The US Department of Justice (DOJ) announced updates last week to its Foreign Corrupt Practices Act (FCPA) Corporate Enforcement Policy. While modest on their face, these changes are the most recent example of DOJ making progress on its commitment to be more transparent in providing companies with greater incentives to self-disclose suspected FCPA violations.
I. The FCPA Corporate Enforcement Policy: Developing Incentives
Over the past several years, DOJ has focused on incentivizing companies to self-report potential FCPA violations while also increasing transparency into its prosecution decisions, including with respect to the way it provides tangible benefits to companies that make self-disclosures. The first official iteration was DOJ’s FCPA Enforcement Pilot Program (the Pilot Program), launched in April 2016, which later was formalized in DOJ’s FCPA Corporate Enforcement Policy.
Through the Pilot Program, DOJ sought to incentivize self-reporting of FCPA violations by promising to “consider a declination of prosecution” for companies that (1) voluntarily disclosed FCPA violations; (2) fully cooperated with DOJ’s investigation; and (3) remediated the violations. To qualify for a possible declination, a company was required to disclose “all relevant facts known to [the company], including all relevant facts about the individuals involved in any FCPA violation,” to report suspected violations “within a reasonably prompt time after becoming aware of the offense,” and to demonstrate the timeliness of their disclosure.
In November 2017, after more than a year-and-a-half of effective implementation, DOJ formally adopted the Pilot Program by including its principles into the U.S. Attorney’s Manual and reinforced its message to companies of the significant benefit of implementing a robust compliance program.
DOJ’s revised FCPA Corporate Enforcement Policy (the Policy) provides stronger, more concrete incentives for companies to self-report violations. Whereas the Pilot Program provided that DOJ would “consider” declining to prosecute companies that met its terms, pursuant to the Policy, companies that fully satisfy those three criteria now are entitled to a “presumption” that DOJ will not prosecute the alleged misconduct. Still, however, until recent changes to the Policy, companies were expected to shoulder much of the burden of investigating the suspected violations and to identify responsible individuals to the government. Moreover, DOJ retained significant discretion in determining whether a company’s disclosure was sufficiently timely and adequate to qualify for nonprosecution.
In March 2019, DOJ refined the Policy to make nonprosecution more attainable for companies, most notably by softening DOJ’s prohibition on the use of ephemeral messaging systems. As originally instituted, the Policy required that companies forbid use of software that “generates but does not appropriately retain business records or communications,” such as ephemeral messaging applications. DOJ removed this prohibition in March 2019, instead asking companies seeking credit under the Policy to “implement appropriate guidance and controls on the use of personal communications and ephemeral messaging platforms that undermine the company’s ability to appropriately retain business records or communications or otherwise comply with the company’s document retention or legal obligations.” This change in policy was significant as it allows companies to make business decisions regarding what technology best fits their needs without fear of rendering themselves ineligible for nonprosecution under the Policy.
II. DOJ Continues Trend Toward Incentivizing Self-Reports and Further Transparency Regarding Expectations Under the Policy
Since announcing the Policy in November 2017, DOJ appears to have moved steadily toward further strengthening incentives for companies to self-report potential FCPA violations by easing the requirements for non-prosecution and clarifying the concrete rewards of self-disclosure. DOJ continued that trend with another round of updates to the Policy announced on November 20, 2019. The updates appear modest on their face; however, in practice, they could prove significant.
A. Self-Disclosure Based on Preliminary Investigation Now Permitted
Under the Policy, self-disclosure previously required that a company disclose “all relevant facts known to it, including all relevant facts about all individuals substantially involved in or responsible for the violation of law.” With the recent changes, companies now are obligated only to disclose relevant facts known “at the time of the disclosure” and to provide information regarding “any” – not all – “individuals substantially involved in or responsible for the misconduct at issue.” Notably, companies need not wait to determine that a violation of law has occurred and may report suspected “misconduct.” As stated in a footnote, this modification reflects DOJ’s recognition that disclosing companies “may not be in a position to know all relevant facts at the time of a voluntary self-disclosure.” In that case, companies are urged to fully disclose suspected misconduct “based upon a preliminary investigation or assessment of information.”
The practical effect of this modification is significant. Important to DOJ’s nonprosecution decision under the Policy is its determination that the self-disclosing company came forward “within a reasonably prompt time after becoming aware of the offense.” Before the recent revisions, companies faced a Hobson’s choice upon discovery of potential violations – disclose the suspected violation without a fulsome investigation and risk DOJ determining that the company failed to disclose “all relevant facts,” or conduct a fulsome investigation and risk DOJ deciding that the company failed to disclose “within a reasonably prompt time.” DOJ’s update removes that dilemma, expressly advising companies to report what they know upon discovery of a suspected violation, while making clear to DOJ that the disclosure is based on a preliminary investigation.
B. Identification of Evidence Not in the Disclosing Company’s Possession
As initially adopted, the Policy required self-disclosing companies to identify opportunities for DOJ to “obtain relevant evidence not in the company’s possession” when the company “is or should be aware of” such opportunities. Now, in order to receive cooperation credit, companies are no longer expected to identify evidence that they should have been aware of, or amorphous “opportunities” for DOJ to obtain evidence. Instead, companies are obligated only to identify relevant evidence not in their possession of which they actually are aware.
This, too, is a significant change. The Policy previously afforded DOJ significant discretion in deciding what a company “should” have been aware of during its investigation for the purpose of determining whether a company was entitled to cooperation credit. Furthermore, companies were obligated to identify, but were afforded little guidance from DOJ regarding, “opportunities” to obtain evidence of misconduct. Last week’s updates clarify DOJ’s expectations and make them more attainable for companies seeking cooperation credit and a DOJ declination.
III. Implications Going Forward
DOJ’s recent updates to the Policy represent the latest in a string of revisions reflecting a trend toward increasing transparency and clarity regarding DOJ’s prosecution decisions while strengthening incentives for companies to come forward with evidence of potential FCPA violations and to cooperate in investigations. These changes provide outside counsel with more concrete and reliable guidance in counseling clients on next steps upon discovery of suspected FCPA violations. Companies now have greater certainty regarding DOJ’s expectations and the obligations they must satisfy in self-disclosing. The likely result is a continued increase in cooperation between businesses and DOJ in identifying and remedying FCPA violations and a rise in the number of nonprosecution decisions by DOJ.