Beyond reproach

Enforcing the US Foreign Corrupt Practices Act (FCPA) remains a priority for several US regulatory bodies. Given the breadth of its reach, and the stiff penalties for infractions, private equity firms should know the details of the act, and any deal's potential for violating the law.

Paul Berger is a partner in the Washington, DC office and Steven Michaels is a counsel in the New York office of law firm Debevoise & Plimpton. Berger can be contacted at and Michaels at

Given the challenging environment for private equity sponsors, the last thing such a sponsor wants now is to buy itself into corruption exposures. For this reason, private equity firms are advised to take note of the raft of recent enforcement actions by the US Department of Justice (DOJ) and the US Securities and Exchange Commission (SEC) under the 1977 US Foreign Corrupt Practices Act, and to carefully consider potential FCPA-related exposures at a potential target early in the deal process. Indeed within the past six months, following a high profile settlement in connection with General Electric's purchase of Vetco International's oil-and-gas service businesses, where private equity was on the sell side, US Attorney General Alberto Gonzales made clear that FCPA enforcement is and will remain a top priority.

Assessing FCPA risk creates a unique challenge in M&A deals because of the broad transnational reach of FCPA, and the sometimes novel way in which the statute imposes civil liability upon corporate parents whose securities are registered with the SEC. But because of the severe consequences of buying or selling assets (such as contracts and customer relationships) that benefit, or have benefited, from corruption, and the difficulty of allocating FCPA exposures as a matter of contract, identifying FCPA-related exposures should be an essential component of due diligence in any multinational M&A deal.

Roots in the 1970s
FCPA was enacted in response to disclosures made in the early 1970s by numerous large US companies of making ?questionable payments? of hundreds of millions of dollars to foreign officials, politicians, and political parties. In response, the US Congress enacted amendments to the US securities laws that (1) prohibit paying bribes to non-US officials; (2) require that a US issuer's books and records disclose, in reasonably accurate detail, the company's transactions and disposition of assets; and (3) require a system of accounting and other internal controls reasonably designed to assure that bribery and other control failures do not take place.

FCPA makes it a crime under US law, and a civil violation, for any covered person or entity ?corruptly? to confer payments or benefits on non-U.S government officials to obtain or retain business or other improper advantages (such as tax or customs rulings). The standard of knowledge required of the covered person or entity is the ?knowing? standard. Conscious avoidance of facts that would cause a prudent manager to believe that there is a risk that bribery is occurring is sufficient to trigger liability.

In addition to applying to a company's employees' or subsidiaries' activities, the statute applies to a covered person or entity that knows or consciously avoids knowing that a distributor or other intermediary has paid or promised to pay benefits to a non-US official. Such a person or entity faces the same risk of prosecution as does a company that knows or consciously avoids knowing that its own employees are making such payments or promises.

The statute defines ?foreign officials? as including anyone employed full- or part time by a non-US government entity, civil servants, employees of state-owned corporations and educational institutions. ?Foreign officials? also include candidates for office, political party officials and employees of more than 75 international organizations, including the UN, EU, and OAS entities, as well as the Asian and African Development Banks, the World Health Organization, and the International Committee of the Red Cross. Payments to non-US political parties are treated as payments to non-US officials.

Potentially any benefit, including an intangible benefit, may be viewed by US regulators as triggering the statute's prohibitions. Payments to relatives of officials, including travel costs for family members accompanying an official on a trip, or a contribution to an official's favored charity, have triggered the statute's provisions.

FCPA applies to any issuer of registered securities (including ADRs listed on a stock exchange), any US-domiciled corporation or entity with a principal place of business in the US, any US citizen or green card holders acting anywhere in the world, and any other persons or entities (regardless of nationality) committing acts that touch US territory. Almost any contact with the US can trigger jurisdiction.

Unmasking misconduct
The recordkeeping and accounting provisions of FCPA were intended to deal with techniques used by SEC-registered corporations to disguise bribes paid to non-US officials by not recording those payments at all or by recording the payments in a dishonest manner (e.g., accounting for bribes as ?consulting costs?).

First, any company whose securities are registered in the US must make and keep books, records, and accounts that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company. Second, the company must devise and maintain a system of internal accounting controls sufficient to provide reasonable assurance that all transactions are executed in accordance with management's authorization and recorded in conformity with generally accepted accounting principles.

Generally, penalties are not imposed for technical or inadvertent violations of these provisions. Willful concealment of bribery or other misconduct through alteration of a registered company's books and records, however, is a serious violation of FCPA.

But another feature of these provisions is that, for civil liability to attach, there is no requirement that the parent company have knowledge, or even suspicion, that a subsidiary's books contain any misleading entries. That bribes appear to be booked as innocent transactions at a non-US subsidiary will trigger US regulatory jurisdiction even though an SEC-registered parent company into whose books the subsidiary's financial records roll up is completely lacking in knowledge of misconduct. An SEC-registered parent company is likewise strictly liable for the internal control failures of its subsidiaries.

The United States consequences may be only the beginning. Each of the country signatories to the OECD anti-bribery convention has its own anti-bribery statute. Of particular relevance to private equity buyers is the potential impact of these kinds of scandals on management teams.

The books, records, and internal controls provisions of FCPA do not contain a ?materiality? threshold. The standards governing reporting of material weaknesses and deficiencies under Section 404 of the Sarbanes-Oxley Act do not apply, and less serious books, records, or internal controls problems can still give rise to US regulatory scrutiny, particularly if there is evidence of underlying bribery.

Truth or consequences
The risks of non-compliance with FCPA are serious and far-ranging, hence raising red flags for buyers of potentially affected businesses. Fines and disgorgement orders imposed as conditions of settlement by the DOJ and SEC can exceed ? and recently have exceeded ? tens of millions of dollars, and can also include criminal fines. One company, Titan Corporation, settled charges in 2005 by paying more than $28 million in fines and disgorgement as a consequence of allegedly corrupt payments uncovered in the course of due diligence in connection with its proposed merger with Lockheed Corporation. In Vetco, discussed above, the purchased company caused three of its subsidiaries to plead guilty and a fourth to enter into a deferred prosecution agreement resulting in fines of $26 million ? the largest set of finds in the 30-year history of FCPA.

A criminal conviction of a US-registered corporation will negatively affect the company's disclosure obligations to the investing public. It can also have other collateral effects: loss of eligibility for US government contracts, benefit program participation, or export licenses; increased US tax liability; private lawsuits brought in a derivative capacity or by competitors; civil suits arising under the Racketeer-Influenced and Corrupt Organizations Act; and arbitration proceedings to void contracts procured through alleged corrupt activities.

For companies in industries closely regulated by or involved as suppliers to the US government, the effects of a criminal conviction can be crippling. Pharmaceutical companies may lose the ability to participate in US-funded health insurance programs. Defense companies may lose the ability to bid for military contracts. Banks, insurers, and other financial services firms, and their subsidiaries, can lose their ability to serve as broker-dealers or pension fund advisors, or forfeit their licenses to sell insurance.

The United States consequences may be only the beginning. Each of the country signatories to the OECD anti-bribery convention has its own anti-bribery statute. A company ensnared in a bribery scandal may find itself subject to multiple proceedings in the United States, its country of domicile (if not the United States), as well as any jurisdiction where alleged corrupt acts may have taken place. Plus, of particular relevance to private equity buyers is the potential impact of these kinds of scandals on management teams. Individuals who violate FCPA, conspire to violate it, or aid and abet violations, can face many years' imprisonment and civil and criminal fines, not to mention collateral effects.

FCPA's breadth, together with its largely judicially untested status, creates unique and varied challenges for buyers and sellers of potentially affected businesses with respect to the risk allocation of these potential exposures. First, buyers and sellers must correctly identify and evaluate potential exposures in this high risk context, where spotting violations can be like finding a needle in a hay stack. And second, as with all liabilities in deals, buyers and sellers must negotiate, if feasible, the allocation of risks. In asset deals, the scope of buyer's assumption of FCPA liabilities, and, in stock and merger deals, the degree and duration of seller's FCPA-related representations and indemnities, are particularly significant. As a practical matter, however, even if buyers and sellers contractually allocate all identified FCPA liabilities to a seller, US regulators may assert charges against both the buyer and seller of the tainted business or assets. And even if no such charges are made, a buyer of a business with a history of FCPA problems is presumably subject to lost revenues and other consequential damages at the target business. Put directly, once a bribery scheme is exposed, the benefits obtained may well be forfeited and commercial good will can be significantly eroded. Given the nature of FCPA exposures, a buyer's most effective contractual protection against it may be simply to pay less for the business, thereby effectively self insuring the exposure.

Weighing the risks
For these reasons, private equity and other buyers have a strong interest in identifying and resolving any FCPA-related and similar anticorruption issues to the greatest extent possible in advance of finalizing a deal's purchase price and other key terms. To best evaluate and negotiate the FCPA risks in a transaction, the parties must first devise and implement a due diligence review plan to vet potential risks.

An effective FCPA due diligence plan, like good FCPA compliance programs, must take into account (1) the broad definitions of non-US officials and covered benefits; (2) the applicability of FCPA to payments to third parties; (3) the impact of FCPA on mergers and acquisitions; (4) the strict liability and lack of materiality standards for books and records violations by parent entities; and (5) the limited protection afforded by the law's jurisdictional limits upon the anti-bribery provisions in light of the conscious avoidance doctrine and the practical realities of communications in the internet age.

Specific steps that should be strongly considered as part of any comprehensive diligence exercise in this regard may include:

  • ? Assessment of the risk profile of countries in which the target company or any of its subsidiaries operate or have historically considered operating.
  • ? Analysis of the risk profile of the applicable industry or business (for example, is the industry or activity involved one in which a single official or a few key officials may have disproportionate influence, e.g., defense, natural resources?).
  • ? Evaluation of the risk profile of target any persons associated with the target (have any managers been accused of unethical or criminal conduct?).
  • ? Review of the internal audit reports and internal investigations conducted by the target or by the target's outside legal counsel.
  • ? Identification of the names of all senior officials in the countries in which the target operates, and comparison of the resulting list with the list of the the target company's or seller's payees.
  • ? Interview of managers and employees of the target or seller who may have had contact with such officials.
  • ? Review of the records, reports and analyses prepared by the target's or seller's external auditors or accounting firms, if commercially feasible.
  • ? Retention of an investigative agency to conduct an independent review of possible ways in which bribes may have been paid.
  • Perhaps the most important matter that should be analyzed in a buyer's diligence exercise is the FCPA compliance program at the target (or that otherwise applied to the assets being conveyed). Just as a robust compliance program, training, and periodic audits of the compliance program are the best defense against liability in the first instance, such steps can mitigate, on both a legal, practical, and market level, the risks arising from the activities of rogue employees who may have paid bribes in a potentially remote corner of the world. Put another way: the most important FCPA-related diligence a buyer may conduct in its review of the target is to assess just how seriously the target took the potential exposures prior to the potential M&A transaction, as evidenced by the scope of its FCPA compliance program.