Jacqueline Peterson ( firstname.lastname@example.org) is former Director of Anticorruption, Compliance and Ethics Services at Weaver.
In a recently issued guidance from the U.S. Department of Justice (DOJ) regarding the evaluation of corporate compliance programs (the Guidance), the Criminal Division lays out what prosecutors should consider when determining “whether, and to what extent, the corporation’s compliance program was effective at the time of the offense, and is effective at the time of a charging decision or resolution, for purposes of determining the appropriate (1) form of any resolution or prosecution; (2) monetary penalty, if any; and (3) compliance obligations contained in any corporate criminal resolution (e.g., monitoring or reporting obligations.” The Guidance recommends that prosecutors evaluate the following “fundamental questions: 1. Is the corporation’s compliance program well designed? 2. Is the program being applied earnestly and in good faith? 3. Does the corporation’s compliance program work in practice?”
One of the key tools for determining if a compliance program is well designed and effective is to understand the company’s risk profile by conducting internal risk assessments. The Guidance lays out in some detail what should be considered when a company conducts internal risk assessments and, in typical DOJ fashion, also states that the Guidance “form[s] neither a checklist nor a formula,” leaving prosecutors free to consider additional factors when making charging decisions and in calculating organizational criminal fines. Of the litany of factors the Guidance lays out, one has long been known to create issues for companies: gifts, travel, and entertainment. It has been clear for those of us who have been handling anti-corruption matters for many years that effective compliance programs must have policies on gifts, travel, and entertainment. Many multinational companies maintain very strict dollar amounts and frequency limits for gifts, travel, and entertainment spent on public-sector or foreign officials. And with the implementation of the UK Bribery Act (UKBA) in 2011, many multinational companies created similar dollar amount and frequency limits for commercial accounts and clients.
What constitutes a bribe?
While prosecutors do not always agree what constitutes normal and appropriate gifts, travel, and entertainment, the Guidance states that “more modest and routine hospitality and entertainment” should not require as much scrutiny as transactions that create high risks for a company. To be clear, the Foreign Corrupt Practices Act (the FCPA) does not prohibit gift-giving or providing entertainment or travel, provided that they are “reasonable and bona fide expenditures.” The “Bona Fide Expenditure” is an affirmative defense for “reasonable and bona fide expenditure[s] such as travel and lodging expenses, incurred by or on behalf of a foreign official,” as long as they are directly related to “(A) the promotion, demonstration, or explanation or products or services; or (B) the execution or performance of a contract with a foreign government or agency thereof.” In the November 14, 2012, “A Resource Guide to the U.S. Foreign Corrupt Practices Act,” the Criminal Division of the DOJ and the Enforcement Division of the Securities and Exchange Commission (the SEC) addressed both gift-giving and the Bona Fide Expenditure defense. “The FCPA does not prohibit gift-giving. Rather, just like its domestic bribery counterparts, the FCPA prohibits the payment of bribes, including those disguised as gifts.”
Having handled anti-corruption cases for clients as a private practitioner, working in-house with a company under investigation for alleged violations of the FCPA, and dealing with the ramifications of a consent decree, I can tell you that “modest and routine hospitality and entertainment” is not what causes regulators to layer on fines and penalties. It’s entertainment like flying a foreign official and his spouse over the Grand Canyon in a private helicopter while the company has an open Request for Proposal pending with the official’s agency. It’s the moon cakes filled with gold during Lunar New Year; it’s the cash handed out as part of the Okoden tradition in Japan; it’s the purchase of thousands of dollars of champagne to entertain public-sector officials in Italy; it’s the purchase of World Cup or Premier League tickets; it’s the luxury automobiles; it’s the expensive jewelry; it’s the home theaters given to foreign officials; it’s the improper side trips that serve no legitimate business purpose; it’s the bags filled with thousands of dollars given to foreign officials.
In a recent enforcement action, the SEC levied $4.125 million in civil penalties for “improper” hospitality provided to public-sector officials by Telefônica Brasil—a subsidiary of a global telecom company based in Spain. The SEC established jurisdiction over Telefônica Brasil because the company’s depository receipts are traded on the New York Stock Exchange. Relying on internal emails obtained from Telefônica Brasil, the SEC action centered on “improper” hospitality provided during World Cup and Confederation Cup matches.
Senior leaders of Telefônica Brasil approved the purchase and gifting of World Cup packages consisting of tickets and hospitality. Company employees justified the practice as follows:
The legislator’s chief of staff “has opened many doors for us.”
There is legislative “activity going through the House and I will need his help.”
The customs officer was provided a ticket in exchange for his “ongoing support.”
The company spent $621,576 on World Cup packages provided to public-sector officials. The year before, it spent $3,085 each on packages for public-sector officials to attend the Confederations Cup. Expenditures of $738,806 to entertain 127 public-sector officials cost the company more than $4 million.
In the Telefônica Brasil matter, the SEC alleged that the tickets to the soccer matches and associated hospitality were provided to influence business dealings, legislative actions, and regulatory approval in favor of the company. Unfortunately for the company, the tickets and hospitality were not accurately reflected in the company’s books and records, and the SEC alleged that the company failed to devise and maintain a sufficient system of internal accounting controls.
The professionals at the DOJ and the SEC have seen it all and offered the following as examples of “improper travel and entertainment” :
A $12,000 birthday trip for a government decision-maker from Mexico that included visits to wineries and dinners
$10,000 spent on dinners, drinks, and entertainment for a government official
A trip to Italy for eight Iraqi government officials that consisted primarily of sightseeing and included $1,000 “pocket money” for each official
A trip to Paris for a government official and his wife that consisted primarily of touring activities via a chauffeur-driven vehicle
The list of what constitutes improper gifts, meals, travel, and entertainment goes on and on, and it is exactly this type of behavior that companies must actively attempt to prevent.
Creating compliance that works
Policies are a necessary starting point, but they will be considered “paper policies” by the regulators if they are not effectively communicated to the company’s employee base, not included in mandatory training, and there are no consequences for violating the policy. Many companies routinely audit/test/assess the strengths of their policies on gifts, travel, and entertainment, and that is also the expectation of the regulators. They want to know how you conduct the testing and what happens when violations are uncovered. Are employees suspended or terminated? Do you have a “one strike and you’re out” policy, or are there chances for the employees to redeem themselves? Is there a mechanism, such as an ethics hotline, available for employees to report alleged violations of the policy? Does the company monitor employees’ spending to ensure that the dollar amount and frequency limits are followed? Finally, does the company maintain a central repository of records relating to money spent on gifts, travel, and entertainment and who actually received those gifts, travel, and entertainment? You would be taken aback at how many companies, even household names, cannot document historical gifts, travel, and entertainment provided to public-sector officials.
Regulators will also want to know how and how often a company communicates about its gifts, travel, and entertainment policy. If the company has operations or clients in Asia Pacific, are employees reminded about the dollar and frequency limits prior to the Lunar New Year? In other regions, is a similar communication issued around major holidays?
Beyond policies, training, and communications, regulators expect that companies properly account for expenditures such as gifts, travel, and entertainment. They want companies to design and maintain accounting mechanisms that are transparent and accurate. In the Telefônica Brasil action, the company booked the payments for the tickets as “Public Institutional Events” and “Advertising & Publicity” in its financial records. The SEC maintained that by booking the tickets in such a way, the company failed to “properly characterize the purchase of tickets and related hospitality that were given to government officials.”
The SEC expects that companies “devise and maintain a system of internal accounting control sufficient to assure management’s control, authority, and responsibility over the firm’s assets.” In the Telefônica Brasil action, the SEC alleged that the company failed “to devise and maintain sufficient internal accounting controls to detect and prevent the making of improper payments to foreign officials.” As for all areas of compliance, maintaining a well-designed, effective, and ongoing internal audit program is key.
There are no hard and fast rules regarding what constitutes appropriate internal controls. The FCPA provides a certain amount of flexibility for companies to design risk-based controls that align with their business model and where they conduct business. Internal controls should, at a minimum, include checks and balances over accounting and recordkeeping processes. Most importantly, internal controls should be subjected to regular audits to ensure they are effective.
When the current administration took office in 2017, many anti-corruption practitioners believed that enforcement of the FCPA would wane. Although the number of enforcement actions brought by the DOJ and the SEC have dropped, the fines and penalties have skyrocketed. The fines and penalties collected in 2018—$3,056,200,000—are second only to the most prolific year in history, 2010. As of September 10, the DOJ and the SEC had brought 31 enforcement actions against individuals and only 7 against corporations in 2019. Many of these enforcement actions involved improper gifts, travel, and entertainment.
The bottom line
Protect your company against becoming a cautionary example in FCPA or UKBA enforcement by creating and enforcing a compliance program built on well-designed policy; continued, mandatory training; frequent communication with employees; and an effective system of internal controls.
Gift, travel, and entertainment violations aren’t always as obvious as a $12,000 birthday trip for a government official. Somewhere between a cup of coffee and a box at the World Cup lies the line your company must not cross. By starting with a risk assessment, establishing clear and appropriate policies, and following through with regular training and monitoring, your company can ensure that all employees understand exactly what that line looks like.
The DOJ and the SEC are pursuing fewer cases but higher fines in enforcement actions under the FCPA.
New FCPA enforcement guidance from the DOJ bases prosecution on whether compliance programs are well-designed, applied earnestly, and effective in practice.
“Reasonable and bona fide expenditures” are allowed, and companies must set clear policies to define what is reasonable and prevent criminal violations.
Expensive trips with no legitimate business purpose, sports tickets, parties, and gifts will raise red flags with the enforcement authorities.
Companies should create and enforce compliance programs built on well-designed policy, continual training, frequent communication with employees, and an effective system of internal controls.