When you review the actual law surrounding books and records and internal controls, you wonder to yourself what took the Justice Department and the SEC so long to discover the full power of the provisions.

My explanation for this is pretty basic – when you have companies’ self-disclosing bribery violations, along with books and records violations, there is no need to develop ” “new” enforcement strategies.  Frankly, by definition, a bribery violation establishes a books and records and internal controls violation.

Judge Sporkin, as the architect of this regime, knew full well what he was asking for and the power of the FCPA.  Every SEC prosecutor recognizes the power of these provisions and they owe Judge Sporkin gratitude for his prosecutorial prescience.

Companies have reporting obligations under Section 13(a) of the Exchange Act, which requires companies to file annual reports that contain comprehensive information and disclosures about material issues. A failure to disclose, such as a potential material liability for an FCPA violation, could result in an anti-fraud or reporting violation under Sections 10(b) and 13(a) of the Exchange Act.

In 2002, as part of the Sarbanes-Oxley Act, additional requirements were enacted relating to accounting requirements and internal controls.

Section 302 of SOX requires a company’s principal officers (e.g. CEO and CFO) certify that: (i) based on the officer’s knowledge, the report contains no material misstatements or omissions; (ii) based on the officer’s knowledge, the relevant financial statements are accurate in all material respects; (iii) internal controls are properly designed; and (iv) the certifying officers have disclosed to the issuer’s audit committee and auditors all significant internal control deficiencies.

SOX Section 404 requires a company to disclose any deficiencies in its internal controls over financial reporting. In addition, the company’s independent auditor must attest to and report on its assessment of the effectiveness of the company’s internal controls over financial reporting. The SEC has implemented rules requiring issuers and their independent auditors to report to the public on the effectiveness of the company’s internal controls, including illegal acts such as fraud and bribery.

The FCPA’s accounting provisions apply to “issuers,” a term which includes over-the-counter companies required to file reports, and foreign companies that trade in American Depositary Receipts. An issuer’s responsibility for compliance with accounting requirements extends to subsidiaries or affiliates (e.g. joint ventures) under its control, including foreign subsidiaries and joint venture partners.

Companies and individuals can be held civilly liable for violating the FCPA books and records and internal controls requirements. For example, the CEO of a foreign subsidiary could be held liable if the subsidiary fails to implement a set of internal controls.

Companies and individuals can be held civilly liable for falsifying a company’s books and records or for circumventing internal controls.  Exchange Act Rule 13b2-1 provides:

No person shall, directly or indirectly, falsify or cause to be falsified, any book, record or account subject to the [books and records provision] of the Securities Exchange Act.

Section 13(b)(5) provides:

No person shall knowingly circumvent or knowingly fail to implement a system of internal accounting controls or knowingly falsify any book, record or account . . .

Companies and individuals can be held criminally liable for knowingly violating the FCPA’s books and records or internal controls provisions. Like the FCPA anti-bribery provision, individuals can only be criminally prosecuted if they acted willfully, which is often not a significant hurdle to prosecution.

The Garth Peterson criminal plea involved a conspiracy to evade Morgan Stanley’s accounting controls in order to transfer an ownership interest in a Shanghai building to himself and a Chinese public official.  Peterson violated the anti-bribery prohibition, as well as the books and records and internal controls provisions.  He was a managing director for Morgan Stanley and was obligated to follow Morgan Stanley’s internal controls. He circumvented the controls for his personal enrichment.  Peterson was sentenced to nine months in prison.