Inconsistencies in FCPA Enforcement: Key Considerations for a Potential FCPA Voluntary Disclosure

The U.S. Foreign Corrupt Practices Act (FCPA) does not mandate self-disclosure of potential violations.[1] However, when determining whether to charge a corporation and how to resolve such matters, prosecutors take into consideration a company’s timely and voluntary disclosure of a violation and its cooperation with the government’s investigation, among other factors. Accordingly, some companies choose to self-disclose potential FCPA violations to the U.S. Department of Justice (DOJ). Others decide not to self-report. Companies must carefully consider the costs and benefits of a self-disclosure to the DOJ.

This article:

• Examines recent policy changes surrounding voluntary disclosure, including the March 2019 revised FCPA Corporate Enforcement Policy (Enforcement Policy).
• Considers two recent enforcement actions illustrating the factors companies should evaluate when deciding whether to self-report violations of the FCPA.
• Provides guidance on factors to consider when evaluating whether to disclose a potential FCPA violation.

FCPA Corporate Enforcement Policy

In recent years, the DOJ has been updating its guidance in part to incentivize companies to make voluntary disclosures of FCPA violations. The most recent update was announced in March 2019. Under the March 2019 revised Enforcement Policy, self-reporting companies will receive presumption of a declination, absent aggravating circumstances, provided that the company fulfills the following requirements:

• Makes a voluntary disclosure: The voluntary disclosure must be made “within a reasonably prompt time” after the company became aware of the misconduct. The disclosure must include all relevant facts known to the company, including the identity of individuals substantially involved in the misconduct. The disclosure of individuals “substantially” involved in the misconduct is a shift from the previous policy, which required disclosure of all individuals involved in the misconduct, regardless of role.
• Fully cooperates: Self-disclosing companies are required to fully cooperate. This requires timely disclosure of relevant facts and documents, including documents located overseas and documents in the possession of third parties. Companies are also required to, when requested, produce witnesses for interviews, including overseas employees and agents.
• Demonstrates timely and appropriate remediation steps: The self-reporting company must remediate the misconduct at issue, which includes a “root cause” analysis, implementation and/or enhancement of a compliance program, and disciplinary measures. Additionally, companies must take appropriate measures to retain business records, including the implementation of policies on the use of ephemeral messaging.

Even if the above steps are taken, the presence of one or more aggravating factors can rebut the declination presumption. Aggravating circumstances include involvement of senior executives in the misconduct, significant profit from the misconduct, pervasiveness of the misconduct within the company and whether the company is a repeat offender.

Case Studies: Lessons from Real-World Scenarios

First Case: A Declination Despite the Presence of an Aggravating Factor

The first case study involves the DOJ’s decision to issue a declination despite the presence of one aggravating factor: criminal misconduct by two senior executives.

In September 2016, a U.S. public company reported to the DOJ and the U.S. Securities and Exchange Commission (SEC) its investigation into potential FCPA violations. The misconduct involved two senior executives who allegedly authorized payment to foreign government officials. The payment was made through a third-party intermediary to secure a required license for the development of an office park. The bribes totaled more than $2 million related to this project. Furthermore, the company apparently concealed the bribe by falsifying invoices.

Despite the fact that senior executives were involved in the bribe payments to foreign officials (an aggravating factor), the DOJ declined to prosecute the company for FCPA violations. According to the DOJ, the declination decision was made on the basis of extraordinary cooperation. In particular, the DOJ highlighted that the company:

• Promptly and voluntarily disclosed the violations upon learning of them.
• Conducted a thorough and comprehensive investigation of the matter.
• Provided full and proactive cooperation in the matter.
• Agreed to pay a civil penalty and disgorge an amount “fairly attributable to the bribery conduct.”
• Took significant steps to remediate the misconduct, including terminating the employment of and disciplining employees involved in the misconduct.

In addition, in connection with the declination, the company agreed to continue to fully cooperate with the DOJ’s ongoing investigations.

Following the declination, the DOJ individually charged the executives involved in the misconduct, holding them individually responsible.

Second Case: A Non-Prosecution Agreement Despite Voluntary Disclosure

The second case study illustrates the importance of undertaking a comprehensive internal investigation to understand the full scope of potential misconduct, promptly remediating that misconduct and providing full and proactive cooperation after self-reporting.

This matter involved an international health care company. Despite making a voluntary disclosure of the misconduct to both the DOJ and the SEC, the company settled FCPA-related charges with the DOJ through a non-prosecution agreement (NPA), which required the company to pay a criminal penalty and retain an independent compliance monitor. The company also settled charges with the SEC and agreed to disgorge ill-gotten profits. This company did not receive a declination of prosecution.

Between 2007 and 2016, the company made improper payments to custom officials and health care professionals employed by state-owned enterprises in over 10 countries. To make these improper payments, the company reportedly used schemes such as sham contracts for services never rendered, lavish gifts and entertainment, cashing checks made out to employees to make a cash bribe payment and falsifying invoices and other documents.

When electing to resolve the allegations through an NPA – rather than declining to prosecute – the DOJ pointed to the company’s failure to: (1) promptly respond to certain DOJ requests and (2) provide fulsome responses to the DOJ’s requests for information. The DOJ also pointed to the pervasiveness and breadth of the misconduct. In addition, the DOJ noted that the misconduct continued in certain countries until four years after the company’s voluntary disclosure. Although the company did not qualify for declination because of the cited factors above, it received a settlement reduction of 40 percent below the low end of the U.S. Sentencing Guidelines fine range.

Conclusion

Under the Enforcement Policy, the DOJ provides specific benefits to companies that cooperate in the context of FCPA violations. The evidence of those benefits can be found in the 12 declinations (including the company described above) the DOJ has announced to date under the Enforcement Policy – and under its predecessor pilot program – since June 2016.

Nevertheless, companies evaluating whether to self-report violations of the FCPA should carefully consider whether the potential benefits of voluntary disclosure outweigh the risks. The risk calculus is complicated and fact-intensive. Companies considering whether to self-report potential FCPA violations should consider the following factors:

• Whether the company is a recidivist.
• The scope of the internal investigation.
• The seriousness and pervasiveness of the misconduct, including the presence of aggravating factors such as senior executive involvement and associated dollar amount.
• The likelihood of similar, but undiscovered, misconduct in other locations or countries in which the company operates.
• Whether the company is in a position to make a “timely” disclosure.
• The likelihood of the ability to fully cooperate with the DOJ, including the production of documents and witnesses, both within the United States and overseas.
• The company’s ability to pay the estimated restitution dollar amount.
• The company’s compliance program and internal controls and their willingness to enhance that program.
• Whether the company has implemented policies regarding ephemeral messaging.
• The likelihood of exposure to parallel investigation by another regulator, such as the SEC or a non-U.S. government, and civil litigation (g., shareholder lawsuit).
• If the company is publicly owned, the likelihood of a whistleblower complaint of the misconduct being filed with the SEC if the company chooses not to self-report.

There is surely a benefit to the certainty that comes with disclosing an issue to the government, investigating it fully, remediating the shortcomings identified and concluding the matter with something of a clean slate. This is particularly true for an issuer of securities, which likely would have to re-state its books and otherwise adjust securities filings upon learning of significant issues. On the other hand, it is also true that there are significant costs to self-disclosing companies, even when a declination is received. It is therefore critical for companies to think carefully about all the benefits and all the costs of making a disclosure to the government.

[1] The FCPA is the primary U.S. anti-corruption law that criminalizes bribery payments made by companies to foreign government officials in an effort to obtain or retain business.