The U.S. Department of Justice is increasing enforcement of the Foreign Corrupt Practices Act and raising the potential exposure for companies entering global markets.
While most D&O policies cover costs related to formal FCPA proceedings against individual executives once an indictment is issued, they don’t cover the costs associated with investigations of the company itself.
As the Justice Department steps up its investigations, many companies could find themselves on the hook for tens of millions of dollars in expenses simply to comply with such inquiries.
Experts say while there are riders, endorsements and stand-alone policies to expand FCPA-related coverage, they come at a high cost and still leave the doors open to liabilities.
In addition to strategic and customized coverage, they say the best way to mitigate FPCA liabilities is to understand the boundaries of the law, carefully vet vendors and agents, and develop a strong compliance program.
The Foreign Corrupt Practices Act was enacted in 1977 and makes it unlawful for certain persons and entities to make payments to foreign government officials to obtain or retain business. For public companies, another component of the act is that issuers whose securities are traded in the U.S. must maintain accurate records and books.
D&O specialist Peter Taffae, managing director of ExecutivePerils Inc. in Los Angeles, said while the act has been on the books for decades, there has recently been an uptick in investigations.
According to the Justice Department’s website, only two FCPA cases were settled in 2015, down from 10 cases in 2014 and nine in 2013. While the government is bringing fewer cases for indictment, it does appear to be increasing the frequency of its investigations.
As an indicator, the DOJ’s Foreign Corrupt Practices Act Unit is adding 10 new prosecutors to go after “high impact” cases.
“It’s still a developing area of the law where the authorities may be holding the company liable for the actions of their third-party vendors.” — Kristin Kraeger, managing director, Aon
“They’re certainly becoming more assertive. I think some of that arises out of the sub-prime crisis where the perception was that the government was lackadaisical in their regulatory enforcement,” said Taffae.
Even without an indictment, companies can still face significant risks. It’s easy to run afoul of the FCPA, and the cost of those investigations can be substantial, said Machua Millett, managing director of the FINPRO practice at Marsh in Boston.
Millett said companies can easily find themselves exposed to potential FCPA violations because the DOJ is holding companies accountable for “absolute liability” of their vendors’ actions, even when they’ve been properly vetted.
He also noted that in many countries, it can be hard to determine who is a government official. The SEC and the DOJ can define that designation in “very broad terms.”
“In some places, like Brazil, India and China, pretty much anyone you interact with can be treated as a government official based on being employed at least partly by a government-owned corporation,” he said.
Kristin Kraeger, managing director of Aon Risk Solutions’ financial services group in Boston, said more companies are opening themselves up to FCPA violation risk by using vendors and third parties as a rapid “go to market” strategy in emerging markets.
“And just by establishing distribution chains through vendors, they’re potentially creating liabilities for themselves [under the FCPA],” said Kraeger.
Kraeger specializes in D&O policies for Fortune 500 accounts and said even with due diligence, no company is truly immune from the risk.
Hewlitt-Packard was charged by the SEC in April 2014 when its subsidiaries in Russia, Poland and Mexico made improper payments to government officials to retain contracts.
The company agreed to pay $108 million to settle the SEC’s charges that they “lacked the internal controls to stop a pattern of illegal payments to win business in Mexico and Eastern Europe.”
Major companies such as Deere & Co., 3M, Wal-Mart, Tyco, Pfizer, Kraft (now the Kraft Heinz Co.) and Morgan Stanley reported in SEC filings that they are targets of FCPA-related investigations.
“It’s still a developing area of the law where the authorities may be holding the company liable for the actions of their third-party vendors,” said Kraeger.
Limited Coverage for Companies
Companies wishing to insure themselves against FCPA violation risks may have significant gaps in coverage.
Investigations by the SEC usually start in an informal manner, said Kraeger. She said D&O policies typically aren’t triggered until there’s an indictment and the investigation moves into the formal phase.
New insurance products now offer limited coverage for “pre-claim” inquiries but that is only for individuals who are specifically identified as a target of an investigation.
David McMahon, managing partner of Barger & Wolen in San Francisco, said there are reports of investigations requiring the services of up to 85 individual attorneys.
Because of this, McMahon said a key aspect of the general counsel’s litigation management arsenal is the company’s insurance program but “ultimately, neither entity D&O nor FCPA-specific policies provide complete protection.”
Investigation coverage is very limited for the entities under standard “off the shelf” D&O policies, said Rob Yellen, executive vice president, FINEX NA at Willis Towers Watson in New York.
Yellen said co-defendant investigation coverage can be added by endorsement for additional premiums of 15 percent to 20 percent. While that would broaden FCPA coverage, he said it would only be effective if there is also a private securities claim pending.
Coverage that is granted for internal investigations of FCPA-based claims is generally sub-limited at $250,000.
“Some carriers also have stand-alone investigation products, but they don’t sell a big quantity of them because of price. Clients tend to self insure [for investigations] and do other things to mitigate risk,” said Yellen.
Despite numerous options to fill gaps in coverage for FCPA risks, many policies can have significant differences in how they work, said Wallace Dietz, chair of the compliance and government investigations group at Bass, Berry & Sims PLC in Nashville, Tenn.
“Making sure exactly what’s covered and what triggers the policy is something risk managers should carefully look at,” Dietz said.
Risk and Compliance
Since companies can’t entirely close the coverage gap, a strong compliance program remains the best way to reduce risk of FCPA exposure.
In 2012, the DOJ released “A Resource Guide to the U.S. Foreign Corrupt Practices Act.” The guide said while the DOJ and SEC have no specific requirements for what constitutes a good compliance program, it should have a few basic hallmarks.
These include a demonstrated commitment from senior management and a clearly articulated policy that discourages corruption. There should also be a code of conduct with compliance policies and procedures along with a demonstration of comprehensive risk assessment and due diligence on all third-party agents.
A compliance program should also have incentives and disciplinary measures and apply from the “boardroom to the supply room.” The program, it said, should be “well-designed,” “applied in good faith” and “work.”
Justice Department spokesperson Peter Carr told the “Wall Street Journal” in October 2015 that while indictments are down, “our investigations of FCPA cases are as robust as ever, and the resources we dedicate to FCPA cases continue to grow.”
Marsh’s Millett said it’s not entirely clear how the SEC and DOJ are prioritizing investigations. But he said it’s certain that FCPA enforcement will increase.
“It’s an important time to revisit your coverage and compliance programs if you’re expanding internationally,” said Millett.