The United States - Foreign Corrupt Practices Act (FCPA) might appear clear-cut on the surface. It prohibits bribes offered by Americans—individuals, companies, or even those within U.S. borders—to foreign officials for business gains. Think gifts, favors, donations, job offers–anything of value that might curry favor. Plus, for U.S. publicly traded companies, it mandates proper internal controls and financial record-keeping. Sounds straightforward, right?

But the devil, as they say, is in the details. Expansive interpretation of key terms muddies the waters of compliance - that "anything of value" could be a simple courtesy, not just a blatant bribe. Furthermore, a "foreign official" isn't just a high-ranking politician; it could be anyone representing a separate nation state, even an employee of a public airline or telecom company. "Business advantage" goes beyond snagging new contracts—it also includes securing existing ones or steering business to someone else. Moreover, violations can happen directly through an improper payment or indirectly through a third-party representative.

It's a tightrope walk, and the government walks it with both precision and bite. This is all the more evident from the seemingly small number of FCPA cases prosecuted this year, yet there are large fines that have been imposed on the judgment debtors. Some of the significant FCPA actions this year include:

• Koninklijke Philips N.V. (Philips), the esteemed Dutch healthcare technology giant listed on the New York Stock Exchange, faced regulatory scrutiny in May 2023.

  The issue? Allegations of improper conduct by its subsidiaries in China and Hong Kong regarding internal controls and accounting practices. The Securities and Exchange Commission (SEC) took a firm stance, leading to a $62 million settlement. This settlement followed a prior 2013 FCPA enforcement action related to Philips' conduct in Poland. As part of the settlement, Philips agreed to remedial measures, including a two-year probationary period. During this period, the company will submit annual reports to the SEC detailing its efforts to strengthen compliance measures. These reports will focus on key areas like due diligence on third-party partners, comprehensive FCPA training for employees, and rigorous testing of internal controls, including data analysis and compliance monitoring.

• Global industrial giant 3M paid over $6.5 million to settle charges with the SEC regarding internal control and record-keeping issues linked to FCPA.

  The issue? It stemmed from allegations against 3M's Chinese subsidiary. They were accused of arranging overseas conferences, educational events, and facility visits for employees of state-owned healthcare facilities. However, the SEC claimed these trips often served as a mere cover for lavish tourist vacations for Chinese government officials, with luxury activities added to the official agenda.

  According to the SEC, 3M China funneled nearly $1 million to fund at least 24 of these "education-plus-tourism" trips. The company's China team submitted seemingly legitimate itineraries to the compliance department while secretly collaborating with travel agents to create alternative itineraries packed with sightseeing and non-work activities around the event locations.

  This deceptive practice, deemed a violation of the FCPA's internal control and record-keeping regulations by the SEC, prompted 3M to opt for the $6.5 million settlement to avoid further legal and reputational consequences.

• Swedish telecommunications giant Ericsson faced fresh challenges in March 2023, not from new misconduct, but from a breach of trust stemming from its 2019 Deferred Prosecution Agreement (DPA) with the US Department of Justice (DOJ).

  The issue? In 2019, the DPA that was signed resolved a widespread bribery scandal involving officials in China, Djibouti, Indonesia, Kuwait, and Vietnam. Ericsson agreed to pay over $1 billion in combined fines to the DOJ and SEC, and committed to comprehensive compliance reforms as mentioned under the DPA.

  However, in March 2023, the DOJ accused Ericsson of breaching critical terms of the DPA and failing to fully cooperate and disclose information related to potential current and past FCPA violations. Ericsson ultimately pleaded guilty to both the original conspiracy charges of violating the FCPA's anti-bribery provisions and a new charge of conspiring to undermine its internal controls.

  The $206 million fine imposed by the DOJ signaled its seriousness in addressing non-compliance with DPA arrangements. To emphasize the need for ongoing reform, Ericsson's compliance monitoring, initially mandated in 2019, will remain in place until June 2024.

Takeaways

First off, due diligence on third-party representatives is critical. Whether agents, consultants, distributors, or otherwise titled, any party acting on your behalf can expose your company to FCPA liability. Therefore, vetting is crucial before entering into a contract, and continuous monitoring is vital throughout the relationship.

Secondly, just agreeing to remedial measures in settlements or audits isn't enough - they must be implemented. Company managers bear the responsibility to drive these corrective actions, especially for organizations with prior FCPA violations. Cases like Ericsson and Philips highlight the consequences of incomplete compliance efforts.

Thirdly, the FCPA's provisions regarding books and records permit the SEC to prosecute issuers even without anti-bribery violations.

Lastly, businesses should take note of the DOJ pilot program announced in March 2023. This program mandates organizations to attempt recovering compensation from individual wrongdoers involved in misconduct.