Skip to content


Harry Cassin
Publisher and Editor

Andy Spalding
Senior Editor

Jessica Tillipman
Senior Editor

Bill Steinman
Senior Editor

Richard L. Cassin
Editor at Large

Elizabeth K. Spahn
Editor Emeritus

Cody Worthington
Contributing Editor

Julie DiMauro
Contributing Editor

Thomas Fox
Contributing Editor

Marc Alain Bohn
Contributing Editor

Bill Waite
Contributing Editor

Russell A. Stamets
Contributing Editor

Richard Bistrong
Contributing Editor

Eric Carlson
Contributing Editor

Why companies are ‘undervaluing’ their FCPA exposure

I recently conducted a virtual training session, during which I displayed a slide showing the top ten FCPA fines and penalties in history. A curious attendee asked whether my figures represent the DOJ and SEC’s gross penalties or the amounts that companies were actually obliged to pay to the U.S. Treasury. What followed was a spirited discussion among the attendees as to the appropriate numbers to consider. This is, of course, not the first time this debate has occurred – in the era of the so-called “piling on policy,” it is a critical question.  

There is a dichotomy among practitioners, academics, and reporters about which numbers should capture our attention. In many cases, the net and gross are identical because there are no fines and penalties imposed by other enforcement agencies for which the company can seek or receive credit. Take, for example, the SEC’s recent FCPA settlement with World Acceptance Corporation (WAC). In August, the SEC imposed about $21.7 million in fines and penalties against the consumer credit company for alleged misconduct by a subsidiary in Mexico. The DOJ declined to prosecute WAC and imposed no criminal sanctions.

Moreover, WAC did not contemporaneously enter into settlements with enforcement agencies outside the United States. Because there were no fines and penalties imposed by other enforcement agencies at home or abroad, there was nothing to deduct from the SEC’s price tag. WAC simply had fourteen days to hand over the full $21.7 million to Uncle Sam.

However, in other cases, the net and gross can be wildly divergent. Perhaps the best example of this is Airbus’ headline-grabbing settlement with the DOJ in January of this year. The DOJ imposed a whopping $2.09 billion criminal penalty against Airbus for alleged bribery and corruption in the People’s Republic of China. Though it has since been eclipsed, this was the largest individual gross FCPA fine ever imposed at the time. But, if we parse the numbers to find the actual amount that Airbus had to pay to the U.S. Treasury – in other words, the net fine – we see a very different story.

Because the DOJ is disinclined these days to have fines in concurrent enforcement actions pile up, Airbus received credit for amounts payable to enforcement agencies outside the United States, particularly in France. This reduced the actual amount payable to U.S. Treasury to $294.5 million. Now, this is no small amount, to be sure, but looking only at the net fine, Airbus doesn’t even break the top ten FCPA cases. In fact, it’s more than $100 million short of the lowest net fine in that particular rogues’ gallery.  

This begs a key question – when considering FCPA risks and allocating compliance resources, should companies focus on gross fines and penalties or, rather, on the net, which is often significantly less? While both values are relevant, I recommend primarily focusing on gross. Corporate decision-makers have a fiduciary duty to look past dramatic headlines and make hard decisions about a company’s risk tolerance, compliance staffing, and budgets. They must be dispassionate when considering the actual cost of non-compliance. 

This might lead to a preference for looking to net fines and penalties payable by a company in a particular FCPA enforcement action.  

There is, however, danger in this approach. It ignores the fact that net fines are subjective and solely the result of the specific facts and circumstances of the violations at issue. Not only is there no guarantee that any reduction from gross will be available, but there is also no guarantee that one company will qualify for the same credit that was available to prior violators.  

Let’s take the 2018 enforcement action against the Brazilian petrochemicals company, Petrobras. The DOJ and SEC together imposed gross fines and penalties of $1.78 billion, but the agencies gave Petrobras credit for the amounts payable to one another and also to Brazilian law enforcement authorities for violations of Brazilian law that arose out of the same facts. Petrobras’ net figure payable to the United States turned out to be $170.6 million. But, I caution that a U.S. company should not look only at the net figure when gleaning lessons from the Petrobras enforcement action, assessing its risk tolerance, or deciding on its compliance budget.  

Instead, it is also critical to grapple with the impact of the gross figure. First, the DOJ’s piling on policy is not binding. A defendant is not entitled to evoke it or rely on it. Indeed, there have been several FCPA enforcement actions since the piling on policy was first announced in 2018 in which the DOJ didn’t apply it. Second, no company should assume that if it were to run afoul of the FCPA, the penalties it must pay to the United States will be offset by those imposed by a foreign jurisdiction. Going back to the Petrobras example above, Brazil’s punishment of local and multinational companies that bribe its officials is a remarkable exercise in political will at this particular moment in Brazil’s history. But how many other high-risk jurisdictions are having such a moment? The sad truth is very, very few.  

Third, the fact that DOJ decides to give a company credit for penalties it has paid to other enforcement agencies doesn’t actually reduce the value of the penalty applicable to the company. The U.S. Federal Sentencing Commission’s Guidelines guide prosecutors’ decisions on the value of penalties. Those decisions are based on clear mathematical calculations. 

Anything that happens after the penalty is calculated – in other words, anything that leads to a deduction from the amount payable – does not reduce the actual penalty itself, but an expression of DOJ’s willingness to accept less than payment in full. And, companies should not rely on the consistent application of prosecutorial discretion from case to case.

In short, when evaluating the cost of violating the FCPA and when determining the resources necessary to detect and prevent violations, companies should not assume that the net fine in a particular enforcement action will apply to them, even in similar circumstances. While I believe there is benefit in looking at both numbers, I lean towards focusing mainly on gross fines and penalties. A company that only considers the net costs of others’ FCPA violations runs the risk of undervaluing its own potential exposure.

An anecdote drives this point home. I have a friend who can talk his way out of speeding tickets – he likes to drive fast and gets pulled over with great regularity, but he usually emerges from encounters with the highway patrol without citation. Perhaps it’s his gift of gab or an ability to convincingly express contrition, though it really doesn’t matter. The point is that when I weigh the potential costs of putting the pedal to the metal, I should not assume I’ll be so lucky. 

Share this post


Comments are closed for this article!