F Joseph Warin, M Kendall Day, Daniel P Chung and Laura R Cole, Gibson, Dunn & Crutcher LLP

This is an extract from the half-year update to the third edition of GIR's The Practitioner’s Guide to Global Investigations. The half-year update is available here and the whole guide is available here

In April 2016, the US Department of Justice (DOJ) announced a new one-year `Pilot Program' to provide greater transparency on expectations for mitigation credit for voluntary self-disclosure, co-operation and remediation in Foreign Corrupt Practice Act (FCPA) investigations. Under the Pilot Program, if a company voluntarily self-disclosed FCPA-related misconduct, co-operated fully in the ensuing investigation and appropriately remediated the misconduct, it was eligible for up to a 50 per cent reduction off the bottom of the applicable US Sentencing Guidelines fine range, and the DOJ also would consider declining prosecution altogether. The Pilot Program reflected an increasing emphasis in DOJ policy on co-operation, where previous guidance had emphasised both co-operation and the effectiveness of the company's pre-existing compliance programme. The Pilot Program followed a September 2015 memorandum authored by former Deputy Attorney General Sally Yates (the Yates Memorandum), which sent waves through the defence bar by affirmatively requiring prosecutors to pursue individuals from the inception of a corporate investigation.

The DOJ extended the Pilot Program beyond its initial one-year duration and, in November 2017, adopted it and codified it into the US Attorneys' Manual (now called the Justice Manual) as the FCPA Corporate Enforcement Policy. This introduces a presumption that the DOJ will decline prosecution of a company that voluntarily discloses FCPA-related misconduct, co-operates fully in the ensuing investigation and appropriately remediates the misconduct. To qualify for a declination, companies must disgorge any allegedly improper profits from the conduct. The presumption of declination that accompanies a voluntary disclosure is just that a presumption which may be overcome by aggravating circumstances, such as the involvement of executive management in the misconduct, significant profits from the misconduct, misconduct that was pervasive and criminal recidivism. The DOJ has since announced that it will consider the Corporate Enforcement Policy in all corporate criminal cases. 

In March 2019, the DOJ revised the Corporate Enforcement Policy. While the general structure of the policy remains the same, the DOJ made four key changes: revisions to the policy on disclosures regarding responsible individuals, application of the policy to the M&A context, revised guidance on de-confliction requests and a change in the DOJ's policy with respect to ephemeral communications tools.

Disclosures regarding responsible individuals

The revised Corporate Enforcement Policy implements changes announced on 29 November 2018 by then US Deputy Attorney General Rod J Rosenstein relating to the identification of culpable individuals in corporate investigations. Under the Yates Memorandum, as a prerequisite for any co-operation credit, corporations had to identify all individuals responsible for, or involved in, the underlying misconduct and provide all facts pertaining to such misconduct. Under the revised policy, corporations must identify `every individual who was substantially involved in or responsible for the criminal conduct.' Although, to receive co-operation credit, corporations must still identify those who were substantially involved in wrongdoing, the former Deputy Attorney General emphasised that the DOJ will not delay resolution of an investigation to gather information on those `whose involvement was not substantial, and who are not likely to be prosecuted.'

The revised policy better harmonises the Yates Memorandum with directives in the Justice Manual concerning joint-defence agreements. Under the Justice Manual, prosecutors cannot ask corporations to refrain from entering into a joint-defence agreement.6 Parties to a joint-defence agreement are often prevented from sharing information derived from internal investigations. The Justice Manual states that corporations in joint-defence agreements may nevertheless wish to tailor their agreements to allow them to provide some relevant facts to the government to remain eligible for co-operation credit. But merely providing some relevant facts falls short of the `all relevant facts' threshold under the Yates Memorandum. By emphasising that corporations need only identify individuals who were substantially involved in or responsible for wrongdoing, the revised policy is congruent with the `some relevant facts' standard for co-operation credit in the Justice Manual.

The DOJ's revised policy defining corporate co-operation will have practical implications on corporate investigations that are likely to enhance information-sharing with the DOJ. The Justice Manual prohibits prosecutors from affirmatively seeking waiver of attorneyclient privilege and protected work-product. Nevertheless, because companies often conduct investigations with the assistance and advice of counsel, they have not always been able to furnish all relevant facts to the DOJ, absent some form of waiver. The revised policy, by more narrowly focusing on those with substantial involvement in wrongdoing, will probably reduce the number of instances companies will face duelling priorities of protecting privilege versus co-operating with the DOJ.

Credit in M&A due diligence

The revised FCPA Corporate Enforcement Policy states that:

[W]here a company undertakes a merger or acquisition and uncovers misconduct through thorough and timely due diligence or, in appropriate instances, through post-acquisition audits or compliance integration efforts, and voluntarily self-discloses the misconduct and otherwise takes action consistent with this Policy including . . . the timely implementation of an effective compliance program at the merged or acquired entity, there will be a presumption of declination. . . 

This change reflects the policy, announced in a July 2018 speech by Deputy Assistant Attorney General Matthew S Miner, that the DOJ wishes to encourage M&A activity by companies with strong compliance programmes and not to have `the specter of enforcement . . . be a risk factor that impedes such activity by good actors.' One month later, at a GIR Live event, Miner expanded his comments to make clear that they apply to `other types of potential wrongdoing, not just FCPA violations', unearthed in connection with an acquisition and disclosed to the DOJ. Although not an explicit amendment of the Halliburton FCPA Opinion Procedure Release (No. 08-02), the new policy does not heed the timelines the Release articulated.

De-confliction guidance

De-confliction requests, in which the DOJ asks the corporation not to take certain steps, such as employee interviews, can be challenging for corporate operations. The revised Corporate Enforcement Policy softens (but does not eliminate) the requirement that companies abide by de-confliction requests, stating that full co-operation requires de-confliction of witness interviews and other investigative steps `[w]here requested and appropriate'. In a footnote, the policy states that although the DOJ may ask the company to `refrain from taking a specific action for a limited period of time for de-confliction purposes,' it `will not take any steps to affirmatively direct a company's internal investigation efforts.' The comment to the new policy states that where the DOJ makes a de-confliction request, the request:

will be made for a limited period of time and be narrowly tailored to a legitimate investigative purpose (e.g., to prevent the impeding of a specified aspect of the Department's investigation). Once the justification dissipates, the Department will notify the company that the Department is lifting its request.

The de-confliction process fails to address the fundamental desire of a corporation to ferret out the misconduct and any wrongdoers.

The revised Corporate Enforcement Policy attempts to strike a better balance between the company's operational needs and the law enforcement desires of the government. It remains to be seen how the subjective standards, such as `where . . . appropriate' and `for a limited period of time' are applied in practice.

Business records

The Corporate Enforcement Policy continues to require that to receive remediation credit, a company must appropriately maintain business records. But where the original policy required companies to prohibit employees from using software that generates but does not appropriately retain business records, the revised policy allows companies to permit the use of such tools, while:

implementing appropriate guidance and controls on the use of personal communications and ephemeral messaging platforms that undermine the company's ability to appropriately retain business records or communications or otherwise comply with the company's document retention policies or legal obligations.

The DOJ did not provide any concrete guidance on what `appropriate guidance and controls' on the use of ephemeral messaging tools might be. The revised Corporate Enforcement Policy no longer requires an outright ban on the use of such communications. The DOJ clearly continues to perceive them as risky from a compliance perspective. Companies should consider what ephemeral messaging tools their employees use and why, whether those business justifications outweigh the risks, and, if so, how best to restrict the use of the tools to appropriate areas and to ensure that the company's recordkeeping obligations (including retention obligations unrelated to the DOJ's policy) are met.

Conclusion

Although the DOJ's revised Corporate Enforcement Policy is not a dramatic departure from the earlier iterations, the changes described above will have a significant impact on day-to-day practice for outside counsel defending corporations in FCPA investigations and for in-house legal and compliance personnel responsible for enhancing compliance programmes in response to the updated policy.