In my last post, I suggested that one possible drawback to dramatically ramping up enforcement of the Foreign Corrupt Practices Act against individuals (from the perspective of those who, like me, favor aggressive FCPA enforcement) is that individual defendants are relatively more likely to litigate than are corporate defendants. This not only might entail a greater drain on the resources of the government enforcement agencies—a familiar and well-understood concern—but it could also lead to adverse appellate rulings on the meaning of key FCPA provisions (particularly if the targeting of more individuals also entails the targeting of relatively more sympathetic individuals). In this post, I want to raise a similar concern in connection with a prominent proposal for increasing the FCPA’s deterrent effect: the addition of a private right of action under the statute.
The FCPA in its current form does not authorize private individuals to sue defendants for alleged violations of the statute. Although some other statutes might authorize certain forms of private FCPA enforcement—for example, in the form of shareholder derivative suits, or suits alleging violations of the antitrust laws or the RICO Act—these forms of private recourse are quite limited in their availability. (I won’t go into all the reasons in this post—Professor Gideon Mark has a nice discussion in his paper on the topic.) Yet many people (including Professor Mark) have advocated the addition of an express FCPA private right of action which, in the view of its proponents, would substantially enhance FCPA deterrence. This idea has attracted at least some interest in the U.S. Congress, though the proposed bills to add an FCPA private right of action have not yet gone anywhere.
My natural instincts are to support a proposal along these lines, both because I’m more of a “hawk” when it comes to FCPA enforcement, and because I’m generally an enthusiast for the “private attorney general” model for enforcing public law. And I could still be persuaded that a private FCPA action is a good idea. But I have concerns similar to those I raised in my last post about greater targeting of individuals, as well as some additional, closely related worries. Here are the main worries, as I see them:
As I discussed in my last post, in the typical FCPA enforcement action—brought against a corporation by the Department of Justice and/or Securities & Exchange Commission)—the corporation has a very strong incentive to settle (prior to indictment). Indeed, these cases are almost never litigated, but rather are resolved through negotiations. In these negotiations, the government has a lot of leverage, precisely because most corporate defendants desperately want to avoid an indictment. This, in turn, has enabled the government to adopt very broad (in my view persuasive, but certainly contestable) readings of many of the FCPA’s provisions, including the definition of “foreign official,” the scope of the exceptions for “facilitating payments” and bona fide promotional expenditures, the “business purpose” test, the meanings of the state-of-mind terms “knowing,” “willfully,” and “corruptly,” the scope of the government’s jurisdiction under the statute, etc.
But this doesn’t mean the government can or does try to impose the harshest FCPA sanctions it can, at any opportunity. Even though the government has adopted a broad view of the statute’s scope, the SEC and DOJ have an incentive to select their targets, and calibrate their sanctions, so that the really severe penalties are reserved for the worst actors (and/or the cases where the evidence of misconduct is clearest). Much of this is no doubt due to the fact that government enforcers, whatever their failings, take their jobs and their responsibilities seriously—they want to make sure the punishment fits the crime. They also have limited resources, which also gives them a strong incentive to choose their battles judiciously. But there are also some strategic concerns at work here:
- The government has an incentive to preserve a reputation for reasonableness, to encourage self-disclosure by corporations (who are more likely to self-disclose if they expect fair treatment, and if they anticipate that disclosure will, in and of itself, be considered a mitigating factor).
- The government is likely also aware that, although most corporations are anxious to avoid indictment, if the government overreaches, the target might refuse to knuckle under, and litigating and FCPA case against a well-resourced corporate defendant is both costly and risky for the government.
- Politically, the DOJ and SEC are well aware of the longstanding efforts by the U.S. Chamber of Commerce and other advocates of FCPA “reform” to use accusations of government overreach and prosecutorial overzealousness to delegitimatize current FCPA enforcement efforts. And DOJ and SEC officials likely want to avoid unnecessarily giving these critics additional ammunition.
With that as background, what would happen if we were to amend the FCPA to add a private right of action, perhaps similar to the “citizen suit” provisions in many U.S. environmental laws, or to the more narrowly drawn private remedies available under U.S. antitrust and securities laws? On the one hand, we might get a lot more FCPA enforcement, both because we’d have all of these “private attorneys general” who could bring cases that the DOJ and SEC just don’t have the resources to pursue, and because these parties might have strong incentives to uncover more information about potential FCPA violations. But, even if we limit ourselves to the perspective of someone who wants more aggressive FCPA enforcement and stronger deterrence of foreign bribery, opening up the floodgates of private litigation might entail some significant risks:
- First, the result of private enforcement would likely be much more litigation—including appellate litigation over the statute’s meaning. Corporations may have strong incentives to avoid FCPA indictments at (almost) all cost by settling with the government, but they do not have nearly the same incentive to settle with private plaintiffs. True, settling is often the more economically rational decision, but the possibilities for negotiation breakdown are much higher when the corporation views litigation as a calculated risk rather than a disaster. Indeed, sometimes corporate defendants might have a strong incentive to litigate at least some of the private FCPA suits brought against them, in order to establish a reputation for resolve and deter “nuisance” suits. As I pointed out in my last post, more litigation means a greater risk of an adverse appellate decision (or even a Supreme Court decision) on the FCPA’s meaning, which potentially devastating effects on the DOJ and SEC’s FCPA enforcement efforts.
- Second, private FCPA plaintiffs don’t have anything like the incentives that government enforcers have to select cases judiciously, by focusing on the most egregious conduct by the least sympathetic defendants, where the evidence of misconduct is strongest. This could have two distinct but related consequences. First, building on the previous point, it may mean that a private right of action under the FCPA would result not only in courts seeing a lot more FCPA cases, but also that the cases that they do see involve much more sympathetic defendants—and where it may seem to the court that the only way to avoid excessive FCPA liability is to curtail the statute’s substantive reach. Second, private FCPA enforcement might make it much more likely that Congress amends the FCPA to limit the statute’s substantive scope. After all, right now when the Chamber of Commerce or some other FCPA “reform” advocate suggest all the crazy potential consequences of the government’s broad construction of the Act, government representatives can (and do) reply by pointing out that these hypothetical absurd consequences are just that—hypothetical. It’s very hard to find actual examples of absurd prosecutorial overreach (and when the Chamber and its allies have tried, their examples have been quickly and easily debunked). But with private suits, it’s much more likely that we’ll see real-world cases where a private plaintiff, relying on the DOJ & SEC’s interpretation of the FCPA, brings a case that the DOJ & SEC would never have brought. And if Congress chooses not to cut back on the private right of action, it might well instead respond by cutting back on the substantive scope of the statute. Moreover, something like the proposed compliance defense—which I have argued is unnecessary and irrelevant in the context of public FCPA enforcement actions—might start to look considerably more reasonable in the context of private FCPA enforcement.
- Third, potential private liability under the FCPA could alter firms’ incentives to self-disclose FCPA violations. Right now, self-disclosure to the DOJ and SEC is made more appealing by the fact that the people in these agencies are (mostly) reasonable, and have an incentive to take the corporation’s good faith and cooperation into account. Self-disclosure also seems more appealing when, from the corporation’s perspective, settling the case with the government means that the matter is concluded, and the corporation can move on. As I have suggested before in a different context, the possibility of additional liability, and the need to engage with other parties besides the DOJ and SEC, may make self-disclosure less attractive. And that could be a big problem, because self-disclosure is the single most common way that corporate FCPA violations come to light.
Now, many of these concerns about private FCPA enforcement might be addressed through a variety of mechanisms to limit, channel, or otherwise control these private suits. I may take up some of these possibilities in a future post. Also, the risks I’ve sketched above are only risks, not certainties—and they may be risks worth taking, given the significant advantages of private enforcement in the FCPA context. Nonetheless, as I argued last time with respect to targeting individuals for criminal FCPA liability, these risks seem to me worth taking seriously.