Last week was a busy week for compliance officers and FCPA practitioners. On November 14, the long-awaited FCPA guidance from the DOJ and SEC was released.1 In the following days, senior DOJ and SEC officials spoke at the American Conference Institute’s 28th National Conference on the Foreign Corrupt Practices Act in Washington, D.C. They revealed their thinking on the following topics, among others:
- the newly released guidance;
- expectations of companies’ compliance programs;
- self-reporting (not surprisingly, that companies should always pick up the phone); and
- their unwavering commitment to the aggressive FCPA enforcement we have seen in recent years.
Also last week, the SEC issued its Annual Report on the Dodd-Frank Whistleblower Program for Fiscal Year 2012.2 Of the 3001 tips received by the SEC, 115 (or 3.80%) involved FCPA-related allegations.
In a keynote address last Friday morning, Lanny Breuer, the Assistant Attorney General for the Criminal Division of the DOJ, made clear that combatting corruption around the world is, and remains, an important commitment of the U.S. Breuer views corruption as a “gateway crime,” and noted that “nothing is more important than curbing corruption around the world.”3
Breuer explained that the DOJ is focused on what he called “bribes of consequence – ones that have a fundamentally corrosive effect on the way companies do business abroad.” He explained that the DOJ tries to strike a balance between vigorous and responsible enforcement. But Breuer also acknowledged his view that the “vast majority of companies doing business internationally want to get it right.” 4
In characterizing what the DOJ and SEC were attempting to accomplish with the issuance of last week’s guidance, Deputy Chief of the Fraud Section in the DOJ’s Criminal Division, Charles Duross, explained that the regulators tried to say “this is our thought process…we’ll tell it to you straight.” Principal Deputy Chief Jeffrey H. Knox of the Criminal Division’s Fraud Section explained that there were three objectives in issuing the guidance:
- To outline what the law is;
- To provide insight into DOJ and SEC enforcement priorities; and
- To give a tangible, concrete understanding of how the regulators exercise prosecutorial discretion in this area – i.e. what they focus on and what they do not.
Lanny Breuer explained that the guidance demonstrates the regulators’ “commitment to transparency.” He characterized the guidance as the “boldest manifestation of our transparent approach to enforcement” and explained that the guidance “may be the most comprehensive effort ever undertaken by either the Justice Department or the SEC to explain our approach to enforcing a particular statute.” 5
While the guidance is not binding, Knox described the guidance as similar to the U.S. Attorneys’ Manual. He explained that the legal community can have confidence that the regulators will act consistently with the guidance.
OTHER HIGHLIGHTS FROM THE REGULATORS’ COMMENTS
Effective Compliance Programs; No Adequate Procedures Defense
The regulators made clear their view that having a good compliance program that works is essential. But when asked his views on the possibility of an “adequate procedures” affirmative defense, Lanny Breuer explained that he does not believe there should be an adequate procedures affirmative defense. Breuer expressed concern that such a defense could result in a “race to the bottom,” and would lead to a situation where litigation would focus on the existence of a compliance program rather than the underlying bribes.
That said, a consistent message from the past week – both from the guidance itself and from the regulators’ subsequent commentary – is that having a strong compliance program is key to securing a more favorable outcome in the event that an issue ever arises at your company. The regulators expect companies to have a reasonable and effective, risk-based compliance program. The program should involve not only policies and procedures, but compliance with those policies and procedures should be tested by internal audit. And the focus should be not only on prevention of bribery, but also on detection, so that a small problem that could have been stopped if detected early does not become a much bigger problem.
The regulators acknowledged that no compliance program is going to be perfect. But as Kara Brockmeyer, Chief of the FCPA Unit of the SEC’s Enforcement Division, emphasized, a compliance program “has to be more than just a good compliance program on paper.” She suggested that companies need compliance programs that are “dynamic” and that take into account the specific risks that a company faces. Brockmeyer explained that the SEC asks whether the company “gets it,” and whether they are really trying to be good corporate citizens. She also noted that having a strong compliance program can be helpful in showing that you don’t have a corrupt intent.
And for companies that think that, after an issue arises, it is too late to get credit for a good compliance program, think again. The regulators explained that they not only look at a company’s compliance program at the time of the problematic conduct at issue, but that they also look at the compliance program over time and how it has evolved. In essence, the regulators want to see how compliance programs are enhanced after an issue arose.
Parent-Subsidiary Liability/Successor Liability Issues
Panel moderators and audience members also asked questions about various hot topics such as parent company liability for the actions of a subsidiary and successor liability, and the response from the regulators was consistent: “it depends” and these determinations are made “on a case-by-case basis.” The take-away is that while the guidance provides insight into the regulators’ thought processes and views on the state of the law, there remain many open questions regarding when a company will or will not be held liable; these determinations will still be made on a case-by-case basis, and depend on the facts and circumstances at hand.
Another consistent message related to the issue of successor liability. The regulators uniformly stated that there would be a “real, tangible benefit” to conducting pre-acquisition due diligence, disclosure and remediation, and continued post-acquisition diligence and implementation of a compliance program, when it comes to prosecutorial discretion – e.g. will the regulators exercise their discretion to decline to take action against a company when it otherwise could.
Who Is A “Foreign Official” Under the FCPA?
On the issue of who is a foreign official, Brockmeyer explained that the best guidance is “don’t bribe anybody, and you’ll be ok.” Duross chimed in with, “yeah, why are we talking about who we can bribe?” Of course, companies ask this question not to determine who they can bribe, but rather to make sure that their compliance programs are appropriately designed, to make sure that training is targeted toward those with the greatest levels of exposure to foreign government officials, etc. But one very interesting point made on the issue of how to determine if you are dealing with an instrumentality is that if a company undertakes a good-faith effort, which is documented, to determine whether an agency is an “instrumentality” and makes the good-faith determination that it is not, it is hard to see how DOJ could prove the knowledge element of the crime. This underscores the need to understand with whom you do business (and to document the basis of that understanding!).
Kara Brockmeyer also commented on the whistleblower tip statistics released last week, noting that, in most cases, those whistleblowers who called the SEC had already tried to report allegations internally at their companies. Charles Duross also noted that the quality of whistleblower tips has improved under Dodd Frank.
Finally, the regulators made clear – and this is no surprise – that they want you to pick up the phone and self-report if an issue ever arises. They insist that there are real, tangible benefits of doing so, even if those benefits are not always evident from looking at historical fines alone.
TAKE-AWAYS FOR YOUR COMPANY
What last week’s events tell us is that the regulators’ commitment to enforcement of the FCPA remains strong. And while the regulators provided 120 pages of guidance, setting forth insight on the how and why of the regulators’ enforcement decisions, there are still many open questions, meaning that each issue and circumstance needs to be examined on a case-by-case basis. So what can in-house legal or compliance officers do? Perhaps the most consistent message of the past week, both in the guidance and in the regulators’ comments, is that having a risk-based and robust compliance program, while not an absolute defense in the case of a violation, will get you a long way toward a more palatable resolution if any issue ever does arise.