The Foreign Corrupt Practices Act is a wide-reaching statute that has become a major concern within the oil and gas industry in recent years. Part of the Securities and Exchange Act of 1934, the FCPA prohibits companies and individuals from bribing foreign officials in an attempt to obtain or retain business. Additionally, it requires companies that are registered with the Securities and Exchange Commission to keep detailed accounts of corporate payments and transactions, as well as to maintain accounting systems that ensure management’s control over company assets.
Although enforcement of the statute has historically been infrequent, the past decade has witnessed a surge of FCPA enforcement actions by the SEC and the Department of Justice, the FCPA’s enforcement agencies. Notably, many of these actions have specifically targeted the oil and gas industry, likely due to the competitive business environments present in foreign, resource-rich countries in which paying bribes is often the status quo, and to the necessity for energy companies to work closely with state-owned entities within these regions.
Despite these inherent circumstances, the SEC and the DOJ have been unforgiving of oil and gas companies that violate the FCPA. For example, in 2010, the SEC entered into settlements with seven oil services and freight forwarding companies totaling over $236 million after they were charged with violating the FCPA by bribing customs officials in foreign nations.
Accordingly, oil and gas companies must take clear and decisive steps to comply with the
FCPA to maximize their chances of avoiding liability. Although many companies have attempted to shield themselves from FCPA liability by using offshore companies, subsidiaries and joint ventures when operating overseas, recent enforcement actions demonstrate that these attempts are not effective in safeguarding energy companies from liability.
Rather, the plethora of enforcement actions over the past decade shows that clear, effective, companywide FCPA compliance programs are the most effective way to insulate oil and gas companies from incurring liability. Here are the practical steps that a company should take, including the necessary components of every FCPA compliance program, to minimize liability.
Risk assessment
First, oil and gas entities must perform a companywide risk assessment to identify where they are at the greatest risk for FCPA violations. E&Ps must consider the sectors that are at greatest risk, the geographic locations of such risks, the level of corruption present in each of these locations, and the situations when foreign officials must be involved in the company’s operations at these locations.
Companies should also identify every employee, agent, business partner and foreign consultant working for or with the company in these locations. By doing so, they will be able to develop effective, company-specific FCPA compliance programs that are focused on the areas where the risk of a violation is greatest.
By using this initial risk assessment, each company’s compliance program may be tailored to meet its individual needs. Based on the aggressive FCPA enforcement trends of the past decade, a company-specific compliance program appears necessary for compliance as well as to mitigate liability should a violation occur. Here are the components that should be present in these programs.
Universal application
Every company should develop a written policy that provides company officers, employees and third parties with a clear and comprehensive understanding of its FCPA compliance program and expectations with regard to adhering to that program. This policy should be publically available, offered in the local language of the countries where the company operates, and a copy should be given to every officer, employee and third party involved with the company.
The policies must apply universally to everyone who works for or with the company, including top management and third-party agents. Accordingly, companies should include clear anti-corruption undertakings and representations in their contracts with employees, business partners and third-party agents. Further, companies should retain the right to terminate an individual or business relationship for any breach of anti-corruption laws and/or the company’s FCPA compliance program.
Clear description
All companies should include a clear description of the FCPA in their written policy. Within this description, key terms and concepts should be defined. This portion of a company’s policy is vitally important, as its purpose is to alert officers, employees and third parties to the existence of and risks associated with FCPA violations. Thus, it should be carefully drafted, particularly as the key terms embodied in the FCPA are often poorly defined, leading to much confusion.
For example, the FCPA specifically prohibits the giving of bribes to “foreign officials.” A foreign official is defined as “any officer or employee of a foreign government or any department, agency, or instrumentality thereof, or of a public international organization, or any person acting in an official capacity for or on behalf of any such government or department, agency, or instrumentality, or for or on behalf of any such public international organization.”
This definition is vague, and many companies have struggled to understand what exactly constitutes an instrumentality of a foreign government. Nevertheless, many FCPA enforcement cases turn on whether the individual bribed belonged to an instrumentality of a foreign government. Accordingly, oil and gas companies must broadly define foreign officials in their FCPA compliance policies to ensure that officers, employees and third parties understand who exactly the company considers to be a foreign official.
Much of the work undertaken by energy firms abroad necessarily requires interaction with state entities in varying capacities and, in many of these locations, corruption runs rampant. Thus, at a minimum, employees of state-owned institutions, low-level government employees and individuals who work for companies where a foreign government has an interest, however small, should all be included in the definition of a “foreign official” in order to properly insulate companies from potential FCPA liability.
An effective FCPA compliance program must also specifically address company policies regarding gifts and bribes; travel and entertainment; facilitation payments; accounting for facilitation payments and agency fees; approval authority for certain activities and/or payments; and employees acting through third parties.
Company policies regarding these issues should be clearly defined, and examples of both proper and unlawful behavior relating to these issues should be provided.
For example, although the FCPA permits companies to make facilitation payments, which are payments made to expedite or secure the performance of routine governmental ac-
Companies and their corporate officers may incur FCPA civil and criminal liability for the actions of their third-party agents abroad.
tions, some oil and gas companies have completely banned facilitation payments except in instances of an imminent threat to the health, safety or welfare of an employee, co-worker or family member. Implementing such a ban may be prudent, as it places companies in compliance with the U.K. Anti-Bribery Act. Further, given the SEC and DOJ’s extremely narrow view of what constitutes facilitation payments, adopting such a policy may behoove companies seeking to avoid FCPA liability as well.
Third-party policies
Given the varied cultural climates in which oil and gas companies operate overseas, they also need to develop well-defined written policies regarding their handling of such third parties as intermediaries, agents and business partners. Under the FCPA’s third-party payment provisions, foreign agents are prohibited from directly making payments or providing anything of value to foreign officials in order to obtain or retain business in violation of the FCPA’s anti-bribery provisions.
Thus, companies and their corporate officers may incur FCPA civil and criminal liability for the actions of their third-party agents abroad. These third parties pose a particularly high risk for FCPA violations, as companies ordinarily have less control over their third parties, complicating assurances of compliance.
Using third parties typically can’t be avoided, because E&P’s operating locales require foreign agents simply to conduct business. Thus, oil and gas companies must create and implement well-defined due diligence policies prior to and after retaining third parties. These policies should be designed to detect potential “red flags” that may indicate an agent who is or who will be making improper payments in violation of the FCPA.
Red flags include rumors of improper payments to officials; family ties to government officials; large commission requests; agents recommended by government officials; agents that are former government officials; a lack of credentials; and refusal to agree to FCPA compliance certification.
In addition to basic due diligence, companies must also ensure that the tasks performed by these third parties comply with the FCPA. Third-party tasks should be clearly defined and companies must require complete documentation of and relating to these tasks. This documentation should be carefully reviewed for any indication of FCPA violations, and red flags such as unusually high fees or expenses must be fully investigated. Further, companies should retain the right to audit the books and records of third parties and should regularly do so to determine possible red flags.
The Transparency International Corruption Perceptions Index scores countries on a scale from 0 (highly corrupt) to 100 (very clean). No country has a perfect score and two-thirds score below 50.
Audits
In addition to a well-defined company policy regarding FCPA compliance for officers, employees and third parties alike, oil and gas companies should conduct periodic, companywide audits designed to detect FCPA violations. Additional audits of high-risk company sectors and geographic regions should be conducted more frequently and, at a minimum, annually.
The results should be used to modify policies to better address any specific FCPA risk. Companies should simultaneously use software that continually audits their books and records. Such software is widely available, and can be programmed to immediately recognize questionable transactions. Any such transactions should be reviewed for violations.
Ultimately, any violation of the FCPA must be immediately remedied and reported to the SEC and DOJ. As companies are obligated to maintain accurate books and records under the FCPA, all transactions, even illegal ones, must be accurately reflected in their accountings. Thus, oil and gas companies must also report violations under the recordkeeping provisions of the FCPA as well as the anti-bribery section. Any attempt to hide or ignore violations will almost always result in substantially increased company liability, should they be discovered.
Structures fostering compliance
To ensure that FCPA compliance is universally applied and actively enforced, and not simply an impermissive “paper program” based on mere documentation, oil and gas companies must foster a company culture focused on compliance. They should structure their compliance programs so that at least one individual, such as a corporate compliance officer (CCO), is charged with overseeing the program.
The CCO should have the ability to and be charged with reporting any possible violations of the FCPA directly to the board of directors. Although the CCO may face an increased risk of incurring FCPA liability by virtue of his position, individual liability is premised on knowledge and criminal intent. Thus, the CCO must remain focused on detecting and preventing violations.
Further, compliance officials should be appointed in each high-risk business sector and geographic region to specifically oversee implementation of policies in these areas. These individuals should have the authority to report possible violations directly to the CCO. This structure will ensure that attention is focused on FCPA compliance, and should provide directed oversight that allows for immediate, high-level intervention should a violation occur.
Once the FCPA management structure is in place, companies should conduct mandatory yearly training for all upper management, officers, employees and third parties. They should also require yearly FCPA certification of these same parties to ensure that policies are universally understood. Training and certification should be offered in the local language of the countries of operations to enhance understanding among foreign officers, employees and third parties in high-risk areas. Local language training can prevent costly, yet common, misunderstandings about FCPA compliance in regions where bribery is the status quo.
Companies should also establish a hotline for anonymous reporting by officers, employees and third parties who are concerned that a possible FCPA violation has occurred and, when practical, provide a forum for anonymous electronic submissions. Any and all reports of potential FCPA violations should be immediately reviewed and investigated, ideally by a standing committee of internal legal, audit and compliance personnel. The compliance officers and the CCO should also be actively involved in these investigations. Ultimately, properly investigating all possible violations is essential to a successful FCPA compliance program, and any discovered violation should be immediately reported to the proper governmental authorities.
Finally, the company’s legal team, compliance officers and the CCO should regularly review FCPA updates and developments, and actively implement new and revised policies. During this process, companywide memoranda regarding pertinent FCPA updates should be regularly transmitted to prevent violations.
Conclusion
By implementing these steps, oil and gas companies can better ensure that their officers, employees and third parties remain alert to possible violations, and fully recognize a violation and its seriousness should one occur. Moreover by structuring a compliance program that is visible, autonomous and permeates all levels of the company, it is much easier to demonstrate a widespread commitment to compliance should a violation occur.
Although investment in a FCPA program can be costly, the ultimate ramifications of a violation can be devastating. Aside from possible imprisonment for individual offenders, the penalties of a FCPA violation can be severe enough to challenge the solvency of an offending company. Thus, given the unique business and geographic climates in which oil and gas companies often operate, serious attention to implementing a thoughtful and effective FCPA compliance program is vital to success.
Recommended Reading
Range Resources Plans Flat Production Target in 2024
2024-02-23 - Gas producer Range Resources is focusing on system flexibility to respond to market trends.
Permian NatGas Hits 15-month Low as Negative Prices Linger
2024-04-16 - Prices at the Waha Hub in West Texas closed at negative $2.99/MMBtu on April 15, its lowest since December 2022.
Antero Poised to Benefit from Second Wave of LNG
2024-02-20 - Despite the U.S. Department of Energy’s recent pause on LNG export permits, Antero foresees LNG market growth for the rest of the decade—and plans to deliver.
Turning Down the Volumes: EQT Latest E&P to Retreat from Painful NatGas Prices
2024-03-05 - Despite moves by EQT, Chesapeake and other gassy E&Ps, natural gas prices will likely remain in a funk for at least the next quarter, analysts said.
Exclusive: Chevron Balancing Low Carbon Intensity, Global Oil, Gas Needs
2024-03-28 - Colin Parfitt, president of midstream at Chevron, discusses how the company continues to grow its traditional oil and gas business while focusing on growing its new energies production, in this Hart Energy Exclusive interview.