The FCPA Guidance is an advertisement for the government’s voluntary disclosure program. DOJ and SEC repeat their message – if you voluntarily disclose, you will get a benefit. As demonstrated in the declinations, companies that disclose will receive a benefit.
While I am reluctant to bring religion into the FCPA arena, the FCPA Guidance describes the disclosure process in a cleansing way, like an absolution from confession. Say three Hail Mary’s and you walk out of the government absolved. As portrayed in the FCPA Guidance, everyone should come in, confess and receive their guaranteed absolution.
Unfortunately, the issue is not so simple, nor straightforward.
The FCPA Guidance describes voluntary disclosures in situations when a violation has not occurred. Some of the hypothetical factual situations refer to potential violations. Of course, you can be liable for an attempted or authorized bribe but the FCPA Guidance does not make that clear. Instead, it describes situations where companies detect a potential bribe but stop it from occurring.
In these situations, the decision to disclose to the government is problematic. What is the benefit of the disclosure and what is the down side?
If a company runs into the government to report “potential” violations, there is a serious risk. The government can turn to the company and ask the company to conduct an internal investigation which may or may not be limited to the specific circumstances which caused the initial voluntary disclosure. The company can then conduct the internal investigation and may then find real and significant FCPA violations. Since it is already before the government, the company will have to disclose these additional risks and may end up having to pay a fine and suffer other consequences.
Let me suggest an alternative strategy which also has risks — but these risks may be more manageable.
Instead of disclosing the potential violations to the government, the company conducts its own internal investigation and identifies significant problems with its compliance program. The company fixes the problems and adopts new and improved procedures to prevent the problem from reoccurring. The company then sits tight and continues to conduct business.
One wrinkle to this last scenario – what happens if the company terminates some employees involved in the misconduct? The company’s risk increases because the terminated employees may decide to report the company to the government. Add to that the SEC’s whistleblower program and potential compensation to the former employee, and the risk of the employee reporting to the government increases even more.
Even though the company cannot control that employee, the company has addressed the initial problem, conducted an internal investigation, remediated the problem and has a good understanding of its potential exposure if it then decides to disclose the conduct to the government.
In the end there is no clear “right” way to handle these situations. If the company only discovers “potential” compliance problems, it is hard to see the benefit of voluntary disclosure in such circumstances.
One thing is clear – a company should never act without full knowledge. While many companies are reluctant to initiate an internal investigation unless there are real problems identified initially, this is a short-sighted and indefensible use of internal investigations.
In order to define a company’s risks, internal investigations and periodic audits and compliance reviews are invaluable tools for a company to identify and manage risks so as to avoid government scrutiny.