On April 5, 2016, the Fraud Section of the Department of Justice (“DOJ”) issued a new Foreign Corrupt Practices Act (“FCPA”) Enforcement Plan and Guidance (“Enforcement Plan”) that includes a one-year pilot program to formally incentivize corporations to self-disclose potential FCPA issues, fully cooperate with DOJ in the investigation of those issues, and remediate any corruption issues identified in an internal investigation. In particular, the Enforcement Plan details newly articulated benefits available to companies who fulfill specific obligations imposed in the categories of self-disclosure, cooperation, and remediation. The pilot program, which will be reevaluated in one year, is the most significant component of the three-part Enforcement Plan, which also includes previously announced efforts to significantly enhance prosecutorial and law enforcement resources and increase coordination with foreign prosecutors and law enforcement.[1]

In light of these new pronouncements, companies should evaluate whether their compliance programs can meet DOJ’s newly established compliance standards to prevent misconduct in the first instance. In addition, companies should be prepared to evaluate the potential advantages of the pilot program if DOJ initiates an FCPA investigation into potential misconduct by their employees.

Newly Articulated Benefits

The pilot program articulates specific benefits that a company can receive if it meets certain criteria detailed in the Enforcement Plan.[2] DOJ has been criticized in the past for failing to articulate quantifiable benefits that could be received for self-disclosure, cooperation, and remediation. In the Enforcement Plan, DOJ has now announced that a company meeting all the defined requirements of self-disclosure, cooperation, and remediation can receive a significant, specific reduction in monetary penalties, an increased likelihood of a declination, and a decreased likelihood of a government-appointed compliance monitor.

  • Reduction of penalties: The Enforcement Plan specifically quantifies the potential reductions in penalties that companies can receive if they meet all the requirements under the pilot program.[3] Companies can receive up to a 50 percent reduction off the low end of the recommended penalty range calculated under the U.S. Sentencing Guidelines[4] if they meet all the requirements of voluntary disclosure, full cooperation, and timely and appropriate remediation. The program, however, also places a ceiling on the cooperation credit for companies that do not voluntarily self-disclose—but otherwise meet all other requirements of cooperation and remediation—by noting that such companies will receive at most a 25 percent reduction off the bottom of the U.S. Sentencing Guidelines fine range.
  • Increased likelihood of declination: The Enforcement Plan notes that companies that meet all the requirements of the program will also be considered for a declination of prosecution for all the disclosed criminal offenses. Prosecutors, however, must still take into account the factors outlined in other relevant guidance, including the U.S. Attorneys’ Manual’s Principles of Federal Prosecution of Business Organization, which include the seriousness of the offense, involvement by executive management, significant profit to the company, a history of non-compliance, and prior misconduct.[5]
  • Avoidance of compliance monitor: An additional benefit that a company could receive is avoidance of a DOJ-imposed a compliance monitor as part of any negotiated resolution. A compliance monitor is often required by DOJ as part of a criminal resolution to examine the anti-corruption compliance program and internal financial controls of a company to determine whether such controls are sufficient to appropriately prevent and detect improper payments that could be in violation of the FCPA. The monitor, which is paid for by the company but selected by DOJ, will often spend up to three years examining issues within the company and reporting those results to DOJ, before determining whether the company has established sufficient anti-corruption controls.    

While DOJ has long touted the benefits of self-disclosure, cooperation, and remediation in published FCPA enforcement actions against companies and in its public speeches, the Enforcement Plan for the first time attempts to quantify the potential benefits for engaging in the corporate behavior that DOJ wants. Some of these past statements include the principles initially articulated in the November 2012 FCPA Resource Guide[6] and the September 2015 Memorandum on Individual Accountability, also known as the “Yates Memo,”[7] describing modifications to the U.S. Attorneys Manual’s Principles of Federal Prosecution of Business Organizations. Importantly, the Enforcement Plan does not merely note the potential benefits but describes the required steps a company must take to earn those benefits from DOJ.

Requirements for Credit Under the Pilot Program


In order to qualify for the benefits described above, a company must demonstrate to the FCPA Unit of the Fraud Section that it has fulfilled DOJ’s stated requirements in three categories: (1) voluntary disclosure, (2) full cooperation, and (3) timely and appropriate remediation. As the Enforcement Plan outlining the pilot program makes clear, DOJ has previously provided guidance over whether and what type of resolution is appropriate based on those three factors.[8] As demonstrated in public settlements,[9] DOJ’s Fraud Section generally has provided credit to corporations that meet these requirements by recommending a less severe form of resolution[10] or penalties below the low end of the Sentencing Guidelines recommended fine range.

However, the scope of any potential reduction of the monetary penalty had not previously been set forth in a publicly available framework. Consequently, companies had been faced with uncertainty about what specific steps they could take to obtain such credit and the concrete benefits corporations would receive for self-disclosure and cooperation in FCPA matters. The pilot program takes significant strides towards increasing transparency on the critical issues of how companies qualify for voluntary disclosure, cooperation, and timely and appropriate remediation.

Definition of Voluntary Disclosure

While DOJ has long lauded the potential benefits of voluntary disclosure, the Enforcement Plan provides some clarity about the steps companies must take to qualify as having made a “voluntary disclosure.” In evaluating whether a company qualifies for self-disclosure credit under the pilot program, the Fraud Section will make a careful assessment of the circumstances of disclosure, including determining whether the disclosure is truly “voluntary” or whether it was required by law, agreement, or contract.[11]

The Enforcement Plan notes that the self-disclosure must meet the requirements described in the U.S. Sentencing Guidelines, including self-reporting “prior to an imminent threat of disclosure or government investigation.”[12] DOJ has often encountered situations in which companies claim that they were “voluntarily disclosing” when, in fact, they were reporting to DOJ only after a newspaper had made inquiries into the potential matter, a foreign government had recently raided a foreign subsidiary’s office, or because the company knew that a whistleblower was about to notify the government.

Finally, the Enforcement Plan emphasizes the focus on individual prosecutions articulated in the Yates Memo, noting that credit for self-disclosure requires a company to disclose “all relevant facts known to it, including all relevant facts about the individuals involved in any FCPA violation.”[13] Companies evaluating self-disclosure must recognize that in order to qualify for any benefit, they must make full disclosure of all facts, which means that they must have the compliance infrastructure in place to identify them.

What is “Full Cooperation”

Companies have often struggled to interpret DOJ’s definition of “full cooperation” when determining what they can do to receive credit. The Enforcement Plan details eleven requirements that companies must meet in order to be credited with full cooperation under the pilot program, and thus become eligible for the program’s stated benefits. These requirements do not suggest a marked shift from the factors DOJ has previously relied upon in evaluating cooperation. However, they highlight DOJ’s trend, articulated in the Yates Memo, of gathering evidence in order to prosecute culpable individuals.[14] The requirements include:

  • disclosure on a timely basis of all relevant facts, including all facts related to involvement in the criminal activity by the corporation’s officers, employees, or agents;
  • proactive, rather than reactive, disclosure of relevant information;
  • preservation, collection, and disclosure of relevant documents and their provenance;
  • provision of timely updates;
  • where requested, de-confliction of an internal investigation with a government investigation;
  • provision of all facts relevant to conduct by all third parties;
  • making available for interviews company officers and employees, including overseas employees and former officers and employees;
  • disclosure of all facts identified as part of an internal investigation, including the attribution of the facts to specific sources;
  • disclosure of documents located outside of U.S. jurisdiction, and information about how they were found;
  • facilitation of third-party production of documents when not legally prohibited; and
  • provision of translated documents, as appropriate.[15]

The Enforcement Plan describes compliance with the Yates Memo requirements as a prerequisite for receiving cooperation credit, while also preserving prosecutorial discretion for FCPA Unit prosecutors, stating that the Fraud Section will “assess the scope, quantity, quality, and timing of cooperation based on the circumstances of each case when assessing how to evaluate a company’s cooperation.”[16] Consequently, the Fraud Section makes clear that there is no “partial cooperation.” In order to receive any credit for cooperation, a company must be committed to completing all aspects of what DOJ considers to be cooperation, as described above. Accordingly, companies looking to take advantage of the Enforcement Plan’s benefits must ensure that they have the appropriate compliance infrastructure to be capable of fully cooperating. Without the elements of an effective FCPA compliance program, as articulated in the FCPA Resource Guide, it is unlikely that a company will be able to provide cooperation to DOJ in a timely and cost-efficient manner.

Timely and Appropriate Remediation

Finally, the Enforcement Plan provides guidance regarding the Department’s expectations under the pilot program for timely and appropriate remediation, which is essentially an articulation of the principles of an effective compliance program. The plan notes that credit for remediation is conditioned, first, upon a company receiving cooperation credit, as described above.

Second, the company must demonstrate, to DOJ’s satisfaction, that it has met the remediation goals, which appear to focus less on principles and more on ensuring the proper functioning of the mechanics of a company’s compliance program, including:[17]

  • a culture of compliance;
  • sufficient resources dedicated to the compliance function;
  • the quality and experience of compliance personnel;
  • the independence of the compliance function;
  • whether a company’s compliance program has adequately assessed its risks and tailored its program accordingly;
  • the stature of compliance personnel within a company;
  • the auditing of the compliance program to assure its effectiveness; and
  • any additional steps that demonstrate recognition of the seriousness of the company’s misconduct, acceptance of responsibility, and the implementation of measures to reduce the risks of repetition.    

Third, the Enforcement Plan requires appropriate discipline of employees, including those identified as responsible for the misconduct.

Finally, the Enforcement Plan recognizes that whether an organization is deserving of remediation credit will be “highly case specific,” and that the criteria necessary for an effective compliance program will be periodically updated and may vary based on the size and resources of the organization.[18]

Insights for Companies on How to Respond to the Enforcement Plan and Pilot Program

While the basic elements of the Enforcement Plan’s pilot program are fairly straightforward, companies must consider how this guidance should affect their behavior going forward—both when they have a potential issue arise, but also before they discover a problem. Companies must consider the significant differences between DOJ’s past policy and the current pilot program, including the remaining ambiguities about its implementation, before deciding how best to protect themselves from a potential FCPA prosecution. As described below, the most significant takeaway is that companies must invest more in their compliance programs before a problem arises.

Significant Differences between Prior Practice and New Policy

The one-year pilot program does not fundamentally change the DOJ’s previous efforts[19] to promote corporate self-disclosure and cooperation in FCPA enforcement actions. The difference now, however, is that corporate defendants finally have a specific framework to use in determining the requirements for obtaining credit for such self-disclosures, the type of cooperation that they must provide, and the maximum benefits that they can receive. In that regard, the program ultimately appears designed to encourage self-disclosures and corporate cooperation. However, companies have reason to be cautious.

In particular, companies must still examine the potential benefits and drawbacks of this new pilot program, and whether, ultimately, the newly articulated benefits of self-disclosure are sufficient to outweigh the potential additional costs in legal and accounting fees, financial penalties, management resources, and reputational risks associated with an investigation by DOJ that would not arise in a purely internal investigation. On the other hand, companies must understand the heightened risks associated with a potential violation that is ultimately discovered by the government and the potentially greater sanction for having not self-disclosed.[20]

The pilot program does not eliminate the need for such cost-benefit analysis but provides additional transparency regarding DOJ’s mathematical computations. In particular, the 50 percent reduction in penalty could provide an incentive for some companies to attempt to meet all the requirements of the pilot program. However, the fact that companies may still receive a 25 percent reduction in penalty without self-disclosure may cause others to determine that it is not in their best interest to self-disclose. Companies appear likely to receive almost as much credit if they do not self-disclose but undertake a thorough internal investigation, conduct full and timely remediation, and fully cooperate when the DOJ otherwise identifies the misconduct.[21] Therefore, the greatest differences may arise when DOJ considers whether a declination is appropriate or whether to impose a monitor. However, DOJ has not yet provided public information regarding what factors underlie those calculations, and, in the interest of preserving prosecutorial discretion, may decline to ever do so.

Despite the Enforcement Plan’s effort to create additional transparency around corporate FCPA penalties, DOJ still maintains significant prosecutorial discretion over a number of factors critical for companies to understand when considering the impact of the Enforcement Plan. Negotiations surrounding FCPA matters involve numerous determinations regarding the scope of misconduct (e.g., number of countries involved), appropriate type of resolution,[22] and whether to impose a monitor, as well as how to calculate the penalty.[23] Accordingly, notwithstanding the pilot program, companies will still face significant uncertainty as to the final outcome of a future investigation because DOJ maintains the ability to make decisions that can significantly impact financial penalties in FCPA enforcement actions.[24] In our view, DOJ could do much more to enhance the success of the pilot program if it can publicly demonstrate that companies who meet the requirements of self-disclosure, full cooperation, and timely remediation get the reductions promised or, even better, a declination for the disclosed misconduct.[25]

Recommendations for Companies in Light of the Pilot Program

The Enforcement Plan’s requirements for companies participating in the pilot program can also be viewed as further guidance with respect to the Department’s expectations for the best practices for a company to conduct an internal investigation or create an effective compliance program. In particular, a company that has not identified specific FCPA issues should still consider whether its compliance program and other policies are up to the standards that DOJ has established as a precondition to receive the benefits of the program. We outline below considerations for each of the three categories of requirements under the program.

Voluntary Disclosure

While the decision of whether to voluntarily disclose known misconduct to DOJ is complicated, companies who want to control that decision must know the information before DOJ does. Consequently, companies must establish a strong compliance program that will identify potential misconduct and give them the opportunity to make the decision of whether to voluntarily disclose. The program must also provide sufficient information about the potential misconduct to thoroughly analyze whether a voluntary disclosure is the best strategy.

Of particular importance, companies must establish a properly functioning monitoring and auditing system to identify and prevent as much misconduct as possible. Given the challenges of some markets, it may be impossible to prevent all misconduct. According, companies must quickly identify any misconduct that has occurred so that it can be stopped. Swiftly zeroing in on small issues before they spiral out of control will allow a company’s anti-corruption procedures and financial controls to be modified to prevent future misconduct.

In addition, the pilot program’s requirement that a company promptly “disclose all relevant facts known to it” requires that the company have the ability to quickly gather information known throughout the organization. Companies often struggle to gather facts that are not centralized in a compliance department and are instead distributed among subsidiaries around the world, often with different reporting lines and accounting systems. For example, FCPA issues identified in financial audits must be quickly brought to the attention of the compliance team to investigate and resolve. Similarly, when an issue is identified in a single region or subsidiary, the compliance team should be informed so that it can determine whether it is an isolated incident or a recurring, widespread problem. Failure to do so could prevent a company from adequately disclosing all relevant facts because they are buried in another part of the organization.

Finally, companies must establish a proper reporting mechanism that quickly responds to employees raising potential FCPA concerns. If a company wants to be able to control the decision over whether to make a voluntary disclosure, the company must have identified and investigated those issues before they become public. Having an effective hotline and an efficient internal investigative protocol allow a company to maintain control of issues before disgruntled employees take those issues outside of the company and perhaps to DOJ.

While the manner in which to handle a voluntary disclosure to government regulators is appropriately outside the scope of any company’s compliance program, the compliance program is critical to determining whether a company is capable of making a voluntary disclosure in the first place. If companies want to be able to take advantage of the pilot program, they must first invest in building an effective compliance program and appropriate whistleblower response system.


While a company may not voluntarily disclose, once discovered, most companies that find themselves before DOJ fully cooperate in order to get the maximum credit.[26] The pilot program effectively outlines what DOJ considers to be “full cooperation” and builds upon the standards that the FCPA Unit has established over the past decade.

DOJ has high expectations of what qualifies as cooperation, and many companies may not have a sufficiently effective compliance infrastructure to be able to provide it. Companies should ensure that they have evaluated their internal policies and procedures so that they can quickly respond. For instance, company IT policies relating to data preservation and privacy can greatly facilitate a company’s efforts to preserve and review data, as well as to make disclosures of that data to DOJ in a cost-efficient manner. Additionally, a carefully maintained database of employment agreements, including severance agreements with departing employees, can facilitate efforts to interview current and former employees. Finally, company policies governing agreements with third parties, including, for example, requirements that certain agreements with third parties contain anti-corruption certifications and audit clauses, may impact the company’s ability to facilitate the production of documents or witnesses from third parties.

All of these actions (and many more) can make a review more effective and cost-efficient in identifying relevant facts either for an internal review or when cooperating with DOJ.


The pilot program’s third factor of remediation provides insight into the compliance infrastructure that a company should establish when FCPA problems occur. DOJ considers remediation when determining the nature of the enforcement action (including whether even to bring a charge) and whether a resolution requires additional compliance obligations, including whether to impose a compliance monitor. Consequently, companies wishing to obtain a DOJ declination or avoid a monitor should carefully examine DOJ’s statements regarding compliance both in the Enforcement Plan and in previous guidance, such as the FCPA Resource Guide.

The Enforcement Plan notes that in determining whether a company meets these remediation requirements, DOJ will assess several factors, including the culture of compliance, dedicated compliance resources, their independence and stature—including “how a company’s compliance personnel are compensated and promoted compared to other employees.”[27]Companies should expect DOJ to carefully evaluate the resources devoted to compliance, and even go so far as to compare the salaries of the compliance personnel with the compensation of those engaged in the alleged misconduct. Compliance personnel who have struggled to have their messages heard by business leaders should applaud these additional DOJ pronouncements regarding the importance of building an effective compliance structure.

The Enforcement Plan further notes that DOJ will also evaluate: “Any additional steps that demonstrate recognition of the seriousness of the corporation’s misconduct, acceptance of responsibility for it, and the implementation of measures to reduce the risk of repetition of such misconduct, including measures to identify future risks.”[28] DOJ has previously explained those factors in the FCPA Resource Guide, describing the 10 Hallmarks of an Effective Compliance Program.[29]Further insight into DOJ’s perspective can be gleaned from a review of past resolutions, especially the attachments to the resolutions describing the basic elements of a compliance program or the enhanced compliance obligations in certain resolutions. Companies must ensure that their compliance programs can meet DOJ’s expectations.

Impact on Foreign Corporations

DOJ’s new guidance will be relevant to foreign corporations, as well. Those competing with U.S. companies must be mindful that their U.S.-based competitors will adjust their compliance programs to take into account the guidance in the Enforcement Plan, thus setting a new benchmark in terms of international best practices. This may be particularly relevant with regard to, for example, the independence and influence of the company’s compliance function and personnel, which are often not afforded the same attention in African, Asian, Central and Southern European, and Southern American companies as they are in U.S.-based companies.

In addition, the Enforcement Plan exacerbates the ever-present concerns about the application of different legal standards. The incentive to self-disclose in the U.S. may be at odds with the absence of any similar advantage in the company’s home-country. Moreover, some of the articulated requirements of cooperation, such as disclosure of third parties’ conduct or making employees available for interviews, may conflict with local data privacy or employment laws.

Thus, non-U.S. corporations should also reevaluate their compliance infrastructure, and should consider how to best address legal differences that may arise if an investigation uncovers conduct that the company may want to consider disclosing under the pilot program.


The Enforcement Plan provides some welcome guidance for companies navigating decisions of self-disclosure and cooperation in connection with potential FCPA violations. Such companies now have further information to more accurately calculate the potential benefits to such decisions, and the 50 percent reduction in potential penalties provided for by the pilot program creates a significant incentive for disclosure.

However, in practical terms, the effects of the program on changing corporate behavior are far from certain. As noted, DOJ has long touted the benefits to corporations of self-disclosure, cooperation, and remediation, and those benefits have often been reflected in more favorable settlements with companies that meet such requirements. The requirements listed in the pilot program are extensive, and without specific prior instances of companies receiving full credit for meeting those requirements, companies otherwise inclined not to disclose FCPA violations may find a 50 percent reduction in potential penalty insufficient, or insufficiently certain, to justify the risks associated with self-disclosure—especially when they can receive almost as much if they cooperate after DOJ begins its own investigation. Similarly, the parameters of what constitutes “full cooperation” have not changed dramatically since the FCPA Resource Guide and the Yates Memo. Consequently, the Enforcement Plan is unlikely to significantly change the calculus of companies evaluating whether to voluntarily disclose or how to cooperate.

The most valuable part of the Enforcement Plan is the insight it provides into what matters most to the FCPA Unit when considering remediation—a strong, effective compliance department. Consequently, companies should use this announcement to ensure that their compliance function is strong, including taking the following three actions:

  • Empower the company’s compliance function so that it is well-staffed, appropriately compensated, and has sufficient clout within the organization to accomplish its critical function of preventing misconduct and detecting improper behavior;
  • Evaluate the effectiveness of the company’s anti-corruption compliance program by conducting a thorough anti-corruption risk assessment, including analyzing the strength of the financial controls and information systems, risks from major government touch-points, and the implementation of FCPA training and awareness among key stakeholders; and
  • Ensure the proper functioning of the anti-corruption program by closing any remaining gaps in the compliance infrastructure, building off of the 10 Hallmarks of Effective Compliance Programs previously identified in the DOJ FCPA Resource Guide and in published FCPA enforcement actions.

While the Enforcement Plan’s pilot program is unlikely to significantly change the calculus of companies considering self-disclosure or cooperation with DOJ, the continued emphasis on the establishment of strong compliance programs should encourage companies to reevaluate their current compliance infrastructure and ensure that they are doing all they can to prevent a major DOJ FCPA investigation or, at least, be well-prepared to respond when the next FCPA crisis occurs.