Corporate subsidiaries only act on someone else’s say so. The drafters of the FCPA knew that, and that’s why the FCPA prohibits offering to pay, paying, promising to pay, or authorizing the payment of money or anything of value to a foreign official for an improper purpose.
What does “authorizing” mean? The FCPA doesn’t define it. But in plain English, it means giving approval, either explicitly or implicitly.
Even back in 1977, U.S. lawmakers debating foreign bribery talked about “the extensive use of [foreign subsidiaries] as a conduit for questionable or improper foreign payments authorized by their domestic parent.”
In the wider corporate context, “authorizing” can mean funding overseas operations, approving budgets, and otherwise enabling foreign subsidiaries to do business, while knowing the foreign subsidiary is paying or arranging bribes or might do so.
Closer up, “authorizing” might mean a finance manager approving an abnormally large advance to an agent, or a VP of sales not objecting to deep discounts for a distributor.
Explicit approvals are easier to spot, but inaction might also be “authorizing.” Implicit approvals prompt this guidance in the ABA’s Foreign Corrupt Practices Act Handbook:
In suspicious circumstances, U.S. directors and managers should disavow any possible improper payments and take affirmative steps to avoid even the appearance of acquiescence or approval.
Most corporate FCPA enforcement actions and individual prosecutions involve some form of “authorizing.” Sometimes payments are directly authorized; often, authorizing is a step removed from payment and instead involves retaining or partnering with third parties known to be corrupt or likely to act corruptly.
A small sample of FCPA corporate enforcement actions in which “authorizing” is prominent includes WPP (2021), Cardinal Health (2020), Beam Suntory (2020), Cognizant (2019), Keppel Offshore & Marine (2017), LAN Airlines (2016), Smith & Wesson (2014), Innospec (2010), Snamprogetti, ENI (2010), Parker Drilling Company (2013), AGA Medical (2008), and so on.
If “authorizing” is done corruptly — that is, with some knowledge it might result in a bribe payment — the authorizing person can violate the FCPA without knowing the identity of the recipient; nor does the bribe have to succeed or even happen.
“Thus, an executive who authorizes others to pay ‘whoever you need to’ in a foreign government to obtain a contract has violated the FCPA—even if no bribe is ultimately offered or paid.” (From the FCPA Resource Guide, citing SEC v. Innospec, Inc.)
After Keppel Offshore & Marine paid $422 million to resolve FCPA offenses, it acted against 17 former or current employees. Most of them presumably had some role in authorizing $55 million in bribes to officials in Brazil or the hiring of corrupt intermediaries.
For example, Keppel’s former in-house lawyer, Jeffrey Chow, prepared contracts used to fund bribe payments. When he pleaded guilty to FCPA offenses, he told the U.S. federal court, “I realized that Keppel was overpaying the agent, sometimes by millions of dollars, so that the agent could pay bribes to individuals who could help Keppel Offshore Marine doing business with Petrobras.”
He said he should have refused to draft the contracts and resigned from Keppel.
“Instead, I discussed the economic terms of the contracts with my seniors at Keppel and acting in agreement with my seniors, and others at Keppel, I drafted the contracts and made sure that they were executed,” he said (with my emphasis).
“Authorizing” was also at the center of the groundbreaking $800 million enforcement action against Siemens AG in 2008 and led to both FCPA anti-bribery and internal controls offenses. The DOJ and SEC found that approvals had been “placed on sticky notes and later removed to avoid any permanent record,” thus obscuring the company’s decision-making and audit trail.
Do company executives and managers fully understand how “authorizing” can be the basis of FCPA offenses and prosecutions? I’ve met some who, quite frankly, didn’t seem to grasp how vulnerable their corporate approval authority makes them.
That’s why FCPA training is so important. And why training — especially at HQ and in regional offices — should take into account how much ‘authorizing’ each trainee can or might do.