Insights

The Legal Obligation to Maintain Accurate Books and Records in U.S. and Non-U.S. Operations

The Foreign Corrupt Practices Act (“FCPA” or “the Act”) is usually associated with its prohibitions against foreign bribery.   The provisions of the Act relating to bookkeeping and internal controls (collectively, the “accounting provisions”) receive less publicity but are much more likely to form the basis of a government proceeding against companies subject to the Act.  The most common FCPA enforcement mechanism is a civil action by the Securities and Exchange Commission (“SEC”) under the accounting provisions and not a criminal charge by the Department of Justice (“DOJ”) or even a civil action by the SEC under the antibribery provision.  In fact, a study conducted in 2003 found that of 604 enforcement actions brought by the SEC since the FCPA was enacted in 1977, only 7 percent related to foreign bribery.[1]  Compare this to the 38 criminal bribery charges brought by the DOJ under the FCPA through 2003.[2]

This overwhelming disparity is due to the fact that the accounting provisions create civil and criminal penalties for practices that are in no way “foreign” and no more “corrupt” than deliberately sloppy accounting.  The SEC staff has expressed the view that the FCPA’s internal-controls provisions, although originally viewed as a deterrent to the use of slush funds for illegal foreign payments, are more broadly intended to protect the general integrity of financial statements.[3]   Accordingly, cases brought under the accounting provisions seldom involve foreign bribery; more often, they reflect the SEC’s expansive interpretation of the FCPA.

Although the accounting provisions of the FCPA are not aimed specifically at “foreign” accounting practices, they apply equally to U.S. and non-U.S. operations of businesses required to file reports with the SEC.[4]  They also apply to majority-owned foreign subsidiaries and, in some cases, to nonmajority interests and joint ventures.[5]  Consequently, businesses subject to the Act must ensure strict compliance with its provisions, not only in the U.S. but also in their non-U.S. operations.  Not surprisingly, this can be a Herculean task, especially given that accounting and bookkeeping practices can vary widely in jurisdictions around the globe where U.S. companies do business.

As a general matter, the accounting provisions require covered entities to maintain books and records that accurately and fairly reflect the transactions of the corporation in reasonable detail and to design a system of internal accounting controls reasonably calculated to ensure that the entity’s financial statements are accurately and fairly stated.[6]  Since the passage of the Sarbanes-Oxley Act of 2002 (“SOX”), the accounting provisions have assumed even greater importance because officers now are required to certify the integrity of their companies’ financial statements and assess the adequacy of internal controls.[7]  As a consequence, corporations are more frequently uncovering accounting-provision violations in connection with internal SOX reviews and are self-reporting these violations to regulators in hopes of mitigating penalties for noncompliance.

Because of heightened scrutiny of corporate bookkeeping practices and internal controls in the wake of SOX, now more than ever corporations and their advisors need to bear in mind the requirements of the FCPA accounting provisions in assessing the effectiveness and integrity of their internal financial processes, both in the U.S. and overseas.  To that end, this White Paper briefly reviews and summarizes the requirements of the accounting provisions, penalties for violations thereof, and the effects of the newly enacted SOX provisions on their enforcement.

Persons Covered

The FCPA’s accounting provisions apply to publicly held U.S. companies considered “issuers” under the Exchange Act of 1934 (the “Exchange Act”).[8]  To qualify as an issuer under the FCPA, an entity either must be required to file reports with the SEC under § 15(d) of the Exchange Act[9] or must have securities registered with the SEC under § 12 of the Exchange Act.[10]  The definition of “issuers” is sufficiently broad to cover corporations with bonds or American Depository Receipts traded on U.S. markets or stock exchanges.[11]  Unlike the antibribery provisions, the accounting provisions do not apply to “domestic concerns” that are not issuers.[12]

Most non-U.S. operations of domestic businesses also are covered by the Act.  The accounting provisions apply to all majority-owned subsidiaries (domestic and foreign) of U.S. issuers.[13]  In addition, the Act provides that with respect to any company (including joint ventures) in which the issuer or one of its subsidiaries holds 50 percent or less of the voting power, the issuer is required to make a “good faith [effort] to use its influence, to the extent reasonable under the issuer’s circumstances, to cause such domestic or foreign firm to devise and maintain a system of internal accounting controls.”[14]  The local laws and accounting practices of the jurisdiction in which the foreign affiliate does business largely determine what constitutes “reasonable” compliance with the statute.[15]  Issuers that demonstrate good-faith efforts at compliance are presumed to have fulfilled their legal obligations under the Act.[16]

Although the FCPA makes a distinction between majority voting control and minority interests in foreign subsidiaries, issuers are well advised to devote adequate resources to ensuring that non-U.S. operations in which they have a minority interest employ good accounting practices and maintain adequate internal controls.  Section 404 of SOX does not distinguish between majority- and minority-owned interests with respect to its requirements relating to disclosures about internal controls (or the lack thereof).[17]  Accordingly, businesses without voting control of foreign subsidiaries still are required to report on the adequacy of their subsidiaries’ fraud-related internal controls, even in cases where the issuer’s control is so tenuous as to render an assessment of such controls difficult or impossible.

Bookkeeping and Internal-Controls Requirements

The FCPA accounting provisions impose requirements on issuers to make and keep accurate books and records and to maintain and devise a system of internal accounting controls.  Every “issuer” regulated by the SEC is required to:

  • Make and keep books, records, and accounts that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the issuer.
  • Devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that:
  1. Transactions are executed in accordance with management’s general or specific authorization.
  2. Transactions are recorded as necessary to permit preparation of financial statements in conformity with generally accepted accounting principles or any other criteria applicable to such statements, and to maintain accountability for assets.
  3. Access to assets is permitted only in accordance with management’s general or specific authorization.
  4. The recorded accountability for assets is compared with the existing assets at reasonable intervals and appropriate action is taken with respect to any differences.[18]

The FCPA does not specify the procedures businesses must use in maintaining their books and records, nor does it define the internal controls necessary to pass muster under the Act.  Rather, it prescribes a “reasonableness” standard for assessing the adequacy of issuers’ practices related to accounting and recordkeeping.  Issuers are required to keep records in “reasonable detail” to reflect transactions and maintain a system of internal accounting controls sufficient to provide “reasonable assurance” that assets are properly recorded.

The ambiguity of the “reasonable detail” requirement for books and records and the “reasonable assurances” for internal controls, as well as the lack of an explicit materiality standard or a scienter requirement, have been a source of concern since the accounting provisions were first proposed.[19]  In 1988, the FCPA was amended to provide that “the terms ‘reasonable assurances’ and ‘reasonable detail’ mean such level of detail and degree of assurance as would satisfy prudent officials in the conduct of their own affairs.”[20]  Accordingly, compliance with the provisions is judged by the often amorphous “prudent man” standard.  

In addition to the bookkeeping and internal-controls requirements contained in the statute, two rules adopted by the SEC under the FCPA also govern the accounting practices of issuers.   Rule 13b2-1 provides that “[n]o person shall, directly or indirectly, falsify or cause to be falsified, any book, record or account subject to [the FCPA accounting provisions].”  By its terms, the rule applies to any “person” and not just to issuers and certain affiliated persons.  The rule expresses the SEC’s view that the requirement should extend not merely to the “issuer” itself, but “should apply to any person who, in fact, does cause corporate books and records to be falsified.”[21] 

The second rule, Rule 13b2‑2, prohibits false statements by directors or officers to accountants in connection with audits and SEC reports.[22]   Unlike Rule 13b2‑1, which applies to any person, Rule 13b2‑2 applies only to directors or officers.  Although the FCPA itself does not explicitly include a materiality standard, Rule 13b2‑2 proscribes only “materially false or misleading statement[s]” or omissions of “material fact[s].”  The Rule applies to both written and oral statements.  Moreover, in the SEC’s view, the rule applies not only to the audit of an issuer’s financial statements by independent accountants, but also to the preparation of any required reports by independent or internal accountants, the preparation of special reports to be filed with the SEC, and “any other work performed by an accountant that culminates in the filing of a document with the SEC.”[23]  The SEC also has indicated that it interprets Rules 13b2‑1 and 13b2‑2 to provide an independent basis for enforcement actions, regardless of whether the dissemination of materially false or misleading information to investors is involved.[24]    

Enforcement and Penalties

Enforcement authority under the FCPA is divided between the SEC and the Department of Justice.  The SEC has authority to investigate and bring civil enforcement actions against violators of the accounting provisions.[25]  The DOJ is responsible for criminally prosecuting “willful” violations of the accounting provisions and the SEC rules adopted thereunder.[26]

With respect to both civil and criminal enforcement of the accounting provisions, Congress did not include specific sanctions for violations of the accounting provisions.   Rather, the general enforcement remedies of the Exchange Act are applicable.  In civil cases, the SEC has authority to subpoena records and testimony, conduct investigations, and initiate civil enforcement actions seeking to enjoin prohibited activities and/or seeking disgorgement or civil monetary penalties ranging from $50,000 to $500,000 (or more if the “gross pecuniary gain” to the defendant exceeds $500,000) per violation for business entities.[27]  In criminal cases, a “willful” violation of the FCPA accounting provisions constitutes a felony under § 32(d) of the Exchange Act, punishable by a fine of up to $25 million against entities, and a maximum fine of $5 million and up to 20 years’ imprisonment against natural persons.[28]  However, the criminal penalty provision also provides that “no person shall be subject to imprisonment . . . for the violation of any rule or regulation if he proves that he had no knowledge of such rule or regulation,”[29] and the 1988 FCPA amendments provide that criminal liability will not attach for failure to comply with the accounting provisions unless the business concern “knowingly circumvent[ed] or knowingly fail[ed] to implement a system of internal accounting controls or knowingly falsif[ied]” the accounting records.[30]

Several recent high-profile FCPA enforcement actions underscore the high stakes involved for violations of the accounting provisions: 

  • In a June 2004 settlement with the SEC, Schering-Plough agreed to pay a $500,000 civil penalty for violating the FCPA’s books-and-records provisions in connection with payments made by a Polish subsidiary to a charitable foundation headed by a Polish government official.[31]   The SEC’s complaint alleged that none of the charitable payments were accurately reflected on the subsidiary’s books and that Schering-Plough’s internal controls were inadequate to prevent or detect the payments in question.[32]
  • In July 2004, ABB Ltd., based in Zurich, Switzerland (but subject to the Act because its stock trades on the NYSE), settled an FCPA enforcement action with the SEC for $16.4 million ($10.5 million civil penalty; $5.9 million disgorgement).[33]   The SEC brought the enforcement action because “ABB improperly recorded [illicit] payments in its accounting books and records, and lacked any meaningful internal controls to prevent or detect such illicit payments.”[34]
  • In March 2005, Titan Corporation settled an SEC enforcement action for $28.5 million ($13 million civil penalty; $15.5 million disgorgement), based in part on the company’s inadequate internal controls and bookkeeping practices.[35]   The SEC’s complaint alleged that Titan improperly recorded illicit payments to sales agents in Africa in its books and records, and it roundly assailed the company for its failure to implement an FCPA policy or compliance program, even though the company employed more than 120 agents and consultants in more than 60 countries.[36]

In each instance, the books-and-records violations were based on questionable accounting practices in the foreign operations of issuers subject to the Act, and the inadequacy of the issuer’s internal controls was a factor in assessing culpability.  As these cases demonstrate, the penalties exacted for noncompliance with the FCPA’s accounting provisions can be severe and inevitably far outweigh the cost of compliance.

Effects of the Sarbanes-Oxley Act of 2002

Passed in July 2002 in response to the corporate accounting scandals at Enron and WorldCom, SOX did not amend the FCPA in any respect.  Several SOX provisions, however, relate to disclosures and internal controls.  These provisions have influenced significantly the ways companies approach FCPA compliance.  Since SOX was passed, the number of reported DOJ and SEC investigations of potential FCPA violations has increased dramatically.  In 2002, only seven investigations were opened; in 2004, that number increased to 16.[37]  Even more alarming is the increase in the number of investigations resulting from companies “self-reporting” internally discovered violations.  Only 28 percent of the investigations in 2002 resulted from self-reporting versus 69 percent in 2004.[38]

Several SOX provisions have contributed to the increase in self-reported FCPA cases,[39] but two in particular, Sections 302 and 404, have revolutionized the approach companies take in preventing, detecting, and responding to fraudulent accounting practices.  Section 302 requires CEOs and CFOs of companies required to file reports with the SEC to certify that (1) financial statements filed with the SEC fairly and accurately represent the financial condition of the company; (2) the certifying officers have evaluated the company’s internal controls within 90 days prior to the certification and found the controls to be adequate; and (3) the certifying officers have reported to the company’s auditors and audit committee any internal-controls deficiencies and any fraud involving management.[40]  Section 404 and the regulations implementing it require companies to (1) establish and maintain an adequate system of internal controls and procedures for financial reporting and (2) assess annually the effectiveness of those controls and procedures.[41]  As previously discussed, unlike the FCPA, Section 404 makes no distinction between majority and minority interests in foreign subsidiaries.

These provisions place responsibility for detecting fraudulent behavior and inadequate recordkeeping squarely in the laps of those occupying the highest levels of management.   In response to Sections 302 and 404, certifying officers are demanding greatly enhanced scrutiny of the adequacy of internal controls and procedures and other fraud-prevention measures, the natural consequence of which is an increase in the number of FCPA violations discovered internally and self-reported to regulators.  Indeed, certifying officers have a strong incentive to prevent and detect fraud.  Under SOX Section 906, a criminal provision closely related to Section 302, a manager who willfully certifies a periodic report filed with the SEC that abrogates the requirements of the accounting provisions of the FCPA faces criminal penalties of up to 20 years in prison and/or fines of up to $5 million.[42] 

The passage of SOX clearly has added significantly to the array of tools available to the government to investigate and prosecute, civilly and criminally, violations of the FCPA accounting provisions.  Moreover, in the wake of the accounting scandals that spawned SOX, regulators are pursuing such investigations and prosecutions more aggressively than ever.  Accordingly, it is imperative that organizations and their advisors carefully consider the interrelationship of the new SOX reporting and disclosure provisions with organizations’ own FCPA compliance measures.

Conclusion

The expansive reach of the FCPA accounting provisions, coupled with the new SOX requirements concerning accounting practices and internal controls, presents unique and formidable challenges to businesses with non-U.S. operations.  In today’s global marketplace, companies often have a presence in dozens of foreign countries, each with its own corporate culture and accounting practices.  It is imperative that businesses educate their employees on the importance of sound financial processes and internal controls and engender in their workforce a culture of FCPA compliance.

The FCPA accounting provisions should be viewed as more than just another bureaucratic hoop through which businesses are forced to jump.  Rather, the provisions are highly effective tools that businesses can use to prevent and detect fraud from within.  Sound accounting practices and internal controls often are the best defense against theft and embezzlement, especially in certain foreign jurisdictions, where regulators take a less rigorous approach in enforcing rules related to financial reporting.  Accordingly, domestic companies with operations outside the U.S. are well advised to make FCPA and recordkeeping compliance a high priority in their global business strategies.

Additional Information Regarding the FCPA

Jones Day White Papers discussing the FCPA and recent developments under the law include:

  • “2006 Update on Transnational Antibribery Laws:  The United States Foreign Corrupt Practices Act, International Conventions, and Recent Enforcement Actions”
  • “The Legal Obligation to Maintain Accurate Books and Records in U.S. and Non-U.S. Operations.”

Both of these documents are available on the Jones Day web site at www.jonesday.com.

Lawyer Contacts

For further information, please contact your principal Jones Day representative or one of the lawyers listed below. General e-mail messages may be sent using our “Contact Us” form, which may be found at www.jonesday.com.

Atlanta
Richard H. Deane, Jr.
1.404.581.8502
rhdeane@jonesday.com

George T. Manning
1.404.581.8400
gtmanning@jonesday.com

Chicago
Daniel E. Reidy
1.312.269.4140
dereidy@jonesday.com

James C. Dunlop
1.312.269.4069
jcdunlop@jonesday.com

Cleveland
Stephen G. Sozio
1.216.586.7201
sgsozio@jonesday.com

Los Angeles
Frederick D. Friedman
1.213.243.2922
ffriedman@jonesday.com

Brian O’Neill
1.213.243.2856
boneill@jonesday.com

Brian A. Sun
1.213.243.2858
basun@jonesday.com

New York
Charles M. Carberry
1.212.326.3920
carberry@jonesday.com

Harold K. Gordon
1.212.326.3740
hkgordon@jonesday.com

San Francisco
Martha Boersch
1.415.875.5811
mboersch@jonesday.com

Washington, D.C.
R. Christopher Cook
1.202.879.3734
christophercook@jonesday.com

Peter J. Romatowski
1.202.879.7625
pjromatowski@jonesday.com

Endnotes

[1]  Jonathan M. Karpoff, et al., How is Corporate Misconduct Penalized? Enforcement Actions Through the Foreign Corrupt Practices Act, Working Paper (Dec. 10, 2003).

[2]  United States Department of State, Bureau of Economic and Business Affairs, Battling International Bribery 2003, at 13 (July 2003).

[3]  Update, White Collar Crime: Survey of Law, 25 Am. Crim. L. Rev. 359, 423 & n.8 (1988) (citing an address by Gary Lynch, Director of the Division of Enforcement).

[4]  15 U.S.C. § 78m(b)(2) (2002).

[5]   Id.

[6]   Id.

[7]   See Sarbanes-Oxley Act of 2002 § 302, 15 U.S.C. § 7241 (2002) (requiring management certification of accuracy and fairness of financial reports and adequacy of internal controls); id. § 404, 15 U.S.C. § 7262 (2002) (authorizing the SEC to prescribe regulations requiring management to assess internal control structures for financial reporting); Final Rule: Management’s Reports on Internal Control Over Financial Reporting and Certification of Disclosure in Exchange Act Periodic Reports, SEC Release Nos. 33-8238, 34-47986, IC-26068, 68 Fed. Reg. 36643 (June 18, 2003) (promulgating final rule).

[8]  15 U.S.C. § 78m(b)(2) (2002) (applying accounting provisions to “[e]very issuer which has a class of securities registered pursuant to section 78l of this title and every issuer which is required to file reports pursuant to section 78o(d) of this title.”).

[9]  Id. § 78o(d) (requiring issuers to file “supplementary and periodic information, documents and reports” deemed by the SEC to be in the public interest or for the protection of investors).

[10]  Id. § 78l(g) (requiring issuers with more than 500 shareholders and with assets greater than $1 million to register their securities with the SEC).

[11]  Id. § 78c(a)(8)-(10).

[12]  Id. § 78m(b)(2) (applying only to “issuers”).

[13]  Id. § 78m(b)(6).

[14]  Id.

[15]  Id.

[16]  Id.

[17]  Id. § 7262 (2002).

[18]  Id. § 78m(b)(2)(B).

[19]  S. Rep. No. 100-85, 100th Cong., 1st Sess., at 50 (1987); G. Greanias & D. Windsor, The Foreign Corrupt Practices Act 17 (1982); Fifth Project, 26 Am. Crim. L. Rev. at 859; Fourth Project, 24 Am. Crim. L. Rev. at 589‑91; Third Project, 22 Am. Crim. L. Rev. at 511‑12; see SEC v. World‑Wide Coin Investments, Ltd., 567 F. Supp. 724, 749‑52 (N.D. Ga. 1983) (holding that accounting provi­sions do not include scienter require­ment).

[20]  15 U.S.C. § 78m(b)(7) (2002); see also H.R. Conf. Rep. 100-576, 100th Cong., 1st Sess., at 917 & 1950 (1987).

[21]  Exchange Act Release No. 15,570, 44 Fed. Reg. 10,968 (Feb. 15, 1979).

[22]  17 C.F.R. § 240.13b2‑2 (1998) (“No director or officer of an issuer shall, directly or indirectly, (a) [m]ake or cause to be made a materially false or misleading statement, or (b) [o]mit to state, or cause another person to omit to state, any material fact necessary in order to make statements made, in the light of the circumstances under which such statements were made, not misleading to an accountant in connection with (1) any audit or examination of the financial statements of the issuer required to be made pursuant to this subpart or (2) the preparation or filing of any document or report required to be filed with the Commission pursuant to this subpart or otherwise.”).

[23]  Exchange Act Release No. 15,570, 44 Fed. Reg. 10,970  (Feb. 15, 1979).

[24]  Id. at 10,966‑67.

[25]  15 U.S.C. § 78u (2002).

[26]  Id. § 78ff(a).

[27]  Id. § 78u.

[28]  Id. § 78ff(a). SOX dramatically increased criminal penalties for willful violations of the Exchange Act, including violations of the FCPA accounting provisions.  See Sarbanes-Oxley Act of 2002 § 1106, codified at 15 U.S.C. § 78ff (2002) (increasing maximum fine for individuals from $1 million to $5 million, maximum term of imprisonment from 10 years to 20 years, and maximum fine for corporations from $2.5 million to $25 million).

[29]  Id. § 78ff(a).

[30]  Id. § 78m(b)(4)‑(5).

[31]  SEC Litigation Release No. 18,740 (June 9, 2004), available at http://www.sec.gov/litigation/litreleases/lr18740.htm.

[32]             Id.

[33]  SEC Litigation Release No. 18,775 (July 6, 2004), available at http://www.sec.gov/litigation/litreleases/lr18775.htm.

[34]  Id.

[35]  SEC Litigation Release No. 19,107 (Mar. 1, 2005), available at http://www.sec.gov/litigation/litreleases/lr19107.htm.

[36]  Id.

[37]  Danforth Newcomb, Digests of Cases and Review Releases Relating to Bribes to Foreign Officials Under the Foreign Corrupt Practices Act of 1977, at 2 (Nov. 4, 2004).

[38]  Id.

[39]  See, e.g., Sarbanes-Oxley Act of 2002 § 409, codified at 15 U.S.C. § 78m(l) (DATE) (requiring companies to promptly disclose to the public “in plain English” and on a “rapid and current basis” such additional information concerning material changes in their financial condition or operations as the SEC determines, by rule, is necessary for the protection of investors in the public interest); id. § 1106, codified at 15 U.S.C. § 78ff (2002) (increasing criminal penalties for violations of FCPA accounting provisions and other Exchange Act provisions).

[40]  15 U.S.C. § 7241 (2002).

[41]  15 U.S.C. § 7262 (2002).

[42]  Sarbanes-Oxley Act of 2002 § 409, 18 U.S.C. § 1350 (DATE).

This White Paper is a publication of Jones Day and should not be construed as legal advice on any specific facts or circumstances. The contents are intended for general information purposes only and may not be quoted or referred to in any other publication or proceeding without the prior written consent of the Firm, to be given or withheld at its discretion. The mailing of this publication is not intended to create, and receipt of it does not constitute, an attorney-client relationship.

 

We use cookies to deliver our online services. Details of the cookies and other tracking technologies we use and instructions on how to disable them are set out in our Cookies Policy. By using this website you consent to our use of cookies.