On November 29, 2017, in remarks made at the American Conference Institute’s 34th International Conference on the Foreign Corrupt Practices Act (FCPA), Deputy Attorney General Rod J. Rosenstein recognized the success of the FCPA Enforcement Plan and Guidance (commonly referred to as the FCPA “Pilot Program”), which had been in effect since April 5, 2016, and announced a revised FCPA Corporate Enforcement Policy. The new policy, which has been formally incorporated into the US Attorneys’ Manual (USAM), and is specific to the FCPA,[1] continues and builds upon aspects of the Pilot Program. Its goal is to “increase the volume of voluntary disclosures” by providing additional transparency and certainty concerning the benefits of voluntary disclosure, full cooperation, and full and timely remediation, thereby “enhanc[ing] the [DOJ’s] ability to identify and punish culpable individuals.” A transcript of Mr. Rosenstein’s remarks can be found here.

Most significantly, the FCPA Corporate Enforcement Policy creates a presumption that a company meeting all standards relating to “voluntary self-disclosure, full cooperation, and timely and appropriate remediation” (each of which the new policy defines) will have its case resolved through a declination “absent aggravating circumstances involving the seriousness of the offense or the nature of the offender.” The Pilot Program, in contrast, provided that the DOJ would “consider” resolving the matter with a declination in such circumstances. Under the new policy, however, the presumption of a declination may be overcome by “aggravating circumstances” that include (but are not limited to):

  • Executive-level involvement in the misconduct;
  • Significant profits to the company resulting from the misconduct;
  • Pervasiveness of the misconduct; and
  • Criminal recidivism.

These broadly phrased factors are substantially the same as the factors outlined in the Pilot Program as relevant to the DOJ’s consideration of whether to grant a declination, and leave significant discretion to DOJ prosecutors as to whether the presumption of declination will apply in a given case.

Even where such aggravating factors exist, however, and the DOJ views criminal prosecution as warranted, the Fraud Section will accord (or recommend to a sentencing court) a 50% reduction off of the lower end of the US Sentencing Guidelines (USSG) fine range (except in cases involving criminal recidivism) for companies that have self-disclosed, fully cooperated, and timely and appropriately remediated, and “generally will not require appointment of a monitor” (to the extent a company has already implemented an effective compliance program at the time of resolution). Where a company has fully cooperated but did not voluntarily disclose misconduct, it will still be eligible for up to a 25% reduction off of the lower end of the USSG fine range.

To qualify for the FCPA Corporate Enforcement Policy, companies will be required to pay “disgorgement, forfeiture, and/or restitution,” even where they have made a voluntary disclosure, fully cooperated with enforcement authorities, and fully and timely remediated. The Pilot Program likewise required payment of disgorgement and, while it did not explicitly require the payment of forfeiture and/or restitution, in practice the DOJ required such payments.[2] The new policy contemplates that these payment requirements may be satisfied by a parallel resolution with a relevant regulator, such as the SEC.

The FCPA Corporate Enforcement Policy also outlines the steps companies must take in order to qualify for credit for voluntary self-disclosure, as well as relevant factors in evaluating a company’s full cooperation and timely and appropriate remediation. Consistent with the Pilot Program, a self-report must (1) be made “prior to an imminent threat of disclosure or government investigation;” (2) be made within a reasonably prompt time of the company learning of an offense (with the burden on the company to demonstrate timeliness); and (3) include a disclosure of all relevant facts, including concerning all individuals involved in the violation. However, while companies required by law, contract, or agreement to make a disclosure were excluded from eligibility for the Pilot Program, this is no longer the case under the FCPA Corporate Enforcement Policy.

The elements of “full cooperation” outlined in the new policy (which are largely consistent with the Pilot Program) are “in addition to” those outlined in the current Principles of Federal Prosecution of Business Organizations and continue to include, among other criteria, the disclosure of overseas documents (with the burden on the company to establish any foreign law prohibition on such disclosure) and facilitation of third-party production of documents and witnesses, as well as “de-confliction” (of witness interviews and other investigative steps) between the company’s and DOJ’s investigations “where requested.”[3] They make no policy changes with respect to the assertion of legal privilege.

With respect to remediation, the FCPA Corporate Enforcement Policy calls for companies to demonstrate a “thorough analysis of causes of underlying conduct…and, where appropriate, remediation to address the root causes.”[4] Not surprisingly, implementing an effective compliance and ethics program by the time of resolution continues to be a requirement for appropriate remediation.[5] The DOJ continues to recognize that the criteria for such a program may vary based on a company’s size and resources. Notably, while the new policy sets forth some of the criteria for such a program, it notes that such criteria “will be periodically updated.” The criteria listed in the new policy largely mirror those set forth in the Pilot Program, including an emphasis on a culture of compliance;[6] on the compliance function and personnel (including factors such as authority, autonomy, independence, resources, reporting structure, quality, compensation and promotion); and on conducting risk assessments and audits to assure the program’s effectiveness.

The new policy includes a few noteworthy additions, however, including the “availability of compliance expertise to the board” and the need for companies to “prohibit[] employees from using software that generates but does not appropriately retain business records or communications.” Furthermore, in an interesting departure from language in the Pilot Program, which required companies to have “a system that provides for the possibility of disciplining others with oversight of the responsible individuals, and considers how compensation is affected by both disciplinary infractions and failure to supervise adequately,” the revised enforcement policy requires appropriate discipline for all employees responsible for misconduct, including through “failure in oversight, as well as those with supervisory authority over the area in which the criminal conduct occurred.” This suggests that the DOJ will be looking for indications of accountability farther up the corporate chain, going beyond the direct supervisor level.

While the prospect of a presumptive declination under the new policy is potentially significant, it is difficult to assess how much of a game-changer it may be at this juncture. It is not a leniency program, nor does it provide a compliance defense. The presumption may be overcome based on the same factors articulated under the Pilot Program, which leave substantial room for the exercise of prosecutorial discretion, in determining whether any of the broadly-stated aggravating circumstances may apply. The availability of a declination under this new policy will also turn on prosecutors’ judgment whether a company has met its burden in demonstrating it made a voluntary self-disclosure, has fully cooperated, and has taken timely and appropriate steps to remediate the misconduct consistent with the new policy.

The new policy does not address what will transpire with corporate groups, for example, when a parent and one or more subsidiaries are implicated in misconduct. In the past, DOJ enforcement frequently differentiated between parent and subsidiaries, sometimes giving the parent a non-prosecution agreement or deferred prosecution agreement, while requiring a plea from the subsidiary.[7] It is possible under this policy that the parent would receive a declination for its reporting, cooperation, and remediation, while the subsidiary would be subjected to a criminal resolution.

Moreover, as under the Pilot Program, declinations under the FCPA Corporate Enforcement Policy will be made public.[8] Thus, overall, while the new policy offers a potentially significant benefit, the decision whether to self-report an FCPA violation to US enforcement authorities will likely still be one that requires careful consideration. In this era of increased international cooperation among enforcement authorities, companies that self-report to the DOJ are likely to be opening themselves up to investigation and potential prosecution in multiple jurisdictions, as well as the collateral consequences that may flow from a public FCPA matter, even a declination.