The Foreign Corrupt Practices Act (FCPA) makes it a crime for “any officer, director, employee, or agent” of an issuer of U.S. securities “to make use of the mails or any means or instrumentality of interstate commerce” in furtherance of any corrupt offer, promise or payment to a foreign official. While much has been written about the FCPA’s various substantive violations, defenses and exceptions, very little has been written about the jurisdictional requirement of use of the “mails,” “means” or an “instrumentality” of interstate commerce. Until now.

Earlier this month in Securities and Exchange Commission (SEC) v. Straub, Judge Richard Sullivan of the Southern District of New York published the first decision on this important FCPA topic. For federal criminal practitioners, Straub’s broad interpretation of the jurisdictional language comes as little surprise. Use of mails or instrumentalities of interstate commerce is a jurisdictional hook for many federal criminal statutes, such as mail and wire fraud. However, the practical implications of the decision demonstrate just how far the FCPA reaches, and how easy it is to subject a wholly foreign transaction to the FCPA.

Straub involves an alleged bribery scheme devised by three executives of a Hungarian telecommunications company, Magyar Telekom, Plc. According to the allegations, the executives planned to route €10 million through a Greek agent to Macedonian officials in an effort to repeal or delay implementation of telecommunications legislation detrimental to Magyar’s business.

There are no allegations that any activity took place within the U.S. or involved any U.S. personnel. Rather, at the time of the relevant events, Magyar was controlled by Deutsche Telekom and both its and Deutsche Telekom’s securities were listed on the New York Stock Exchange through American Depository Receipts (ADR). While it is generally accepted that entities with ADRs are subject to the FCPA if their directors, officers, employees or agents violate the FCPA, that fact does not confer any jurisdiction over the individuals who may have engaged in the alleged acts.

Straub is unusual because the SEC is asserting that three foreign executives violated the FCPA based solely on the fact that a few emails relating to the arrangements sent by only one of the three made their way onto, or passed through, a server located in the U.S. These were not emails sent to someone in the U.S. These were emails that ended up touching U.S. jurisdiction (thereby becoming a “means or instrumentality of interstate commerce”) purely due to the complex interconnected nature of the Internet. The sender had no knowledge that his emails would pass through the U.S.

Furthermore, the court’s exercise of personal jurisdiction over the defendants related to their signing of Sarbanes-Oxley Act (SOX) sub-certifications that they were alleged to have known were inaccurate and intended to deceive the company’s auditors. The court held that this effort was aimed at New York, and in fact had an effect in New York, because that is where the companies’ shares traded.

In yet a further expansion, Straub held that the “catch-all” statute of limitations that applies to the SEC’s civil FCPA enforcement (and many other types of enforcement) does not run against defendants who are not physically present in the U.S.

All of this has significant implications.

First, many multinational companies have servers in the U.S. that either host emails directly, act as redundant or backup email systems or provide archival email storage. Employees around the world likely have no idea that an email they send to the person down the hall from them in the Hong Kong, London or Sao Paulo office will bounce off a U.S. based server in the millisecond it takes to travel the length of the corridor.

Second, the implications are not limited to email. In similar fashion, a great many of the world’s banking transactions—particularly any denominated in dollars—pass through U.S. financial institutions, even if only for a split second. Under the same logic, these too will likely be viewed as making use of a means or instrumentality of interstate commerce (they already satisfy very similar statutory language in the U.S. money laundering statutes).

Third, many multinational companies traded on U.S. exchanges have elaborate SOX compliance systems that require certifications and sub-certifications from a wide variety of international employees. If Straub is upheld on appeal, signing these certifications will be tantamount to consenting to personal jurisdiction over them for any enforcement actions relating to those certifications.

Finally, given the inherently foreign nature of FCPA cases, many defendants will not be in the U.S. at any time and, at least theoretically, the statute of limitations might never run as to them.

All of this will likely be revisited on appeal, but given the dearth of FCPA decisions, Straub will have significant influence in how other courts view similar matters. Perhaps more importantly, it will also galvanize the SEC’s expansive view of the statute’s reach, and of its enforcement power.