||Whether and when non-U.S. companies are subject to the U.S. Foreign Corrupt Practices Act ("FCPA") is a question that has vexed executives and their lawyers since the statute was enacted some four decades ago. Recently, the U.S. Department of Justice ("DOJ") and Securities and Exchange Commission ("SEC") released a 120-page Resource Guide (the "Guide"), which provides a number of clarifications on the FCPA’s application to non-U.S. companies. In practice, U.S. authorities can more often than not find a jurisdictional "hook" allowing them to pursue an anti-bribery enforcement action, as evidenced by the numerous FCPA cases brought against non-U.S. companies. Furthermore, recent SEC matters involving foreign nationals illustrate the broad interpretation by U.S. authorities of the scope of conduct sufficient to establish personal jurisdiction in the civil context. |
Jurisdictional Reach of the FCPA
The anti-bribery provisions of the FCPA apply to U.S. issuers (i.e., publicly-traded companies required to file reports with the SEC), domestic concerns (a U.S. citizen, resident, or national, or any company organized under the laws of a U.S. territory or having a principal place of business in the U.S.), and foreign nationals and entities who violate the FCPA while in the territory of the U.S. In any FCPA enforcement action, the government must establish that the alleged conduct meets one of several jurisdictional bases contained in the statute.
Jurisdictional Predicates under the FCPA
In order to comprehend the reach of the FCPA's anti-bribery provisions, it is vital to understand the two primary bases for jurisdiction under the FCPA. The first basis is a form of nationality jurisdiction, which provides for jurisdiction over acts by issuers organized under U.S. law and domestic concerns regardless of where they take place. Prior to the 1998 amendments to the FCPA, the government had to prove that the issuer or domestic concern used a means or instrumentality of interstate commerce (e.g., telephone/fax lines, mail, email, wire transfer) in furtherance of a violation. To conform with the Organization for Economic Cooperation and Development (“OECD”) Convention on Combating Bribery, the interstate commerce requirement was eliminated for issuers and domestic concerns in 1998, collapsing the jurisdictional predicate down to a company’s status as an issuer organized under U.S. law or a domestic concern. Nevertheless, U.S. authorities must still demonstrate the use of a means or instrumentality of interstate commerce in the case of a non-U.S. agent of a U.S. issuer or domestic concern, such as a foreign subsidiary or an issuer organized under foreign laws.
The second principal basis for jurisdiction is territorial jurisdiction, which provides for jurisdiction when a foreign national or entity uses a means or instrumentality of interstate commerce, or commits an act in furtherance of a violation, while in the territory of the U.S. This basis for jurisdiction was introduced in the 1998 amendments to the FCPA, and greatly expanded the jurisdiction of U.S. authorities to prosecute non-U.S. companies and nationals. In contrast to the nationality jurisdiction provisions of the FCPA relating to issuers and domestic concerns, this provision expressly requires that the use of the mails or means of interstate commerce or some other act in furtherance of an improper payment take place while the foreign person or entity is in the territory of the U.S. According to the Guide, the DOJ and SEC maintain that the requisite territorial nexus is satisfied if an agent commits an act in furtherance of an improper payment in the U.S., even if the non-U.S. company itself takes no action in U.S. territory.
The expansive approach to jurisdiction underlying FCPA enforcement has not abated. In the past, FCPA enforcement actions were typically brought against corporate defendants that were either issuers or domestic concerns. In recent years, however, U.S. authorities have increasingly investigated and prosecuted foreign persons and entities using more attenuated bases of jurisdiction, including minimal acts in furtherance of a corrupt payment having taken place in the U.S., aiding and abetting a violation of the FCPA, and participation in a conspiracy to violate the FCPA.
Jurisdiction Based on Acts Committed on U.S. “Territory”
As stated above, a non-U.S. person or company may face liability under the FCPA for using U.S. mails or emails that touch a U.S.-based server, or taking some other act in furtherance of an improper payment while in the territory of the U.S. In practice, U.S. authorities have asserted in numerous precedents that any action undertaken by a foreign company abroad that causes something to be done in the U.S. (e.g., wire transfer, phone call, correspondent banking transaction) is sufficient for establishing jurisdiction, no matter how minimal the nexus of the U.S. conduct. In this context, U.S. authorities seem intent on pushing the jurisdictional bounds of the FCPA, and the link between the behavior in question and U.S. territory is becoming increasingly tenuous.
One example of the extraterritorial application of the FCPA is the DOJ’s criminal enforcement actions brought against three non-U.S. subsidiaries of Siemens. The prosecutions appear to have been based on conduct only loosely connected to the U.S., including the employment of a U.S. agent, the use of U.S. bank accounts, and the use of U.S. mails and telephone lines. Such conduct may be viewed as satisfying the traditional interstate commerce requirement, which is one of the elements on which territorial jurisdiction may be based under the FCPA. What is less clear is whether, if tested in litigation, this conduct could withstand a challenge to the requirement that a company or individual acted while in the territory of the U.S.
Another example is the prosecution of individuals related to TSKJ, a Nigerian joint venture formed by Technip, Snamproghetti Netherlands, Kellogg Brown & Root ("KBR"), and JGC Corp. The DOJ and SEC charged that KBR executives acted in furtherance of the bribery scheme within and outside the territory of the U.S., which is more than sufficient to establish jurisdiction. In each of the charged financial transactions, the funds in question were transferred from a bank account in Amsterdam to agents' accounts in Japan, Monaco, or Switzerland. The pleadings did not allege that any of the relevant banks were located in the U.S. or that funds were held at U.S. banks; instead, the sole alleged jurisdictional connection for the substantive FCPA counts was that the transfers were denominated in U.S. dollars and therefore were transferred "via a correspondent bank account in New York, New York."
Aiding and Abetting and Agency Theories
U.S. authorities have also stretched the notion of jurisdiction under the FCPA by employing the theory of aiding and abetting liability. The Guide states that a "foreign national or company may . . . be liable under the FCPA if it aids and abets, conspires with, or acts as an agent of an issuer or domestic concern, regardless of whether the foreign national or company itself takes any action in the United States."
The SEC ploughed new precedential ground when it charged Panalpina, Inc., a U.S.-based company that was neither a U.S. issuer nor part of a U.S.-listed foreign company. The case marked the first instance of the SEC asserting jurisdiction over a non-issuer company that was not a subsidiary of an issuer. The SEC based its assertion of jurisdiction over Panalpina on the fact that the company was an agent of issuer clients and aided and abetted FCPA violations committed by those clients. In addition to this theory of liability, the SEC also charged Panalpina with primary liability under the FCPA as a result of its actions as an agent for certain of its issuer-customers.
Conspiracy can also be used to establish FCPA jurisdiction over companies or individuals. Under U.S. law, each co-conspirator is liable for all of the foreseeable acts in furtherance of the conspiracy by every other conspirator. If U.S. authorities can establish jurisdiction over one conspirator, they have jurisdiction over all members of the conspiracy, regardless the location of the latter members. This concept has been applied in several recent FCPA enforcement actions, including one against Alcatel, where several non-U.S. subsidiaries were charged with conspiracy to violate the FCPA, and the DOJ alleged that “at least one of the co-conspirators committed or caused to be committed” various acts in the U.S. In support, the DOJ cited meetings, emails, and phone calls that Alcatel personnel had with individuals in Miami, Florida. They also detailed a series of wire transfers that included payments made from U.S. bank accounts and payments made from foreign accounts routed through U.S. correspondent accounts.
Personal Jurisdiction in Civil Actions
In order to bring a civil enforcement action, the SEC must establish personal jurisdiction over a corporate or individual defendant. Personal jurisdiction is typically not an issue when defendants are U.S. residents or companies organized or operating in the U.S. In the case of foreign individuals and corporations, however, it may be more difficult to demonstrate that personal jurisdiction exists.
The touchstone of personal jurisdiction is “minimum contacts,” which in the federal context means contacts with the U.S. as a whole. A court will find that a defendant has the requisite minimum contacts with the U.S. if (i) the claim against the defendant arises out of or relates to those contacts and (ii) the defendant deliberately took advantage of the opportunity to do business in the U.S. If a defendant’s conduct meets that standard, a court will likely find that it has personal jurisdiction unless the defendant can show that doing so would be unreasonable (e.g., due to an undue burden on the defendant, or the interests of a different forum).
Two recent civil FCPA actions against individual defendants tested the question of personal jurisdiction and provide useful insight into the broad view of jurisdiction held by U.S. enforcement authorities and the judicial limitations on that view.
The court in SEC v. Straub et al. denied the defendants’ motion to dismiss for lack of personal jurisdiction, finding that, if the SEC’s factual assertions proved true, the court would have personal jurisdiction over the defendants. The judge noted that the defendants made false statements regarding disposition of the assets of their company – Magyar Telekom – that were being used in furtherance of the alleged bribery scheme. These false statements were then incorporated into the books and SEC filings of Magyar's parent company, Deutsche Telekom. Even though the bribery scheme occurred predominantly in a different country, the defendants engaged in conduct designed to violate U.S. securities laws. The judge specifically stressed that the defendants’ concealment of the scheme from auditors and superiors – while knowing that false information would be provided to prospective U.S. investors – would be sufficient to assert personal jurisdiction.
In SEC v. Sharef, the court ruled that it did not have personal jurisdiction over one of the defendants – all former Siemens executives – because the defendant lacked sufficient “minimum contacts” to the U.S. Similar to Magyar, in the Siemens case, a local bribe scheme in Argentina was inaccurately incorporated into the company’s books and SEC filings, and participants in the scheme filed Sarbanes-Oxley certifications that they knew were false. One defendant, Herbert Steffen, had a less significant role, and merely pressured one of the other defendants to authorize the bribes to Argentinian officials. The SEC argued that Steffen’s promotion of the bribery scheme proximately caused the false filings with the SEC (a claim to which the judge responded skeptically).
The judge ruled, however, that even assuming Steffen’s actions proximately caused the false filings, his actions were “far too attenuated from the resulting harm” to constitute minimum contacts. The judge cited Straub approvingly but distinguished the facts by emphasizing that Steffen’s actions were not directed at deceiving U.S. shareholders, and that he did not authorize the bribe, direct the cover-up, or play any role in the falsified filings. The judge reasoned that minimum contacts may not arise merely from illegal conduct that ultimately has an effect on SEC filings -- or else every participant in unlawful conduct by a foreign issuer would be subject to the jurisdiction of U.S. courts.
The Straub and Sharef cases are instructive on personal jurisdiction in the FCPA context. First, they underscore how far personal jurisdiction can extend for issuers in civil enforcement actions. Both cases strongly suggest that potential wrongdoing by anyone who signs the certifications required under Section 302 of Sarbanes-Oxley could act as a “trigger” to personal jurisdiction. Second, these cases – particularly Sharef – reveal the SEC’s internal thinking on the extent of its power to reach foreign individuals and entities. The SEC’s position appears to be that any involvement in a bribery scheme that affects an issuer falls within the agency’s enforcement authority. Despite losing the argument in Sharef, the SEC will likely continue to adhere to this position.
Foreign companies and individuals attempting to evaluate their level of exposure under the FCPA should proceed under the assumption that U.S. authorities will more often than not pursue an expansive jurisdictional theory in pursuit of an enforcement action. Moreover, the investigative tools available to the DOJ and SEC, coupled with the substantial litigation risk for target companies and individuals, enable authorities to place pressure on foreign companies before the issue of jurisdiction is ever raised. As the cases described above indicate, the fact development that occurs during the investigative stage typically yields an evidentiary basis for pursuing charges against a company using multiple legal theories other than (or in addition to) substantive FCPA charges.
Most foreign companies concerned about the FCPA likely face similar anti-bribery laws in their home countries, albeit with a lower level of enforcement activity. While a company should evaluate home jurisdiction conditions when calibrating the appropriate degree of action to take in order to minimize FCPA risks, the strategy should be one that proactively addresses and mitigates corruption risks rather than attempting to categorically avoid U.S. jurisdiction.
Douglas Tween is a Partner in the New York office. Jerome Tomas is a Partner in the Chicago office. Joseph Rindone is an Associate in the New York office.