This article was republished with permission from FCPAméricas Blog, for which Matteson Ellis is founder, editor and regular contributor.
Over the past three years, FCPAméricas has posted summaries of the views that lead FCPA enforcement officials provide at ACI’s International Conference on the FCPA (see posts from 2011, 2012 and 2013). This year, at the 2014 conference, Kara Brockmeyer (Chief of the FCPA Unit of the SEC’s Enforcement Division) and Patrick Stokes (Deputy Chief of the FCPA Unit of the Fraud Section of the DOJ’s Criminal Division) offered helpful insights (these were their views and not the official views of their respective agencies):
SMEs Don’t Need “Rolls-Royce” Programs. Ms. Brockmeyer said she recognizes that some companies, given their smaller sizes, are not able to afford highly sophisticated compliance programs. She advised that small and medium-sized enterprises (SMEs) should still try to leverage the controls they have in place to address FCPA risks (FCPAméricas has previously discussed FCPA compliance for SMEs). For example, SMEs should use their internal audit function to ensure books and records are complete, supporting documentation is maintained for expenditures, employees know what they can spend money on and segregation of duties and authorization levels are in place. She said that the types of controls that help prevent misconduct like embezzlement are the same controls that can prevent bribery. Mr. Stokes added that the DOJ realizes that SMEs cannot conduct the same type of M&A due diligence as larger companies. But he said, “We expect them to identify the highest risk areas and take a look at the books and some contracts to the extent possible and follow it up and conduct more thorough review of various subsidiary and units around the world where it is operating.”
More International Cooperation. Ms. Brockmeyer said that the trend of more parallel investigations among authorities in different countries will continue. Enforcement counterparts in other countries are growing more sophisticated in how they investigate bribery-related crimes. More countries are also adopting corporate liability standards (FCPAméricas has discussed corporate liability standards in Brazil, Chile, Peru and Colombia). She added that more countries are making referrals to U.S. authorities.
Benefits to Self-Reporting and Cooperation. Like in prior years, this year enforcement authorities once again promoted the benefits of voluntary disclosure and cooperation with the government. Mr. Stokes said that the DOJ rewards companies through the types of charges it brings, the entities it chooses to charge (ie., the parent or the subsidiary) and the fines it assesses. Ms. Brockmeyer pointed to the recent Layne Christensen enforcement action as an example of how cooperation can lead to tangible benefits. In that case, the SEC applied only a $350,000 penalty when it could have applied a penalty of $3.4 million (the same amount as the disgorgement). Mr. Stokes said that, when a company discloses issues, the DOJ will give it room to perform its own investigation and will provide guidance: “This does not mean we will not conduct our own review and test, but it gives companies more freedom…when you self-report, you talk about the investigative plan…we can weigh in on what we think is an appropriate scope and scale of the investigation…we will give guidance on what we are not interested in, this is a tremendous benefit that is perhaps under-appreciated.”
How FCPA Authorities Investigate Cases. Mr. Stokes said that the DOJ does not focus on certain industries. Instead, the agency follows the evidence: “We are opportunistic. We look for crime and evidence and follow it to its logical conclusion.” As a result, authorities have learned that some industries and jurisdictions are higher risk than others. He warned, “If your company is operating in a high-risk jurisdiction, despite the activity it is involved in, it faces FCPA risk, full stop.”
Some Companies Not Going Far Enough with Compliance. Mr. Stokes explained, “We see situations where compliance professionals are raising concerns and companies go forward based on business considerations…When you can’t find out who shareholders or beneficial owners of third parties are, these are major red flags, and we don’t see companies going far enough.” He added, “We want to see that companies are taking meaningful steps to address issues, identify issues and not simply throwing up their hands.”
Employee Confidentiality Agreements. Ms. Brockmeyer took the opportunity to “get the message out there” that, when publicly listed companies ask their employees to sign confidentiality agreements, there should be a “carve out” that allows them to make whistleblower reports to the SEC. She said that, in the wake of Dodd-Frank, all publicly listed companies should review this.
M&A Due Diligence. Mr. Stokes and Ms. Brockmeyer said that companies are doing more in-depth M&A due diligence and “kicking the tires hard,” like identifying highest risks, looking at government contracts and third-party contracts of the entities they acquire and developing thorough plans to roll out compliance programs quickly. Mr. Stokes said, “Where we see failures is often in pre-acquisition they do little, and post-acquisition they roll out a compliance program on the website and send out a notice with the code of conduct, but fail to do training and fail to go to high-risk countries quickly to interview their high-risk units and employees.” Ms. Brockmeyer added that, in acquisitions, anti-corruption due diligence can be part of a larger discussion about the value of the company. (FCPAméricas has provided an overview of various perspectives on FCPA due diligence in mergers and acquisitions.)
Mr. Stokes and Ms. Brockmeyer also spent a considerable amount of time discussing the importance of foreign bribery risk assessments and compliance program testing, which will be discussed in a follow-up post.
The opinions expressed in this post are those of the author in his or her individual capacity and do not necessarily represent the views of anyone else, including the entities with which the author is affiliated, the author`s employers, other contributors, FCPAméricas or its advertisers. The information in the FCPAméricas blog is intended for public discussion and educational purposes only. It is not intended to provide legal advice to its readers and does not create an attorney-client relationship. It does not seek to describe or convey the quality of legal services. FCPAméricas encourages readers to seek qualified legal counsel regarding anti-corruption laws or any other legal issue. FCPAméricas gives permission to link, post, distribute or reference this article for any lawful purpose, provided attribution is made to the author and to FCPAméricas LLC.