Due in large part to their esoteric nature,1 the internal control provisions of the FCPA are seldom the basis for criminal charges by the U.S. Department of Justice.2 On occasion, as part of a major settlement with the Justice Department, corporate entities have pled guilty to a violation. A good example is the recent resolution with Justice Department by Telefonaktiebolaget LM Ericsson,3 the Swedish telecommunications multinational commonly referred to as “Ericsson.”
In a civil enforcement context with the U.S. Securities and Exchange Commission (“SEC”), the internal control provisions are frequently used. In almost any after-the-fact analysis relating to financial irregularities, the SEC will be able to point to a breakdown of some sort associated with the internal accounting controls of an issuer. Whether the issuer had knowledge of a defect in the system of controls, improperly recorded transactions, or other financial activity is irrelevant in the civil enforcement context with respect to the accounting and record-keeping provisions. No proof of intent is required.4 All that is required is proof of a violation based on the preponderance of the evidence.
The one aspect of the internal control provisions more likely to lead to criminal charges relates to situations where someone subject to the FCPA, like an employee or agent of an issuer or one of its subsidiaries, takes steps to circumvent its internal controls.5 This was the situation in a recent indictment of a Chinese subsidiary of a company listed on the New York Stock Exchange.6 Among the allegations were the involvement of both individuals charged with the preparation of false expense claims to conceal that funds were used to pay bribes.7 Another allegation serving as a basis for the internal controls violation related to the most senior of the two individuals routinely completing false records and certifications disclaiming any knowledge of fraud or circumvention of internal accounting controls.8 Of added import in terms of compliance considerations is the allegation that a private email account was used to avoid detection by company auditors.9
Although the indictment provides only a glimpse of what occurred, the allegations suggest that the parent company and its subsidiary may have had a relatively effective compliance program. A detailed policy was in place to control expenditure for gifts and entertainment.10 Moreover, certifications were regularly requested.11 And there is the suggestion that company lawyers were actively trying to ascertain what was occurring.12 Although no action of the SEC has yet to be reported,13 the indictment would appear to suggest that the Justice Department was more focused on the conduct of the individuals as opposed to the issuer.14
1See SEC v. World-Wide Coin Inv. Ltd., 567 F. Supp. 724, 751 (N.D. Ga. 1983) (“The main problem with the internal controls provision of the FCPA is that there are no specific standards by which to evaluate the sufficiency of controls; any evaluation is inevitably a highly subjective process in which knowledgeable individuals can arrive at totally different conclusions”).
4SEC v. McNulty, 137 F.3d 732, 741 (2d Cir. 1998); SEC v. Softpoint, Inc., 958 F. Supp. 846, 866–67 (S.D.N.Y. 1997), aff’d on other grounds, 159 F.3d 1348 (2d Cir. 1998); SEC v. Sys. Software Assocs., Inc., 145 F. Supp. 2d 954, 958 (N.D. Ill. 2001); SEC v. World-Wide Coin Inv. Ltd., 567 F. Supp. at 749–51. See also Ponce v. SEC, 345 F.3d 722, 736 n.10 (9th Cir. 2003). However, proof of intent may be required to establish civil liability for aiding and abetting a violation of the accounting and record-keeping provisions. See id. at 737; SEC v. Autocorp Equities, Inc., 292 F. Supp. 2d 1310 (D. Utah 2003) (knowledge or reckless disregard of the fact that the defendant was aiding or abetting a violation of securities law must be established).