www.fcpareport.com ©2015 The FCPA Report. All rights reserved. Volume 4, Number 26 December 16, 2015 Brockmeyer and Stokes Offer Four Benefits of Cooperation and Four Ways Companies Can Go Wrong in Their Internal Investigations ENFORCEMENT TRENDS By Megan Zwiebel 1 Look to the Resolution Papers The most overt way they are doing this is through providing more detail in resolution papers. Stokes noted that the “relevant considerations” sections of DOJ settlement documents “are quite detailed and provide very helpful guidance as to what our thinking was, why we reached the resolution we did.” The penalty guidelines calculation included in DPAs or guilty pleas are also helpful, in his opinion, because they set out in detail – and in defined amounts – the benefits of cooperation, self-disclosure and remediation. The DOJ’s resolutions also lay out the fact pattern underlying the bribe scheme in “tremendous detail,” according to Stokes. The DOJ’s goal in outlining these facts is “partly to hold a company to account and explain the criminal conduct,” but it is also meant to deter similar behavior by laying out the types of criminal schemes that are out there so that compliance officers and in-house counsel can know what to look for at their companies, Stokes said. While the defense bar does find these sources of information useful, those attorneys The FCPA Report spoke with felt that these sources of “transparency” were limited in their helpfulness. “There’s no question that the guidelines calculation discussion and relevant consideration sections provide useful guidance to the bar and to companies,” said Kathryn Atkinson, a member of Miller & Chevalier, but “there is not complete transparency,” and “we don’t know what’s left on the cutting room floor following settlement negotiations.” James Koukios, the former Senior Deputy Chief of the Fraud Section and now a partner at Morrison & Foerster, explained that “there will never be perfect transparency As government enforcers become increasingly sophisticated about business practices and bribery – and adjust their strategies accordingly – companies can be left befuddled as to what is expected from them. In our previous issue, The FCPA Report analyzed the DOJ and SEC’s changing approaches in detail based on the “Year in Review” panel at this year’s ACI FCPA conference. During that panel Kara Brockmeyer, Chief of the FCPA Unit of the Division of Enforcement of the SEC, and Patrick Stokes, Deputy Chief of the Fraud Section of the Criminal Division of the DOJ, also clarified their expectations for companies and their compliance programs. The FCPA Report spoke to several anti-corruption defense experts to find out whether these expectations are reasonable and how companies can best meet them. For coverage of last year’s panel see “Top FCPA Enforcers Tout Voluntary Disclosure and Warn About International Cooperation; The Defense Bar Responds,” The FCPA Report, Vol. 3, No. 24 (Dec. 3, 2014); and “Top FCPA Officials Talk Compliance Tips and the Defense Bar Weighs In,” The FCPA Report, Vol. 3, No. 25 (Dec. 17, 2014). Increasing Transparency and Where to Find It The FCPA enforcement agencies, particularly the DOJ, are aware that companies are unsure what the government expects from them and representatives from both agencies say their units are making a purposeful effort to be more transparent about their expectations for companies and compliance programs. For a number of years now the Department has made a “concerted effort, particularly in our FCPA cases,” Stokes said, to explain its rationale for bringing a particular case and for resolving it in a particular way. www.fcpareport.com ©2015 The FCPA Report. All rights reserved. Volume 4, Number 26 December 16, 2015 2 cooperate with investigations – a message underscored in a speech made by Leslie Caldwell, Assistant Attorney General of the DOJ Criminal Division, during the conference as well. Yet, the government continues to push companies to self-disclose. “Enforcement agencies do not have unlimited resources, so they cannot find every crime,” Atkinson noted. In her opinion, the agencies have determined that the “best way to find and address a larger universe of criminal activity is to create incentives for disclosure, and disincentives for non-disclosure.” Low agreed, pointing out that “voluntary disclosure in the FCPA area is particularly useful to the government because of the well-known challenges associated with FCPA cases.” See “When Should a Company Voluntarily Disclose an FCPA Investigation?,” The FCPA Report, Vol. 3, No. 4 (Feb. 19, 2014). Benefits of Self-Reporting, Cooperating and Remediating While there is no requirement for a company to voluntarily disclose, cooperate or to remediate, the point, according to Stokes, is that the government “will give benefits for those efforts.” Those rewards can take several different forms, he said, and specified four ways in which a company can profit from working with the government. As an illustration of how these incentives work, Stokes compared the resolution in the Alstom case, where the company failed to self-report and did not cooperate until very late in the government’s investigation, with the Avon case, where the company did not self-disclose but did cooperate, resulting in “substantial benefits.” Notably, neither example that Stokes chose involved a voluntary disclosure, demonstrating that even without approaching the government a company can receive significant credit for cooperation. 1. Form of Resolution: An FCPA case can be resolved with a guilty plea, a DPA, an NPA or “even a declination,” Stokes said. Depending on a company’s level of cooperation, the government can reward it for self-reporting, cooperating and remediating by because there are limits on what DOJ (and SEC) can include in the documents,” but that in his experience working at the DOJ, “the agencies strive for this goal.” Inaction Can Signal “Something” Brockmeyer pointed out that the SEC does not use DPAs and NPAs very often, so when they are used, they “signal something about the company.” But she did not specify what that “something” might be. “I am not sure we have had enough of these from the SEC really to assess the signals,” said Lucinda Low, a partner at Steptoe & Johnson. “Although the government has emphasized the company’s voluntary disclosure, cooperation and remediation, one may question where the SEC is drawing the line between conduct that will get you an NPA (as in the Ralph Lauren case) and a DPA,” she said. Further, she found it troubling that Brockmeyer noted that PBSJ had waived privilege to allow its general counsel to assist with the prosecution of individuals. “If the [PBSJ] DPA was the result of the company’s decision to waive privilege, then it is troubling.” Stokes said that when the SEC brings an action but the DOJ does not, that also is a signal about the company and its conduct. However, “a DOJ declination can be motivated by numerous factors, from a lack of criminal jurisdiction to a discretionary policy choice,” Koukios noted. Government Incentives to Self-Report, Cooperate, Remediate “There was a definite drumbeat this year from both agencies about the importance of self-disclosure,” observed Lillian Potter, special counsel at WilmerHale. Indeed, Brockmeyer and Stokes discussed in detail how the government incentivizes companies to self-report, cooperate and remediate. Self-Reporting Is Not Required, But Encouraged Stokes emphasized that no one is legally required to voluntarily disclose wrongdoing, nor must companies www.fcpareport.com ©2015 The FCPA Report. All rights reserved. Volume 4, Number 26 December 16, 2015 3 paid a $772 million fine that was squarely in the midpoint of the guidelines range. But What About the Consequences? While it is clear that there can be benefits of self-reporting, cooperating and remediating, the consequences were not discussed by either Stokes or Brockmeyer. “There does not appear to be much of a nuanced or particularly thoughtful analysis of when self-reporting is appropriate and when it is not,” Claudius Sokenu, a partner at Shearman & Sterling, observed. “The question that has percolated for some time now is how much voluntary disclosure buys a company beyond what credit it gets for exemplary cooperation and remediation,” Atkinson said. For example, Stokes estimated that Avon’s cooperation saved it $75 million but, Atkinson pointed out, Avon has disclosed that it spent hundreds of millions of dollars on the investigation and enforcement effort. “The investigation costs dwarf the savings on fines and penalties,” she said, which illustrates that “the official fine and penalty amounts are not the only consideration for companies deciding how to approach a potential FCPA violation.” Faced with this reality, Sokenu recommends that companies “ignore most of this and engage in a fact-based analysis of whether and when self-reporting is appropriate on a case by case basis.” See “When and How Should Companies Self-Report FCPA Violations? (Part One of Two),” The FCPA Report, Vol. 1, No. 1 (Jun. 6, 2012); Part Two, Vol. 1, No. 2 (Jun. 20, 2012). Internal Investigations If a company does choose to self-report or cooperates with the government, the SEC and DOJ both have specific expectations about what a company’s internal investigation should look like, and how a company should present its findings. “Credibility really is the key for us right from the get-go,” Stokes said. Atkinson concurred, explaining that “there is a place for advocacy in the resolution process, but if it extends to taking liberties with the facts, then counsel altering which way the government’s investigation is resolved. While Alstom, which did not cooperate fully, received a guilty plea, Avon, which did cooperate, was able to resolve its investigation with a DPA. 2. Entities Involved in the Resolution: Most investigations of companies involve multiple subsidiaries and affiliates, in addition to the parent company. According to Stokes, confining a resolution to just the subsidiaries or the affiliates is another benefit the government can give to companies that cooperate. “In at least the past five years, [among] the companies that voluntarily disclose criminal conduct, there’s not been a parent-level guilty plea,” Stokes noted. On the other hand, “Alstom did not involve a self-disclosure and there was a parent-level guilty plea.” 3. Monitorship: A company also can be rewarded with a shorter monitorship, or even no monitorship at all, according to Stokes. The key to earning this benefit is early, comprehensive remediation. “It really is to a company’s benefit to remediate at the earliest stage,” Stokes said. See “How to Find a Business-Minded Compliance Monitor and Minimize Reporting Requirements When Negotiating an FCPA Settlement (Part One of Three),” The FCPA Report, Vol. 2, No. 4 (Feb. 20, 2013); Part Two, Vol. 2, No. 5 (Mar. 6, 2013); Part Three, Vol. 2, No. 6 (Mar. 20, 2013). 4. Penalty Discounts: Finally, the most obvious way a company can benefit from cooperation is by receiving a discount in the amount of penalty it has to pay. According to the federal sentencing guidelines, a fine for an FCPA violation is generally $25 million or twice the gross pecuniary gain or gross pecuniary loss resulting from the offense, whichever is greatest. However, in a settlement, the government can deviate from that number. How much the settlement will deviate from the guidelines calculation depends on a company’s level of cooperation. Stokes said that when companies “fully cooperate, remediate and they voluntarily disclose,” it would not be unusual for them to receive discounts from the sentencing guidelines of as much as 30%. Although it did not self-report, Avon received a 20% discount in its penalty due to its cooperation, while Alstom www.fcpareport.com ©2015 The FCPA Report. All rights reserved. Volume 4, Number 26 December 16, 2015 4 failures will “cause tremendous consternation with prosecutors and regulators.” While retaining documents and electronic data are the most obvious ways companies need to preserve evidence, ensuring that the DOJ and SEC have access to witnesses is also very important. Stokes explained that often companies will conduct their internal investigation and terminate the employees involved before presenting their investigation results to the DOJ, which leaves the government with no witnesses. “We get it; we’re sophisticated; we know the game,” Stokes said, “but we also aren’t going to give you [cooperation] credit for that.” What the regulators want is to be given “a heads up” and “the opportunity to interview these people so that we can have access to this evidence,” he said. “The individuals and employees involved are evidence.” See “Strategies for Preserving Data Before and During an FCPA Investigation,” The FCPA Report, Vol. 1, No. 12 (Nov. 14, 2012). 3. Spinning Investigation Results Companies can try to “spin” their investigation reports and downplay the severity of any issues to the SEC and DOJ, but, according to Brockmeyer, this will erode the government’s confidence “that the company is really trying to root out the problem and grapple with what went wrong to make sure that it doesn’t happen again.” Koukios agreed, explaining that “there is significant room for advocacy, but a company that ‘spins’ quickly loses credibility with the enforcement agencies.” The best internal investigations, Brockmeyer said, are done by people who know that they are representing the independent directors and shareholders of the company and that their task is “to find out what went wrong, who is responsible and how to prevent it from happening again.” The best way to do this, she suggested, is by “casting a skeptical eye on everything that they do.” “When reporting out on the results of an internal investigation, it’s best to provide as factual and straightforward a presentation as you can and to resist the temptation to characterize the evidence,” Potter will lose credibility.” To help companies maintain that credibility, Stokes and Brockmeyer gave some specific examples of how companies can go wrong when investigating possible FCPA violations. 1. Withholding Information A company can undermine its credibility by failing to disclose all relevant information in its possession in a timely manner. Companies “may do a partial disclosure, they may do an investigation and reveal only some of the conduct,” Stokes said, and the government only finds out about something at a later stage. That really “calls into question” a company’s motivations, he said, and causes the DOJ to question whether it needs to “test the internal investigation more thoroughly.” “Companies need to understand these agencies are well versed in how corruption works,” Atkinson said, and “fact patterns tend to become familiar, which means it is easier for prosecutors to sense where the story might be missing pieces or otherwise not hang together.” Companies should not offer good facts up front and hold back bad facts because “if the government finds out about those bad facts, either from another source or because you are pressed into revealing it, your credibility will be sorely damaged,” she said. See also “How to Conduct an Anti-Corruption Investigation: Ten Factors to Consider at the Outset (Part One of Two),” The FCPA Report, Vol. 2. No. 25 (Dec. 18, 2013); “Developing and Implementing the Investigation Plan (Part Two of Two),” Vol. 3, No. 1 (Jan. 8, 2014). 2. Failing to Preserve Evidence Another key misstep companies make when performing internal investigations is not preserving all evidence the SEC and DOJ might need to determine an appropriate resolution. Stokes said this can be a particular problem when foreign companies or foreign attorneys perform an investigation based on what is required under local laws as opposed to the SEC and DOJ’s stricter standards. If the U.S. authorities find that certain evidence has not been preserved, they will not be satisfied with a response of “that’s not required in country X,” he said, and such www.fcpareport.com ©2015 The FCPA Report. All rights reserved. Volume 4, Number 26 December 16, 2015 5 See “Remediation, Cooperation and No Bribery Allegations Net Hyperdynamics a $75,000 Civil FCPA Settlement,” The FCPA Report, Vol. 4, No. 20 (Oct. 7, 2015). Compliance Program Expectations When a company does remediate and update its compliance program, what should that new program look like? The government continues to develop “a more sophisticated understanding of compliance,” cautioned Stokes, and the DOJ is looking to go beyond program design to find out whether the program was implemented and tested. “It’s a bit of a cliché,” he said, “but we don’t want a check-the-box program.” Although the main areas of concern may seem numbingly familiar to those in the field, both Brockmeyer and Stokes gave some nuanced guidance on what the government expects from companies. For instance, Brockmeyer said that the SEC now expects a compliance program to be “embedded with and connected to internal audit.” Compliance should not be a standalone program, but should rather be part of the internal financial controls of the company, she said, because many of the financial controls can do double duty as FCPA controls. Stokes said the DOJ is looking for compliance auditing as well, and also that any audit rights a company has over its third parties are exercised. It is also interested in seeing audit reports and knowing whether due diligence and auditing has actually led a company to break ties with any third parties. With regard to the much discussed “tone at the top,” Brockmeyer said the SEC is looking for more than a simple message from the CEO saying “comply.” Rather, it is looking at what the company does “when the rubber hits the road.” If a sales vice president wants to hire a particular agent but the compliance and audit department has concerns, the SEC is looking for senior management that tells its employees not to “get close to the line.” See “DOJ Compliance Counsel Hui Chen Is on the Job and Looking for Key Aspects of Strong Compliance Programs,” The FCPA Report, Vol. 4, No. 24 (Nov. 18, 2015). said, “while, of course, presenting the facts in the way you think is fairest to your client.” Later in the process company representatives can put on their “advocate hat” but should remain conscious that “one person’s ‘spin’ is another person’s ‘factual recitation,’” she said. “Finding the right balance between advocacy and objectivity can be difficult,” Sokenu agreed, “but there is no question that companies and their counsel must strike the right balance.” See “Audit Committee Responsibilities Before, During and After Internal Investigations: Remediating and Disclosing the Investigation to the Government and the Public (Part Four of Four),” The FCPA Report, Vol. 3, No. 7 (Apr. 2, 2014). 4. Waiting to Remediate Finally, another mistake companies can make is waiting to remediate until the resolution stage of an investigation. According to Stokes, at the resolution stage, “it’s just frankly too late at that point for a company to do quick enhancements and a quick redesign of the compliance program to avoid a monitorship. The earlier a company can start on remediation, the earlier it starts with those enhancements, the more likely we are to agree that monitorship isn’t necessary.” Low cautioned that while companies should be remediating as early as possible, such remediation needs to be “tempered” with judgment. “Some program gaps may be apparent early on in an investigation (for example, a lack of compliance resources in a particular operation or geography, or a gap in a key risk area such as third-party engagement) and it makes sense to try to plug those gaps sooner rather than later, even if a more thorough review of the program needs to wait until the investigation is more advanced,” she said. In order to do this effectively, companies should “make sure the compliance gatekeepers are in the loop so they can understand and help close the program gaps,” Atkinson said. If using outside counsel, companies should “make sure they have the expertise to identify and evaluate program gaps and failures, not just individual culpability,” she said.