What exactly does the U.S. Foreign Corrupt Practices Act (FCPA) have to do with growing a business or preparing for an M&A transaction? If your company is the acquirer in an M&A transaction, and the target’s business involves international markets, FCPA due diligence should be just as important as reviewing a target’s financial condition and customer base. If you plan to exit your business, and your business interfaces with international markets, then expect a knowledgeable buyer to conduct FCPA diligence on you. For those not versed in the FCPA, there are five common reactions to its provisions:

1. “I get the point that one cannot give a cash bribe to a senior foreign official, like a minister of trade.”
2. “The only companies I ever read about getting in trouble are the really huge multinationals. My company is not in that league and the likelihood of us being caught is remote, so why bother?”
3. “If you want to do business in many foreign countries, you must ‘play the game.’”
4. “There is no reason for our company to expend resources to deal with a problem we do not have. If we have a violation, we just pay the fine and move on; how bad can it be?”
5. “My business is located overseas. I do not even have an office in the United States, so I do not need to worry about a U.S. law. And how could the U.S. enforce it against me anyway?”

While those reactions are common, they are also all wrong. How bad can it be? The answer can be as bad as putting a company out of business, ruining the opportunity for a lucrative M&A exit and, in extreme cases, prison time for the persons involved.

1. How far does the FCPA’s jurisdiction go?

The first step in appreciating the impact of the FCPA is to realize that it is far broader than its name implies. The FCPA is like a spider’s web, in that you can be caught in it before you know it. A violation can occur even if the intended corrupt action never takes place. Of course, passing a suitcase full of money to a foreign minister of trade is an obvious violation, but that is just the tip of the iceberg. And, like an iceberg, the majority of potential violations are not at all obvious.

In general, the FCPA prohibits offering to pay, paying, promising to pay, or authorizing the payment of money or anything of value to a foreign official to influence any act or decision of the foreign official in his or her official capacity, or to secure any other improper advantage to obtain or retain business.

In plain English, this means the following:

• An offer, promise, or authorization of payment is enough to trigger a violation – an actual payment is not necessary.
• It need not be money. Anything of value is implicated.
• Even a fairly low-level employee can be a “government official” under the FCPA
• Your company could be liable for the conduct of a third-party contractor (think consultant, agent or distributor).
• The statutory phrase “any improper advantage in order to obtain or retain business” is very broad.

Consider this hypothetical scenario:

Your company is growing and sells its products to health care providers. Expanding into eastern Europe, your company retains a European representative as an independent contractor. He has a reputation for opening doors and making sales. The representative says he has a chance to get your products purchased by a hospital in Poland, but he needs to make an impression on one of the purchasing agents for the hospital. The agent mentions that she has never been to New York City and would, one day, like to see the Statue of Liberty and enjoy a Broadway play.

Your representative thinks that inviting the purchasing agent for a four-day “social” trip might just get the attention needed from the purchasing agent. The weekend will cost $5,000, which your representative will expect to be reimbursed as a marketing expense. One of your middle management employees with the authority to approve expenses up to this amount agrees this is a prudent marketing investment and gives permission for the representative to extend the invitation. However, before any money is spent, the purchasing agent has a family emergency and the intended trip never happens. Even though your middle management employee never learned the name of the purchasing agent, or even of the hospital where she worked, a violation of the FCPA has almost certainly occurred. Why?

There was an offer extended to the hospital purchasing agent for the trip to the United States that clearly had no purpose other than to garner favor with the purchasing agent. While paying for travel can be proper under the FCPA, there has to be a permissible business reason and the payments have to be handled properly. For example, rather than the purchasing agent, if physicians were brought to the U.S. for clinical training on the use of the medical devices, then reasonable expenses paid directly to the airline and hotel might well be proper. But not expenses for their spouses to accompany them.

The FCPA covers “anything of value,” and is extremely broad on this point. Such a trip would qualify. Even things that are only indirectly “of value” can fall within the scope. For example, offering a job to a child of a government official has triggered liability to several companies recently. That is not to say that a child of a government official can never be hired, but it needs to be done in a demonstrably appropriate way. Similarly, making contributions to a charity to which the government official or his or her spouse is connected can also trigger an investigation, especially if some recognition or other benefit to the official or spouse results. Likewise, making or offering to make collateral purchases from a company in which the government official has an economic interest can be a trigger event.

The term “government official” can be misleading. In our hypothetical scenario, we referred to the purchasing agent of a hospital. But in many countries, hospitals are owned or controlled by the government. Under the FCPA, almost every employee of an organization owned or controlled by the government (known in FCPA parlance as a “state owned enterprise”) is considered a “government official.” This warrants particular caution because companies that appear to be private (meaning non-governmental) may have government agencies as either direct or indirect owners, with the resulting ability to control the affairs of the company. So, absent due diligence, it is not always obvious what is a “state owned enterprise.” Most importantly: know who you are dealing with.

FCPA enforcement cases are replete with examples of companies being tagged with FCPA violations for the acts of their independent contractors. The idea that a company can outsource FCPA exposure by only using independent contractors is an illusion.

“[A]ny improper advantage to obtain or retain business” is also extraordinarily broad. It can encompass not only making a sale or extending an existing contract, but also such things as tariff reductions, getting goods through customs, securing a building permit, being selected for inclusion on an approved vendor list and being provided information not otherwise available to bidders. In short, if it results in your company getting an edge on the competition, and is something other than an opportunity that is transparent and generally available on the proverbial “level playing field,” then it merits further consideration.

2. My company is strictly overseas? Why should I be concerned about U.S. law?

The United States government can and has asserted near global jurisdiction for FCPA violations on even the slightest connection to the United States. It can be as little as funds routed through the U.S. banking system or use of computer servers located in the United States. Consider a scenario in which a payment was made through two European banks located only a short geographic distance apart. The two banks had no direct correspondent relationship, but each had a U.S. correspondent relationship. Unknown to the payor and recipient, the funds passed through the U.S. correspondent bank. That happenstance may be enough to invoke U.S. jurisdiction. Emails and other electronic traffic passing through U.S. servers may be sufficient as well.

It is often very difficult to know how money and electronic traffic actually move, and it is no defense to jurisdiction that no one was aware of the U.S. connection. Through various international treaties and other arrangements, the U.S. government cooperates with international enforcement agencies and overseas extradition to the U.S. has occurred. If your company seeks to do business with U.S. enterprises as a customer, an investor, a borrower or a potential acquirer, you should assume that a knowledgeable U.S. party will expect to see demonstrable and effective FCPA compliance.

While beyond the scope of this article, the Foreign Corrupt Practices Act is not the only anti-corruption body of law. The Serious Fraud Office in the United  Kingdom enforces the U.K. Bribery Act. The United Nations has the United Nations Convention Against Corruption with 140 nations as signatories. The OECD (Organization for Economic Co-Operation and Development) Anti-Bribery Convention has been adopted by 34 member countries and six non-member countries. It criminalizes bribery of foreign officials in international business transactions. Compliance with the FCPA can go a long way toward achieving compliance with these other international anti-corruption laws.

3. Who enforces the FCPA?

The FCPA is enforced in a dual-track way. In all cases, the United States Department of Justice (DOJ) is an enforcement arm, both for civil and criminal violations. If the alleged offending company either has issued securities registered with the U.S. Securities and Exchange Commission (SEC) or has SEC filing obligations (an example being an overseas company whose equity or debt securities are traded on a U.S. exchange), then the SEC considers such company an “issuer” and the SEC also enforces the FCPA through its bookkeeping and internal-controls requirements. In short, the FCPA accounting provisions impose requirements on issuers to make and keep accurate books and records, and to maintain and devise a system of internal accounting controls. Obviously, there is not a line item on a company’s financial statement for “prohibited payments” or the like, so the SEC makes its case by looking at payments that were buried in other categories or that do not reflect accurately the amount and purpose of  the expenses. Examples are travel and entertainment, marketing expenses or third-party commissions.

4. What are the implications to business transactions?

If you deal with a company that has an active FCPA compliance program, it will likely have FCPA compliance provisions in the contracts that your company will be asked to sign as a condition of doing business. Depending on the business at hand, the company may go even further, by requiring an FCPA compliance questionnaire to be completed. Many contracts, including M&A transaction documents, lending agreements, government tender requirements, vendor and supplier agreements, and the like, have representations, warranties or covenants mandating compliance with applicable law. This will include compliance with the FCPA even if not specifically mentioned. Thus, a company’s FCPA violation triggers a breach, thereby entitling the other party to its remedies for breach, often including indemnification. In addition to monetary damages, remedies could include cancelling financing facilities, which can trigger an immediate repayment obligation, terminate purchases of products, terminate the closing obligation  in an M&A transaction, and in governmental scenarios, trigger debarment. Debarment excludes the offending company from an entire line of business opportunities for a substantial period of time. In some scenarios, a violation can even initiate a domino effect that can threaten the existence of the company.

5. What should be done?

Because the overwhelming majority of FCPA enforcement cases settle (and those that do settle often include multi-million dollar sums between the costs of investigation, disgorgement and penalties), there is a lack of meaningful judicial guidance on just how much is enough in terms of an effective FCPA compliance program, leaving the DOJ with considerable latitude in determining how much it thinks is enough. A midsize company likely could not afford the type of compliance programs implemented by Fortune 500 companies. But avoiding the topic is definitely not the right answer. The prudent course is to seek legal guidance on assessing the FCPA risk to your company, and devising and implementing an ongoing compliance program that is economically realistic and designed to prevent violations.