To print this article, all you need is to be registered or login on Mondaq.com.
In February 2019, Cognizant Technology Solutions Corporation
(“Cognizant”) agreed to pay USD 25 million to the US
Securities and Exchange Commission (“SEC”) to settle
violations of the anti-bribery, internal accounting controls and
recordkeeping provisions of the US Foreign Corrupt Practices Act
(“FCPA”). In addition, two former high-ranking officials
of Cognizant were individually charged with authorizing USD 2.5
million in bribe payments to a government official in India.
According to a subsequent filing with the SEC in September 2021,
Cognizant has also committed to pay USD 95 million to investors to
settle allegations of defrauding shareholders by hiding bribes to
officials in India.
While the Cognizant case is a more recent example, it is far
from the sole instance of FCPA enforcement action stemming from a
company’s business interests and activities in India. However,
it is the targeting and prosecuting of individual officers for
bribery-related misconduct that is of particular interest, and the
focus of this assessment.
Individual liability and overseas risks
A historic review demonstrates that FCPA and UKBA enforcement
actions and penalties have largely been directed against
corporations. That said, it is critical to recognize that the FCPA
and the UKBA expressly contemplate individual liability, and the
Cognizant case is an illustrative matter in this respect. The
question this enforcement action throws up is how culpable an
officer of a company should be for the action to get personal.
Very often, bribes are ‘disguised’ in accounting records
as legitimate payments (such as fees or commissions to
consultants). In Cognizant’s case, sham change order requests
(allegedly authorised by certain officers of the company) were said
to have been used to conceal the payments it made to reimburse the
construction firm for the bribes extended to the government
officials in a construction project in India.
While this is just one example, during the course of
investigations we have conducted in various similar such cases,
consultancy/agency agreements, payments to vendors and sub-vendors,
supply/services purchase orders, marketing services payments, HR
events and even team offsite budgets have been used to disguise
In some of these cases, it may be extremely tricky, if not
impossible, for officers at a senior level (sitting in India, US,
UK or any other part of the world) to verify every accounting entry
and check real expenses versus the paperwork that is produced on
the ground. Where senior level officers have to rely on the
paperwork produced, questions on whether they exercised sufficient
diligence while approving those payments and whether sufficient
processes were put in place to verify those expenses become key
issues to consider while fixing individual responsibility.
One other important element that needs to be kept in mind is
whether investigations in the US or the UK trigger investigations
or reporting requirements under local regulations such as the
Prevention of Corruption Act (POCA) in India. Unlike the FCPA and
UKBA, the focus of POCA is to fix individual liability via criminal
prosecution. Monetary settlements equivalent to the FCPA or UKBA
are not available under POCA and prosecution tends to be a long and
painful process for all those confirmed without reaching finality
in many instances.
Officers and directors are particularly vulnerable when it comes
to operations in sectors that are licensed and/or heavily regulated
(such as alcohol and defence), industries with regular interface
with government officials (land and infrastructure) and heavy
reliance on third parties (given that the FCPA penalises indirect
bribes, even in the absence of actual knowledge of the corrupt
These risks are not endemic to one country, and as many
high-profile prosecutions have proven, infractions tend to be
across many jurisdictions with the tacit or explicit participation
of various individuals and a general breakdown or bypassing of
compliance and governance mechanisms.
Precautionary measures to mitigate risks to officers and
directors start with three major points –
- Being aware that ‘knowledge’ of a corrupt practice can
be attributed in many different ways across various regulations.
Therefore, meaningful mechanisms (whistleblower lines, reporting
mechanisms via HR or factory managers, third party audits etc.)
should be in place which enable the officer/s to become aware of
red flags in terms of risks.
- Once red flags are triggered, the next threshold requirement is
how the officer/s concerned reacted and what was done to get to the
bottom of the matter. Were enquiries conducted with due alacrity
and gravity, were suitable actions taken to remedy gaps, were
suitable disciplinary measures taken etc., become critical
questions and the answers should stand the test of diligence and
due process in hindsight as these are always called to question
- Finally, the officer/s’ behaviour and reaction to law
enforcement/government investigations and disclosures made in good
faith become critical to determine final
In a perfect world, all three above work seamlessly which
enables the officer/s to justify their actions (or the lack
thereof) and completely avoid liability on the basis that they have
always acted to comply to the best of their ability. However, we
have seen time and again, that there is no perfect set of facts
that can be presented in the course of an investigation which
always analyses action (or omissions) in hindsight.
The goal of compliance and governance mechanisms should be to
put in place procedures which make it difficult for any
investigation to individually attribute liability by giving the
officers sufficient tools in the forms described above to be able
to resist liability.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
POPULAR ARTICLES ON: Corporate/Commercial Law from India