11. Assessing and Mitigating Compliance Risks in the Transactional Context
Even with the proliferation of anti-corruption laws and enforcement in Latin America, corruption risk need not be a deal-killer. In fact, under the right circumstances, a company tainted by corruption might be a highly attractive investment target. On the other hand, undiagnosed corruption risk can prove catastrophic, quickly undermining financial assumptions that motivated a transaction and exposing an acquiring company to unwanted regulatory and reputational risks.
As discussed in this chapter, anti-corruption and other compliance risks can greatly affect the value and appropriateness of a given transaction. An acquirer may be subject to successor liability for a target’s pre-closing wrongdoing, even if unknown to the acquiring company before closing. Likewise, an acquiring company may face regulatory exposure for ongoing and future violations, including for misconduct that may have begun before but continues after closing. Failure to detect a corruption problem before signing also limits an acquirer’s strategic options and may result in overpaying for a target. In addition to potential penalties, the true value of an acquired business – once operated in compliance with applicable laws – may prove less than it appeared historically, when corrupt activities artificially inflated its perceived value.
For these reasons, compliance due diligence is a crucial component of transaction planning. Any company engaging in a merger, acquisition or other investment at least should consider the risk that a target has past or current corruption or other compliance issues that may affect the transaction. The level of potential risk and the findings of related due diligence can have a cascading effect. This includes consideration of the appropriate level of due diligence and the inclusion of relevant contractual provisions. When potential misconduct is identified before signing, an acquirer can attempt to shift some or all of the associated financial responsibility to the seller by adjusting the price or negotiating an indemnity. The acquirer also may pursue other strategies to limit future risk, including coordinated outreach to relevant government authorities.
This chapter addresses compliance-related risks in mergers and acquisitions, focusing in particular on anti-corruption matters given the risk landscape in Latin America. The discussion considers in turn potential liability for pre-transaction misconduct, continuing misconduct and misconduct in a given transaction. The chapter then describes practical steps to mitigate these risks, including pre-transaction due diligence, inclusion of contractual protections and post-transaction compliance measures.
Compliance risks associated with M&A transactions
In the transactional context, compliance risk falls into three principal categories: (1) pre-acquisition conduct by the target that may result in successor liability for the acquirer (distinct from the predecessor’s liability); (2) conduct by the target that continues or recurs post-closing; and (3) conduct related to the transaction itself.
Successor liability arises when an acquirer inherits direct liability for an acquired entity’s pre-acquisition conduct. Many countries, including the United States and various countries in Latin America (such as Argentina, Brazil, Colombia and Mexico), recognise the doctrine of successor liability in one form or another.
United States: When a company acquires or merges with another company, the successor generally assumes all liabilities of the predecessor (in contrast to an asset sale, in which liabilities generally do not transfer). Nevertheless, in the 2012 Resource Guide to the US Foreign Corrupt Practices Act (the Resource Guide), the US Department of Justice (US DOJ) and the US Securities and Exchange Commission (US SEC) stated that they often have decided not to take enforcement action against companies that voluntarily disclosed and remediated wrongdoing uncovered in transactional due diligence.
In particular, the US authorities explained that they ‘have only taken action against successor companies in limited circumstances, generally in cases involving egregious and sustained violations or where the successor company directly participated in the violations or failed to stop the misconduct from continuing after the acquisition’. Additionally, the US DOJ and the US SEC noted, ‘[s]uccessor liability does not . . . create liability where none existed before’, such as ‘if an issuer were to acquire a foreign company that was not previously subject to the FCPA’s jurisdiction’.
The US DOJ and the US SEC have encouraged companies to ‘conduct pre-acquisition due diligence and improve compliance programs and internal controls after acquisition’. The Resource Guide adds that ‘a successor company’s voluntary disclosure, appropriate due diligence and implementation of an effective compliance programme may also decrease the likelihood of an enforcement action regarding an acquired company’s post-acquisition conduct when pre-acquisition due diligence is not possible’. The result of this prior guidance had been at least a perception of something close to a ‘safe harbour’ for acquirers that follow it.
More recently, the US DOJ confirmed that its Corporate Enforcement Policy (the Policy) applies in the transactional context, further underscoring the value of anti-corruption due diligence. Specifically, under the Policy, there will be a presumption that the US DOJ declines prosecution if an acquiring company (1) discovers and voluntarily self-discloses in a timely manner misconduct uncovered at a target, such as through pre-acquisition due diligence or post-acquisition audits and compliance integration efforts, (2) fully cooperates with the US DOJ and (3) works to remediate effectively, including by implementing an effective compliance programme at the merged or acquired entity. Because an acquiring company may have limited access to a target’s data before closing, the Policy’s presumption also applies if the successor uncovers wrongdoing post-acquisition.
Argentina: Like the United States, Argentina recognises the doctrine of successor liability. Under Argentine law, in a merger or acquisition, the criminal responsibility or other liability of an acquired legal entity transfers to the resulting legal entity. The law states that criminal liability of the legal entity will ‘survive’ as long as it continues its business and its employees, customers and suppliers remain substantially the same.
Brazil: Brazilian law defines a ‘merger’ as an operation whereby one or more companies are absorbed by another, which in turns succeeds to all rights and obligations of the predecessors. ‘Consolidation’ is defined as an operation whereby two or more corporations unite to form a new corporation, which also succeeds them in their rights and obligations.
With respect to successor liability, the responsibility for current and previous liabilities, both known and unknown, therefore generally follows the legal entity. Under Brazil’s Anti-Corruption Law, in the event of a merger or consolidation, the successor company is liable for the payment of fines and for fully remediating the harm up to the limit of the transferred equity.
Brazil’s Office of the Federal Comptroller General, taking note of this type of risk, has recommended that any company engaging in a merger or acquisition take appropriate pre-transaction measures, including examining company records, conducting research in public records and potentially engaging in a more extensive investigation, to determine whether the target company has engaged in any improper conduct.
With corruption-tainted companies facing the prospect of judicial reorganisation, including following Operation Car Wash, one means of potentially protecting against the risk of successor liability is to acquire assets in the context of a reorganisation. Under Brazilian law, the sale of assets of a company under judicial reorganisation ordinarily will occur free of any burden and without a buyer succeeding to a seller’s obligations.
Colombia: Under Colombian law, a ‘merger’ is defined as an operation whereby one or more companies dissolve, without liquidation, to be absorbed by another or to create a new one. The absorbing or new company acquires the rights and obligations of the company or companies dissolved when the merger agreement is formalised.
Mexico: Mergers may not take effect in Mexico until three months after the filing of merger documents with the competent registry. During this period, any creditor of the merging companies may legally oppose the merger, which will be suspended until final resolution of the opposition. If the three-month period elapses without opposition, the merger may take place and the company that subsists or results from a merger will be responsible for the rights and obligations of the merged or absorbed companies.
Conduct that continues post-acquisition
The most significant category of compliance risk in M&A transactions is arguably pre-existing conduct that continues post-acquisition. When this type of conduct occurs, the acquirer is more clearly responsible and less able to protect itself against liability by means of due diligence, contractual protections and post-closing remediation.
For example, Zimmer Biomet agreed in January 2017 to pay more than US$30 million to resolve parallel US DOJ and US SEC investigations involving charges that, after Zimmer Holdings acquired Biomet in 2015, the acquired business continued to ‘interact and improperly record transactions with a known prohibited distributor’ in Brazil and ‘used a third-party customs broker to pay bribes to Mexican customs officials’ on behalf of Biomet. Zimmer Biomet’s 2017 settlement arose from the US DOJ’s determination that Biomet had breached its obligations under its 2012 deferred prosecution agreement (DPA) and that Zimmer, as the acquirer, had inherited these obligations.
According to the US DOJ, despite being aware of prior corruption-related misconduct in Brazil and Mexico, Biomet ‘knowingly failed to implement and maintain an adequate system of internal accounting controls designed to detect and prevent bribery by its agents and business partners’. The US DOJ also stated that Biomet failed to conduct appropriate due diligence on its Brazilian distributor and third-party associates in Mexico.
Conduct in connection with the transaction
The final category of risk relates to an acquirer’s own conduct in connection with finding, sourcing and completing a particular transaction. For example, hedge fund manager Och-Ziff’s DPA with the US DOJ in 2016 related to its payments to an African intermediary in sourcing various investment deals in sub-Saharan Africa.
More broadly, completing a cross-border transaction almost always involves obtaining regulatory approvals, including with respect to competition law, foreign investment law or otherwise. This requires contact with government officials and thereby the risk of corrupt activity.
Addressing compliance risks in M&A transactions
Tailoring the approach to the circumstances of a transaction
Compliance-related risks may be addressed in two phases of an M&A transaction: (1) pre-acquisition, by focusing on risk assessment, due diligence, contractual protections and, in some circumstances, pre-closing remediation; and (2) post-acquisition, by focusing on supplementary due diligence and post-closing remediation and integration. Of course, each transaction is different, and the nature and scope of these steps in each phase will differ based on business realities, resources and other factors.
For example, in the wake of Brazil’s Operation Car Wash, the need of companies adversely affected by investigations to generate cash – in part to pay penalties imposed as a result of wrongdoing – created the potential for asset and share deals at attractive prices and conditions. These opportunities also highlighted the uncertainty that a target’s past (or continued) involvement in a highly publicised corruption scandal brings to a transaction, especially with respect to successor liability. Given the risk of being held responsible for corruption-related liabilities, interested buyers have increased legal scrutiny of potentially tainted assets, including by means of expansive due diligence, and sometimes have conditioned concluding a deal on final approval of a leniency or plea agreement.
How and when to deal with this type of compliance risk is largely dependent on the size, timing and purpose of a transaction, and the parties’ respective risk tolerance and leverage. The value of a transaction and its inherent risk profile typically influence the resources an acquirer devotes to pre-acquisition and post-acquisition procedures addressing anti-corruption and other compliance risks.
Similarly, when an investment results in a non-controlling stake, an acquirer may be more limited in what compliance steps can be taken post-acquisition, which highlights the importance in these situations of conducting pre-investment due diligence and obtaining relevant contractual protections. While a minority investment may result in less legal risk to the investor under applicable laws, the risk that an enforcement action will impair the value of the investment remains acute. An accurate assessment of compliance risk is important for determining the extent to which those potential liabilities undercut the attractiveness of a contemplated transaction.
The precise timing of a transaction is often influenced by business realities beyond the sole control of a potential acquirer. Likewise, the scope of due diligence may be limited by applicable law, including securities laws when the target is listed on a public exchange. While friendly strategic transactions, including mergers, often involve significant pre-acquisition due diligence (and potentially remediation), other types of transactions may move too quickly or be subject to other limits on the ability to assess and protect against corruption or other compliance risks.
Where multiple potential acquirers seek to bid for a target, negotiations may centre on price and result in a ‘race to the bottom’, in which the bidder least interested in due diligence effectively sets the schedule and access for every other bidder. Alternatively, but somewhat less commonly, a target’s desire to attract or keep additional bidders to maintain competitive negotiations on price sometimes can increase the scope of permitted due diligence.
Finally, companies understandably have different purposes in pursuing M&A transactions or similar investments, such as:
- entering a new market;
- expanding existing market share;
- expanding into different but related product markets (or exploiting existing synergies);
- acquiring technologies or intellectual property with the potential for current or future synergies; and
- seeking investment returns.
Transactions undertaken for the first two purposes lend themselves more easily to integration, expanding what can be done in the post-acquisition phase. Transactions undertaken for the latter two purposes may involve sound business reasons for continuing to operate the target as a separate company, often retaining local management and resulting in a different post-acquisition calculus. The third purpose – expanding into different but related product markets – may land somewhere in between. As a result, the purpose of the transaction and the envisioned post-completion relationship between the acquirer and target should be taken into account throughout the transaction.
In preparing for and planning appropriate due diligence, the potential acquirer should conduct an initial compliance risk assessment of the target, while recognising the limits of what can be known at this early stage. This initial assessment will help to determine the scope of due diligence and the negotiating position with respect to compliance-related provisions in the transaction documentation.
An initial anti-corruption risk assessment should take into account, among other factors, the jurisdictions in which the target operates. A basic tool for measuring the corruption risk associated with relevant jurisdictions is Transparency International’s Corruption Perceptions Index (CPI). Although useful, the CPI is based on perceptions and therefore susceptible to overstating or misunderstanding actual corruption risks. The nature of the rankings also can suggest that some jurisdictions are materially safer than others when, in fact, the differences in their scores are relatively minor. Given that the CPI ranks corruption perception by country, it also can miss significant regional differences within a country (for example, in many countries, more remote areas tend to be associated with greater corruption, while the opposite might be true in others).
It is therefore necessary to supplement the CPI with an overview of basic knowledge about the target, including its size, ownership structure, industry, locations of operations (and the types of corrupt practices prevalent in those locations) and government touchpoints. For example, in many jurisdictions, a publicly traded company is likely to have better corporate governance than a private entity. Conversely, companies in certain industries are likely to have more elaborate contacts with government officials and generally face greater anti-corruption risk.
Compliance due diligence is a key component of the process in mergers and acquisitions. Issues uncovered during due diligence not only affect the transaction’s price but also reveal areas that the acquirer must consider and remediate to reduce the future risk of liability.
The scope of due diligence may need to be negotiated with the target and may depend on the particulars of the transaction, including its purpose, the risks presented and the ability to conduct additional due diligence in subsequent phases or post-closing. For example, anti-corruption due diligence may include the following:
- a background check on the target and potentially its owners or key members of management;
- a review and evaluation of the target’s existing compliance programme (if any), both on paper and, to the extent possible, in practice;
- an assessment of touchpoints with government officials, defined broadly to encompass not only elected officials and representatives of government agencies and ministries but also anyone acting on behalf of government-owned or government-controlled entities;
- a review of any payments or other benefits of any kind offered or provided to government officials;
- an analysis of third-party relationships – such as sales agents, distributors and consultants – especially regarding interactions with government officials; and
- a review of any known, suspected or alleged corruption-related issues.
The thoroughness of diligence typically will depend on the time available and size of the investment, among other factors. Diligence procedures can include written requests, review of compliance policies and other documents, management discussions (of varying number and depth), on-the-ground interviews and possibly testing by a forensic accounting firm of a sample of potentially relevant transactions to assess their legitimacy and support.
Even if there is little time for, or availability of, due diligence, basic diligence ideally should provide enough information to determine the importance and scope of contractual representations, warranties and other terms; identify areas for pre-closing and post-closing remediation, if possible; define the basic scope of post-acquisition diligence; and inform negotiations related to price and indemnities.
Regarding anti-corruption risk, it is also important to determine which laws already apply to the target. A target subject to the US Foreign Corrupt Practices Act (FCPA) or other robust anti-corruption laws will be more likely to have a compliance programme and may be more receptive to broader diligence (the absence of either, without a good explanation, may be a red flag). If the target is subject to the FCPA, that circumstance also may inform any decision to self-report potential violations that are uncovered in due diligence. In transactions potentially subject to US jurisdiction, there also should be consideration of whether to communicate with US regulators about the allocation of responsibility for past matters to the sellers, possibly even before the signing or closing of a transaction.
If the target operates in a high-risk jurisdiction (from a corruption perspective) and is not subject to the FCPA or other rigorously enforced anti-corruption laws, then the acquirer should be more prepared to encounter corruption-related issues – or at least allegations of such misconduct – during diligence. Indeed, the absence of any such indication of improper conduct, while operating in a high-risk area, could be a red flag in itself. Moreover, even if a target is not subject to these laws, a lender financing a given transaction may impose these types of anti-corruption compliance obligations, complicating the due diligence and related analysis.
The failure to conduct thorough due diligence, in addition to exposing the acquirer to legal risk, may prove enormously costly. For example, in 2007, eLandia acquired Latin Node Inc and discovered only post-acquisition that Latin Node had been making improper payments to government officials in Honduras and Yemen. Although eLandia disclosed the wrongdoing to the US DOJ and cooperated, Latin Node ultimately pleaded guilty to FCPA violations. eLandia shut down Latin Node and wrote off its investment.
By contrast, in January 2020, Landec Corporation stated publicly that it had made a voluntary disclosure to the US enforcement agencies that a recently acquired business, Yucatan Foods, may have engaged in improper conduct in Mexico beginning prior to the acquisition. Landec’s disclosure made clear that it had hired external counsel already to conduct an internal investigation of potential FCPA violations,and that, under the indemnification provisions of its agreement to acquire Yucatan Foods, Landec may be able to recover any related losses from the sellers.
Transaction documentation often is heavily negotiated. While a purchaser may not have sufficient bargaining power to obtain all the provisions listed below, potential compliance provisions to consider seeking include:
- anti-corruption and other compliance representations and warranties on behalf of the sellers and the target, addressing (for example) compliance with all applicable anti-corruption laws and regulations, expressly referencing those most likely to apply, such as the FCPA and relevant laws of the countries where the transaction is taking place. The less thorough the compliance due diligence, the more thorough these clauses arguably should be, though they are not a replacement for reliable diligence;
- for non-control deals, compliance covenants as to future behaviour and maintaining an effective compliance programme, as well as rights to undertake a post-completion compliance audit and information and audit rights. Additional safeguards to consider for non-control deals include veto rights over key decisions and the right to appoint executives in charge of certain core functions (e.g., the general counsel or chief financial officer);
- provisions relating to pre-closing rights, should any corrupt or other problematic activity be found, such as deal termination rights;
- exceptions from confidentiality clauses permitting self-reporting to government authorities (if possible);
- indemnity or escrow provisions (if possible and relevant); and
- exit or put rights in the event of post-closing discovery of serious corruption or other compliance issues (if possible).
The case of Abbott Laboratories and Alere illustrates the importance of both robust due diligence and well-defined contractual protections, including termination rights. In February 2016, Abbott announced a US$5.8 billion acquisition of Alere. The following month, Alere disclosed that it had received subpoenas from the US DOJ and the US SEC relating to potential FCPA violations. Abbott expressed concerns about the FCPA inquiry and delays in Alere’s public filings and sought to terminate its acquisition agreement. Alere refused, leading to contentious litigation before the parties ultimately agreed to proceed with the transaction for US$5.3 billion – US$500 million less than the originally agreed purchase price.
Similarly, in the wake of Operation Car Wash and other anti-corruption enforcement operations, a number of companies have sought to purchase at attractive valuations assets known or believed to be tainted by corruption. In addition to reinforcing the need for thorough due diligence to identify and assess the scope and magnitude of any corruption-related issues, those opportunities illustrate the importance of well-crafted contractual protections. That includes, for example, potentially segregating a portion of the purchase price to cover possible liabilities and expressly allocating responsibility among the parties for known or anticipated liabilities.
Occasionally, issues are discovered during due diligence and it is possible to remediate these issues prior to closing or even to carve out parts of the acquisition tainted by corruption.
Pre-closing remediation also can decrease dramatically the likelihood that known misconduct recurs after a transaction closes, after which the buyer is even more clearly exposed.
Deal dynamics often limit the time and ability of acquirers to address fully all relevant compliance risks pre-closing. It is sometimes easier for acquirers in control deals to complete these procedures post-closing, though attention should be paid in contracting to whether the seller will have any trailing obligations.
To the extent not already in place, implementation of a risk-based compliance programme at a target is an important step post-closing. In Opinion Procedure Release 14-02 – formal guidance issued in November 2014 regarding an actual (but anonymised) acquisition – the US DOJ encouraged companies engaging in mergers and acquisitions to ‘implement the acquiring company’s code of conduct and anti-corruption policies as quickly as practicable’ to ‘conduct FCPA and other relevant training for the acquired entity’s directors and employees, as well as third-party agents and partners’ and to ‘conduct an FCPA-specific audit of the acquired entity as quickly as practicable’.
In non-control deals, the acquirer may have less leverage with respect to compliance matters but nevertheless should attempt to obtain undertakings from the target to engage in certain compliance-related steps. Similarly, if the acquirer is buying only part of a company rather than the entire business, the acquisition might not include legal and compliance personnel and resources. In these circumstances, the acquirer should be prepared to hire new personnel and invest in compliance resources promptly post-closing. Without adequate personnel and resources, the acquirer will be unable to take any of the other important steps described earlier.
Depending on the extent of pre-acquisition due diligence, acquirers also should consider undertaking a post-acquisition compliance review as soon as practicable. Notably, the situation described in Opinion Release 14-02 included particularly thorough due diligence and did not include an undertaking for any post-acquisition audit. This suggests that there is some discretion – at least from the perspective of the US DOJ – as to whether such a review must be conducted and how extensive it should be. In determining the extent of such a review, acquirers should consider whether the target previously was subject to audits under Generally Accepted Accounting Principles, International Financial Reporting Standards or similar standards, and how soon the target will be integrated into the acquirer’s own audit programme. Acquirers should document their decision-making as to the timing of any such review or audit.
Perhaps most importantly, an acquirer should rapidly take steps to remediate any wrongdoing uncovered in pre-closing or post-closing diligence. In doing so, an acquirer must consider whether to self-report any issues to relevant enforcement agencies, which always is a fact-based determination warranting careful consideration and consultation with counsel.
We live in an era of increasingly aggressive anti-corruption enforcement, including by authorities across Latin America. It has become essential, therefore, in any potential merger, acquisition or similar investment, for acquirers to identify, evaluate and mitigate compliance-related risks at a target company.
In addition to acquiring a target’s unknown and undesirable liabilities, a company that does not conduct appropriate compliance due diligence and address any related issues may overpay for an asset. It also can be challenging to extinguish wrongful practices post-transaction and the cost of implementing or upgrading a compliance programme may be substantial.
The strategies summarised in this chapter offer both legal and commercial benefits to companies engaging in mergers, acquisitions or other investments. Although corporate transactions in high-risk markets can present attractive opportunities, investments in assets built on corruption or other improper conduct frequently find themselves on weak foundations, unless the issues are identified and appropriately remedied.
 Andrew M Levine is a partner and Erich O Grosz is a counsel at Debevoise & Plimpton LLP.
 US Dep’t of Justice [US DOJ] and US Sec. & Exch. Comm’n [US SEC], ‘A Resource Guide to the U.S. Foreign Corrupt Practices Act’ (2012), at 28.
 id., at 30.
 US DOJ, Justice Manual 9-47.120, ‘FCPA Corporate Enforcement Policy’ < https://www.justice.gov/jm/jm-9-47000-foreign-corrupt-practices-act-1977>.
 Law No. 27401 (on criminal liability of legal entities), Article 3 < http://servicios.infoleg.gob.ar/infolegInternet/anexos/295000-299999/296846/norma.htm>.
 Law No. 6404 of 1976, Article 227 < www.cvm.gov.br/export/sites/cvm/subportal_ingles/menu/investors/anexos/Law-6.404-ing.pdf> (in English).
 id., at Article 228.
 Law No. 12846 of 2013, Article 4, Paragraph 1 < www.planalto.gov.br/ccivil_03/_Ato2011-2014/2013/Lei/L12846.htm>.
 See Office of the Federal Comptroller General, Integrity Programme: Guidelines for Legal Entities (October 2015).
 Law No. 11101 of 2005, Article 60, sole paragraph and Article 141(II) < www.planalto.gov.br/ccivil_03/_ato2004-2006/2005/lei/l11101.htm>.
 Decree No. 410 of 1971 (Commercial Code of Colombia), Articles 172 and 178 < www.secretariasenado.gov.co/senado/basedoc/codigo_comercio.html>.
 Mexico’s General Law of Commercial Companies of 1934, Article 224 < www.diputados.gob.mx/LeyesBiblio/pdf/144_140618.pdf>.
 Status Report ¶ 3, U.S. v. Biomet, Inc., No. 12-cr-00080-RBW (D.D.C., 6 June 2016).
 U.S. v. Zimmer Biomet Holdings, Inc., Superseding Information, Cr. No. 12-CR-00080 (D.D.C., 12 January 2017) < https://www.justice.gov/opa/press-release/file/925171/download>.
 ‘Lava Jato levou empresas a vender mais de R$ 100 bilhões em ativos desde 2015’, G1 Globo (13 October 2017) < https://g1.globo.com/economia/negocios/noticia/lava-jato-levou-empresas-a-vender-mais-de-r-100-bilhoes-em-ativos-desde-2015.ghtml>.
 Transparency International, Corruption Perceptions Index < https://www.transparency.org/research/cpi/overview>.
 US DOJ, ‘Latin Node Inc. Pleads Guilty to Foreign Corrupt Practices Act Violation and Agrees to Pay $2 Million Criminal Fine’ (7 April 2009) < https://www.justice.gov/opa/pr/latin-node-inc-pleads-guilty-foreign-corrupt-practices-act-violation-and-agrees-pay-2-million>.
 Rhodes, Adam, ‘Abbott, Alere Settle Watchdogs’ Issues With $5.3B Deal’, Law360 (28 September 2017) < https://www.law360.com/articles/969249/abbott-alere-settle-watchdogs-issues-with-5-3b-deal>.
 US DOJ, Opinion Procedure Release 14-02 (7 November 2014) < https://www.justice.gov/criminal/fraud/fcpa/opinion/2014/14-02.pdf>.