On November 29, 2017, Deputy Attorney General Rod Rosenstein expanded upon the Department of Justice’s (“DOJ”) long-running efforts to encourage companies to self-disclose Foreign Corrupt Practices Act (“FCPA”) violations by announcing[1] a revised FCPA Corporate Enforcement Policy[2] that the DOJ has incorporated into the United States Attorneys’ Manual. The revised policy effectively codifies with certain “improvements” the so-called “FCPA Pilot Program” that DOJ started in April 2016 and extended in April 2017. Rosenstein touted the success of the FCPA Pilot Program noting that it “proved to be a step forward in fighting corporate crime,” having caused the number of voluntary FCPA disclosures by companies to increase from 18 over the year and a half prior to implementation to 30 over the same time period under the program. Rosenstein also observed, however, that there were “opportunities for improvement,” and that the newly revised FCPA Corporate Enforcement Policy promises “greater certainty for companies” deciding whether to disclose FCPA violations and “greater clarity” about DOJ’s decision-making.

The Revised Policy

The revised FCPA Corporate Enforcement Policy has two main components. First, the policy provides that if a company voluntarily self-discloses misconduct, fully cooperates, and timely and appropriately remediates, there is a “presumption that the company will receive a declination.” This presumption is rebutted where “aggravating circumstances,” related to the nature and seriousness of the offense, exist or the company is a recidivist. Aggravating circumstances include, but are not limited to, instances where the company’s executive management was involved in the misconduct, the company significantly profited from the misconduct, the misconduct was pervasive within the company, or the company is a repeat offender. In cases where the company has complied with the revised policy but aggravating circumstances exist, DOJ “will accord, or recommend to a sentencing court, a 50% reduction off of the low end of the U.S. Sentencing Guidelines (U.S.S.G.) fine range, except in the case of a criminal recidivist” and “generally will not require appointment of a monitor if a company has, at the time of resolution, implemented an effective compliance program.” Second, as was the case under the FCPA Pilot Program, the revised policy provides that if a company did not self-report its misconduct to DOJ, but later fully cooperated and timely and appropriately remediated, the maximum benefit the company may receive from DOJ will be capped because DOJ will only recommend to a sentencing court, “up to a 25% reduction off of the low end of the U.S.S.G. fine range.”

The revised policy also defines the standards that determine whether a company has voluntarily self-reported FCPA misconduct, fully cooperated in FCPA matters, or timely and appropriately remediated FCPA-related harm. According to the revised policy:

  • “Voluntary self-disclosure” occurs where a company discloses “prior to an imminent threat of disclosure or government investigation” and “within a reasonably prompt time” after the company becomes aware of the violation.
  • “Full cooperation” means, among other things: (i) disclosing all facts gathered in an investigation with “attribution of facts to specific sources where such attribution does not violate the attorney-client privilege, rather than a general narrative of the facts;” (ii) proactive, rather than reactive, cooperation; (iii) the “[t]imely preservation, collection, and disclosure of relevant documents and information relating to their provenance; (iv) the “de-confliction of witness interviews,” which means the company holds off on interviewing witnesses until the government has interviewed them; and (v) making available for DOJ interviews “those company officers and employees who possess relevant information.”
  • “Timely and appropriate remediation” means, among other things: (i) addressing the root causes of corruption failures; (ii) implementing an effective compliance and ethics program; (iii) disciplining responsible employees; (iv) retaining business records relevant to the misconduct; and (v) demonstrating the recognition of the seriousness of the misconduct, accepting responsibility for it, and implementing “measures to reduce the risk of repetition of such misconduct, including measures to identify future risks.” Remediation that makes the company eligible for the full benefits under the FCPA Enforcement Policy also includes the requirement that “it must have effectively remediated at the time of resolution,” including by paying all disgorgement, forfeiture and/or restitution resulting from the misconduct at issue.

These standards are substantively very similar to those under the FCPA Pilot Program[3] as well as those articulated in DOJ’s Principles of Federal Prosecution of Business Organizations.[4] However, the revised FCPA Corporate Enforcement Policy contains some slight modifications. For instance, the revised policy removed the Pilot Program’s admonition that a company will not receive credit for self-reporting under the Pilot Program where the company was otherwise required by law or contract to disclose the relevant misconduct. Thus, it appears that a company that makes a disclosure required by law or contract that otherwise complies with the FCPA Enforcement Policy will be eligible for the policy’s self-disclosure benefits. In addition, with respect to remediation, the revised policy requires companies to assess the “root cause” of corruption failures and prohibits companies from using “software that generates but does not appropriately retain business records or communications.” Finally, the revised policy formalizes DOJ’s recent practice under the FCPA Pilot Program of requiring companies receiving declinations to fully remediate by paying disgorgement or restitution related to the misconduct.[5]

Conclusion

DOJ’s revised FCPA Corporate Enforcement Policy effectively makes permanent the “carrot and stick” approach under the FCPA Pilot Program. Moreover, the policy potentially alters the calculus, and certainly significantly sweetens the deal, for companies that discover an FCPA violation that does not involve “aggravating circumstances,” to make the choice to self-report, fully cooperate, and adequately remediate in FCPA matters by making it presumptive that a declination will be the result in those matters. However, as always, the devil is in the details. It remains to be seen how DOJ will apply the “aggravating circumstances” carve-outs to the declination presumption. For instance, how much profit is significant enough to carve a company out of the declination presumption? Also, companies are well advised to remember that the DOJ FCPA Enforcement Policy does not bind other regulators like the Securities and Exchange Commission (“”SEC), which does not have a parallel policy with the same presumptive declination provision. Accordingly, SEC registrants weighing the complex decision of whether to self-disclose to DOJ must still consider the likelihood that self-disclosure could lead to an SEC enforcement action under the FCPA, even where DOJ may decline prosecution under the revised FCPA Corporate Enforcement Policy. Indeed, the FCPA Corporate Enforcement Policy specifically references the payment of disgorgement to the SEC as one mechanism a company can utilize to complete its remediation obligation under the DOJ policy.

What is clear, however, is that notwithstanding DOJ’s willingness to incentivize companies to self-disclose and cooperate with promises of presumptive declinations or more lenient treatment, DOJ will continue to aggressively target individuals in its FCPA enforcement efforts. As Rosenstein observed in announcing the revised FCPA Corporate Enforcement Policy, so far this year, “19 individuals have either pleaded guilty or been convicted of FCPA related cases.” Similarly, DOJ intends to deal more harshly with companies that violate the FCPA and either fail to discover the violations before DOJ does, or elect not to self-report after discovery. In this environment, companies are well advised to examine and fine-tune their anti-corruption compliance and audit programs to assure they are effective and to mitigate anti-corruption risk.