Today being the fortieth anniversary of the December 19, 1977 enactment of the Foreign Corrupt Practices Act (“FCPA”), we offer this Client Alert in celebration of the occasion. Fittingly, the U.S. Department of Justice (“DOJ”) itself marked the anniversary with a major policy announcement on the eve of the FCPA’s anniversary, in a November 29, 2017 speech by Deputy Attorney General (“DAG”) Rod Rosenstein regarding the new “Foreign Corrupt Practices Act Corporate Enforcement Policy” (the “Policy”), now set forth in Section 9-47.120 of the U.S. Attorney’s Manual (“USAM”).[1]

The Policy adopts and formalizes the socalled “Pilot Program” (discussed below), is the most extensive and substantial change to the USAM section on the FCPA to date, and has significant implications for both companies and individuals. Most significantly, the Policy promises substantial benefits for cooperative companies – including, in the usual case, a presumptive “declination” of prosecution provided that the Policy’s prerequisites are satisfied. But companies may be rightly hesitant to join in a shower of confetti and streamers in honor of the FCPA’s birthday. For the reasons explained below, the need for careful, factsensitive, and detailed weighing of the costs and benefits of disclosure, and the value in robust compliance policies and procedures, remain as critical as ever. In the sections that follow we review the Pilot Program that preceded the Policy; we review the Policy itself; we consider three paradigmatic cases illustrating how the Policy will be applied; and we consider the implications of the Policy for companies and individuals.

The “Pilot Program” as Prologue

On April 5, 2016, former Assistant Attorney General Leslie Caldwell announced a new FCPA “Pilot Program,” as detailed in a letter by the former Chief of the Fraud Section, Andrew Weissmann, that accompanied Caldwell’s announcement.[2] (Weissmann subsequently left to join the Office of Special Counsel investigation of alleged ties between the Trump presidential campaign and Russia.) The Pilot Program announcement highlighted three aspects of the DOJ’s enforcement plan that included both sticks and carrots: (1) increased enforcement through the addition of ten new prosecutors to the FCPA Unit in Main Justice’s Fraud Section along with three new squads of FBI agents dedicated to investigating and prosecuting FCPA violations; (2) increased international cooperation among enforcement agencies, including the sharing of documents and witnesses; and (3) the start of a “Pilot Program” offering companies compelling incentives to cooperate with regulators, and more guidance regarding the nature of the benefit they could anticipate from voluntary disclosure of FCPA violations.

Congress enacted the FCPA in 1977 to prohibit the bribery of foreign officials by companies seeking their business, and broadly applied the statute to public and private, as well as domestic and foreign entities, and U.S. and foreign individuals.[3] The FCPA’s anti-bribery provisions prohibit payments to foreign officials to obtain or retain business. Its accounting provisions require issuers to make, keep, and maintain true and accurate books and records. Penalties under the FCPA can be devastating, and it is not unusual for fines – separate and apart from the required disgorgement of ill-gotten gains – to reach the hundreds of millions of dollars. In 2016, for example, total sanctions from FCPA violations amounted to $1.8 billion, with an average sanction of $78,965,385.[4] Indeed, the most recent FCPA settlement that DOJ announced at the end of 2017 involved the agreement of SBM Offshore N.V. (“SBM”), and its U.S. subsidiary, SBM Offshore USA Inc., to pay a penalty of $238 million as part of its guilty plea to violations of the FCPA’s anti-bribery provisions, and as part of a deferred prosecution agreement (“DPA”).[5] The DOJ press release announcing the resolution noted that SBM, in 2014, had already paid the Dutch prosecutor $200 million in disgorgement plus a$40 million fine.[6]

In the face of such staggering potential liability, corporate defendants, like their individual counterparts, have been well incentivized to plead and cooperate. But cooperation produced great variety in outcomes, and the rationale for such differences may not always have been clear. Thus, through the Pilot Program, DOJ sought to achieve greater corporate and individual accountability “by providing greater transparency about what [DOJ] require[s] from companies seeking mitigation credit for voluntarily selfdisclosing misconduct, fully cooperating with an investigation, and remediating, and what sort of credit those companies can receive if they do so consistent with these requirements.”[7] Furthermore, under the Pilot Program, “[m]itigation credit [would] be available only if a company . . . [disclosed] all relevant facts about the individuals involved in the wrongdoing,” and “disgorge[d] all profits resulting from the FCPA violation.”[8]

The Pilot Program was also intended to incentivize corporate cooperation as a means to hold individuals more accountable for FCPA violations, and therefore built upon the emphasis on individual accountability set forth in the memorandum of former DAG Sally Quillian Yates in the socalled “Yates Memo.”[9] This emphasis is shared at the U.S. Securities and Exchange Commission (“SEC”) which, along with DOJ, bears responsibility for FCPA enforcement. As Steven R. Peikin, Co-Director of the SEC’s Enforcement Division, recently noted in a speech marking the FCPA’s anniversary, “companies cannot engage in bribery without the actions of culpable individuals. The Enforcement Division is broadly committed to holding individuals accountable when the facts and the law support doing so.”[10]

Weissmann’s letter accompanying Caldwell’s announcement stated that “[t]he principal goal of this program is to promote greater accountability for individuals and companies that engage in corporate crime by motivating companies to (1) voluntarily self-disclose FCPA-related misconduct, (2) fully cooperate with the Fraud Section, and, where appropriate, (3) remediate flaws in their controls and compliance programs.”[11] In this way, DOJ sought to “further deter individuals and companies from engaging in FCPA violations in the first place, encourage companies to implement strong anticorruption compliance programs to prevent and detect FCPA violations, and, consistent with the memorandum of” former DAG Sally Yates, “increase the Fraud Section’s ability to prosecute individual wrongdoers whose conduct might otherwise have gone undiscovered or been impossible to prove.”[12]

Weissmann’s letter also noted that although companies had previously benefited from cooperation – based upon the Principles of Federal Prosecution of Business Organizations in USAM 9-28.000, and as set forth in Chapter 8 of the U.S. Sentencing Guidelines – the Pilot Program for the first time “articulated in a written framework” the Fraud Section’s historical practice of according “reduction[s] below the low end of the Sentencing Guidelines fine range” to companies that “self-disclose misconduct, fully cooperate with a criminal investigation, and timely and appropriately remediate.”[13]

According to this framework, companies who disgorged ill-gotten gains and satisfied the three requirements of voluntary disclosure, full cooperation, and timely and appropriate remediation could receive a benefit of 50% off the bottom of the Sentencing Guidelines range or a full declination of prosecution. On the other hand, if a company did not voluntarily disclose, but otherwise fully cooperated and timely and appropriately remediated, it could expect at most a 25% reduction off the bottom of the Sentencing Guidelines range. Importantly, the letter suggested that a declination was not guaranteed even in cases in which the three requirements were satisfied, and that such benefit would be subject to other considerations, such as “involvement by executive management of the company in the FCPA misconduct, a significant profit to the company from the misconduct in relation to the company’s size and wealth, a history of non-compliance by the company, or a prior resolution by the company with the Department within the past five years.”[14]

The New “FCPA Corporate Enforcement Policy”

The Policy is broadly consistent with the Pilot Program, but differs in one important respect that benefits companies that voluntarily disclose a FCPA violation: whereas the Pilot Program stated that, for a company that satisfies the three requirements, “the Fraud Section’s FCPA Unit will consider a declination of prosecution,”[15] the Policy now states that for such a company “there will be a presumption that the company will receive a declination absent aggravating circumstances involving the seriousness of the offense or the nature of the offender.”[16] This rebuttable presumption further reduces uncertainty regarding the benefit that may come from voluntary disclosure.

Beyond the change to a rebuttable presumption in favor of declination, the categories of partial benefits to which companies were entitled under the Pilot Program remain the same under the Policy. Thus, as was true of the Pilot Program, in the event DOJ determines that a declination is not warranted despite a company’s satisfaction of the three criteria for credit, the company may still benefit by up to a 50% reduction off the bottom of the Sentencing Guidelines range and will generally not be required to retain a compliance monitor if it has an effective compliance policy in place. On the other hand, if a company does not voluntarily self-disclose, but still fully cooperates and appropriately remediates, it may still obtain a 25% reduction off the bottom of the Sentencing Guidelines range.

Similarly, the Policy’s guidance on the meaning of “voluntary selfdisclosure,” “full cooperation,” and “timely and appropriate remediation” are also broadly consistent with the guidance in the Pilot Program. First, to satisfy the requirement of “voluntary self-disclosure,” the disclosure must be both “voluntary” and “timely.” Disclosures are “voluntary,” within the meaning of U.S.S.G. § 8C2.5(g)(1), when they occur “‘prior to an imminent threat of disclosure or government investigation.’” In addition, the disclosure is required “‘within a reasonably prompt time after becoming aware of the offense,’” and the company must “disclose[] all relevant facts known to it, including all relevant facts about all individuals involved in the violation of law.” Notably, the Policy omits the following language from the Pilot Program: “A disclosure that a company is required to make, by law, agreement, or contract, does not constitute voluntary self-disclosure for purposes of this pilot. Thus, the Fraud Section will determine whether the disclosure was already required to be made.”[17] This omission is appropriate. While the requirement of disclosure may be relevant to evaluating the voluntariness of cooperation in certain instances, it should not be a disqualifier.

Second, “full cooperation” requires disclosure of all relevant facts on a timely basis, including facts gathered from an independent investigation, attribution of facts to specific sources (subject to the attorney-client privilege), timely updates and rolling disclosures, and facts relating to individual involvement as well as the involvement of third parties. Furthermore, the Policy requires proactive cooperation, meaning the disclosure of information even when not specifically asked to do so, and sharing with DOJ opportunities to further the investigation of which DOJ is not otherwise aware. Companies must also provide updates on internal investigations, and must preserve, collect, and disclose information uncovered during such investigations, including by producing documents and providing translations. Finally, companies must make witnesses available for interviews and “deconflict” with DOJ, when asked to do so, when the company’s own investigative steps could overlap with those of DOJ. The potential need for deconfliction is particularly important to bear in mind, as even the most well-intentioned internal investigation could inadvertently taint witnesses or evidence, particularly where DOJ may be interested in pursuing a covert proactive investigation. By failing to appropriately deconflict, a company may unintentionally diminish the value of its cooperation.

Third, “timely and appropriate” remediation requires a company to conduct a “root cause” analysis to identify the source of the FCPA misconduct, implement an effective compliance and ethics program, discipline involved employees, and take further steps to demonstrate acceptance of responsibility and to mitigate and avoid future misconduct. The Policy establishes illustrative components for an effective compliance and ethics program, as set forth below (verbatim):

  • The company’s culture of compliance, including awareness among employees that any criminal conduct, including the conduct underlying the investigation, will not be tolerated;
  • The resources the company has dedicated to compliance;
  • The quality and experience of the personnel involved in compliance, such that they can understand and identify the transactions and activities that pose a potential risk;
  • The authority and independence of the compliance function and the availability of compliance expertise to the board;
  • The effectiveness of the company’s risk assessment and the manner in which the company’s compliance program has been tailored based on that risk assessment;
  • The compensation and promotion of the personnel involved in compliance, in view of their role, responsibilities, performance, and other appropriate factors;
  • The auditing of the compliance program to assure its effectiveness; and
  • The reporting structure of any compliance personnel employed or contracted by the company.

Illustrative Case Studies

During the course of the Pilot Program (although prior to the Policy’s announcement), DOJ announced seven declinations, the most recent by letter dated June 21, 2017. In addition, other resolutions during the Pilot Program resulted in awards of limited credit, rather than outright declinations. Although all of these outcomes preceded the announcement of the Policy, they will continue to inform future FCPA resolutions and, therefore, companies’ decisions whether or not to voluntarily self-disclose under the Policy, given the overlap between the Pilot Program and the Policy. We review some notable examples below.

In re HMT LLC (Sept. 29, 2016)

HMT LLC (“HMT”), a Texas-based manufacturer and seller of aboveground storage tanks for the oil, gas, and petroleum industries, obtained a full declination after disclosing FCPA misconduct.[18] The letter announcing the declination noted “that HMT, through its employees and agents, paid approximately $500,000 in bribes to government officials in Venezuela and China in order to influence those officials’ current and future purchasing decisions and thereby secure $2,719,412 in net profits.”[19] In one scheme described in the declination, an HMT agent who HMT paid to promote and sell HMT’s product engaged in a classic “over-invoicing” scheme, and used the proceeds to pay bribes to the employees of a state-owned Venezuelan petroleum company in order for that entity to purchase HMT’s product. Specifically, HMT quoted the agent a price of $X. The agent, in turn, quoted the Venezuelan state-owned petroleum business a price of $X plus a substantially higher amount of $Y. When the Venezuelan entity paid the total of $X plus $Y to HMT, HMT paid the agent $Y (“purportedly as commission and subcontracting fees”), and the agent used $Y to make payments to employees of the Venezuelan petroleum company. A red flag indicative of an attempt to conceal the nature and origin of the payment was the agent’s request that HMT make payment to the agent in bank accounts in, among other locations, Panama and Curacao.

Ultimately, HMT satisfied the three requirements of voluntary disclosure, full cooperation, and timely and appropriate remediation. But even more importantly, the declination letter did not reveal any of the sort of aggravating factors that might have counseled against an outright declination. For example, the dollar values of the bribes and illicit profits were relatively small in context, the geographic scope of the conduct was apparently limited to two jurisdictions, there was no indication of a history of prior similar conduct by HMT, and the involvement of HMT employees did not seem to implicate senior executives. Thus, HMT fits the paradigm of the company that receives the benefit of a declination by satisfying the three prerequisites of the Policy while avoiding potential aggravating factors.

In re General Cable Corporation (Dec. 29, 2016)

General Cable Corporation (“General Cable”), a Kentucky-based manufacturer and distributor of cable and wire, received partial credit despite satisfying all three prerequisites for a declination.[20] According to a December 29, 2016 declination letter, General Cable voluntarily disclosed that it had made improper payments to officials in Africa and Asia to gain business, and also fully cooperated and timely and appropriately remediated. Notably, however, despite satisfying the three prerequisites, General Cable received a non-prosecution agreement (“NPA”) rather than a declination. And, under the terms of the NPA, General Cable received a fine of approximately $20 million (a 50% reduction from the Sentencing Guidelines range), along with disgorgement. Why did General Cable fair worse than HMT, despite satisfying each of the Policy’s three prerequisites? The NPA provides an answer, noting the “nature and seriousness” of the offense conduct. Specifically, certain General Cable executives knowingly failed to implement adequate internal accounting controls, the illegal payments occurred in at least five countries over a tenyear span, and the profits to General Cable exceeded $50 million. Thus, General Cable is the model of a company that, despite appropriate measures to comply with the Policy, may nonetheless still face significant exposure due to various aggravating circumstances. To be sure, General Cable still did much better than it would have without voluntary disclosure, but this particular resolution is a cautionary tale, reminding us, as DAG Rosenstein himself noted in announcing the Policy, that “[t]he new policy does not provide a guarantee. We cannot eliminate all uncertainty. Preserving a measure of prosecutorial discretion is central to ensuring the exercise of justice.”[21]

In re Las Vegas Sands Corporation (Jan. 19, 2017)

Finally, Las Vegas Sands Corporation (“Sands”), a Nevada-based gaming and resort company, also received partial credit under the Pilot Program for its disclosure of corrupt business transactions in China and Macao.[22] But unlike General Cable, which satisfied all three of the prerequisites, Sands did not voluntarily disclose its corrupt practices. Sands did, however, fully cooperate and timely and appropriately remediate. For instance, it fully cooperated by gathering, analyzing, and, where appropriate, translating, key documents. And it “engaged in extensive remedial measures, including revamping and expanding its compliance and audit functions.”[23] For satisfying only two of the three prerequisites, Sands received a 25% discount on the bottom of the Sentencing Guidelines range, resulting in a $7 million penalty.

Implications of the Policy

As General Cable’s resolution demonstrates, voluntary disclosure is a necessary but not sufficient condition for a declination. Nonetheless, the Policy’s creation of a rebuttable presumption in favor of declination means that, all other things being equal, voluntary disclosure will generally tend to benefit companies that have discovered FCPA problems. Of course, given the highly fact-specific nature of the analysis, and the important role that prosecutorial discretion has to play, “all other things” may well not always be equal. And, to be sure, the allure of a declination should not obscure the tangible risks of collateral consequences of self-disclosure: (1) potential “mission creep,” or the widening of regulatory inquiry beyond what may at first appear to be a limited scope; (2) private civil suits; (3) liability to foreign authorities; (4) reputational harm; and (5) negative impact on a company’s stock price.

Companies will continue to need to conduct prompt and independent internal investigations, while balancing competing demands that are frequently in tension: disclosing information to the government in a manner that is deemed sufficiently timely to constitute voluntary and full cooperation, while at the same time gaining an understanding of the full nature and scope of the problem before disclosure and bearing in mind the need for “deconfliction” with a DOJ investigation. Further complicating the issue of timing is the incentive for whistleblowers to report to regulators, and thereby win massive rewards. The potential for such whistleblowers – who may reside in any part of the world – to beat a company to the door of the DOJ or SEC merely through the submission of an online tip, is another factor creating pressure for voluntary disclosure, in effect incentivizing companies to blow the whistle on themselves. In the accompanying one-page document, “What to Do After Discovering an Internal FCPA Problem: A CEO Checklist,” we offer additional guidance for companies encountering an FCPA problem.

Finally, DOJ has made clear that in order to obtain a declination, the three prongs of the Policy will require companies to name names and to provide all relevant facts relating to the involvement of culpable individuals. This is consistent with the prioritization on individual prosecutions set forth in the “Yates Memorandum.” Company employees should be appropriately forewarned of this high enforcement priority.

All of this of course suggests strongly that the creation and maintenance of effective compliance and oversight programs are essential. In the FCPA area at least, given the nature of the penalties, an ounce of prevention continues to be worth far more than a pound of cure.