with contributing author Michelle Mizutani
Unfortunately for companies seeking a way to avoid liability in countries known for corruption, not knowing what a third party is doing on the company’s behalf can be more dangerous than knowing. A company can protect itself against what it actually knows: the “known knowns.” But a company must also seek to anticipate and protect against what it doesn’t know—the “known unknowns” and the “unknown unknowns,” by assessing risks, conducting due diligence and monitoring the third parties very carefully. However, what the company truly is going to get in trouble for is ignoring what it knows the third party is doing, i.e., pretending that the known is unknown.1
The question of how a company can “know” what is being done by individuals and entities on its behalf frequently arises in the context of bribery in Asia-Pacific. If a company does not actually know what a third party is doing, how can the company be held responsible for what the third party does? Or alternatively, can a company avoid responsibility by not knowing what is really going on?
Generally, these questions are asked in relation to a company’s subsidiaries operating in distant places, third-party agents handling the bureaucratic maze of government approvals, permits and licenses, or distributors and sales persons who promise to penetrate emerging markets.
Hiring a third party in order to insulate the company from knowledge about bribes being paid on its behalf is not a viable strategy for avoiding liability under the UK Bribery Act (UKBA), the U.S. Foreign Corrupt Practices Act (FCPA) or other countries’ anti-corruption laws. Here’s why.
The FCPA Knowledge Standard for Third-Party Conduct
The FCPA was drafted to ensure that companies could not use third-party agents in bribery schemes to avoid actual knowledge of a bribe.2 Accordingly, a company is deemed to know about a bribe if there is awareness of a “high probability of the existence of such a circumstance.” This means that liability is imposed on those who purposefully avoid actual knowledge. As the U.S. Congress wrote in passing the FCPA,
“[T]he so-called ‘head-in-the-sand’ problem—variously described in the pertinent authorities as ‘conscious disregard,’ ‘willful blindness’ or ‘deliberate ignorance’—should be covered so that management officials could not take refuge from the Act’s prohibitions by their unwarranted obliviousness to any action (or inaction), language or other ‘signaling device’ that should reasonably alert them of the ‘high probability’ of an FCPA violation.”
A “signaling device” refers to a red flag associated with the third party, such as excessive commissions, a lack of relevant expertise or a close relationship with a foreign official. A company that is aware that the market it is entering is highly corrupt or requires frequent government interaction may increase the probability that bribery is likely to occur.
Moreover, recent civil and criminal enforcement cases suggest that U.S. enforcement agencies are holding companies strictly liable under the FCPA accounting provisions. These provisions require issuers to make and keep reasonably accurate books, records and accounts and to maintain adequate internal controls. Companies are penalized for knowingly falsifying or causing the falsification of books and records or for circumventing or failing to implement internal controls, but the requirement of knowledge seems to be disappearing.
The April 2014 settlement with California technology company Hewlett-Packard (HP) and three of its subsidiaries illustrates this trend. One of HP’s subsidiaries, for example, created a slush fund through a channel partner and intermediary company. It used the fund to pay for travel, cars and other luxury goods through a shell company linked to a government director responsible for awarding an automation contract to the subsidiary. The subsidiary kept two sets of books, secret spreadsheets describing the recipients of the corrupt funds and a sanitized version that hid the corrupt payments so that HP management never knew. Its other two subsidiaries falsified their books and records and circumvented internal controls: one, by paying inflated commissions (called “influencer fees”) via a “pass through company” to a consultant with ties to a state-owned petroleum company; and the other, by paying cash to a government official to win technology contracts through its public sector sales manager from off-the-books accounts. The SEC charged that the parent company’s books and records falsely reflected the payments as legitimate commissions and expenses. HP agreed to pay $34 million in disgorgement and prejudgment interest in addition to the criminal fines levied against the three subsidiaries for a total of $108 million, even though it had no knowledge of the schemes.
The UKBA Knowledge Standard for Associated Persons
Under the UKBA, the Section 7 provides that a commercial organization is guilty of the offense of failing to prevent bribery if an individual or company “associated with the company” (an “Associated Person”) offers, promises or gives a bribe intending to obtain or retain business or an advantage in the conduct of business for the organization. A person is associated with a commercial organization if that person “performs services” for it or on its behalf. Employees are presumed to be Associated Persons of their employer. Agents, intermediaries, consultants, subsidiaries, affiliates and joint venture partners (among others) may all amount to Associated Persons of an organization.
The corporate offense does not require any showing of knowledge, misconduct by or intent on the part of the commercial organization (i.e., a “strict liability” offense). There is only one possible defense to the corporate offense – that the organization had “adequate procedures” in place designed to prevent bribery.
The Knowledge Standard under Other Asia-Pacific Laws
Knowledge of a third party’s conduct is necessary for liability under the anti-bribery laws of other jurisdictions. For example, a company is automatically liable for acts of bribery of its employees under Japan’s Unfair Competition Prevention Act (the UCPA deals with the bribery of public officials belonging to non-Japanese governmental/official bodies). However, for an employee to be liable for the bribery of an intermediary (which will, in turn, result in liability for the company under the UCPA), the employee must have had knowledge of the intermediary’s acts. However, such knowledge can be recognized impliedly on the basis of the circumstances. In Indonesia, a company can be held liable for payments made by intermediaries if the company knew or should have reasonably known that the intermediary was making an illegal payment in connection with the provision of goods or services to or from the company. India is considering an amendment to its Prevention of Corruption Act to explicitly deal with liability for intermediaries’ conduct.
Hiring intermediaries in order to avoid actually knowing about a bribery scheme is not viewed as an effective risk mitigation strategy by enforcement authorities, particularly where the risk is well-known. Rather, searching out and recognizing the risks allows a company to put in place methods to demonstrate that it has attempted to assess and address those risks directly. Due diligence, training, certifications and monitoring are far better strategies than denial and conscious avoidance.
1 Paraphrasing Donald Rumsfeld, U.S. Secretary of Defense, 2002 U.S. Department of Defense News Briefing: Reports that say that something hasn’t happened are always interesting to me, because as we know, there are known knowns; there are things that we know that we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns, the ones we don’t know we don’t know.
2 A Resource Guide to the U.S. Foreign Corrupt Practices Act, page 22, available at