Introduction

On Wednesday, November 29, 2017, United States Deputy Attorney General Rod J. Rosenstein announced a new Justice Department FCPA Corporate Enforcement Policy.[1] The policy is intended to improve upon and make permanent the FCPA Pilot Program (the “Pilot Program”), that was announced on April 5, 2016, to enable DOJ to efficiently identify and punish criminal conduct, and to provide greater certainty for companies considering whether to disclose voluntarily a potential FCPA violation to DOJ.[2] Unlike prior guidance announced through memoranda from the assistant attorney general, the FCPA Corporate Enforcement Policy will be incorporated into the United States Attorneys’ Manual.[3]

Under the new FCPA Corporate Enforcement Policy – which applies only to DOJ criminal prosecutions and neither affects declinations in cases in which there is no criminal liability nor SEC investigations – when a company voluntarily self-discloses misconduct, fully cooperates, and timely and appropriately remediates, there will be a presumption that the company will receive a declination unless there are aggravating circumstances. Even if a company does not make a voluntary disclosure, if it otherwise meets all of the requirements of the new policy, the company will still be eligible for cooperation credit of a 50 percent reduction off the bottom of the U.S. Sentencing Guidelines range. This new policy appears to represent an effort by DOJ to incentivize companies further to disclose voluntarily and fully cooperate with respect to potential FCPA violations, as well as a redoubled effort to bring criminal prosecutions against individual offenders.

Background

On April 5, 2016, DOJ announced the FCPA Pilot Program. Under that program, companies seeking full mitigation credit were required to (1) voluntarily self-disclose; (2) fully cooperate with DOJ investigation; (3) remediate internal controls and compliance programs as appropriate; and (4) disgorge ill-gotten gains. If these requirements were satisfied, a company could receive a 50 percent reduction off the bottom end of the U.S. Sentencing Guidelines range or even potentially a declination. The terms of the new FCPA Corporate Enforcement Policy appear intended to signal a greater likelihood that a company that satisfies the same requirements as under the Pilot Program will now receive a declination. Whether this promise is realized in practice will depend in large measure on how DOJ interprets several of the key concepts set forth in the new policy related to eligibility and aggravating circumstances.

Credit for Voluntary Self-Disclosure, Full Cooperation, and Timely and Appropriate Remediation

Absent aggravating circumstances, the new policy provides for a presumption that a company will receive a declination if it voluntarily self-discloses, fully cooperates, and timely and appropriately remediates. Aggravating circumstances that may warrant a criminal resolution include, but are not limited to, involvement by executive management of the company in the misconduct, a significant profit to the company from the misconduct, pervasiveness of the misconduct within the company, and criminal recidivism. Even if a criminal resolution is warranted, however, if a company has voluntarily self-disclosed, fully cooperated, and timely and appropriately remediated, the Fraud Section will provide a 50 percent reduction off of the low end of the U.S. Sentencing Guidelines fine range unless the company is a repeat offender; and generally the Fraud Section will not require the appointment of a monitor if a company has implemented an effective compliance program at the time of the resolution.

To qualify for the benefits of the FCPA Corporate Enforcement Policy, a company must also pay all disgorgement, forfeiture, and restitution resulting from the misconduct. This requirement may be satisfied by payments made under a parallel resolution with another regulator or enforcement agency, such as the SEC.

In addition, all declinations awarded pursuant to the FCPA Corporate Enforcement Policy (i.e., cases that would have been prosecuted or criminally resolved but for the Policy) will be made public.

The FCPA Corporate Enforcement Policy also provides benefits for companies that do not self-disclose but subsequently fully cooperate and timely and appropriately remediate in accordance with the standards of the Policy. A company meeting these requirements may receive up to a 25 percent reduction off of the low end of the U.S Sentencing Guidelines fine range.

Meaning of Voluntary Self-Disclosure, Full Cooperation, and Timely and Appropriate Remediation

In an effort to provide greater transparency, the FCPA Corporate Enforcement Policy provides fairly detailed definitions of “voluntary self-disclosure,” “full cooperation,” and “timely and appropriate remediation.”

Voluntary Self-Disclosure

In evaluating self-disclosure, DOJ will carefully assess the circumstances in which it is made. To receive credit for self-disclosure, a company must disclose prior to an imminent threat of disclosure or government investigation; it must disclose promptly after becoming aware of the offense; and, it must disclose all relevant facts known to the company, including all relevant facts about individuals involved in the violations.

Full Cooperation

In addition to existing provisions of the U.S. Attorneys’ Manual relating to disclosure of facts relevant to an investigation,[4] the FCPA Corporate Enforcement Policy sets forth five specific requirements for companies to receive credit for full cooperation: (1) disclosure on a timely basis of all facts relevant to the wrongdoing, including facts uncovered during a company’s independent investigation, attributed to specific sources, where attribution does not violate the attorney-client privilege; (2) cooperating proactively rather than reactively, including disclosing facts relevant to the investigation even when not specifically asked to do so; (3) timely preservation, collection, and disclosure of relevant documents, including the facilitation of the production of third-party documents and translations of documents in foreign languages where appropriate and requested;[5] (4) where requested, resolving conflicts relating to witness interviews and other investigative steps that the company intends to take in its investigation with those that DOJ intends to take in its investigation;[6] and (5) making employees and other individuals, including those located overseas, available for DOJ interviews.

The FCPA Corporate Enforcement Policy makes clear that cooperation credit is not predicated on a waiver of attorney-client privilege. It also recognizes that a company may be prevented from fully cooperating due to its financial condition, but requires a company claiming financial hardship to provide factual support so DOJ can evaluate the assertion when considering the extent of the company’s cooperation.

Timely and Appropriate Remediation

To receive full credit for timely and appropriate remediation under the FCPA Corporate Enforcement Policy, a company must demonstrate a thorough analysis of the root causes underlying the misconduct and, where appropriate, that it has remediated the root causes; implement an effective compliance and ethics program; appropriately discipline employees, including those involved in the misconduct and those with supervisory authority over the area in which the misconduct occurred; retain and prevent the destruction of business records; and take any additional steps to demonstrate the seriousness of the misconduct, acceptance of responsibility, and the implementation of measures to reduce the risk of repetition of the misconduct.

The criteria DOJ will use in evaluating the effectiveness of the company’s compliance and ethics program may vary based on the size and resources of the organization, but may include the company’s culture of compliance, resources the company has dedicated to compliance, the quality and experience of the compliance personnel, the authority and independence of the compliance function, the effectiveness of the company’s risk assessment and how the company tailors its compliance program based on the risks identified, compensation and promotion of compliance personnel, auditing of the compliance program to ensure its effectiveness, and the reporting structure of compliance personnel. The FCPA Corporate Enforcement Policy makes clear that these criteria will be periodically updated.

Analysis

DOJ, like the SEC, has consistently sought to incentivize companies to disclose FCPA violations and provide robust cooperation in subsequent investigations. The Pilot Program was an effort to provide incentives to self-report and greater guidance to companies regarding how they would be treated. In announcing the new FCPA Corporate Enforcement Policy, Deputy Attorney General Rosenstein stated that DOJ analyzed the Pilot Program and concluded that it was a “step forward in fighting corporate crime.” Rosenstein implied that the new FCPA Corporate Enforcement Policy was an “improvement” on that program. While the new policy appears on its face to represent a step forward from the Pilot Program in dangling the carrot of a declination, there are substantial questions regarding how it will be implemented in practice, including whether the public nature of any declination and the requirement of disgorgement will be sufficiently enticing. At a minimum, however, it may further motivate companies with an FCPA issue to endeavor to meet the eligibility criteria under the Policy even when they choose not to voluntarily disclose in order to maintain eligibility for the 50 percent reduction.

In announcing the new Policy, Deputy Attorney General Rosenstein provided statistics demonstrating that the number of self-reported FCPA matters increased over the 18 months that the Pilot Program was in effect, when compared to the prior 18 months. Given the increased incentives for self-reporting, it is certainly possible that the uptick in self-disclosure will continue, at least in certain types of cases. The effectiveness of the new Policy in achieving this objective may turn, at least in part, on how DOJ interprets the eligibility criteria for consideration under the Policy, as well as the aggravating factors that can prevent a company from receiving the full benefit of the Policy. These factors, especially the definitions of “timely and appropriate remediation,” “significant profit to the company,” and “pervasiveness of the misconduct within the company,” are open to interpretation and could be used by DOJ to justify the continued prosecution of major cases, despite the Policy.

Finally, in announcing the new Policy, Deputy Attorney General Rosenstein reiterated DOJ’s commitment to holding individuals accountable, stating that “[e]ffective deterrence of corporate corruption requires prosecuting culpable individuals.” He argued that the new policy will increase the number of voluntary self-disclosures, which would in turn enhance DOJ’s ability to identify and punish individuals. In explaining why DOJ was continuing to emphasize the prosecution of individuals over corporations, Deputy Attorney General Rosenstein explained his view that “[i]t makes sense to treat corporations differently because corporate liability is vicarious; it is only derivative of individual liability.” Companies should expect that full cooperation under the new FCPA Corporate Enforcement Policy will need to reflect this focus on individual liability and that they will be expected to continue to cooperate in investigations of individuals.

Associates Meredith A. Arfa and Jonathan Silberstein-Loeb contributed to this Client Memorandum.