Jay Rosen continues to review the DOJ announcements over the past year and the FCPA Corporate Enforcement Policy, announced in November 2017, to consider the strategies companies can use based upon these documents.
Over the series I have explored what companies can do both internally and externally to incorporate the Benczkowski Memo (the “Memo”) and other DOJ guidance into their organizations. Here, I discuss how the new DOJ Guidance from 2018 on Foreign Corrupt Practices Act (FCPA) compliance can be used as both a sword and a shield.
The first thing to recognize is that while laying out the criteria for monitor selection by the DOJ, the Memo also lays out a roadmap of how to avoid a monitor. The Memo lays out several conditions to indicate a situation where a monitor is warranted.
The first includes whether the underlying misconduct involved something as systemic as manipulation of corporate books and records or exploitation. If it does, this may well be indicia that a company had an inadequate compliance program. This would further indicate that the corporate compliance program is not designed and implemented effectively.
The second factor considers whether the misconduct was pervasive across the organization or approved or facilitated by senior-level management. This situation includes the concept of tone at the top and whether or not senior-level managers are contributing to the misconduct or creating the kind of culture that’s necessary to prevent this conduct.
The third factor: Did the corporation make significant investments in and improvements to its corporate compliance program and internal controls? If the company did remediate, what is the evidence it did so, and is there evidence of the effectiveness of the remediation?
This would also include an analysis of the whether the company made significant investment in its compliance program to remediate, improve and strengthen the controls that may have failed. This signifies the DOJ is looking for a demonstrated remediation.
A fourth factor considers whether these improvements to the compliance program had been tested to demonstrate they prevent or detect similar misconduct in the future. This is the first time I’ve seen in the DOJ policy document the concept of testing a compliance program and testing internal controls.
This is clear evidence of what a company can do to try to avoid a monitor if it finds itself in a FCPA investigation.
These four factors can be a very big step for the company, not only in its negotiation with the DOJ, but as a proactive approach to lower the threat of an FCPA violation and a potential risk recurrence.
The Memo is a natural extension of the 2017 FCPA Corporate Enforcement Policy, which laid out the four steps a company must take to obtain a declination (self-disclosure, extensive cooperation, full remediation and profit disgorgement) – most particularly in prong three, remediation.
Yet all of this is a clear continuation of DOJ policy evolution. Beginning with the 2012 FCPA Guidance, up through multiple enforcement actions, the 2016 FCPA Pilot Program, the 2017 Evaluation of Corporate Compliance Programs, the 2017 FCPA Corporate Enforcement Policy and the 2018 anti “piling-on” and Safe Harbor policies in mergers and acquisitions (M&A).
Finally, in a December 2018 speech before the Practising Law Institute Event, Principal Deputy Assistant Attorney General John P. Cronan focused on an effective compliance program, not a paper compliance program. Cronan stated:
“when we at the Department talk about compliance, we are referring to effective compliance. The Principles of Federal Prosecution of Business Organizations make that clear. Under those Principles, in determining whether to charge a corporation, prosecutors must consider, among other factors, the existence and effectiveness of the corporation’s preexisting compliance program, as well as the corporation’s subsequent remedial actions including efforts to implement an effective compliance program or improve an existing one. In assessing a compliance program, the Principles specifically direct prosecutors to consider “whether a corporation’s compliance program is merely a ‘paper program’ or whether it was designed, implemented, reviewed and revised, as appropriate, in an effective manner.”
The drumbeat keeps getting stronger and stronger for accountability in corporate compliance programs.
The DOJ will take a hard look at and wants companies to demonstrate that they are holding the perpetrators accountable.
If they can do so, this is evidence that you are looking at some real basic compliance program principles and that the company will remediate misconduct if there was a bad actor in place.
Compliance professionals should read the Memo carefully to fully understand the principals it lays out. This will help you use it not only as a shield to protect your organization from getting into FCPA hot water but also, if you do get in trouble, it can act as a sword to cut off the possible requirement of a monitor.
Please join me next week as I conclude this series with a deep dive into the benefits of using third-party proactive monitoring.
In case you missed the earlier installments of this ongoing series, please see the links below.