On July 30, 2015, the Chief of the Fraud Section of the U.S. Department of Justice (“DOJ”) confirmed that DOJ is hiring an attorney to serve as a Foreign Corrupt Practices Act (“FCPA”) compliance expert. DOJ has long emphasized the importance of compliance and remediation, and with this new position, it is putting its money where its mouth is. There has never been a more explicit signal by DOJ that companies need to enhance their anti-corruption compliance programs. DOJ has made clear that it will reward companies that go beyond mere paper programs and instead design anti-corruption compliance programs that efficiently prevent misconduct and quickly detect improper payments when employees evade a company’s strong financial controls.
DOJ’s new compliance counsel—who has been selected and currently is undergoing vetting—will help DOJ determine whether to prosecute a company for FCPA violations. This new compliance counsel position constitutes a significant change for DOJ, which in the past has relied on its cadre of white collar criminal prosecutors to evaluate compliance programs. The compliance counsel will help DOJ answer the recurring issue of whether an FCPA violation occurred because the company lacked an effective anti-corruption compliance program or because a rogue employee circumvented an otherwise strong program. Should DOJ decide to prosecute the company, the compliance counsel’s evaluation of the company’s compliance program will inform the final resolution with the company, including whether the company will be required to retain an independent compliance monitor.
In several FCPA resolutions with companies, public speeches by DOJ staff, official guidance provided in the FCPA Resource Guide, and the U.S. Sentencing Guidelines, DOJ has repeatedly emphasized that compliance must be a priority for companies facing anti-corruption challenges and that companies who have invested in effective compliance programs to prevent and detect potential FCPA violations will receive significant consideration and meaningful benefits from DOJ. Cases providing vivid examples of this point include:
- Morgan Stanley: DOJ declined to prosecute Morgan Stanley for FCPA violations based on its strong compliance program, expressly observing that “Morgan Stanley maintained a system of internal controls meant to ensure accountability for its assets and to prevent employees from offering, promising or paying anything of value to foreign government officials.” In their press release, DOJ also cited to the significant training that Morgan Stanley provided to its employees, the rigorous monitoring and testing protocols, and third party controls.
- Ralph Lauren: Ralph Lauren secured a Non-Prosecution Agreement with DOJ and the U.S. Securities and Exchange Commission (“SEC”) for its FCPA violations because of that company’s “early and extensive remediation, including conducting extensive FCPA training for employees worldwide, enhancing the company’s existing FCPA policy, implementing an enhanced gift policy and other enhanced compliance, control, and anti-corruption policies and procedures, enhancing its due diligence protocol for third-party agents, terminating culpable employees and a third-party agent, instituting a whistleblower hotline, and hiring a designated corporate compliance attorney.”
In these and other cases, DOJ repeatedly has emphasized the importance of a strong compliance program and attempted to demonstrate publicly how an effective compliance program can either help a company avoid prosecution altogether or at least mitigate the associated penalties. In contrast, DOJ makes clear that when a company knowingly and willfully fails to invest in anti-corruption compliance programs, that company should pay a significant penalty. In the press release announcing the guilty plea of BAE Systems plc and the corresponding $400 million penalty, DOJ highlighted the fact that the company had “knowingly and willfully failed to create sufficient compliance mechanisms to prevent and detect violations of the anti-bribery provisions of the FCPA.”
In perhaps the clearest official DOJ statement regarding the importance of compliance programs, the FCPA Resource Guide states that the U.S. government’s focus on effective compliance programs “reflect[s] the recognition that a company’s failure to prevent every single violation does not necessarily mean that a particular company’s compliance program was not effective.” Further, “[i]n appropriate circumstances, DOJ and SEC may decline to pursue charges against a company based on the company’s effective compliance program, or may otherwise seek to reward a company for its program, even when that program did not prevent the particular underlying FCPA violation that gave rise to the investigation.” The FCPA Resource Guide also provides numerous anonymized examples of when DOJ and SEC declined to bring an enforcement action, and every example includes a description of the improvements that the company made to its compliance program and / or internal controls systems.
Companies need to recognize that the increasing internationalization of enforcement means that DOJ and SEC are not the only enforcement agencies focused on anti-corruption compliance. The UK Bribery Act, which established criminal liability for corporations that fail to prevent bribery, also provides an affirmative defense when companies can prove that they “had in place adequate procedures designed to prevent persons associated” with the company from undertaking the prohibited conduct. Likewise, Brazil’s recently enacted anti-corruption law, the Clean Company Act, contemplates reduced sanctions for infractions under a leniency agreement with the implementation or enhancement of a compliance program. These laws reflect the global trend for enforcement agencies around the world to give greater benefits to companies who work to prevent corruption from occurring.
Companies also need to recognize that corruption will occur and may already be occurring within their companies. The World Bank estimates that over $2.5 billion in bribes is paid every day ($100 million in bribes an hour), totaling approximately 3% of the world’s economy. According to Transparency International’s Global Corruption Barometer, over one in four people acknowledged paying a bribe in the last year. No matter how good the compliance program, companies will never be able to stop every bad actor. However, with this renewed focus on effective compliance, enforcement agencies clearly expect companies to do more than just establish a paper program and stop an isolated problem once it is identified. Instead, enforcement agencies (which now have numerous examples of companies that have implemented robust, state-of-the-art anti-corruption compliance programs) expect companies to implement anti-corruption compliance programs that are well-designed and effectively implemented to prevent, deter, and detect problems.
With DOJ’s recent hire of a compliance expert, there has never been a more important time for a company to assess its compliance program and identify enhancements that are necessary to appropriately address the evolving global corruption risks. Companies currently conducting internal investigations of corruption allegations or facing enforcement action by DOJ and SEC should be examining and improving their compliance programs during the investigation. During every negotiation with DOJ and SEC of an FCPA-related case, the agencies require a presentation by the company of how the compliance program broke down (resulting in the violations) and what the company has done to improve the compliance program during the course of the investigation (minimizing the risk of recurring violations). The worst thing a company can do is to tell DOJ or SEC that it failed to make any significant compliance enhancements during a multi-year investigation into potential FCPA violations. Companies not currently under investigation should periodically conduct a global risk assessment to ensure that they have identified those government touch points specific to their business model and then designed and implemented appropriate policies, procedures, and controls to mitigate those company-specific corruption risks. Companies also should benchmark their compliance program against current recognized “best practices” in their industry. By taking these actions, when a problem inevitably does occur—and corruption problems occur for companies every day—the company is able to detect the problem and take immediate action to remediate it in a cost-efficient manner.
Undertaking these types of periodic compliance reviews can be time-consuming and potentially costly, but these reviews are critical. DOJ has sent a very clear signal that companies must invest in compliance programs. However, because companies do not have unlimited resources to spend on compliance, it’s important for compliance officers, general counsels, and others with compliance responsibilities at a company to effectively allocate their “compliance dollars.” Purchasing the latest (and costly) new technology solution that has just become available may not be the most effective use of those limited dollars. Indeed, many of these solutions often do not focus on the issues that matter most to the prosecutors. In future articles, Paul Hastings will describe what issues are of greatest interest to government agencies and how best to allocate limited compliance resources. Now that DOJ will have its own compliance expert in house, companies must expect and be prepared for a deeper examination of their anti-corruption compliance programs and related internal controls.
- Nathaniel B. Edmonds is a Partner in the Washington, D.C. office and the former Assistant Chief of the FCPA Unit of the Fraud Section of the Criminal Division of the U.S. Department of Justice. During his ten years in the Fraud Section, Mr. Edmonds supervised and personally led numerous FCPA investigations and evaluated dozens of FCPA compliance programs to determine when a company should be prosecuted or whether penalties should be reduced. As one of the principal drafters of the FCPA Resource Guide, Mr. Edmonds brings a unique perspective to his current role as a defense counsel for multi-national companies conducting internal investigations and evaluating anti-corruption compliance programs to enhance the controls environment and minimize the risk of future improper payments.
- Corinne Lammers is a Partner in the Washington, D.C. office of Paul Hastings and her practice is focused on designing new, and enhancing existing, anti-corruption compliance programs, including policies and procedures, for multi-national corporations across a wide range of industries. Ms. Lammers has worked on several corporate monitorships and self-monitorships, including preparing reports to U.S. authorities and working with companies to strengthen their anti-corruption compliance programs to meet the terms of settlements with enforcement agencies. She has extensive experience in conducting risk assessments and enhancing anti-corruption compliance programs to meet established industry “best practices,” as well as providing comprehensive compliance training to management, employees, and third parties.