On November 14, 2012, the Criminal Division of the Department of Justice (DOJ) and the Enforcement Division of the Securities and Exchange Commission (SEC) released “A Resource Guide to the U.S. Foreign Corrupt Practices Act (FCPA)” (Guide). See http://www.justice.gov/criminal/fraud/fcpa/guidance/. This Alert, focused on Enforcement issues, is the third of three outlining key portions of the new Guide. The first in this series reviewed the Guide’s definition of a foreign official, limits on gifts and charitable donations, payments to third parties, and expense guidelines. It can be found at DOJ/SEC Guide to Foreign Corrupt Practice Act – Part 1. The second examined Authorized Facilitation Payments, Payments in Response to Threats, Successor Liability in M&As, and Criminal Liability and is found at DOJ/SEC Guide to Foreign Corrupt Practice Act – Part 2.

When it comes to enforcement, the Guide incorporates many of the factors that are part of the Sentencing Guidelines (see http://www.ussc.gov/Guidelines/2011_guidelines/Manual_PDF/2011_Guidelines_Manual_Full.pdf, Chapter Eight, 8B2.1) and the U.S. Attorney’s Manual (see http://www.justice.gov/usao/eousa/foia_reading_room/usam/ at 9-28.300). The nine (9) factors identified in the Guide to be considered “in conducting an investigation, determining whether to charge a corporation, and negotiating plea or other agreements” are:

  1. the nature and seriousness of the offense, including the risk of harm to the public;
  2. the pervasiveness of wrongdoing within the corporation, including the complicity in, or the condoning of, the wrongdoing by corporate management;
  3. the corporation’s history of similar misconduct, including prior criminal, civil, and regulatory enforcement actions against it;
  4. the corporation’s timely and voluntary disclosure of wrongdoing and its willingness to cooperate in the investigation of its agents;
  5. the existence and effectiveness of the corporation’s preexisting compliance program;
  6. the corporation’s remedial actions, including any efforts to implement an effective corporate compliance program or improve an existing one, replace responsible management, discipline or terminate wrongdoers, pay restitution, and cooperate with the relevant government agencies;
  7. collateral consequences, including whether there is disproportionate harm to shareholders, pension holders, employees, and others not proven personally culpable, as well as impact on the public arising from the prosecution;
  8. the adequacy of the prosecution of individuals responsible for the corporation’s malfeasance; and
  9. the adequacy of remedies such as civil or regulatory enforcement actions.

Given what transpired with the Arthur Andersen case (see U.S. v. Arthur Andersen, 374 F.3d 281 (5th Cir. 2004) — where a major company was put out business by the indictment alone, only to have the conviction overturned by the Supreme Court, and only after thousands of people lost their jobs — and the ensuing U.S. Attorney’s Principles of Federal Prosecution of Business Organizations (see reference to U.S. Attorney’s Manual above), the Guide makes clear that attorney-client-privileged materials cannot be sought. The two exceptions are the obvious ones: if the petitioner asserts the advice of counsel defense or if the communications are in furtherance of a crime or fraud.

Worth repeating is the list of ways in which the SEC may become aware of violations:

  • Tips from informants or whistleblowers;
  • Information developed in other investigations;
  • Self-reports or public disclosures by companies;
  • Referrals from other offices or agencies;
  • Public sources, such as media reports and trade publications; and
  • Proactive investigative techniques, including risk-based initiatives.

Factors the SEC considers when deciding whether to open an investigation include:

  • The statutes or rules potentially violated;
  • The egregiousness of the potential violation;
  • The potential magnitude of the violation;
  • Whether the potentially harmed group is particularly vulnerable or at risk;
  • Whether the conduct is ongoing;
  • Whether the conduct can be investigated efficiently and within the statute-of-limitations period;
  • Whether other authorities, including federal and state agencies or regulators, might be better suited to investigate the conduct;
  • Whether the case involves a possibly widespread industry practice that should be addressed;
  • Whether the case involves a recidivist; and
  • Whether the matter gives the SEC an opportunity to be visible in a community that might not otherwise be familiar with the Commission or the protections afforded by the securities laws.

If a company finds itself facing SEC scrutiny, the factors considered by the agency when evaluating a company’s cooperation are:

  • Self-policing prior to the discovery of the misconduct, including establishing effective compliance procedures and an appropriate tone at the top;
  • Self-reporting of misconduct when it is discovered, including conducting a thorough review of the nature, extent, origins, and consequences of the misconduct, and promptly, completely, and effectively disclosing the misconduct to the public, to regulatory agencies, and to self-regulatory organizations;
  • Remediation, including dismissing or appropriately disciplining wrongdoers, modifying and improving internal controls and procedures to prevent recurrence of the misconduct, and appropriately compensating those adversely affected; and
  • Cooperation with law enforcement authorities, including providing SEC staff with all information relevant to the underlying violations, and the company’s remedial efforts.

The SEC considers the following when assessing the cooperation provided by individuals:

  • The assistance provided by the cooperating individual in the SEC’s investigation or related enforcement actions, including, among other things: the value and timeliness of the cooperation, including whether the individual was the first to report the misconduct to SEC or to offer his or her cooperation; whether the investigation was initiated based on information or other cooperation by the individual; the quality of the cooperation, including whether the individual was truthful and the cooperation was complete; the time and resources conserved as a result of the individual’s cooperation; and the nature of the cooperation, such as the type of assistance provided;
  • The importance of the matter in which the individual provided cooperation;
  • The societal interest in ensuring that the cooperating individual is held accountable for his or her misconduct, including the severity of the individual’s misconduct, the culpability of the individual, and the efforts undertaken by the individual to remediate the harm; and
  • The appropriateness of a cooperation credit in light of the profile of the cooperating individual.

The Bottom Line: How Good Is Your Compliance Program?

In an investigation, the DOJ and/or the SEC will evaluate the company’s internal controls and ask:

  1. Is the company’s compliance program well designed?
  2. Is the program being applied in good faith?
  3. Does the program work?

According to the Guide, the following factors are generally associated with a good compliance program, no matter the context:

  • Commitment from senior management and a clearly articulated policy against corruption;
  • Code of Conduct and Compliance Policies and Procedures;
  • Oversight, Autonomy, and Resources;
  • Risk Assessment;
  • Training and Continuing Advice;
  • Incentives and Disciplinary Measures;
  • Confidential Reporting and Internal Investigation; and
  • Continuous Improvement: Periodic Testing and Review.

Plus these two, which are unique in the anti-bribery context:

  • Third-Party Due Diligence; and
  • Mergers and Acquisitions: Pre-Acquisition Due Diligence and Post-Acquisition Integration.

The Guide goes on to address types of enforcement actions and possible outcomes, but it is clear the DOJ takes the FCPA very seriously. The DOJ home page even displays a dedicated email address to which FCPA violations may be reported: FCPA.FRAUD@usdoj.gov.   

When dealing with government agencies regarding the FCPA or any other matters, companies would do well to:

  1. Discover any violations early;
  2. Perform a thorough investigation promptly:
  3. Timely self-disclose; and
  4. Take strong remedial action right away.

Parts one and two of this series can be found at DOJ/SEC Guide to Foreign Corrupt Practice Act – Part 1 and DOJ/SEC Guide to Foreign Corrupt Practice Act – Part 2.