In this unsettled time, the Criminal Division of the Department of Justice recently issued two important documents that reflect significant continuity in DOJ policy toward corporate white-collar criminal investigations. In June, the Criminal Division issued guidance titled “Evaluation of Corporate Compliance Programs” (Compliance Guidance), which builds on earlier policy statements and instructs prosecutors how to analyze an organization’s compliance programs. In July, the Criminal Division together with the Securities and Exchange Commission’s Enforcement Division issued the second edition of the “Resource Guide to the US Foreign Corrupt Practices Act” (FCPA Resource Guide), which incorporates policies and rulings issued since release of the original FCPA Resource Guide in 2012. In broad terms, both documents clarify and elaborate on a central tenet of current DOJ policy toward business organizations in white-collar criminal investigations: specifically, a company can get the benefit of a rebuttable presumption of nonprosecution if it voluntarily discloses to the government unlawful conduct; cooperates fully with a resulting government investigation, including by providing information about culpable employees; and undertakes genuine and satisfactory
The effectiveness of a company’s compliance programs relates directly to remediation, the third requirement for leniency
remediation of the conditions which allowed the unlawful conduct to occur. See Justice Manual § 9-47.120 (articulating this policy in FCPA investigations). The effectiveness of a company’s compliance programs relates directly to remediation, the third requirement for leniency. More generally, the stronger a company’s compliance programs, the stronger a company’s arguments will be for the fullest possible leniency in discussions with prosecutors.
In this article, we summarize and discuss key takeaways from these recent policy documents. While the two documents make relatively limited, discrete adjustments to preexisting guidance, the new documents on the whole mark the continuity in DOJ’s approach to corporate white-collar enforcement.
Corporate Compliance Programs
The new Compliance Guidance follows earlier statements issued in 2017 and 2019. Though designed as guidance for prosecutors, the Compliance Guidance is widely used as a roadmap for companies and their counsel in the design and implementation of compliance programs that can meet DOJ expectations.
The Compliance Guidance is structured around three “fundamental questions” used to assess the effectiveness of corporate compliance programs:
• “‘Is the corporation’s compliance program well designed?’;
• ‘Is the program being applied earnestly and in good faith?’ In other words, is the program adequately resourced and empowered to function effectively?;
• ‘Does the corporation’s compliance program work’ in practice?” Compliance Guidance at 2 (citing Justice Manual § 9-28.800, Principles of Federal Prosecution of Business Organizations (emphasis added).) The Compliance Guidance added the italicized language to Question 2 to highlight that an effective compliance program must be “adequately resourced and empowered to function effectively.” See generally Jonathan Sack, “DOJ’s Updated Guidance for Evaluating Corporate Compliance Programs,” Forbes The Insider Blog (June 30, 2020).
Regarding the first fundamental question—whether the corporation’s compliance program is well designed—many of the changes demonstrate the importance of continual review and improvement. Hence the Compliance Guidance directs prosecutors to focus not only on a company’s initial assessment of risk but also on revisions to a company’s compliance program, including whether the risk assessment is “current and subject to periodic review,” whether that periodic review is a “snapshot” or based upon “continuous access to operational data and information across functions,” and whether a company tracks and incorporates “lessons learned” from its own experiences and those of similar companies. The new Compliance Guidance places an increased focus on training by looking at whether the training “adequately covers prior compliance incidents” and whether the company has targeted training for key personnel.
Regarding the second fundamental question—whether the program is “being applied earnestly and in good faith”—the Compliance Guidance increases the focus on adequate resources and tools for effectiveness. Among the issues to be considered are whether the compliance personnel have adequate resources and direct access to appropriate governing authorities, whether they have “sufficient direct or indirect access to relevant sources of data to allow for timely and effective monitoring and/or testing of policies, controls, and transactions,” and whether any impediment limits access to data.
Regarding the third fundamental question—whether the compliance program works in practice—the revisions reinforce the significance of continual review of compliance programs. Companies are encouraged to review and adapt programs in light of evolving business and economic conditions, “lessons learned” from real world experience, regular testing, and internal investigations. The Compliance Guidance retains the importance of “conduct[ing] a thoughtful root causes analysis of misconduct and timely and appropriately remediat[ing] to address the root causes.”
The recent Compliance Guidance and FCPA Resource Guide are important documents which provide insight into how DOJ puts this policy into effect— and how companies and their counsel can maximize the opportunity to receive leniency in the resolution of a criminal investigation.
The quality of a company’s compliance program continues to be a major factor in deciding on the appropriate resolution of a government investigation. This factor bears heavily on whether a company can satisfy DOJ that it has engaged in appropriate remediation efforts after the discovery of unlawful activity. Reflecting the importance of remediation, the Compliance Guidance makes clear that the effectiveness of a company’s compliance program will be considered as of “the time of the offense and at the time of the charging decision and resolution.” This requires a company to consider changes to its compliance efforts during a government investigation; waiting till the end of the investigation could weaken a company’s request for leniency.
FCPA Enforcement Manual
In recent years, DOJ and SEC enforcement of the Foreign Corrupt Practices Act (FCPA) has been a significant area of white-collar practice. The FCPA Resource Guide goes into detail on legal and practical issues associated with FCPA enforcement.
In addition to updating the relevant legal analysis, the FCPA Resource Guide incorporates DOJ policies and practices stated in recent years, such as the DOJ policies on selection of monitors in criminal division matters, see FCPA Resource Guide at 73-74, and the policy against “piling on,” which reflects increased efforts by DOJ to coordinate resolutions with other law enforcement agencies.
The FCPA Resource Guide also includes a useful discussion of the FCPA Corporate Enforcement Policy (FCPA Enforcement Policy). Since 2017, DOJ has been guided by that policy, a set of principles that grew out of a 2016 pilot program. Under that policy, a company can expect a presumption of nonprosecution if it satisfies the three-part test stated earlier—that is, that the company makes a voluntary disclosure of information to the government, gives full cooperation and remediates the conditions that led to unlawful conduct. The FCPA Enforcement Policy formalized certain rules developed under the earlier pilot program. Under that program, companies that voluntarily disclosed potential FCPA violations were, as a matter of case-by-case discretion, eligible for a declination of prosecution, or in the event of aggravating circumstances warranting criminal charges, a reduction of up to 50% off the bottom end of the fine imposed by the U.S. Sentencing Guidelines. In formally adopting this approach, the FCPA Enforcement Policy sought to provide “greater clarity” about the circumstances under which a declination would be presumptive. See Justice Manual § 9-47.120.
The FCPA Resource Guide also incorporates the Compliance Guidance discussed above and makes clear that it specifically applies in FCPA cases. FCPA Resource Guide at 56-68. The guide notes that, in the DOJ’s resolution of criminal cases, the evaluation of a compliance program influences three key areas of decision: “the form of resolution or prosecution, if any; the monetary penalty, if any; and the compliance obligations to be included in any corporate criminal resolution,” including whether a compliance monitor is appropriate and the length and nature of any reporting obligations.
When a company is not deemed eligible for a declination, the adequacy of its compliance programs may still influence, among other things, whether the investigation is resolved through a guilty plea, a deferred prosecution agreement (DPA) or a nonprosecution agreement (NPA). An effective compliance program is more likely to convince prosecutors that a company should receive one of these more favorable resolutions rather than being required to enter a guilty plea.
Significantly, current DOJ policy in all white-collar investigations, not just FCPA investigations, generally follows the approach toward companies taken in the FCPA Enforcement Policy. In recent speeches, DOJ officials have made clear that the emphasis on voluntary disclosure, full cooperation and complete remediation, and the presumption of declination if these criteria are met, guides DOJ thinking in all corporate investigations conducted by the Criminal Division. See, e.g., DOJ Press Release, “Assistant Attorney General Brian A. Benczkowski Delivers Keynote Address at the Ethics and Compliance Initiative (ECI) 2019 Annual Impact Conference” (April 30, 2019).
Presumption of Declination In Practice
The FCPA Resource Guide provides particular insight into how DOJ has put the FCPA Enforcement Policy into practice over the past eight years, and it suggests how DOJ will approach any matter of corporate white-collar enforcement. One of the most instructive additions to the new Resource Guide is the inclusion of three examples of recent DOJ declinations under the FCPA Enforcement Policy. In these examples, declinations were issued to companies that met all three elements for nonprosecution: voluntary disclosure, full cooperation, and timely and appropriate remediation.
In the first example, the government declined to prosecute a private U.K. company that voluntarily disclosed making nearly $1 million in payments to the director of a Korean-government funded research center. The declination announcement noted that the company was subject to a parallel investigation by the U.K. Serious Fraud Office for violations relating to the same conduct, in which the company similarly accepted responsibility, received a DPA, and paid over £2 million as disgorgement of gross profits.
The second example involved a 2018 declination for a Barbados-incorporated insurance company whose high-level employees paid approximately $36,000 in bribes to a Barbadian government official in exchange for insurance contracts. The FCPA Resource Guide notes that a declination was appropriate even though there was “high-level involvement of corporate officers in the misconduct,” which is one of the considerations that can demonstrate extraordinary circumstances to rebut a presumption of declination. The government cited the company’s self-reporting, cooperation with the government (including in the criminal prosecution of culpable individuals), and full remediation (including enhanced compliance programs and internal controls, termination of certain employees, and full disgorgement of profits).
The third example involves a 2019 declination for a publicly traded company whose employees authorized the payment of a $2 million bribe to an Indian official in exchange for obtaining a required permit. Although members of senior management directed and participated in the criminal conduct, DOJ declined corporate prosecution, noting that in addition to the company’s selfdisclosure, full proactive cooperation, and complete remediation, the “effectiveness of the company’s preexisting compliance program, as well as steps it had taken to enhance” it and other internal controls, warranted a declination. The government also noted adequate remedies through civil enforcement actions, including the company’s agreement to pay $6 million in penalties to the SEC in addition to disgorgement.
These examples of declinations against companies show the government’s commitment to a “carrot and stick” policy under which presumptive declination is offered to companies that self-report, cooperate and remediate, but most likely not to companies that the government believes fails to meet one or more of these requirements. The recent Compliance Guidance and FCPA Resource Guide are important documents which provide insight into how DOJ puts this policy into effect—and how companies and their counsel can maximize the opportunity to receive leniency in the resolution of a criminal investigation.
Reprinted with permission from the September 4, 2020 edition of the NEW YORK LAW JOURNAL © 2020ALM Media Properties, LLC.