCPA compliance. As new cases are brought, they provide a useful benchmark against which compliant companies can measure themselves. As part of the Board’s periodic compliance review, attention should be paid to FCPA issues as well.
   
   
2. Create A Culture Of Compliance. No matter what an FCPA policy statement says, a company’s FCPA compliance program will fail to be effective if the message from the top or the company’s culture signal a different attitude is actually operating. Companies that do one thing in writing and another thing in practice traverse dangerous ground. An FCPA compliance policy will only be effective if management’s “meta-message” is that ethical lapses won’t be tolerated.
   
   
3. Companies Should Designate An FCPA Compliance Officer. A member of senior management or the legal department should be designated to serve as an FCPA compliance officer. It’s essential to convey the message that if an employee or others covered by the company’s policies and procedures have any questions about whether something complies with the policy, they should ask the designated FCPA compliance officer or legal department first. In addition, persons covered by the policies and procedures need to understand that exceptions can only be made by the designated compliance officer or legal department.
   
   
4. Education And Training Programs Are Necessary To Assure Effective Compliance. All company employees, officers, directors and agents should be required to attend mandatory training sessions that explain, in plain English, what conduct is prohibited by the FCPA and the company’s FCPA policies and procedures. The company needs to convey an unambiguous message that it is committed to complying with both the letter and the spirit of FCPA compliance, and that the company’s policies and procedures should be construed broadly rather than narrowly. Persons covered by the policy should certify that they have read and understood the policy, haven’t acted inconsistently with it, agree to comply in the future, and are unaware of, or have reported, any inconsistent conduct. They should also certify that they understand that any violation of the Policy will lead to sanctions. In addition, companies that use agents, consultants and other third parties as intermediaries in foreign countries should include them in education and training programs.
   
   
5. Establish An Anonymous Hotline. It’s important for employees to have access to a truly anonymous reporting process and to be assured that no repercussions will befall them if they report an FCPA violation. The best way to provide that assurance is to “outsource” the reporting function.
   
   
6. FCPA Due Diligence Is Necessary For Mergers And Acquisitions. The Vetco Gray case is a perfect example of why FCPA compliance must remain a key focus prior to making a purchase, as well as afterwards, especially if the acquired entity has been the subject of an FCPA investigation and agreements with the government.
   
   
7. Companies That Discover FCPA Violations Should Consider Self-Reporting To The Government. On March 30, 2007, an article in The Financial Times reported that the recent jump in the number of international and U.S. companies that have paid tens of millions of dollars to settle FCPA cases alleging overseas bribery has sparked a serious debate about whether companies should report themselves to the government in the hope that their cooperation will be rewarded. Some attorneys point to the $26 million fine paid by Vetco, which self-reported the violation, in support of this view. But Vetco paid this large fine primarily because of its recidivism, and had it not voluntarily reported these violations could have produced much worse penalties. Companies that voluntarily self-report violations and cooperate with the government are generally rewarded. This is also evident in the Dow case.
   
   
8. Companies Should Conduct Periodic Internal FCPA Forensic Audits. Companies should periodically assess their own compliance with all the provisions of the FCPA. What you don’t know can harm you, and finding out before the government does that a potential violation exists is the surest way to minimize the adverse consequences of any improper overseas payments.
   
   
9. “Though the bribe be small, yet the fault is great.” These words are those of 16th century Member of Parliament and Speaker of the House of Commons Sir Edward Coke, who it is said was offered a peerage seven times by six different prime ministers, either as a reward or a bribe. Whether or not this rumor is true, his point is well taken—there’s no such thing as a de minimus bribe made for corrupt purposes.
   
   

No matter how many laws are passed, bribes will never be completely eliminated. But with a good compliance program, strong internal controls, and a corporate culture that does not tolerate illegal behavior, companies can avoid being the subject of the next SEC or DOJ cautionary tale.