Using External Resources to Bolster Compliance Programs

There are several areas from the DOJ guidance that make the use of external resources more impactful for a corporate compliance program. Let’s consider what a company might do if it is required to self-report a violation of a law such as the Foreign Corrupt Practices Act (FCPA). It might begin by bringing in a crisis management team to look at the board, board governance, management functions or very specific programs. Another area that is ripe for an external review is the company’s sales cycle, particularly if it uses third parties. Third parties are still recognized as one of the highest risks under the FCPA and in 2018, 93 percent of all enforcement actions involved third parties.

Such an external investigation can include some of the basics, like adequate due diligence and fulfilling internal requirements; by using an external subject matter expert, a company can really drill down into a program to look at subcontractors and other second-, third- and fourth-level contractors. Using an external resource in these areas can help a company based upon the roadmap laid out in the Benczkowski Memo.

Another area where an external resource in compliance can be most helpful is in establishing credibility with regulators. An external resource may deal with the regulators on a variety of matters and may have a well of credibility – a level of rapport with the DOJ that a company that is never or seldom in front of the DOJ may not have going into the process.

Regulators may also see the external resource as bringing another set of eyes to a matter for review.

Once you start coordinating with a government agency and you voluntarily decide to report something, you may be waiving the attorney-client privilege. Under this new guidance, you may have to cooperate fully and identify names and individuals within the company.

Moreover, your organization will more than likely have to produce documents. Not only is document security a key issue with regulators, but the same can be said for the current situation that many companies now find themselves in with multi-jurisdictional investigations. This can also hold true if there are multiple agencies involved, each of which with their own legal or regulatory focus. An external recourse can be invaluable in getting an organization through these issues. All of these situations might well lead to multiple settlements with multiple regulators. Navigating through all of this may be beyond the ability of many U.S. companies.

Another area that was certainly emphasized by the DOJ in 2018 was the mergers and acquisitions (M&A) front, particularly in the pre-acquisition phase. In July 2018, the DOJ formalized the Safe Harbor provision first articulated in 2012 FCPA Guidance around companies that performed an appropriate level of pre-acquisition due diligence and then engaged in post-acquisition integration, a forensic FCPA review, self-disclosure and remediation if required. This informal Safe Harbor is now written into the FCPA Corporate Enforcement Policy.

The DOJ wants you to show you knew not only what you were acquiring from the commercial perspective, but also from the compliance side.

You need to look at whether or not the company has a variety of compliance program indicia: Does it have a compliance program? Does it have a hotline program? Are there complaints to the hotline? Are there things that are percolating below the surface that you are not going to see in just looking at dollars? Does it have good compliance controls?

Beyond this, the DOJ will be looking at your integration plan based upon your pre-acquisition due diligence. Finally, have you fully implemented the acquired entity into your company?

Please join me next week for part four, when I explore how companies can use their compliance programs as both a sword and shield.

In case you missed the earlier installments of this ongoing series, please see the links below.

Everything You Always Wanted to Know About Monitors But Were Afraid to Ask

Part 1, Part 2, Part 3, Part 4 and Part 5

Potential Issues in Corporate Monitorships

Part 1, Part 2, Part 3, Part 4 and Part 5

Suspension and Debarment in Monitoring

Part 1, Part 2, Part 3, Part 4 and Part 5

Monitoring in the Health Care Sector

Part 1, Part 2, Part 3, Part 4 and Part 5

The Basics of Corporate Culture

Part 1, Part 2, Part 3, Part 4 and Part 5

Monitoring in an M&A Context

Part 1, Part 2, Part 3, Part 4 and Part 5

Affiliated Monitors: 15 Years of Independent Monitoring Excellence

Part 1, Part 2, Part 3, Part 4 and Part 5

Compliance Strategies Under the Benczkowski Memo and New DOJ 2018 Policy Announcements

Part 1, Part 2