COVID-19 Compels Heightened Vigilance Against Corruption and Bribery Risks
As governments and companies across the globe respond to the litany of challenges presented by the COVID-19 crisis, conditions are primed for corruption-related risks. Crisis conditions, robust government spending and corporate attention to other pressing matters commonly give rise to greater incidences of public corruption. Accordingly, even as they address the daily COVID-19 challenges that arise, global companies should also remain vigilant in their fight against corruption, stay committed to their anti-corruption programs, and clearly communicate with their employees and counterparties to remind them of the importance of compliance in these trying times.
The U.S. Foreign Corrupt Practices Act
The Foreign Corrupt Practices Act (“FCPA”) is the primary tool U.S. enforcement agencies use to police overseas bribery and corruption. The FCPA contains two key sets of provisions: the anti-bribery provisions and the accounting provisions. The anti-bribery provisions, which prohibit the offer or payment of anything of value to a foreign official to obtain or retain business, apply to (i) “issuers” (U.S. and foreign public companies with shares listed on the U.S. exchanges that are subject to periodic reporting or registration requirements; the definition includes non-U.S. companies with Level II and III American Depository Receipts) and their officers, directors, employees, agents and shareholders; (ii) “domestic concerns” (U.S. persons and corporations) and their officers, directors, employees, agents and shareholders; and (iii) anyone who engages in misconduct with a sufficient territorial nexus to the United States. The accounting provisions impose certain recordkeeping and internal control requirements on listed companies and apply only to “issuers.”
Notably, U.S. authorities generally take an expansive view of jurisdiction under the FCPA. Indeed, all but one of the top ten largest FCPA fines have been paid by non-U.S. companies. While the existence of subsidiaries or assets in the United States would not alone generally provide a sufficient nexus to establish territorial jurisdiction, other, seemingly minor actions, can give rise to jurisdiction. For example, grounds used to assert U.S. jurisdiction over foreign bribery allegations could include; (1) making improper payments through a U.S. financial institution or U.S. correspondent account; (2) attending meetings in the United States where an improper payment is discussed; (3) using U.S.-based computer servers to send emails in connection with an improper payment (regardless of the location of the sender and recipient); or (4) acting as an agent of a U.S. domestic concern in making improper payments.
Increased Risk of FCPA Violations From COVID-19
Governments worldwide are taking unprecedented actions to shore up economies, allocate resources, and mobilize responses to the current crisis.At the same time, companies are losing business and faced with unprecedented disruption. To make matters more challenging, work-from-home mandates may compromise many employers’ ability to monitor their employees, including employee compliance with anti-corruption policies. These conditions make the COVID-19 landscape one ripe for bribery and corruption.
Prior crises have been followed by robust government enforcement of fraud, bribery, and similar violations. For example, following the 2008 financial crisis, there was a notable uptick in U.S. Department of Justice (“DOJ”) and Securities and Exchange Commission (“SEC”) corporate enforcement actions. For example, between approximately November 2009 and November 2010, the DOJ imposed over US$1bn in criminal penalties in FPCA-related cases – more than in any prior 12-month period.
U.S. authorities have already announced an intent to aggressively pursue and prosecute coronavirus-related misconduct. Aware of the misconduct risk associated with greater government spending, Congress established a Pandemic Response Accountability Committee to oversee all spending, lending, and other outlays appropriated under the CARES Act, in order to prevent fraud and abuse. Similarly, on March 20, 2020, the DOJ announced that the Attorney General had “directed all U.S. Attorneys to prioritize the investigation and prosecution of Coronavirus-related fraud schemes” and “is urging the public to report suspected fraud schemes related to COVID-19.” Just two days later, the DOJ announced its first action to combat fraud related to COVID-19. It is reasonable to expect the DOJ to approach FCPA matters arising in the context of COVID-19 with the same vigor.
The DOJ is not alone in announcing its intent to focus on COVID-19 related crime. The SEC recently announced that, in response to the pandemic, it remains focused on “maintaining [its] enforcement and investor protection efforts” by “actively monitoring … markets for frauds, illicit schemes and other misconduct affecting U.S. investors relating to COVID-19.” And during a healthcare webinar on April 23, 2020, Robert Dodge of the SEC’s FCPA unit tied the COVID-19 crisis to potential future FCPA enforcement action, noting that “[t]here’s going to be opportunities and incentives” for official corruption. Concurrently, the Working Group on Bribery at the Organization for Economic Cooperation and Development (“OECD”) announced on April 22, 2020 that, given the corruption risks inherent in the current global crisis, the OECD will “examine the possible impact and consequences” of the coronavirus pandemic on foreign bribery, particularly in the health industry.
Under the current circumstances, there are a number of steps that companies can take to emphasize the importance of compliance and mitigate risk. Below are some best practices to consider:
Be Mindful of Risks Relating to Government Assistance and Lobbying
Companies with new (or expanded) government interactions, particularly those seeking government assistance or other benefits in response to the crisis, should be especially vigilant in their anti-corruption efforts. This is especially so for companies not accustomed to working with government officials or seeking government benefits, which might (reasonably) lack more sophisticated anti-corruption policies and controls that experienced government contractors have.
Enforcement authorities will soon be carefully reviewing governmental and corporate responses to the COVID-19 crisis and analyzing whether government business or assistance have been obtained through fraud, corruption, or other misconduct. As companies respond to the crisis, they should consider whether they have new government touchpoints that should be subject to careful internal oversight.
Tone From the Top – Demonstrate a Culture of Compliance
U.S. and global enforcement authorities frequently emphasize the importance of tone at the top, and the tone communicated by senior management will be a key consideration for U.S. regulators in any potential enforcement action.In the current climate, communications with employees take on heightened importance.Management at all levels can consider using this as an opportunity to project and solidify a strong “tone from the top.” Leadership should consider messages to remind all employees (regardless of seniority) of their ethical and legal obligations, and of the serious consequences if the company’s policies are not followed, even in times of business disruption.
Companies may also consider making job-specific communications to employees whose job functions entail heightened FCPA risk, such as salespeople who interact with customers, or “gatekeeper” roles like those who review financial transactions.
Increased Diligence and Oversight
The DOJ and other U.S. enforcement agencies generally expect companies to apply “risk-based” due diligence to their third-party relationships. Given the heightened risks associated with the current climate, particularly for government-facing industries, management may consider appropriately tailoring their third-party diligence processes to identify risks and red flags before violations occur.
Likewise, compliance personnel should be given sufficient seniority, autonomy, and resources to effectively prevent and detect misconduct within the company. As noted above, times of crisis are also times of risk from a compliance perspective. Companies should consider whether their current oversight functions are adequately equipped.
Risk assessments that are regularly reviewed and updated are a key part of any sophisticated compliance program. As changes impact companies’ operations, customer base, or business prospects, their risk profile also changes. Companies should consider recent changes to determine whether their risk assessments are up to date or whether changes to company policies or resource allocation might be warranted.
Renewed anti-corruption training for targeted audiences (e.g., those interacting with government officials) can help ensure that employees (a) can recognize unethical and potentially unlawful behavior and (b) are comfortable and familiar with the avenues for reporting suspected FCPA violations.
These are unprecedented times, with governments and companies alike grappling with how to address the unique challenges posed by COVID-19. In times of crisis, it is especially important for companies to foster a culture of compliance and take active steps to detect and mitigate risks before violations occur. There is no one-size-fits-all approach, but the best practices discussed can serve as a helpful starting point.
For more detailed guidance or assistance, please contact your usual Linklaters contacts or the authors of this article.