The DOJ and SEC recently released the second edition of the Foreign Corrupt Practices Act (FCPA) Resources Guide, marking the first changes since 2012.
Tom Fox discusses their rationale for the update, covering the new hallmark, the FCPA corporate enforcement policy, the accounting provisions and policy and case law updates.
Enjoy a sample from this download:
The New Hallmark
Obviously this 2020 Resource Guide has been some time in coming, and it represents the work of many dedicated professionals in the DOJ and SEC. It is a welcome resource for every compliance practitioner. I want to focus on the primary changes and additions to the Hallmarks of an Effective Compliance Program. The first change to note is the expanded definition to the question, “is [the corporate compliance program] being applied in good faith” with the addition of the query, “in other words, is the program adequately resourced and empowered to function effectively?” This language comes from the 2020 Update to the Evaluation of Corporate Compliance Programs (2020 Update). This change clearly reflects the need for a company to do far more than have a paper compliance program in place, which presaged many of the changes brought forward in the 2020 Update.
However, the biggest change is the addition of a new Hallmark, entitled “Investigation, Analysis, and Remediation of Misconduct,” which reads in full:
“The truest measure of an effective compliance program is how it responds to misconduct. Accordingly, for a compliance program to be truly effective, it should have a well-functioning and appropriately funded mechanism for the timely and thorough investigations of any allegations or suspicions of misconduct by the company, its employees, or agents. An effective investigations structure will also have an established means of documenting the company’s response, including any disciplinary or remediation measures taken.
In addition to having a mechanism for responding to the specific incident of misconduct, the company’s program should also integrate lessons learned from any misconduct into the company’s policies, training, and controls. To do so, a company will need to analyze the root causes of the misconduct to timely and appropriately remediate those causes to prevent future compliance breaches.”
There are many interesting aspects to this new Hallmark, not the least is that it begins with “the truest measure of an effective compliance program is how it responds to misconduct.” This builds upon the language found in the “Confidential Reporting and Internal Investigation” Hallmark, which stated, “…once an allegation is made, companies should have in place an efficient, reliable, and properly funded process for investigating the allegation and documenting the company’s response.” Now, beyond being properly funded, you must have a “well-functioning mechanism” for the “timely and thorough investigations of any allegations or suspicions of misconduct by the company, its employees, or agents.”
This clearly mandates that once an allegation or even suspicion comes to the attention of compliance, it must be properly triaged and your investigation protocol 7
should kick in with a detailed and effective investigation that is completed in a reasonable time and that provides a response to the investigative findings. Moreover, an investigation is not the ending point and should be followed with a robust root cause analysis. This builds upon several sources.
Initially, the FCPA Corporate Enforcement Policy brought forward this requirement for a root cause analysis with the following language: “Demonstration of thorough analysis of causes of underlying conduct (i.e., a root cause analysis) and, where appropriate, remediation to address the root causes.”
The 2020 Evaluation also raised the following questions under “Root Cause Analysis – What is the company’s root cause analysis of the misconduct at issue? Were any systemic issues identified? Who in the company was involved in making the analysis?”