Mitigating The Risk Of Derivative Suits Arising From FCPA Investigations And Settlements

FCPA enforcement continued at a vigorous pace in 2010. In its 2011 Year-End FCPA Update, Gibson, Dunn & Crutcher LLP (Gibson Dunn) reported that the U.S. Department of Justice (DOJ) and the U.S. Securities and Exchange Commission (SEC) brought a total of 48 new enforcement actions in 2011.¹ Enforcement trends noted both in Gibson Dunn's report and in the January 2012 FCPA Digest published by Shearman & Sterling LLP include:

• A significant increase in enforcement actions targeting individuals.
• An increase in SEC enforcement actions, including the filing of 10 unsettled cases in 2011—which, according to Gibson Dunn, is more than in the previous 33 years of Foreign Corrupt Practices Act (FCPA) enforcement combined.
• The use of enhanced enforcement tools by the SEC, including the first application of a deferred prosecution agreement in the Tenaris FCPA settlement. The SEC also exercised in several FCPA actions its authority under the Dodd-Frank Wall Street Reform and Consumer Protection Act to impose financial penalties.
• The initiation or settlement of several cases based on theories of successor liability against acquirers of companies that were alleged to have violated the FCPA.
• A continuation of industry-focused enforcement initiatives by the DOJ and the SEC, including oil and gas, medical devices, pharmaceuticals and financial services firms.

While there is no private right of action under the FCPA, a number of shareholder derivative suits have been filed over the past several years against directors of companies in the wake of FCPA investigations or settlements. As targets and theories of enforcement expand and the SEC employs new FCPA enforcement tools that involve payments of fines, corporate directors likely will face increasing litigation exposure. In 2010 and 2011, shareholders filed derivative suits in numerous high-profile cases involving, among others, Avon Products, Inc., Johnson & Johnson, Bio- Rad Laboratories, Inc., Maxwell Technologies, Smith & Wesson, Parker Drilling, Hercules Offshore, Inc. and Tidewater Inc.

FCPA derivative suits typically allege that the directors breached their fiduciary duties to the corporation by either (i) knowingly or recklessly disregarding the payment of bribes or (ii) failing to ensure that the company maintained effective policies, procedures and internal controls to mitigate bribery and corruption risks. While some of the cases listed above have been dismissed, this often was due to plaintiffs' failure to make pre-suit demand on the board rather than a determination on the merits. Directors should anticipate having to defend their level of engagement in the company's anticorruption compliance efforts if shareholders seek to hold them accountable in the event of an FCPA investigation, violation or settlement.

The October 2011 settlement in the SciClone Pharmaceuticals, Inc. derivative litigation² is noteworthy in two important respects. First, the derivative suit was filed only a few weeks after SciClone announced the commencement of DOJ and SEC investigations of possible FCPA violations relating to its operations in China. Thus, the allegations against the directors were not based on a successful prosecution or an admission of wrongdoing by the company but merely on the announcement that investigations had commenced. Second, the settlement occurred at a time when the DOJ and SEC investigations were still in process.³

The other significant feature of the SciClone settlement is that it did not involve the payment of damages to the company. Instead, the settlement requires the Board to oversee the company's implementation and maintenance (for at least three years) of a wide-ranging set of anticorruption compliance measures. These measures, which are more detailed than those usually included in DOJ or SEC deferred prosecution agreements in FCPA cases, include the following:

• Appointment of an FCPA Compliance Coordinator (fluent in Mandarin and English) with broad supervisory and reporting responsibilities relating to SciClone's implementation of FCPA remedial and compliance measures, including, among other things:
• • Assisting the Board in an annual review of the company's code of conduct, global anticorruption policy and FCPA compliance training slides;
  • Conducting an annual review of the company's compliance with its global anticorruption policy (including periodic unannounced visits to offices in China); and
  • Providing quarterly updates to the audit committee on implementation activities, as well as a report at least quarterly to the Board, outside counsel, the CEO, the CFO, and the company's internal and external auditors regarding compliance with the company's code of conduct and anticorruption compliance policy.
• Development of a global anticorruption policy that must, among other things:
• • Provide guidelines for all personnel, directors and independent contractors/ agents concerning gifts; hospitality, entertainment and expenses; honoraria; charitable donations and sponsorships; facilitation payments; travel; and solicitation and extortion; and
  • Require all agents, business partners, distributors, consultants and joint venture partners to comply with the policy and institute a mandatory due diligence process for foreign agents or distributors before signing a contract.
• Mandatory code of conduct provisions that require prior approval of any invitation to a government official or healthcare professional that involves travel, entertainment, sponsorship, gifts or speaker/consultant fees greater than $2,500, as well as a prohibition on gifts to such persons (with limited exceptions).
• Maintenance of an internal audit and control function that assesses risks of non-compliance with laws and regulations and incorporates the risk assessments into internal audit procedures.
• Mandatory annual FCPA compliance training for all directors, officers, employees and independent contractors—to be conducted in person where practicable, and requiring in all cases a written certification by each participant.

These and other requirements of the SciClone settlement reflect many of the best practices found in effective anticorruption compliance programs, yet in this case the enhanced compliance tools were adopted under the terms of a derivative settlement that involved, among other things, payment of $2.5 million in legal fees to plaintiffs' attorneys. The SciClone settlement provides an important reminder to directors of the potential value of investing proactively in a comprehensive assessment of corruption risks and the implementation (or improvement) of a vigorous anticorruption compliance program.

The assessment would evaluate a variety of factors for each country where the company conducts operations in order to create a risk profile for the company as a whole. These factors could include, for example, the perceived corruption risk of each country;⁴ revenues derived from state-owned enterprises; frequency and purpose of use of agents and other third parties; hiring of subcontractors and vendors (especially local companies that may be state owned or controlled); and the purposes and nature of the company's interactions with the government (either as customer or regulator) in each country.

The end result of this process is a risk-weighted profile of a company's exposure to FCPA risks, usually based on revenues by country and/or customer category. The risk profile creates a starting point for the design of FCPA compliance policies, procedures and internal controls, as well as tools for internal monitoring, reporting and enforcement of the compliance program. Engaging in a comprehensive risk assessment and compliance process of this sort can yield several benefits:

PREEMPT THE CORRUPT ACT

In the best case, the existence of detailed anticorruption policies, effective implementing procedures and internal controls, and ongoing internal monitoring and testing, will discourage attempts to pay bribes or engage in other corrupt conduct in the first place.

INCREASE POSSIBILITY OF DETECTION

An effective system of internal anticorruption controls (relating, for example, to authorization, documentation and payment procedures for sensitive categories of expenses) increases the likelihood that a company will detect a possible FCPA violation. Self-monitoring and voluntary reporting of FCPA issues often yield tangible benefits for companies, including reduced penalties and less stringent monitoring requirements following a settlement.⁵

REDUCE RISK OF OFFICER AND DIRECTOR LIABILITY

Protecting the company's assets, reputation and shareholder value always should be the board's paramount goal in designing and implementing an FCPA compliance program. Yet one ancillary benefit may involve a reduction in directors' litigation exposure. Vigorous and continual oversight of a company's FCPA risk management and compliance efforts—especially with the support of qualified, independent parties⁶—can raise the bar for derivative plaintiffs in their attempt to prove that directors breached their fiduciary duties in a manner that enabled or aggravated an FCPA violation.

Plato famously wrote in The Republic that "The beginning is the most important part of the work." Directors of companies that face bribery and corruption risks should ensure that management engages in a formal corruption risk assessment on a recurring basis and implements, monitors and tests procedures and controls that are well designed to mitigate those risks. Investing the necessary time and resources at the beginning—before a problem arises—is indeed "the most important part of the work" as these efforts can provide significant protections to companies, their shareholders and directors if an FCPA compliance issue later comes to light.

Footnotes

1. While this number is lower than the record 94 cases brought in 2010, the Gibson Dunn report notes that the 2010 figures were "elevated substantially" by the 22 actions filed in 2010 in the SHOT Show investigation of the military and law enforcement products industry.

2. In re SciClone Pharmaceuticals, Inc. Shareholder Derivative Litigation, Master File No. CIV 499030, Superior Court of the State of California, County of San Mateo (Oct. 3, 2011).

3. A special committee of the Board that had been formed to investigate the alleged FCPA violations had completed its work and reported its findings to the Board in May 2011. The special committee found, among other things, that SciClone lacked appropriate internal controls to assure compliance with the FCPA; that it failed to adequately implement its existing controls and policies; that there was a lack of transparency in the company's operations in China; and that the committee had identified evidence of sales and marketing activities that might constitute potential violations of the FCPA.

4. Transparency International's Corruption Perceptions Index is a popular tool for analyses of this sort.

5. For example, Shearman & Sterling LLP reported in its January 2012 FCPA Digest that over the past three years, the DOJ has granted discounts of monetary penalties ranging from 3 percent to 67 percent in cases involving voluntary disclosures and negotiated resolutions.

6. Notably, as an example,Section 141(e) of the Delaware General Corporation Law provides that directors of Delaware corporations are "fully protected" if they rely in good faith on, among other things, opinions and reports by any person (e.g., a consultant or other advisor) "as to matters the board member reasonably believes are within such other person's professional or expert competence and who has been selected with reasonable care by or on behalf of the corporation."

The views expressed herein are those of the author and do not necessarily represent the views of FTI Consulting, Inc. or its other professionals. (c)FTI Consulting, Inc., 2012. All rights reserved.