On May 7, World Acceptance Corp., a consumer lender based in Greenville, South Carolina, announced that it had set aside $21.7 million in anticipation of resolving an ongoing Foreign Corrupt Practices Act (FCPA) investigation by the Securities and Exchange Commission (SEC) in connection with its former business operations in Mexico. The investigation, which World Acceptance Corp. disclosed in January, is focused on the legality of certain payments related to consumer loans, as well as the classification of compensation for certain employees under both the FCPA and local law. The Department of Justice (DOJ) investigation into World Acceptance Corp. is ongoing.
The anticipated resolution of this investigation would mark one of the first known FCPA enforcement actions against a consumer or small-business lender. Accordingly, consumer and small-business lenders, payments companies, and other fintechs that operate internationally should ensure they have effective FCPA and anti-bribery compliance programs in place that address the corruption risks they are likely to encounter when providing services abroad.
The FCPA is the U.S. law that prohibits international bribery and corruption on the part of companies and individuals with sufficient U.S. contacts. The law includes "anti-bribery" and "books and records" provisions, jointly enforced by the Department of Justice and the SEC. The anti-bribery provisions prohibit offering or paying anything of value to a foreign official to obtain or retain business. Prosecutors have interpreted both "obtaining or retaining" business and "foreign officials" broadly to expand the scope and reach of the statute. The books and records provisions require U.S. issuers to create and maintain books, records, and accounts that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the issuer. Improperly recording a bribe as a written-off loan or providing bonus compensation to an employee that was actually funneled to a government official would constitute a books and records violation of the FCPA, even where the government may not be able to prove an underlying bribery allegation.
While the FCPA does not specifically criminalize the bribery of private corporate employees (known as corporate or commercial bribery), U.S. anti-money laundering (AML) laws (18 U.S.C. §§ 1956-57), the Travel Act (18 U.S. Code § 1952), and mail and wire fraud (18 U.S.C. §§ 1341, 1343) and securities laws provide for civil and criminal penalties for bribery in both the public and private spheres. Most foreign anti-corruption laws, such as the UK Bribery Act, French Sapin II, and Chinese Anti-Unfair Competition Law, also criminalize corporate bribery.
The FCPA Applies to Financial Institutions and Fintechs That Operate Internationally
Historically, the DOJ and SEC have brought FCPA actions against multinational companies with significant operations in high-risk jurisdictions, in many instances involving companies involved in the oil, telecom, and healthcare industries. Over the last several years, the DOJ and SEC have expanded beyond these industries to bring enforcement actions against financial institutions. For instance, in 2016, JPMorgan paid $264 million to settle FCPA claims with the DOJ, SEC, and Federal Reserve in connection with its practice of hiring relatives and referrals of government officials in order to win business. The prior year, BNY Mellon paid $15 million to the SEC for its internship hiring practices, which violated the anti-bribery and internal controls provisions of the FCPA. In 2016, Barclay's also paid $6.3 million to resolve FCPA claims stemming from similar conduct.
In calculating these settlement numbers, the enforcement agencies considered whether the organizations voluntarily disclosed the misconduct and/or cooperated with the investigation, the amount of profits generated by the scheme, the organization's relative role in the scheme, and remedial actions taken by the organization.
Best Practices When Operating Abroad
One of the perceived advantages of fintechs is that they are flexible and able to shift course and adapt to market developments quickly. Although this may help from a business perspective, such agility can quickly push fintechs into uncharted regulatory waters. As the industry matures domestically and expands abroad, fintechs must take into account the FCPA and related risks (including AML and economic sanctions).
As demonstrated by the World Acceptance matter, fintechs face many of the same challenges as other industries operating in high-risk jurisdictions. Per the enforcement actions summarized above, hiring practices remain a leading source for the facilitation of bribes to government officials, in which employment is a "thing of value" exchanged for favorable treatment by regulators and local decision makers. Third-party due diligence remains the leading international anti-corruption risk, especially when enforcement agencies view those third parties as agents of the company. Brokers, lead-generating agents, consultants, and other third parties operating on the behalf of companies internationally are often a source of uncovered bribery schemes that later embroil those companies in government investigations. Fintechs will also likely face demands for payments to access certain markets, which may be paid through uncollected loans, loose cash controls, and bonus compensation to employees and third-party consultants that run afoul of the FCPA and other anti-corruption laws.
To minimize these types of risks, a fintech with international activities should adopt policies and procedures governing compliance with the U.S. and local anti-corruption, AML, and economic sanctions requirements. These policies should be tailored to take into account the fintech's products and services, geographic focus, operating structure, and business risks. In terms of training, a fintech should ensure that board members, management, and staff receive appropriate training on a regular basis, covering FCPA and other risks in doing business abroad. In addition, the company should implement a process for regular internal and external compliance audits to review operations for compliance with applicable legal requirements.
While fintechs have earned a reputation as "disrupters" in the financial services industry, there is little more disruptive to a company's efforts to expand overseas than an FCPA enforcement action. Venable has experienced attorneys ready to assist in drafting FCPA compliance programs, directing risk assessments, and conducting internal investigations into anti-corruption allegations in numerous jurisdictions. Proactive and reactive measures such as these can make all the difference in preventing an FCPA violation or receiving cooperation credits if an enforcement agency comes knocking.