My friends Howard Sklar and Tom Fox are fond of talking about “compliance convergence.” The idea is that, in an age where compliance expectations are created by a wide range of legal regimes – everything from anti-corruption to export controls, anti-trust to environmental laws – companies can structure their compliance mechanisms efficiently to address a number of regimes in tandem. Recent and dramatic changes in Iran sanctions create yet another opportunity to do so.
Last week, on October 9, 2012, President Obama issued Executive Order 13628, published in 77 Fed. Reg. 62139, that significantly expanded the nature of U.S. sanctions against Iran. Specifically, it extended the prohibited activity (find several relevant regulations at 31 C.F.R. Part 560) to cover the activities of non-U.S. entities that are owned or controlled by U.S. entities.
In so doing, it implemented Section 218 of the Iran Threat Reduction and Syria Human Rights Act of 2012 (the ITRA) that President Obama signed on August 10, 2012. Section 218 imposes civil liability on U.S. entities for the actions of non-U.S. entities they own or control that would violate U.S. sanctions against Iran if performed by a U.S. person.
The ITRA defines “own or control” as (1) holding more than 50 percent of the equity interest by vote or value; (2) holding a majority of seats on the board of directors; or, (3) otherwise controlling the entity’s actions, policies, or personnel decisions.
Similarly, under the FCPA, U.S. parents can be liable for the corrupt practices of their subsidiaries. They will be liable if they knowingly participate in or authorize such bribery. They may also be held vicariously liable for a subsidiary’s corrupt practices based on a theory of respondeat superior, even without knowledge of those practices. In addition, they can be found liable for failure to keep accurate books and records or establish appropriate internal controls that would have prevented a subsidiary’s bribery.
What does this all mean for compliance convergence? It means that companies can use their current FCPA compliance programs as a basis for building out mechanisms to address new Iranian sanctions risks. They can incorporate sanctions when they train their foreign subsidiaries on bribery risks. They can build upon their written policies. When they audit business units for FCPA compliance, they can do the same for sanctions compliance.
Paul Liebman, a compliance expert at LRN, says that compliance convergence can become quite relevant with respect to pre-existing Sarbanes-Oxley controls. If controls require double sign-off for payments to a new agent, and those who sign off must ensure an FCPA due diligence review has been conducted before any payment can be issued, then the company is positioned to add due diligence questions to help avoid sanctions violations too. Questions might include: Does the company do business with Iranian entities? Does it deal with Iranian-origin goods? Using pre-existing structures is far better than re-inventing the wheel.
This FCPAméricas blog article is not intended to provide legal advice to its readers. The blog entries and posts include only the thoughts, ideas, and impressions of its authors and contributors, and should be considered general information only about the Americas, anti-corruption laws including the U.S. Foreign Corrupt Practices Act, issues related to anti-corruption compliance, and any other matters addressed. Nothing in this publication should be interpreted to constitute legal advice or services of any kind. Furthermore, information found on this blog should not be used as the basis for decisions or actions that may affect your business; instead, companies and businesspeople should seek legal counsel from qualified lawyers regarding anti-corruption laws or any other legal issue. The Editor and the contributors to this blog shall not be responsible for any losses incurred by a reader or a company as a result of information provided in this publication. For more information, please contact Info@MattesonEllisLaw.com.
The author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. Copyright 2012 Matteson Ellis Law, PLLC
About the Author
Matteson Ellis is founder and principal of Matteson Ellis Law PLLC, a law firm focusing on U.S. Foreign Corrupt Practices Act (FCPA) compliance and enforcement. He has extensive experience in a broad range of international anti-corruption areas. Before forming Matteson Ellis Law, he worked on FCPA and anti-corruption matters in the Washington, D.C., offices of Miller & Chevalier Chartered, Coudert Brothers LLP and The World Bank.