In 1991, compliance programs became a potential mitigating factor for companies facing federal investigation. At this time, the U.S. Sentencing Guidelines established seven elements of an effective compliance program, and proscribed stricter requirements for compliance programs in 2004 and 2010. In 2012, the Securities and Exchange Commission ("SEC") and Department of Justice ("DOJ") published their first guidance document related to the Foreign Corrupt Practices Act ("FCPA"): A Resource Guide to the U.S. Foreign Corrupt Practices Act ("FCPA Guide"). In addition to highlighting the need for solid compliance programs, the FCPA Guide also specifically rejected a one-size-fits-all approach to compliance and instead recommended a risk-based approach appropriate to the company's size and complexity. The SEC and DOJ have recently reiterated the mandate for robust compliance programs, while also advising that a risk-based approach is key to an effective compliance program.

At the end of 2013, Kara Brockmeyer, chief of the SEC's FCPA Unit, and Charles Duross, deputy chief of the DOJ's Fraud Section, reviewed key anticorruption enforcement during 2013 and discussed priorities for 2014 at the American Conference Institute. Both Ms. Brockmeyer and Mr. Duross emphasized the need for strong compliance programs and stated that they expect compliance programs to be risk-based, which they recognize is about risk management and not complete risk elimination. As the SEC and DOJ have repeatedly warned, Ms. Brockmeyer and Mr. Duross advised companies to tailor their compliance programs to their own individual circumstances, and continually evaluate, assess, test, and strive to improve their compliance programs.

Mr. Duross also explained that effective compliance programs can serve to mitigate penalties and possibly resolve an investigation by way of a deferred prosecution agreement ("DPA") or non-prosecution agreement ("NPA") instead of a guilty plea. DPAs and NPAs are similar to probation and essentially divert prosecution for a set period of time in which the company must satisfy specific requirements imposed by the government. If those requirements are satisfied within the allotted period of time, then the case is resolved and the company avoids admission of guilt.

In February 2014, Ms. Brockmeyer reiterated her comments at the annual "SEC Speaks" conference. She again emphasized the importance of companies investing the proper thought and analysis into their compliance programs and internal controls. Ms. Brockmeyer also identified the use of third-party intermediaries as the most significant issue currently for the SEC's FCPA Unit, and she emphasized the critical nature of third-party due diligence. In the past two years, almost 70 percent of all cases brought by the SEC's FCPA Unit have involved joint ventures, vendors, suppliers or other third parties. Ms. Brockmeyer encouraged companies to look beyond their specific business relationship with the third party, and pay particular attention to travel and entertainment expenses.

Today's enforcement climate underscores the need for an effective compliance program. Compliance has now become a part of the statutory and regulatory landscape, and companies are well advised to continually evolve and strengthen their compliance programs in light of the risks inherent to the company's business. Companies need to adopt a proactive approach toward compliance and the promotion of a culture that encourages ethical conduct and a commitment to compliance, as well as programs designed to identify and mitigate risks. Compliance programs should be tested, cannot be static, and should include interactive and practical training components.