Jay Rosen continues looking at the DOJ announcements over the past several years, as well as the FCPA Corporate Enforcement Policy, announced in November 2017, to consider how companies can use this information externally to bolster their compliance programs.
There are several areas from the DOJ guidance that make the use of external resources more impactful for a corporate compliance program. Let’s consider what a company might do if it is required to self-report a violation of a law such as the Foreign Corrupt Practices Act (FCPA). It might begin by bringing in a crisis management team to look at the board, board governance, management functions or very specific programs. Another area that is ripe for an external review is the company’s sales cycle, particularly if it uses third parties. Third parties are still recognized as one of the highest risks under the FCPA and in 2018, 93 percent of all enforcement actions involved third parties.
Such an external investigation can include some of the basics, like adequate due diligence and fulfilling internal requirements; by using an external subject matter expert, a company can really drill down into a program to look at subcontractors and other second-, third- and fourth-level contractors. Using an external resource in these areas can help a company based upon the roadmap laid out in the Benczkowski Memo.
Another area where an external resource in compliance can be most helpful is in establishing credibility with regulators. An external resource may deal with the regulators on a variety of matters and may have a well of credibility – a level of rapport with the DOJ that a company that is never or seldom in front of the DOJ may not have going into the process.
Regulators may also see the external resource as bringing another set of eyes to a matter for review.
Once you start coordinating with a government agency and you voluntarily decide to report something, you may be waiving the attorney-client privilege. Under this new guidance, you may have to cooperate fully and identify names and individuals within the company.
Moreover, your organization will more than likely have to produce documents. Not only is document security a key issue with regulators, but the same can be said for the current situation that many companies now find themselves in with multi-jurisdictional investigations. This can also hold true if there are multiple agencies involved, each of which with their own legal or regulatory focus. An external recourse can be invaluable in getting an organization through these issues. All of these situations might well lead to multiple settlements with multiple regulators. Navigating through all of this may be beyond the ability of many U.S. companies.
Another area that was certainly emphasized by the DOJ in 2018 was the mergers and acquisitions (M&A) front, particularly in the pre-acquisition phase. In July 2018, the DOJ formalized the Safe Harbor provision first articulated in 2012 FCPA Guidance around companies that performed an appropriate level of pre-acquisition due diligence and then engaged in post-acquisition integration, a forensic FCPA review, self-disclosure and remediation if required. This informal Safe Harbor is now written into the FCPA Corporate Enforcement Policy.
The DOJ wants you to show you knew not only what you were acquiring from the commercial perspective, but also from the compliance side.
You need to look at whether or not the company has a variety of compliance program indicia: Does it have a compliance program? Does it have a hotline program? Are there complaints to the hotline? Are there things that are percolating below the surface that you are not going to see in just looking at dollars? Does it have good compliance controls?
Beyond this, the DOJ will be looking at your integration plan based upon your pre-acquisition due diligence. Finally, have you fully implemented the acquired entity into your company?
Please join me next week for part four, when I explore how companies can use their compliance programs as both a sword and shield.
In case you missed the earlier installments of this ongoing series, please see the links below.