Don't let your guard down: Changes in FCPA and crypto enforcement

Even as welcome change has come to enforcement of both the Foreign Corrupt Practices Act (FCPA) and cryptocurrency laws, businesses must remain vigilant to avoid liability.

FCPA

The FCPA is a criminal statute that prohibits bribery abroad. It can impact anyone under American jurisdiction who does business in foreign countries. It is a statute that nearly all businesses must consider.

In an unexpected move this year, the Justice Department stopped FCPA prosecutions. It appeared that the FCPA might have become vestigial. And then, just as suddenly, the DOJ resumed FCPA enforcement, announcing significant priority changes. Since then, the DOJ has undertaken multiple FCPA enforcement actions that reveal important lessons.

The DOJ's new priorities for FCPA include, among other things (1) conduct related to cartels and other trans-national criminal organizations; (2) conduct connected to national security sectors like defense and critical infrastructure; and (3) "serious misconduct" (as opposed to actions that constitute "routine business practices" abroad).

Recent FCPA enforcement actions elucidate what these priorities mean -- and show that companies in all sectors remain at risk:

Mission accomplished. In August, DOJ unsealed its first FCPA indictment since the enforcement pause. It charged two Mexican citizens, Ramon Alexandro Rovirosa Martinez and Mario Alberto Avila Lizarraga, with giving gifts such as a $12,000 watch and a Louis Vuitton handbag to officials at a subsidiary of PEMEX, the state-owned oil company of Mexico. Unfortunately for the defendants, one PEMEX official responded with the Spanish-language equivalent of "mission accomplished!" when he fulfilled one of the defendant's requests.

Helicopter parent company. In November, DOJ entered a deferred prosecution agreement (DPA) -- meaning a chance to avoid major criminal sanctions -- with Comunicaciones Celulares (Comcel), a Guatemalan telecommunications firm. According to the DPA, Comcel personnel paid government officials for favors like spectrum rights. Some of the bribe money allegedly originated with a narcotics trafficker. The bribes were sometimes delivered by helicopter as cash in duffel bags. Comcel and its parent company, Millicom, self-reported the misconduct in 2015, and then aggressively worked to identify and self-report more information in 2021.

Taking liberty. Since the pause, DOJ has also issued a declination, meaning a decision not to prosecute, in another matter. The underlying investigation concerned payments from a subsidiary of Liberty Mutual to bankers in India to develop business. DOJ said it declined to prosecute because of self-reporting, the nature of the offense, disgorgement of profits and the absence of aggravating factors.

FCPA enforcement takeaways

There are three key takeaways businesses should be aware of:

Businesses operating wherever cartels wield power are vulnerable. As proved by the enforcement action in Guatemala, this is one of DOJ's priorities.

There is still great value in self-reporting. These were factors in securing both the Comcel deferred prosecution and the Liberty Mutual declination. Companies may benefit from sophisticated tracking of their own payments and retention of their employees' communications, which the government has indicated it appreciates in self-reporting.

No bribe is too small. The administration said that its new focus is on major misconduct. However, the value of the items in the Rovirosa case -- a handbag and a watch -- were minimal. This shows that aggravating factors may call for prosecution of small dollar-value crimes.

Cryptocurrency

The current administration has also promised to make business-friendly changes to crypto enforcement. Specifically, the government is promising reduced litigation against the cryptocurrency industry. However, state attorneys general may be stepping in to fill the litigation void, and that patchwork approach could complicate compliance and litigation for businesses.

This year, the administration heralded the end of crypto regulation by litigation. On Aug. 21, Acting Assistant Attorney General Matthew R. Galeotti announced that the DOJ "will not use indictments as a lawmaking tool." In particular, Galeotti promised reduced reliance on 18 U.S.C. §1960(b)(1)(C), a statute that prohibits unlicensed money transfers. It had been a powerful tool against crypto purveyors because it carries strict liability. The government has loudly fulfilled its promise of reduced litigation: This year, the SEC has dismissed multiple crypto enforcement actions.

The administration is also discussing legislation that would preempt state regulation of crypto. Such legislation could end the application of state securities laws to cryptocurrency. But it might not prevent state law enforcement from litigating against crypto businesses using consumer protection and anti-fraud laws.

State attorneys general turn up the heat

Meanwhile, state attorneys general are continuing to bring enforcement actions against crypto-industry players. In March, the New York attorney general announced a $200 million settlement with Galaxy Digital over allegations that Galaxy had promoted a crypto asset without disclosing its interest in the same. The attorney general claimed that this violated the Martin Act, which prohibits fraud in connection with securities, and the Executive Law, which is an anti-fraud statute not particular to securities.

In July, the Florida attorney general announced an investigation of Robinhood Crypto over allegations that the trading platform deceptively marketed low fees and commissions for cryptocurrency trading, potentially in violation of Florida's Deceptive and Unfair Practices Act. According to Robinhood's most recent 10Q, it is also the focus of investigations by regulators in New York and Massachusetts. Oregon and Washington have also recently brought actions against crypto players.

Crypto enforcement takeaways

Even if state securities regulations are preempted, businesses must be vigilant regarding each state's laws on advertising claims and conflict of interest disclosures. State law may remain the basis for state attorney generals to bring consumer protection actions.

Jeremiah Levine is a co-founder and partner at Procel Levine LLP.