Officers’ liability under the FCPA and UKBA: risks to Indian operations
Prashant Mara
BTG Legal, Mumbai
Devina Narvekar
BTG Legal, Mumbai
In 2019, Cognizant Technology Solutions Corporation (Cognizant) agreed to pay US$25m to the US Securities and Exchange Commission (SEC) to settle violations of the US Foreign Corrupt Practices Act (FCPA). Two former high-ranking officials of Cognizant were also individually charged with authorising US$2.5m in bribe payments to an Indian government official.
The Cognizant case is far from the sole instance of US-based enforcement action arising from a company’s business interests in India. In fact, as recently as September 2022, Oracle Corporation settled charges with the SEC of violating the FCPA when its Indian subsidiary created and used slush funds to bribe government officials in return for business. A historic review demonstrates that enforcement actions and penalties under the FCPA and its UK equivalent, the UK Bribery Act (UKBA), have largely been directed against corporations. However, it is critical to recognise that both the FCPA and UKBA specifically contemplate individual liability, and the Cognizant incident is testament to the fact that the authorities will not hold back from giving full effect to anti-bribery and corruption law against individual officers, where relevant. The question is, therefore, how culpable must an officer of a company be for personal enforcement to take place?
Officers and directors are particularly vulnerable to enforcement action when it comes to operations in sectors that are licensed and/or heavily regulated (such as alcohol and defence), industries with regular interface with government officials (land and infrastructure) and heavy reliance on third parties, as indirect bribes are penalised, even in the absence of actual knowledge of the corrupt payment.
It is often extremely difficult, if not impossible, for officers at a senior level (whether based in India or abroad) to verify every accounting entry and check actual expenses against paperwork produced on the ground. Bribes and facilitation payments are very often disguised in accounting records as legitimate payments, such as fees or commissions to consultants. In Cognizant’s case, sham change order requests were allegedly used to conceal payments which were made to reimburse a construction firm for bribes given to government officials in a construction project in India. These sham payments were apparently authorised by certain Cognizant officers.
Other covers for bribes that we have come across while conducting anti-bribery and corruption investigations have included payments under consultancy or agency agreements, payments to vendors and sub-vendors, purchase orders, marketing services payments, HR events and even team offsite budgets.
Where senior officers must rely on paperwork to sign off on payments, enforcement action will consider whether they exercised sufficient diligence while approving these payments, and whether adequate processes were put in place to verify and cross-check expenses, while appropriating individual responsibility.
Another important element to be mindful of is whether investigations in the US or UK under the FCPA and UKBA respectively would trigger investigations or reporting requirements under local regulations such as India’s Prevention of Corruption Act 1988 (POCA). Unlike the FCPA and UKBA, the focus of POCA is to fix individual liability via criminal prosecution. Monetary settlements equivalent to those under the FCPA or UKBA are not available under POCA, and prosecution tends to be a long and painful process for all involved, encompassing multiple enforcement agencies, without reaching conclusions in many instances.
These risks are not endemic to one country. As many high-profile prosecutions have demonstrated, infractions tend to be spread across many jurisdictions, with the participation (tacit or explicit) of various individuals and a general breakdown of compliance and governance mechanisms.
Baseline precautionary measures to mitigate risks to officers and directors cover three major aspects:
- Being aware that ‘knowledge’ of a corrupt practice can be attributed in many different ways across various regulations. Therefore, meaningful mechanisms which alert officers to red flags (such as whistleblower lines, reporting mechanisms via HR or factory managers, third party audits etc) should be in place.
- Once red flags are prompted, the next threshold requirement when assessing culpability is typically how the officer concerned reacted to the alert, and what was done to get to the root of the matter. Aspects such as whether enquiries were conducted with due promptness and gravity, whether suitable actions were pursued to remedy gaps, whether appropriate disciplinary measures were taken etc, become critical questions. The answers to these questions should stand the test of diligence and due process in hindsight, as these are always called to question post facto.
- Finally, the officer’s behaviour and reaction to law enforcement or government investigations, and any disclosures made in good faith, become critical to determine final liability.
In an ideal scenario, all three of the above aspects would play out seamlessly, with the officers able to justify their actions (or lack thereof) and demonstrate that they have, at each stage, acted to comply with anti-corruption law and company policy, to the best of their ability.
Nevertheless, from a practical perspective, we have seen time and again that there is no perfect set of facts that can be presented in the course of an investigation, particularly given that acts (or omissions) are scrutinised in hindsight. As such, the goal of compliance and governance mechanisms should be to put procedures in place which make it difficult for any investigation to attribute culpability individually by equipping officers with the tools described above to be able to resist liability robustly and sufficiently.