DOJ and SEC Publish New FCPA Resource Guide

Alerts / August 13, 2020

On the eve of the July 4th holiday, the Criminal Division of the Department of Justice (the “DOJ”) and the Enforcement Division of the Securities and Exchange Commission (the “SEC”) quietly published the second edition of the Resource Guide to the U.S. Foreign Corrupt Practices Act (the “Second Edition”),[1] an update of the first edition published in 2012 (the “First Edition”).[2] Since its initial publication in November 2012, the Resource Guide has been an invaluable tool for companies and practitioners to understand the DOJ’s and the SEC’s interpretations of the Foreign Corrupt Practices Act (FCPA) and its requirements, their expectations concerning what constitutes best compliance and remediation practices, and the factors these agencies will consider in exercising their prosecutorial discretion. The Resource Guide also describes in detail certain important aspects of each agency’s FCPA enforcement program. For example, the Second Edition includes discussions of the following three policies implemented after the release of the First Edition: the DOJ’s FCPA Corporate Enforcement Policy, Evaluation of Corporate Compliance Programs, and Monitor Selection Criteria.

The Second Edition was a welcome update given that during the eight years since the First Edition’s publication there have been significant judicial opinions interpreting elements of the FCPA and significant new DOJ policy pronouncements. For those who have kept up-to-date on developing caselaw, the government’s positions taken during litigation, and the new DOJ and SEC initiatives, the Second Edition does not reveal any new bombshell pronouncements. However, the Second Edition does helpfully cite to many more recent examples of cases brought by the regulators and the regulators’ view of the implications of recent caselaw. Moreover, there are some interesting takeaways from the revisions contained in the Second Edition—particularly regarding the government’s approach to describing the import of the Second Circuit’s decision in United States v. Hoskins[3] and the liability of foreign nationals for violations of the FCPA’s anti-bribery and books and records provisions. Other interesting areas updated, which we highlight below, are the Second Edition’s discussion relating to DOJ policies in the context of mergers and acquisitions; the updating of the section dealing with the definition of an “instrumentality” of a foreign government to incorporate the standards set forth in United States v. Esquenazi;[4] the updating of the discussion of the local law affirmative to reflect the district court decision in United States v. Ng Lap Seng;[5] and liability under the FCPA’s accounting provisions.

The primary takeaway from the Second Edition, however, is the regulators’ continued and consistent message emphasized in the First Edition, and in policies issued since the First Edition, of the importance of corporations choosing to voluntarily self-disclose and remediate significant FCPA misconduct. The Second Edition highlights, through its discussion of the DOJ Corporate Enforcement Policy and recent guidance on compliance programs and monitorships, the regulators’ “carrot and stick” strategy of offering significant potential rewards to corporations that self-disclose and remediate FCPA misconduct while emphasizing the more negative treatment non-disclosing corporations will receive.

I. Highlights of Significant Updates in the Second Edition

A. The Second Edition’s Treatment of the Hoskins Decision Limiting FCPA Liability for Certain Foreign Nationals

The Second Circuit’s decision in United States v. Hoskins[6] was widely viewed as a significant defeat for the DOJ, and directly contradicted the First Edition’s guidance that foreign nationals and companies “may . . . be liable for conspiring to violate the FCPA . . . even if they are not, or could not be, independently charged with a substantive FCPA violation.”[7] The Second Circuit in Hoskins ruled that foreign nationals, who cannot be charged as principals under the FCPA, cannot be held liable for violating the statute under the conspiracy or aiding and abetting statutes.[8] The Second Circuit, however, clarified that foreign nationals could still be charged under the FCPA if they acted as agents of someone who could be charged as a principal violator of the statute, such as a domestic concern.[9]

The Second Edition’s treatment of Hoskins is noteworthy. Rather than describe Hoskins as universally applicable, it states, “at least in the Second Circuit, an individual can be criminally prosecuted for conspiracy to violate the FCPA anti-bribery provisions or aiding and abetting an FCPA anti-bribery violation only if that individual’s conduct and role fall into one of the specifically enumerated categories expressly listed in the FCPA’s anti-bribery provisions.”[10] Thereafter, the Second Edition cites a contrary ruling from an Illinois district court in United States v. Firtash.[11] Additionally, with respect to violations of the accounting provisions, the Second Edition boldly states that the accounting provisions are not subject to the limitations of Hoskins because these provisions apply to “any person.”[12] Thus, the Second Edition appears to strongly signal that the DOJ may consider charging foreign nationals outside of the Second Circuit with conspiracy and aiding and abetting violations in a manner specifically rejected by Hoskins.

Notably, the district court in Hoskins granted the defendant’s post-verdict motion for acquittal, finding that there was insufficient evidence for a jury to find that he was an agent of a domestic concern. Specifically, the district court ruled that, for the defendant to be an agent used in an FCPA offense, the principal must be able to control the agent’s actions. The court held that there was “no evidence introduced at trial which, even when drawing inferences favorable to the Government, could entitle a rational finder of fact to conclude beyond a reasonable doubt that there was an understanding between Mr. Hoskins and [the domestic concern at issue] that [it] would be in control of Mr. Hoskins’s actions” or that it “did control Mr. Hoskins’s actions in a manner consistent with agency relationships.”[13] Given that the DOJ is appealing the district court’s ruling, it is not surprising that the Second Edition does not cite to, or incorporate with attribution the reasoning and holdings of, the district court’s post-judgment acquittal opinion on the FCPA charges.

B. Mergers and Acquisitions

The Second Edition adds a new discussion about the importance of due diligence after a merger or acquisition. The Second Edition recognizes that, at times, robust due diligence prior to a merger or acquisition is impossible. In these instances, the DOJ and SEC will evaluate an acquiring company’s post-acquisition due diligence and implementation of compliance procedures at the merged or acquired entity. This method of evaluation is particularly beneficial, the Second Edition provides, where the acquiring entity has a robust compliance program already in place.[14]

The Second Edition also references mergers and acquisitions in its discussion of the FCPA Corporate Enforcement Policy. If a company uncovers misconduct in a merged or acquired entity, there will still be a presumption of a declination if the company self-discloses the misconduct, remediates, and meets the Corporate Enforcement Policy’s other requirements.[15]

C. The Definition of ‘Instrumentality’ of a Foreign Government

The Second Edition incorporates the Eleventh Circuit’s definition of “instrumentality” in United States v. Esquenazi.[16] Under the FCPA, a foreign official is defined as “any officer or employee of a foreign government or any department, agency, or instrumentality thereof[.]”[17] In Esquenazi, the court addressed the definition of “instrumentality” in the context of a Florida company’s bribes of a state-owned and -controlled telecommunications company in Haiti.[18] The court concluded that an “instrumentality” under the FCPA is “an entity controlled by the government of a foreign country that performs a function the controlling government treats as its own.”[19] Recognizing that this test is fact-intensive, the court provided two non-exhaustive lists of factors to determine whether a foreign government “controls” an entity and whether the entity performs a function the foreign government “treats as its own.”

Regarding whether a foreign government “controls” an entity, the Esquenazi factors are: (i) the foreign government’s formal designation of that entity; (ii) whether the government has a majority interest in the entity; (iii) the government’s ability to hire and fire the entity’s principals; (iv) the extent to which the entity’s profits, if any, go directly into the governmental fisc, and, by the same token, the extent to which the government funds the entity if it fails to break even; and (v) the length of time these indicia have existed.[20]

Regarding whether the entity performs a function the foreign government “treats as its own,” the Esquenazi factors are whether: (i) the entity has a monopoly over the function it exists to carry out; (ii) the government subsidizes the costs associated with the entity providing services; (iii) the entity provides services to the public at large in the foreign country; and (iv) the public and the government of that foreign country generally perceive the entity to be performing a governmental function.[21]

The Second Edition recommends that all companies consider these factors when evaluating the risk of FCPA violations and designing their compliance programs.[22]

D. Local Law Affirmative Defense

The FCPA provides an affirmative defense if “the payment, gift, offer, or promise of anything of value that was made, was lawful under the written laws and regulations of the foreign official’s . . . country[.]”[23] Like the First Edition, the Second Edition points out that the local law defense “arises infrequently” in practice and is available only to those defendants who can establish that the conduct at issue was lawful under written foreign law, not simply that the conduct may not be prosecuted under foreign law.[24]

The Second Edition adds an analysis of the district court’s decision in United States v. Ng Lap Seng, in which the court denied a defendant’s request to instruct the jury on the local law defense.[25] In Ng Lap Seng, the defendant was convicted of FCPA violations for bribing United Nations officials.[26] At trial, the defendant requested a jury instruction on the affirmative defense because the payments at issue were not unlawful under relevant foreign law.[27] The court, however, denied the defendant’s request and held that such a jury instruction was “inconsistent with the plain meaning of the language of the written laws and regulations affirmative defense contained in the FCPA.”[28] The court further held that such an instruction “would lead to impractical results” because the majority of sources that had addressed the issue did not support the defendant’s request.[29]

E. Liability Under Accounting Provisions

The Second Edition clearly states the government’s position on two important legal issues with respect to the accounting provisions of the FCPA.

First, the Second Edition corrects the First Edition’s explanation of the applicable statute of limitations for the FCPA’s accounting provisions. In the First Edition, the government took the position that all FCPA criminal violations are subject to a five-year statute of limitations under 18 U.S.C. § 3282[30] because the FCPA does not provide otherwise.[31] The Second Edition, however, explains that violations of the accounting provisions are subject to a six-year limitation period because these violations are defined as “securities fraud offense[s]” under 18 U.S.C. § 3301, which contains a six-year limitation period.[32]

Second, the Second Edition also clarifies that the mens rea for criminal liability for violating the accounting provisions of the FCPA is “knowingly and willfully.”[33]

II. The Second Edition’s Continued Emphasis on Incentivizing Voluntary Self-Disclosure and Remediation

Through its discussion of certain DOJ policies issued since the publication of the First Edition in 2012, most particularly the DOJ’s FCPA Corporate Enforcement Policy, the Second Edition stresses the significant benefits that may be available to corporations that voluntarily self-disclose FCPA misconduct and the negative consequences for corporations that choose not to voluntarily self-disclose FCPA misconduct. The Second Edition also expresses in much greater detail the DOJ’s expectations for what constitutes an effective compliance program and the factors it will consider in deciding whether to impose a monitorship.

A. Corporate Enforcement Policy

A notable incorporation to the Second Edition is the DOJ’s FCPA Corporate Enforcement Policy (the “CEP”). The CEP, which was first announced as a pilot program in April 2016[34] and implemented in November 2017,[35] is designed to encourage companies to self-disclose misconduct in exchange for leniency. The DOJ last updated the CEP in November 2019 to clarify a company’s obligation to disclose all relevant facts known at the time of disclosure in order to be eligible for CEP benefits.[36]

Under the CEP, there will be a presumption that the DOJ will decline prosecution if, absent aggravating circumstances, a company voluntarily self-discloses misconduct, fully cooperates, and timely and appropriately remediates.[37] To qualify for this “presumption,” the CEP requires a company to pay all disgorgement, forfeiture, and/or restitution amounts associated with the misconduct.[38] Aggravating circumstances that could result in criminal penalties instead of a declination of prosecution include executive management involvement in the misconduct, a company’s significant profit from the misconduct, pervasiveness of the misconduct in the company, and criminal recidivism.[39] Obviously, many of the more serious FCPA misconduct cases may fall within the aggravating circumstances exception to the presumption of declination. However, a voluntarily disclosing company that otherwise meets the requirements of the CEP will still be eligible for significant benefits from disclosure, including: that the DOJ will recommend a fine in the amount of a 50% reduction off of the low end of the U.S. Sentencing Guidelines fine range (except in the case of a criminal recidivist) and generally will not require appointment of a monitor if the company has, at the time of resolution, implemented an effective compliance program.

The Second Edition also highlights the portion of the CEP that describes the negative consequences a corporation will face if it does not voluntarily self-disclose FCPA misconduct but meets the other requirements of the CEP. Such a company that “does not voluntarily self-disclose the misconduct, but nevertheless fully cooperates, and timely and appropriately remediates,”[40] is only eligible to receive a recommendation from the DOJ to the sentencing court of “up to a 25% reduction off of the low end of the Guidelines fine range.”[41] Moreover, the same company risks the imposition of a compliance monitor.

B. Corporate Compliance Programs

After the publication of the First Edition, the DOJ issued detailed guidance in 2017, which it updated in 2019 and again in 2020,[42] on how it will evaluate corporate compliance programs in an attempt to guide corporations in designing and implementing effective compliance programs as well as signaling its expectations for corporate anti-corruption compliance programs. The Second Edition incorporates by reference the DOJ’s most recent guidance on compliance programs.[43]

The Second Edition also places particular emphasis on the DOJ’s expectations of companies to remediate misconduct. First, the Second Edition details how prosecutors and regulators consider a company’s compliance program effectiveness at the time of the misconduct and at the time of the resolution.[44] That is, companies should seek to remediate misconduct even up to the time of resolution, if necessary. Second, the Second Edition adds that a compliance program should integrate “lessons learned” from prior misconduct.[45] Underscoring this point, the Second Edition provides that the “truest measure of an effective compliance program is how it responds to conduct.”[46]

C. Compliance Monitorships

The Second Edition also incorporates the October 2018 updates to the DOJ’s policies on corporate monitorships.[47] A corporate monitor is an independent individual or team that ensures a company’s ongoing legal compliance after the DOJ defers prosecution. In certain situations, the DOJ determines that a monitorship is necessary depending on the misconduct charged and the company’s need for sustained oversight.

Here, the Second Edition again emphasizes the importance of remediation. The Second Edition provides that the DOJ will consider whether the company made “significant investments” in its compliance program to “prevent or detect similar conduct in the future.”[48] To this end, the Second Edition made two additions to the factors listed in the First Edition that the DOJ and the SEC use when determining whether to impose a compliance monitor: the quality of the company’s compliance program at the time of the resolution, and whether the company fully implemented and tested its updated compliance program[49] (that is, whether the company fixed the problems exposed during the investigation and has tested the remedial improvements made to its compliance program).

III. Conclusion

The Second Edition is an invaluable tool for companies to understand the DOJ’s and the SEC’s interpretations of the FCPA and its requirements, their expectations concerning what constitutes best compliance and remediation practices, and the factors these agencies will consider in exercising their prosecutorial discretion in evaluating potential FCPA violations. The Second Edition provides companies and practitioners alike with an updated and detailed explanation of the “carrots and sticks” the regulators use in incentivizing voluntary self-disclosures and remediation. With the Second Edition’s publication, the authorities have made crystal clear that anti-corruption enforcement remains a high priority and that they will continue to aggressively pursue FCPA violations. Thus, companies are well-advised to continue to regularly assess their anti-corruption compliance risk, develop and test compliance policies designed to prevent violations, and promptly investigate and remediate potential violations.

Authorship Credit: Jonathan R. Barr, John J. Carney, Lauren J. Resnick, George A. Stamboulidis and  Andrew M. Serrao

[1] A Resource Guide to the U.S. Foreign Corrupt Practices Act, Second Edition (July 2020) (“Second Edition”), available at
[2] A Resource Guide to the U.S. Foreign Corrupt Practices Act (Nov. 14, 2012) (“First Edition”), available at
[3] 902 F.3d 69 (2d Cir. 2018).
[4] 752 F.3d 912 (11th Cir. 2014).
[5] No. 15-cr-706 (VSB) (S.D.N.Y. July 26, 2017), ECF No. 609.
[6] 902 F.3d 69 (2d Cir. 2018).
[7] First Edition at 34.
[8] Hoskins, 902 F.3d at 83–97.
[9] Id. at 97 (“[T]he FCPA clearly dictates that foreign nationals may only violate the statute outside the United States if they are agents, employees, officers, directors, or shareholders of an American issuer or domestic concern.”).
[10] Second Edition at 36.
[11] 392 F. Supp. 3d 872, 889 (N.D. Ill. 2019).
[12] Second Edition at 46.
[13] United States v. Hoskins, No. 3:12-cr-238 (JBA), 2020 WL 914302, at *9 (D. Conn. Feb. 26, 2020).
[14] Second Edition at 29.
[15] Second Edition at 52.
[16] 752 F.3d 912 (11th Cir. 2014).
[17] 15 U.S.C. §§ 78dd-1(f)(1)(A); 78dd-2(h)(2)(A); 78dd-3(f)(2)(A).
[18] Esquenazi, 752 F.3d at 917–18.
[19] Id. at 925.
[20] Id.
[21] Id. at 926.
[22] Second Edition at 20.
[23] 15 U.S.C. §§ 78dd-1(c)(1), 78dd-2(c)(1), 78dd-3(c)(1).
[24] First Edition at 23; Second Edition at 24.
[25] Trial Transcript at 715–18, United States v. Ng Lap Seng, No. 15-cr-706 (VSB) (S.D.N.Y. 2017).
[26] Second Edition at 24.
[27] Id.
[28] Id.
[29] Id.
[30] 18 U.S.C. § 3282(a) (“Except as otherwise expressly provided by law, no person shall be prosecuted, tried, or punished for any offense, not capital, unless the indictment is found or the information is instituted within five years next after such offense shall have been committed.”).
[31] First Edition at 34.
[32] Second Edition at 36; see 18 U.S.C. § 3301(a) (“[T]he term ‘securities fraud offense’ means a violation of, or a conspiracy or an attempt to violate . . . section 32(a) of the Securities Exchange Act of 1934 (15 U.S.C. 78ff(a)) . . . .”); 18 U.S.C. § 3301(b) (“No person shall be prosecuted, tried, or punished for a securities fraud offense, unless the indictment is found or the information is instituted within 6 years after the commission of the offense.”).
[33] Second Edition at 45 (citing 15 U.S.C. § 78ff(a)).
[34] DOJ Memorandum, The Fraud Section’s Foreign Corrupt Practices Act Enforcement Plan and Guidance (Apr. 5, 2016), available at
[35] Rod J. Rosenstein, DOJ, Deputy Attorney General Rosenstein Delivers Remarks at the 34th International Conference on the Foreign Corrupt Practices Act (Nov. 29, 2017), available at
[36] Dylan Tokar, Foreign Bribery Leniency Program Gets Minor Adjustment, Wall Street Journal (Nov. 20, 2019), available at
[37] Second Edition at 51.
[38] Second Edition at 52. Given the requirements of the CEP that applicable restitution, disgorgement, or forfeiture be paid to be eligible for a declination, it is notable that the Second Edition still contains the description of a compliance program case study premised upon the Garth Peterson case, where Peterson’s employer received a declination from the DOJ and SEC even though no disgorgement was paid by the employer. See Second Edition at 68. The declinations were premised upon the employer’s robust compliance program and its good faith enforcement of the program, which was circumvented through the misrepresentations and misconduct of Peterson and a foreign government official, combined with the employer’s self-disclosure and full cooperation. The continued inclusion of this compliance program case study might suggest that, under the right circumstances, the door to receiving a declination might not be completely closed to a company that has not paid restitution. However, the language of the CEP certainly counsels against such an interpretation.
[39] Second Edition at 51.
[40] Second Edition at 52.
[41] Id.
[42] Last month, the DOJ issued revised guidance about how it will evaluate corporate compliance programs. U.S. Dep’t of Justice, Criminal Div., Evaluation of Corporate Compliance Programs (June 2020), available at We published an alert detailing prosecutors’ key considerations, including that a compliance program should evolve over time, that companies should evaluate their compliance programs by tracking data, and that companies should train employees on compliance issues. John J. Carney, Steven M. Dettelbach, Carl W. Hittinger, and George A. Stamboulidis, DOJ Makes Important Changes to Its Guidance on Evaluating Compliance Programs, available at
[43] Second Edition at 57 n.318.
[44] Second Edition at 57.
[45] Second Edition at 67.
[46] Id.
[47] Second Edition at 73 n.400 (citing Memorandum of Brian A. Benczkowski, Assistant Attorney General, Dep’t of Justice (Oct. 11, 2018), Selection of Monitors in Criminal Division Matters, available at
[48] Second Edition at 74.
[49] Id.

Baker & Hostetler LLP publications are intended to inform our clients and other friends of the firm about current legal developments of general interest. They should not be construed as legal advice, and readers should not act upon the information contained in these publications without professional counsel. The hiring of a lawyer is an important decision that should not be based solely upon advertisements. Before you decide, ask us to send you written information about our qualifications and experience.