Newsletter - June 2010

In recent years, United States Department of Justice (DOJ) prosecutions and Securities and Exchange Commission (SEC) civil enforcement actions against US companies and their employees for violations of the Foreign Corrupt Practices Act (FCPA) have been at the forefront of international investigative actions. However, in an era of increased globalized trade, anti-bribery conventions, international law enforcement cooperation, and corporate governance reform, non-US companies and their employees also now face the long-arm jurisdiction of the United States under the FCPA and other laws. Accordingly, US and non-US companies and individuals must be aware of US laws and take action to mitigate the risk of being investigated and charged by US authorities.

Recent Examples

Perhaps the most high-profile prosecution of a foreign corporation was that of UK company BAE Systems PLC (BAE), which pleaded guilty in March 2010 to one count of conspiring to defraud the United States by making false statements regarding its FCPA compliance program. Specifically, BAE admitted that, between 2000 and 2002, it represented to various US agencies that it would create and implement policies and procedures to ensure the company's compliance with the FCPA but it failed to do so. As part of the plea, BAE was fined US$400 million and agreed to a number of ongoing compliance measures. The deal was part of a global settlement with the UK's Serious Fraud Office, in which BAE also pleaded guilty to a UK accounting offense and agreed to pay a £30 million fine.

Also in March 2010, the German-based car company Daimler AG entered into a two-year deferred prosecution agreement with the DOJ to resolve charges that it had violated the FCPA's books and records provisions. The DOJ alleged that the company had paid millions of dollars in bribes to officials of at least 22 foreign governments to persuade those governments to buy Daimler vehicles in deals worth hundreds of millions of dollars. Pursuant to the deferred prosecution agreement, Daimler agreed to pay a fine of US$93.6 million in connection with the DOJ investigation and another US$91.4 million in disgorgement of profits to settle a parallel SEC investigation.

In December 2008, German conglomerate Siemens AG and three of its subsidiaries plead guilty to FCPA violations and agreed to pay a combined US$450 million in criminal fines. Siemens admitted it had falsified its books and records and failed knowingly to implement internal controls, which allowed corrupt payments of approximately US$806 million to be made to foreign officials. Siemens' subsidiaries were awarded 42 contracts with a combined value of US$80 million as a result of the payments. Siemens also settled a related civil complaint with the SEC and, as part of the settlement, agreed to disgorge profits of US$350 million.

Two years earlier, in October 2006, the DOJ entered into a three-year deferred prosecution agreement with Statoil ASA, a Norwegian company, based on alleged payments to an Iranian official to secure valuable oil and gas rights in Iran. In the agreement, Statoil acknowledged that its conduct violated the anti-bribery and accounting provisions of the FCPA and agreed to pay a US$10.5 million penalty. In addition, Statoil entered an administrative agreement under which it disgorged another US$10.5 million to settle the SEC's corresponding enforcement action.

Actions Against Individuals

In addition to suits against foreign corporations, the US government routinely pursues foreign nationals who violate US laws. Indeed, the DOJ recently indicted 22 executives and employees of companies in the military and law enforcement products industry for engaging allegedly in schemes to bribe foreign government officials to obtain or retain business. Those indicted included at least two UK and one Israeli executive alleged to have violated the FCPA.

In 2006, three executives of UK-based National Westminster Bank (the "Nat West three") were extradited to the US to face charges that they plotted with former Enron executives to siphon off approximately US$20 million from an Enron debt vehicle, and persuaded the bank to sell its stake in Enron for far less than it was worth, pocketing the difference of US$7.35 million. In 2007, the three pled guilty to a single wire fraud charge each and agreed to pay US$7.35 million in restitution to the Royal Bank of Scotland, which now owns National Westminster.

In December 2008, a Texas court sentenced Misao Hioki, the former general manager of Bridgestone Corporation's International Engineered Products (EP) Division, to two years in jail and a fine of US$80,000 on FCPA charges. Mr Hioki had been based in Tokyo and the bribes reportedly were paid in Argentina, Brazil, Ecuador, Mexico and Venezuela. The charges stemmed from an antitrust investigation, initiated by the DOJ, the European Commission and Japan's Fair Trade Commission, of Bridgestone and five other companies suspected of involvement in an international cartel to sell marine hoses at inflated prices. In the course of that investigation, it emerged that Bridgestone had been paying bribes through local sales agents to win business from state-owned companies in Latin America. Mr Hioki supervised the executives who arranged the bribe payments and US jurisdiction was based on the fact that many of the company's internal meetings to discuss these payments occurred in the Houston offices of a Bridgestone subsidiary.

The FCPA and Relevant Other Statutes

Enacted in 1977, the FCPA makes it unlawful for certain persons and entities to make payments to foreign government officials to assist in obtaining or retaining business. Since 1977, the anti-bribery provisions of the FCPA have applied to all "domestic concerns" (that is, US companies or US citizens, nationals, or residents) and "issuers" (that is, any company-US or foreign-that either issues securities within the United States or is required to file reports with the SEC). This includes the 1,500 foreign issuers whose American Depository Receipts are traded on US exchanges. Following passage of the FCPA, Congress became concerned that American companies were operating at a disadvantage compared to foreign companies which, it believed, routinely paid bribes to foreign officials to procure or retain business. As a result, in 1988, Congress directed the Executive Branch to negotiate with the Organization of Economic Cooperation and Development (OECD) to obtain the agreement of the United States' major trading partners to enact legislation similar to the FCPA. Nearly 10 years later, the United States and 33 other countries signed the OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions. For its part, the United States enacted amendments to the FCPA which expanded the jurisdiction of the US government to prosecute non-US companies and foreign nationals who cause, directly or through agents, an act in furtherance of a corrupt payment to take place within the territory of the United States.

The maximum statutory penalties for a corporation's violation of the anti-bribery provisions are a US$2 million criminal fine and a US$10,000 civil penalty. Officers, directors, stockholders, employees, and agents are subject to a maximum fine of up to US$250,000 and a civil penalty of US$10,000. Individuals may also be sentenced up to five years in prison for each violation. Moreover, under disgorgement rules and the Alternative Fines Act, far greater fines may be imposed: up to twice the benefit that the defendant sought to obtain by making the corrupt payment. Debarment following conviction may present the most draconian penalty of all.

Although the FCPA has become the most widely known US law affecting non-US companies and individuals, the DOJ's extraterritorial jurisdiction is not limited to just the FCPA. Foreign corporations or persons may be held criminally liable for antitrust violations, under the Sherman Act, 15 U.S.C. Section 1, for actions involving wholly foreign conduct if the conduct was intended to produce and did produce a substantial effect on the United States. The lysine prosecution ushered in a new era in the investigation and prosecution of foreign nationals and non-US companies. The Antitrust Division of the DOJ pursues aggressively investigative methods aimed at those rare opportunities where foreign targets enter US jurisdiction.

Additionally, the DOJ has used domestic tax laws as an enforcement mechanism against foreign corporations. In 2009, UBS AG, a Swiss bank, entered into a deferred prosecution agreement in the United States for conspiring to violate US tax laws. Under that agreement, UBS turned over to US authorities the names of various account holders and paid penalties totaling US$780 million to the DOJ and the SEC. It has been reported that another non-US bank is likely facing a similar action.

Laws extending the jurisdiction of the United States over foreign companies include the Trading With the Enemy Act (TWEA), 50 U.S.C. App. Section 1, et seq., and the International Emergency Economic Power Act, 50 U.S.C. Sections1701-1706. The TWEA grants the President authority over "any person, or with respect to any property, subject to the jurisdiction of the United States," and courts have broadly construed this provision to give the US Office of Foreign Assets Control nearly complete discretion in applying the TWEA. The IEEPA authorizes the President to declare the existence of an "unusual and extraordinary threat . . . to the national security, foreign policy, or economy of the United States" that originates "in whole or substantial part outside the United States," and, after such a declaration, the President may block transactions and freeze assets to deal with the threat. This includes assets held by foreign subsidiaries of US companies.

In short, foreign companies and their nationals may find themselves subject to US jurisdiction under various US laws allowing for criminal prosecution, civil enforcement actions, or sanctions. And the US government does not hesitate to seek the extradition of those foreign nationals it asserts have violated US law. The cases involving the Nat West three and UK solicitor (and alleged FCPA conspirator) Jeffrey Tesler are two recent examples.

Jurisdiction Under the FCPA-Its Reach and Limits

The 1998 amendments to the FCPA expanded the Act's jurisdiction to include foreign corporations and individuals. The DOJ has interpreted broadly the extraterritorial reach of the FCPA's jurisdictional provisions to allow the prosecution of any person (including foreign corporations and foreign nationals) who commits any act in furtherance of a corrupt payment "while in the territory of the United States." Indeed, in its Criminal Resource Manual, the DOJ interpreted the "territory" language as: "Although [Section 78dd-3(a)] has not yet been interpreted by any court, the Department interprets it as conferring jurisdiction whenever a foreign company or national causes any act to be done within the territory of the United States by any person acting as that company's or national's agent." The fact that many FCPA cases are settled, rather than tested through litigation, means that the DOJ's interpretation is particularly significant.

Under that interpretation, the DOJ may bring a felony prosecution under the FCPA against a foreign national who has never set foot in the United States. Indeed, the US may assert jurisdiction based on the mailing of a letter to the US, the interbank approval of a check, a wire transfer of funds that clears through a US Bank, or travel by air, train, or automobile in furtherance of a FCPA violation. Importantly, the FCPA extends jurisdiction beyond the person who actually committed the act in furtherance of an improper payment to "foreign businesses" for "acts taken on their behalf." The DOJ's interpretation reveals that the US government is willing to pursue foreign persons and corporations for alleged FCPA violations without a significant territorial nexus to the United States.

The DOJ's and SEC's prosecutorial reach, however, is not without limits. Even where a defendant falls within the broad subject matter jurisdiction of the FCPA, the due process clause may bar US courts from exercising personal jurisdiction over a foreign defendant. In civil cases brought by the SEC, the due process clause of the United States Constitution allows a United States court to exercise personal jurisdiction only over persons who have sufficient "minimum contacts" with the jurisdiction, such that the exercise of that jurisdiction does not offend "traditional notions of fair play and substantial justice." In criminal prosecutions brought by the DOJ, the test for personal jurisdiction is usually stated in terms of whether the foreign defendant's extraterritorial conduct has sufficient nexus with the United States. However, the reality of challenging jurisdiction is problematic for non-US based companies. Investigations into misconduct, while supposedly confidential, may become known widely and have impact that often bears little relation to the merits of the investigation. The beneficial early resolution of a matter, particularly on terms that preclude debarment or other harsh collateral consequences, are all factors that companies must consider in determining whether to fight jurisdiction.

Practical Considerations

Employees of non-US companies often travel to the US to conduct business. This travel, during an active investigation, may have catastrophic consequences. In United States v Arnold, 523 F.3d 941 (9^th Cir. 2008), the Court upheld a warrantless search and seizure of a laptop computer's hard drive and other electronic storage devices under the broad border search doctrine. Such an approach was also used in the more recent BAE investigation. Particularly during an ongoing investigation, the prospect of US investigators pouring over the vast amounts of information contained in a company's electronic media is daunting. It is worth considering also that investigators will be able to recover deleted electronic files as part of their investigation.

Conclusion

As the long arm jurisdiction of the US expands and more non-US companies fall within the investigative reach of US authorities, it will impact increasingly on the financial condition and reputation of companies located abroad. Jurisdictional challenges to expansive international investigations may be limited due to practical considerations and this may further encourage US authorities to pursue such actions.

The Criminal Justice (Money Laundering and Terrorist Financing) Act, 2010 (the CJA), which gives effect to the Third Money Laundering Directive 2005/60/EC, was finally signed into Irish law on 6 May 2010. Although, on the statute books, the new legislation is not yet operative and will be commenced in piecemeal fashion under statutory orders that will be published in the coming weeks. The CJA must be read and applied in conjunction with regulatory guidance produced by the Irish Financial Regulator and other regulatory authorities. This regulatory guidance will be finalised over the next couple of months.

The Directive introduced a number of changes to the control procedures prescribed by the First and Second Money Laundering Directives (Directives 91/308 and 2001/97, respectively) and, in particular, to the client identification requirements. These are broadly reflected in the CJA.

Customer Due Diligence: Timing

The new procedures are set out in Section 33 of the Act and are known as customer due diligence (CDD) procedures. Section 33 states that these CDD procedures shall be applied:

(a) Prior to establishing a business relationship with the customer.

(b) Prior to carrying out a single or series of transactions that individually/collectively amount to €15,000 or more.

(c) Prior to carrying out the service where there are reasonable grounds to believe that there is a real risk of money laundering/financing of terrorism.

(d) Prior to carrying out a service where there are reasonable doubts about the accuracy and adequacy of historic customer identification.

There is some gold-plating here. This "prior to" requirement in Section 33 goes beyond Article 7 of the Directive, which states that the CDD measures shall be applied when establishing a business relationship, conducting single transactions and so on [author's emphasis].

There is some recognition of Article 7 in Section 33(5), which states that verification may be established during the establishment of the business relationship where doing so prior to establishment would interrupt the normal conduct of business, and there is no real risk of money laundering or terrorist financing, and provided that the checks are verified as soon as practicable.

There are also specific exemptions from this "prior to" requirement for banks and insurance companies, provided no transactions are executed or payments made until identity checks are complete. It is likely that, in practice, regulated businesses will operate in the zone of an exception to the rules rather than within them, which is not ideal.

Stringent requirements are introduced to identify any beneficial owner connected with the customer or service. In the case of corporates, the beneficial owner is any individual who owns or controls, directly or indirectly, more than 25% of the shares or voting rights or otherwise exercises control over the management of the company.

The risk-based approach endorsed by the Directive is reflected in the new provisions relating to simplified and enhanced due diligence.

Simplified Due Diligence

Simplified due diligence which, in effect, provides an exemption from the identification procedures, is available for certain regulated businesses including

• Credit and financial institutions in the EU or a prescribed country
• Listed companies
• Certain public bodies.

There are similar exemptions for "specified products". They include insurance products and electronic money within "small" specified financial thresholds.

Enhanced Due Diligence

High-risk business attracts more onerous identification checks. One category of such business relates to politically exposed persons (PEPs).

There is a requirement to take steps to determine whether a customer, or a beneficial owner connected with that customer, is a PEP, or an immediate family member or close associate of a PEP.

A PEP is an individual resident outside the State, who, within the last 12 months has been entrusted with a prominent public function. The list includes heads of state, members of parliament, and a judge of the superior courts.

Where a customer or beneficial owner outside the State is a PEP, family member, or close associate of a PEP, then the requirement is to take the following steps:

• Determine the source of funds or wealth.
• Obtain senior management approval for ongoing business relationships.

"Close associate" of a PEP is broadly defined to include the following:

• An individual who has joint beneficial ownership of a legal entity/arrangement or any other close business relations with a PEP.
• Anyone who has sole beneficial ownership of a legal entity or a legal arrangement set up for the actual benefit of the PEP.

"Immediate family member" of a PEP is similarly defined widely to include the following:

• Spouse
• Partner
• Any cohabitant
• Children/their cohabitants
• Spouse of a child (or equivalent)
• A parent

Reporting

The new legislation extends the reporting obligation so that regulated businesses which know, suspect, or have reasonable grounds to suspect on the basis of information obtained in the course of carrying on business that another person has been engaged in an offence of money laundering or terrorist financing, shall report to the Gardai and Revenue Commissioners.

There is no requirement for a nexus between the ML/CFT offences and the business of the designated person other than that the suspicion is acquired "in the course of carrying on business".

Services or transactions connected with places designated by the Minister must also be reported.

A suspicious transaction report (STR) must be made as "soon as practicable" after forming that knowledge, suspicion or reasonable grounds. Where an STR is required, the relevant transaction or service shall not proceed until after the STR is made, unless this is not practicable or failure to proceed may alert the other party to the STR/investigation.

Compliance functions may welcome a new provision which states that failure by a customer to produce identification documents may provide a basis for "reasonable grounds" to suspect.

Information that is subject to legal privilege need not be disclosed and "relevant professional advisers", which includes accountants, auditors and tax advisors regulated by specified regulatory bodies, need not disclose "information that he or she has received from or obtained in relation to a client in the course of ascertaining the legal position of the client". This does not apply to information received from or obtained in relation to a client with the intention of furthering a criminal purpose

Tipping-Off

There is a prohibition on a designated person making any disclosure that is likely to prejudice an investigation into a ML/CFT offence that may be conducted either following the making of an STR or not. Some disclosures are allowed expressly by the legislation, including intra-institution disclosures; namely, disclosures between the same undertakings or groups. Certain inter-institution disclosures between unconnected institutions are also permitted.

Enforcement

The Financial Regulator and state competent authorities established under the CJA have a range of investigative, supervisory and enforcement powers at their disposal.

They include the power to issue directions for information, appoint authorised officers to enter and search premises and seize material. It is an offence to obstruct these officers.

It is also of interest that AML breaches will now fall within the administrative sanctions regime applied by the Financial Regulator. These sanctions range from cautions, reprimands, fines not exceeding €5m (in the case of corporates) and €500,000 in the case of individuals.

---