Know-your-customer is usually associated with anti-money laundering programs. Customers (or clients) with close ties to corrupt leaders, for example, are flagged as an AML risk. But KYC also applies to FCPA risk analysis, but in a very different way. Here’s how.
The FCPA anti-bribery provisions prohibit giving or promising to give anything of value to a “foreign official” to obtain or retain business or gain an unfair advantage.
The FCPA says, “The term ‘foreign official’ means any officer or employee of a foreign government or any department, agency, or instrumentality thereof, or of a public international organization, or any person acting in an official capacity for or on behalf of any such government or department, agency, or instrumentality, or for or on behalf of any such public international organization.” (my italics)
That means you can only know who’s a foreign official by knowing what constitutes a department, agency, or instrumentality of a foreign government.
Of the three, the trickiest to recognize is an instrumentality. Governments typically designate their sub-entities as departments or agencies, or sometimes bureaus or boards. But they never call something they’ve created an instrumentality. The FCPA uses the word as an undefined catch-all.
How can anyone assessing FCPA risk identify what’s a government instrumentality?
That requires “a fact-specific analysis of the entity’s ownership, control, status, and function,” the DOJ-SEC FCPA Resource Guide says.
How do you do that fact-specific analysis (or KYC) exercise?
The second edition of the FCPA Resource Guide published in July 2020 (eight years after the first edition) added new guidance that’s helpful. The guidance cites a string of relatively recent FCPA prosecutions against individuals that say look to factors of control.
The Eleventh Circuit first set out non-exclusive factors of control in U.S. v. Esquenazi (later adopted by other courts and reflected in FCPA jury instructions in U.S. v. Lambert and U.S. v. Hoskins):
• the foreign government’s formal designation of that entity
• whether the government has a majority interest in the entity (but see U.S. v. Alcatel-Lucent France, S.A., involving alleged bribery of employees of a Malaysian telecom 43 percent owned by Malaysia’s Ministry of Finance)
• the government’s ability to hire and fire the entity’s principals
• the extent to which the entity’s profits, if any, go directly into the governmental fiscal accounts, and, by the same token, the extent to which the government funds the entity if it fails to break even, and
• the length of time these indicia have existed.
Further, determine whether the entity performs a function that the government treats as its own, using these “non-exhaustive” factors:
• whether the entity has a monopoly over the function it exists to carry out
• whether the government subsidizes the costs associated with the entity providing services
• whether the entity provides services to the public at large in the foreign country, and
• whether the public and the government of that foreign country generally perceive the entity to be performing a governmental function.
The FCPA Resource Guide says companies “should consider these factors when evaluating the risk of FCPA violations and designing compliance programs.”
That’s how KYC applies to FCPA risk assessment.