By Dentons | July 3rd, 2015

By Brian O’Bleness
Originally published by DRI

U.S.-connected companies operating internationally face significant legal risks from the U.S. Foreign Corrupt Practices Act (FCPA) if employees or agents bribe or promise to bribe the expansive class of people known as foreign officials. The U.S. Securities and Exchange Commission (SEC) and the U.S. Department of Justice (DOJ) reemphasize FCPA enforcement as a continuing priority by their clear and frequent actions and words. Here, I address what the government would expect to find if it reviewed your client’s company FCPA compliance program.

Brief FCPA Background

In 1977, Congress passed the FCPA, making it illegal for U.S. companies, their employees, and their agents, in the United States or abroad, to pay or to offer to pay, anything of value, to any foreign government official or foreign political party for the purpose of obtaining or retaining business. Because it is a criminal statute, there must be corrupt intent.

One formulation of the crimes covered in the act is that a person or a company is guilty of violating the FCPA if the government can prove that:

1) a payment, offer, authorization, or promise to pay money or anything of value

2) was made to a foreign government official (including a party official or manager of a state-owned concern), or to any other person, knowing that the payment or promise will be passed on to a foreign official,

3) with a corrupt motive,

4) for the purpose of influencing any act or decision of that person, inducing such person to do or to omit any action in violation of his or her lawful duty, securing an improper advantage, or inducing such person to use his or her influence to affect an official act or decision, to assist in obtaining or retaining business for or with, or directing any business to, any person.

In additional to the bribery elements, there are accounting provisions penalizing the lack of internal controls and books and records provisions for improperly recording bribes as other than bribes. The act has both criminal and civil penalties, and it applies to both public and private U.S. companies everywhere that they do business with and therefore, also to their business partners. The DOJ and the SEC have been very aggressive with every aspect of FCPA enforcement, from interpreting jurisdictional reach and finding intent, to defining gaining and retaining business. Many countries have similar laws or conventions even if they do not enforce them.

Read more

By Dentons | August 29th, 2014

By Todd Liao and Michelle J. Shapiro


Peter Humphrey and his wife were indicted by a Shanghai court on August 8, 2022 for illegally obtaining and selling private information of Chinese citizens. The private information included residential addresses, family member information, car ownership records and real estate records. The couple operated ChinaWhys Co. Ltd., a private investigation firm that offered investigatory services to corporations and law firms doing business in the People’s Republic of China (the “PRC” or “China”).

At the time of their arrest, the couple were investigating Chinese citizens on behalf of GlaxoSmithKline (“GSK”), the UK pharmaceutical company. The arrest came days after Chinese authorities publicly leveled bribery allegations against GSK, which hired investigators to determine the identity of the person(s) that disclosed the bribery scandal to Chinese authorities and GSK executives. This arrest is indicative of a shift in China’s regulatory landscape toward tightened privacy compliance regulations and proactive enforcement of data privacy violations with respect to Chinese citizens.

The following article highlights certain lessons that can be learned from the Humphrey case and provides practical advice for navigating the risks associated with internal investigations in China.

Lessons from Humphrey’s indictment

Humphrey and his wife were arrested and prosecuted pursuant to Article 253 of China’s Amendments to Criminal Law (VII) (“Article 253″) which bans “stealing or illegally obtaining, by any means, personal information”. Although Humphrey and his wife are the first foreign nationals to be arrested by Chinese authorities for trading in “illegal personal information,” at least 126 people have been arrested in Shanghai for similar violations over the past five years.

In China, personal information is protected under various laws, including the constitution, and civil and criminal laws. While an overarching personal data protection law has been in the drafting phase since 2003, it is unclear when the law will be enacted. Prior to the changes to Article 253, the scattered data privacy provisions protected a citizen’s right to a general freedom of communication, security and privacy, but did not cover basic personal information. Article 253 helps fill the regulatory void in respect of the protection of basic personal information. In addition, Article 253 provides Chinese courts with an effective tool to scrutinize due diligence and investigation practices conducted in China insofar as such processes involve the collection of “personal information”.

Prior to Humphrey’s indictment, the “standard practice” for conducting an investigation in China involved outsourcing the due diligence investigation to professional due diligence firms, such as Humphrey’s. As a result of the changing laws regarding personal data protection, there will now be more scrutiny on how information regarding Chinese individuals and companies is obtained. Humphrey’s case highlights the risks of holding or relaying personal information of Chinese citizens and demonstrates that companies obtaining such information without proper authorization may face legal penalties, including criminal prosecution. In light of Humphrey’s indictment and China’s changing regulatory landscape, multinational corporations (“MNCs”) that depend on due diligence checks to avoid running afoul of corruption legislation (such as the US Foreign Corrupt Practices Act (the “Act”)) may need to alter investigative techniques to comply with PRC law.

Conducting investigations in China

Pitfalls and roadblocks in data collection

As noted above, PRC regulations on personal data protection are scattered and complicated, which may pose pitfalls for investigators and anti-corruption professionals that are unfamiliar with PRC law. For example, the existing laws do not have a unified definition of “personal information” in the non-internet context. The absence of clear guidance on what constitutes personal information or other key subject matter creates a layer of uncertainty for an MNCs’ investigation efforts in China. Humphrey and his wife’s case exemplifies this risk, as both admitted they were unaware of the newly enacted laws regulating their industry.

In addition to knowledge of data privacy law, familiarity with local practices and national policies issued by the government is an important component of MNCs’ investigations in China. Before January 2013, due diligence firms were able to freely retrieve corporate records from the Administration of Industry and Commerce (the “AIC”), which is the governmental authority that keeps financial and ownership information on all companies in China. The Chinese government recently restricted access to this information after several media and investment informational companies published sensitive information regarding the fraudulent schemes of Chinese companies and political figures. This restriction has severely impaired the ability for MNCs to conduct comprehensive due diligence on the ownership interests of potential joint-venture partners, merger and acquisition targets, vendors, state-owned entities, foreign officials and politically exposed persons.

Read more

By Dentons | February 25th, 2014

By Randy Bregman, Michelle J. Shapiro and Peter G. Feldman

The increasing focus on enforcement of the US Foreign Corrupt Practices Act (FCPA), Canadian Corruption of Foreign Public Officials Act and UK Bribery Act, as well as similar anti-corruption laws around the globe, has made conducting pre-acquisition anti-corruption due diligence an essential element of any cross-border merger or acquisition, especially if the target does business in a jurisdiction where local officials may expect to be compensated for simply doing their job. Although some may view their payments to “government officials” (the definition of which is very broad) as merely a cost of doing business or a necessary evil to expedite the granting of a license or permit, in addition to running afoul of applicable laws such payments can wreak havoc with an open and accurate economic analysis of the true costs of doing business, particularly since they tend not to be readily apparent in financial statements relied upon by buyers and lenders worldwide.

As a result, the failure to conduct pre-acquisition anticorruption due diligence can lead to severe legal and financial consequences, as well as reputational damage, for both buyers and sellers. For buyers, anti-corruption diligence can be especially critical because, under US principles of successor liability, a buyer may be held liable for pre-closing FCPA violations by the target. And if illegal conduct by the acquired company continues post-closing, the buyer can be held directly liable, even if it had no knowledge of or participation in the violation. For sellers, putting aside any individual liability (which would survive a transfer of ownership or control), concerns about potential pre-closing violations can strongly influence a deal’s value, if not threaten the entire transaction. Moreover, sellers may be asked to provide specific representations—or even fundamental representations—and warranties as to anti-corruption compliance that are backed by broad indemnification provisions and hefty escrow amounts.

The two US government agencies responsible for enforcing the FCPA, the Department of Justice (DOJ) and the Securities and Exchange Commission (SEC), have endorsed a risk-based approach to conducting preacquisition anti-corruption due diligence. As explained in greater detail below, such an approach requires an initial evaluation of the target’s risk profile, followed by the creation and subsequent implementation of a work plan that incorporates review procedures specifically tailored to and commensurate with the risks identified. Even if pre-acquisition anti-corruption diligence does not reveal evidence of bribery (after all, the professionals conducting the exercise lack badges and subpoena power, and must to some extent rely on the target’s personnel to provide accurate and complete information), conducting such a review can help to identify “red flag” indicators of corruption and potential control weaknesses. Once armed with that information, a prospective buyer can address the issues with the seller and, ideally, convince the seller to remediate and voluntarily report any violations to the relevant authorities before the deal is closed. At a minimum, the results of the review can be factored into the deal terms and pricing, as well as taken into consideration by the buyer when designing plans to integrate the target into its operations. The exercise could also prove useful in demonstrating to law enforcement the buyer’s commitment to anti-corruption compliance, should violations come to the government’s attention postclosing. Stated another way, if you do not devote sufficient time and resources to try to detect corrupt practices pre-closing, arguments that you were an “innocent purchaser” may fall on deaf ears.

Read more

About Dentons

ANALYSIS: What the Government Expects to Find in an Anti-Corruption Compliance Program