The U.S. Department of Justice is expected to release its first-ever Foreign Corrupt Practices Act enforcement guidance before the end of the year, and many anticipate that the release will coincide with Assistant Attorney General (and head of the Criminal Division) Lanny Breuer’s keynote address at the annual ACI FCPA Conference this Thursday. Perhaps the biggest question surrounding the upcoming DOJ guidance is whether it will contain a clearly stated compliance defense that will allow companies to avoid prosecution where they had rigorous internal controls and compliance procedures in place before the events under investigation. Mr. Breuer should articulate such a compliance defense as an element of the DOJ’s charging decision calculus, in order to offer more "carrot" and less "stick" to the universe of multinational companies striving to conduct legal and ethical business around the world.
Companies subject to the FCPA have long complained that they face near-strict liability under the FCPA for bribes paid by their employees and agents, even where the company did not authorize or sanction the conduct. While both the SEC and DOJ have policies in place that require consideration of corporate compliance programs when making enforcement decisions,1 these policies do not have the force of law and provide only a muted incentive for companies to invest in compliance procedures. This lack of clarity has undermined companies’ willingness to self-report FCPA violations by employees.
By comparison, the laws of other jurisdictions allow a business entity to wholly escape liability for bribes paid by an employee or agent if the company’s compliance procedures and internal controls should have prevented the misconduct. Most notably, the UK Bribery Act has an “adequate procedures” defense to the corporate offense of failing to prevent bribery,2 and the UK Serious Fraud Office has issued detailed guidance on which anti-bribery procedures will be considered “adequate” for this purpose.3
This discrepancy has lead some, including the U.S. Chamber of Commerce, to urge the adoption of a formal compliance defense to the FCPA.4 While there is no sign that Congress is willing, at least in the near-term, to amend the statute in this way, the DOJ guidance could and should accomplish the same result by following the UK’s lead and providing formal guidance on which compliance procedures would suffice to prompt the DOJ to decline to prosecute a company for violations by rogue employees or agents.
For companies hoping that their hefty investments in anti-corruption compliance will pay off, the enforcement agencies have recently provided a glimmer of hope. In April 2012, prosecutors cited Morgan Stanley’s robust compliance program and cooperation with the government in declining to charge the bank in a case involving bribes paid by one of its employees.5 The forthcoming DOJ guidance should make clear that the Morgan Stanley result is not an accident, and reassure companies that if they invest in the right preventative measures, they will be buying effective insurance. This result would enhance the FCPA’s effectiveness by further incentivizing both the adoption of strict compliance measures and corporate self-reporting.