Asia Pacific: How U.S. FCPA And U.K. Bribery Act Impact Financial Institutions In The Asia Pacific Region

Why Should Financial Institutions, Hedge Funds And Private Equity Firms In The Asia Pacific Region Be Concerned About These Regulations

In recent years, compliance risks associated with the U.S. Foreign Corrupt Practices Act (“FCPA“) and the U.K. Bribery Act (“BA“) have intensified. U.S. regulators have vigorously enforced the anti-bribery provisions of the FCPA across a variety of industry sectors, relating to conduct in a variety of jurisdictions, and have imposed hefty fines and penalties for violations. This risk is particularly acute for the banking, finance and related industry sector in the Asia Pacific (“APAC“) Region for the following reasons:

1. According to the Transparency International Corruption Perception Index 2014,[1] the perception of corruption in many emerging economies in the region remains high. It is well known that in some countries such as China and India, it can be challenging for companies to gain access to investment opportunities without working through local government officials. While lately there has been a significant change in public attitudes and political focus on corruption, the risk is still prevalent.
2. The U.S. Department of Justice (“DOJ“) has declared that the government sees the financial industry as an important target in its enforcement actions. For example, in 2013, the DOJ announced the indictment of two employees of a U.S. broker-dealer, Direct Access Partners, for FCPA violations. In a 2013 press release, the DOJ explicitly described the prosecution as a “wake-up call to anyone in the finance services industry who thinks bribery is the way to get ahead”[2].
3. Both the FCPA and the BA allow for extra-territorial enforcement actions. In the past few years, U.S. enforcement agencies have shown an increasing readiness to extend the jurisdictional reach of the FCPA beyond the U.S. While not as many enforcement actions have been taken under the BA to date, in theory, the BA appears to have an even broader jurisdictional nexus than the FCPA as it covers any act committed globally by a commercial organization that conducts any part of its business in the U.K.

In light of the above, the banking, finance and related industry sector in the APAC region needs to be prepared that any bribery or corruption issues existing in their organizations that were previously undetected may well come within the scrutiny of foreign (as well as domestic) enforcement authorities in the near future. In this article, the author discusses the common scenarios where FCPA or BA related compliance risks may arise and how those risks may be mitigated.

Basic Overview Of The FCPA And The BA

The FCPA consists of two key components, namely, the anti-bribery provisions and the accounting provisions. The anti-bribery provisions broadly apply to U.S.-based persons and businesses (“domestic concerns“), U.S.-listed companies (“issuers“) and foreign persons and businesses acting while in the territory of the U.S., as well as the officers, directors, employees or agents of the aforesaid entities (collectively, “Covered Persons”). The FCPA prohibits Covered Persons from making or offering to make corrupt payments to foreign officials for the purpose of obtaining or retaining business. Financial institutions, hedge funds and private equity houses s not publicly listed in the U.S. may still be caught under the anti-bribery provisions because of their ownership or status as a foreign investment arm of a U.S. issuer. Moreover, the U.S. has used aggressive jurisdictional theories to bring enforcement actions against wholly foreign actors which conduct U.S. dollar wire transfers through correspondent bank accounts on U.S. territory. The accounting provisions impose record-keeping and internal control requirements on U.S. issuers, and prohibit individuals and businesses from knowingly falsifying books and records or knowingly circumventing or failing to implement a system of internal controls. U.S. issuers are also responsible for ensuring that their foreign subsidiaries and joint ventures comply with the accounting provisions. The DOJ and the U.S. Securities and Exchange Commission (“SEC“) have joint enforcement authority under the FCPA and may hold companies and individuals criminally or civilly liable for violations of either component of the FCPA. Under the statute, for each violation of the anti-bribery provisions, companies can be fined up to USD 2m,[3] and individuals can be fined up to USD 250k and imprisoned for up to five years.[4] For each violation of the accounting provisions, companies can be fined up to USD 25m,[5] and individuals can be fined up to USD 5m and imprisoned for up to 20 years.[6] However, these fines can be a fraction of the penalty amounts incurred under the Alternative Fines Act, which permits higher fines of up to twice the benefit that the defendant obtained by making the corrupt payment.[7] Moreover, the SEC may seek the equitable remedy of disgorgement of ill-gotten gains, permitting the agency to obtain the value of any profits obtained through the improper acts. Violations of the FCPA may also lead to other collateral consequences such as suspension or debarment from contracting with the U.S. federal government. Compared with the anti-bribery provisions of the FCPA, the BA contains two important expansions in its statutory scope. First, the BA makes it illegal to bribe or accept a bribe from any individual, be it a public official or an employee of a private company.[8] Second and more significantly, the BA creates a strict liability offence for failure by a company to put in place “adequate procedures” to prevent relevant acts of bribery.[9] This strict liability offence applies not only to U.K. companies with overseas operations but also any overseas company that carries on a business or part of a business in the U.K.[10] The BA sets no limit on the size of fines that may be imposed for each violation. Other potential penalties include up to 10 years of imprisonment for individuals,[11] civil recovery orders, disqualification of the responsible directors and debarment from public contracts.

Risk Scenario Highlights

In the APAC region, FCPA and BA related risks are most likely to arise for financial institutions in the following types of scenario: (1) mergers and acquisitions (“M&A“); (2) dealings with state-owned businesses, whether directly or through third party intermediaries; (3) dealings with Chinese “reverse merger companies”.

M&A Transactions

For financial institutions, hedge funds and private equity firms conducting mergers and acquisitions in high risk but lucrative markets, compliance risks related to the FCPA may easily arise under the principle of successor liability. The DOJ and the SEC have made clear that as a general rule, when a company merges with or acquires another company, the successor company assumes the predecessor company’s liabilities.[12] For example, if a private equity firm acquires a company that had previously violated the FCPA, it could potentially inherit all kinds of civil and criminal liabilities arising from the relevant violations, potentially wiping out the value of the acquisition. The risks may be exacerbated if the problematic conduct of the predecessor company continues post closing of the transaction. In such an event, the new entity may face not only direct liability for the continuing compliance breaches, but if no adequate compliance program is put in place for the successor company after the transaction closure, it may also be guilty of the “failure to prevent” strict liability offence under the BA. Financial institutions, hedge funds and private equity firms should also be aware that they may be liable for the acts of their portfolio companies under the traditional agency principles.[13] An agency relationship will be deemed to exist where an institution exercises sufficient control over its portfolio company. Such control may be established where the relevant institution owns a majority interest in its portfolio company or has practical control through the portfolio company’s board of directors. If an agency relationship is found to exist, the relevant institution may be held liable for the FCPA violations committed by its portfolio company. Liabilities arising from M&A transactions have enormous consequences:

1. extensive costs will be required post closing, for the purpose of investigating and remediating the problems;
2. compliance issues may significantly compromise the value of the merged or newly acquired business. For example, when the acquired business essentially depends on questionable practices;
3. compliance issues may result in an adverse impact on the other business of the acquirer, for example, it may be debarred from contracting with the government/public sector in the future based on the acquired company’s misconduct; and
4. compliance breaches may cause reputational damage to the acquiring entity, which can be both unquantifiable and irreversible.

To mitigate the risks, pre-transaction due diligence is crucial. Proper pre-transaction due diligence can help the acquiring entity understand the corporate culture of the target, identify the compliance risks, determine whether such risks are able to be remediated and also lay the foundation for a smooth post-acquisition integration into the acquiring entity’s corporate control environment. If corrupt acts are discovered as part of the due diligence process, organizations should consider the potential benefits of disclosure to relevant enforcement agencies. Although disclosure often has a variety of unintended consequences, regulators in the U.S. offer the “Opinion Procedure Release” mechanism as a means of obtaining comfort that the agency does not intend to pursue any enforcement action. Depending on the extent of the risks involved, the acquiring entity will need to consider either requiring clean-up as a pre-condition to the closing, incorporating clean-up costs into the deal price or withdrawing from the deal altogether if the risks are too high. If the acquiring entity decides to proceed with the transaction, the following steps could further mitigate risks:

1. Conduct a thorough compliance risk assessment audit after the transaction closure and implement a clean-up program if necessary;
2. Harmonize the compliance programs of both the target and the acquiring entity to make sure the acquiring entity’s compliance policies and procedures apply as quickly as possible to the newly acquired businesses or the merged entities;
3. Provide training to directors, officers, employees and agents on the applicable anti-bribery laws and the company’s compliance policies and procedures;
4. Review the suitability of all intermediaries and business partners from a compliance perspective, conduct due diligence on high risk individuals and/or businesses and adjust the contractual terms and conditions if necessary.

When dealing with a potential U.S. nexus, the DOJ and the SEC have stated that they will give meaningful credit to companies that take the above actions and may also, in appropriate circumstances, decline to bring enforcement actions. They have also clarified that if no U.S. jurisdiction existed prior to the closing, acquisition by a Covered Person would not create liability where none previously existed. However, organizations must exercise caution since this would not prevent U.S. regulators from prosecuting post-acquisition misconduct.

Dealings With State-Owned Businesses

FCPA and BA related risks may also potentially arise when dealing with state-owned businesses. Most typically, such risks may arise in the following two situations: (1) when financial institutions seek to raise capital from foreign state-owned entities such as the Sovereign Wealth Funds (“SWF“) or state-owned pension plans; or (2) when private equity firms or hedge funds acquire interest in state-owned entities, or enter into joint ventures with a foreign government entity. The risks are most likely to arise when seeking to solicit or make these types of investment through offering favours to employees of the relevant state-owned entities. Under the FCPA, “foreign officials” are defined to include officers or employees of a department, agency, or instrumentality of a foreign government. The term “instrumentality” is broadly interpreted and can include state-owned or state-controlled entities. As such, gifts, cash or other travel and entertainment expenses offered to employees of state-owned investment funds or other state-controlled entities may constitute corrupt payments in violation of the FCPA. Under the BA, the risk of violation is irrespective of foreign official affiliation because it prohibits corrupt payments to any individual, regardless of whether he or she is a public official or an employee of a private company. The U.S. enforcement agencies have shown an interest in extending their regulatory scrutiny to dealings between the financial industry and state-owned investors. In 2011, the SEC issued inquiry letters to various banks and private equity firms to review their dealings with foreign SWFs[14]. Although no enforcement actions have yet materialized from these investigations, this should be considered as a signal of the enforcement agencies’ increasing focus on the FCPA compliance practices of the financial industry in their dealings with state-owned entities. Under both the FCPA and the BA, bribes can cover a broad range of unfair benefits that may come in different forms and sizes. While cases often involve monetary payments (often disguised as “commission” or “consultancy fees”), others have involved excessive entertainment expenses, expensive gifts and other things of value such as job opportunities. In one recent case, U.S. enforcement authorities have probed into a financial services firm’s hiring practices in China alleging that the firm hired family members of prominent Chinese officials in order to win business from the government. Such conduct if proved, would likely be a violation of the FCPA. While some financial institutions, hedge funds and private equity firms may deal with foreign state-owned entities directly, many tend to engage local agents or third party intermediaries to help facilitate business transactions in foreign countries. For example, a private investment fund may commonly engage a local placement agent or third party marketer to solicit investments on the fund’s behalf from SWFs or other foreign state-owned investors. In these circumstances, if the third party intermediary makes a corrupt payment to an employee of a foreign state-owned entity, the liability may be imputed to the fund itself. Liability can be found even in circumstances where evidence indicates the fund did not authorize the payment but deliberately ignored the “red flag” indicators that such payment would be made. The following actions should be considered to mitigate compliance risks when dealing with state-owned businesses:

1. Establish clear and easily accessible internal policies and processes on gift-giving by the company’s directors, officers, employees and agents;
2. Be aware of the common “red flags” associated with third party agents such as excessive commissions to third party agents or consultants, third party “consulting agreements” that include only vaguely described services, third party agents that are related to or closely associated with some local foreign officials, and requests from third parties to make payment to offshore bank accounts;[15]
3. Provide periodic training to the company’s directors, officers, employees and agents to ensure that they understand and comply with the FCPA, the BA and local anti-corruption laws;
4. Implement a regular and consistent third party due diligence and compliance monitoring program.

Both the U.S. and the U.K. governments consider an effective compliance program as the key to mitigating bribery risks. In one example, the DOJ declined to prosecute a banking institution for bribery committed by one of its managing directors. In its press release for the case, the DOJ expressly cited the bank’s robust anti-corruption compliance program as the primary basis for the declinations.[16] Another recent example involved the prosecution of an acquired company’s senior management, including the CEO and General Counsel, when the acquiring fund management company acted as an informant for the DOJ. No criminal charges were filed against the company[17]

Dealings With Chinese Reverse Merger Companies

Some recent enforcement actions brought by the SEC show another potential risk area for investment funds and private equity firms when dealing with so-called “reverse merger companies,” Chinese companies listed in the U.S. by way of reverse takeover transactions (“RTO“). In an RTO transaction, a private company gains access to the U.S. capital markets through merging into a shell company already listed on a U.S. stock exchange. Compared to a traditional initial public offering (“IPO“), an RTO transaction enables the private company faster and less expensive public listing, sidestepping the strict financial and regulatory scrutiny usually applied to IPOs. There is an increasing number of China-based companies that use this type of transaction to access the U.S. capital markets. However, the advantages of an RTO transaction (fast, cheap and lack of regulatory oversight) also makes it more susceptible to compliance risks. In particular, by virtue of their listing status in the U.S., these Chinese companies fall under the jurisdiction of the FCPA. As these companies did not go through the same stringent vetting process applied to IPOs, this has contributed to an inherent distrust by the regulators and heightened scrutiny by the enforcement agencies, particularly the SEC. In February 2013, a Chinese company named Keyuan Petrochemicals Inc. (“Keyuan“) became the subject of the first FCPA-related enforcement action against a China-based reverse merger company. Keyuan had a reverse merger with a Nevada shell company that traded on the U.S. exchanges.  Keyuan maintained an off-books account, into which it channelled more than USD 1m to Chinese government officials. The SEC charged Keyuan with violations of the books and records and internal controls provisions under the FCPA, as well as anti-fraud and reporting provisions of other federal securities laws.  Keyuan eventually agreed to pay a USD 1m penalty; it had been delisted from the NASDAQ exchange in October 2011[18]^. In May 2013, another China-based reverse merger issuer, Rino International Corporation and its executives were also charged with FCPA violations.[19] In light of the common compliance deficiencies associated with these reverse merger companies and the SEC’s increased scrutiny over them, financial institutions should be particularly mindful of the FCPA and compliance risks associated with these companies, especially if there are plans for the target’s founders or other executives to remain with the company following the closure of the relevant transaction. Before an investment fund or a private equity firm acquires any interest in a reverse merger company, it is imperative that a thorough due diligence is conducted on the reverse merger company and any necessary clean-up measures are carried out pre-closing so that no pre-existing FCPA liabilities will be assumed by the successor entity.

Five Essential Elements Of An Effective Compliance Program

While the regulatory risks may seem overwhelming at first sight, the risks can be effectively managed with effective compliance measures. On our analysis, regulator expectations for compliance across the globe can be boiled down to five essential elements, which, if incorporated into a financial institution’s compliance program, will satisfy the wide variety of law enforcement expectations. These Five Essential Elements are:

(a) Leadership

A successful compliance program must be built upon a solid foundation of ethical values. To achieve this, it is crucial to have a strong, unambiguous and consistent message from the top and through all levels of management on issues of anti-corruption. Other than having support from senior management, financial institutions, hedge funds and private equity firms should also consider appointing high-ranking compliance officers, who are given the authority and the resources to manage the program day-to-day. Empowering them with independent reporting lines encourages effective oversight. Compliance officers must be directly accountable to those ultimately responsible for corporate conduct, including the Board of Directors.

(b) Risk assessment

As financial institutions, hedge funds and private equity firms increasingly expand their geographic footprint, it is important that they perform a thorough risk assessment of their global operations, especially in emerging markets. Enforcement authorities expect these institutions to have formal processes for assessing compliance risks everywhere they operate and to have a good understanding of the nature of business risks by region, industry and transaction.

(c) Standards and controls

Most global companies now have a code of business conduct. However, to meet the enforcement authorities’ expectations, it is not enough to have a mere summary of the corporate do’s and don’ts. Financial institutions, hedge funds and private equity firms should establish and disseminate much more detailed written policies, standards and procedures which are formulated by reference to their specific risk profile. For example, a private equity firm cannot just state that their placement agents are prohibited from paying bribes. There must be clearly articulated protocols for screening their local agents for criminal backgrounds, financial stability and improper associations with government agencies, as well as ensuring they receive proper training, as discussed below.

(d) Training and Communication

A compliance program is only effective if it is well understood and implemented by the institution’s officers, employees, agents, business partners and portfolio companies. While there is no one-size-fits-all approach to training, financial institutions, hedge funds and private equity firms may consider using a combination of live training, webinars, video conferencing, online testing and other means to educate various parties on the relevant anti-corruption rules and corporate code of conduct. It is also important that the training content and method of delivery are adjusted by reference to the different audience groups. In practice, bringing together key stakeholders in small, discussion oriented groups encourages effective and open communications amongst the organization, ensuring that compliance is “owned” by all parties.

(e) Monitoring, Auditing And Response

 After all the compliance controls have been put in place and communicated to the appropriated audience, the question remains whether the workforce is actually complying. Implementing an effective monitoring program is therefore a critical element of corporate compliance both for the organization and its third parties. Financial institutions, hedge funds and private equity firms should also take decisive actions against any employee or intermediary who violates a compliance policy and/or anti-bribery laws while conducting work on behalf of the institution as part of a proper response. While each financial institution, hedge fund and private equity firm may have their own unique concerns and organizational challenges when devising their corporate compliance programs, the above elements will serve to address the most common compliance pitfalls, and should assist in mitigating the risks of costly prosecutions by enforcement authorities. By Mini vandePol, Amanda Xi and Peter Andres (Baker & McKenzie Hong Kong) This article was first published on Conventus law.