On November 29, 2017, Deputy Attorney General Rod Rosenstein announced that the U.S. Department of Justice (DOJ) has adopted a new Foreign Corrupt Practices Act (FCPA) Corporate Enforcement Policy (CEP) as part of a broader DOJ effort to raise awareness and encourage compliance with the FCPA.
Enacted in 1977, the FCPA prohibits payments to foreign government officials to assist in obtaining or retaining business. The FCPA has proven to be a significant pitfall for companies conducting business in China, Indonesia, Mexico, Russia, and other countries in which the risk of corruption is elevated according to the Transparency International Corruptions Perceptions Index. The new CEP includes a presumption that problems affecting a CEP-compliant company will be resolved without criminal charges and, in those instances where some criminal violations must be charged, allows a 50% reduction in penalties.
Liability under the FCPA can arise not only from corrupt actions taken by company employees, but also from actions taken by third parties acting on the company’s behalf, such as consultants, lobbyists, and freight forwarders. Companies that do not employ basic compliance safeguards including adequate accounting controls, due diligence screening of third parties, and employee training on a clear anti-corruption policy can easily find themselves in violation of the FCPA and/or the anti-corruption laws of other countries.
The potential financial exposure for violating the FCPA is staggering, with hundreds of millions of dollars in penalties paid over the past decade by prominent members of the global banking, pharmaceutical, and manufacturing industries. In the largest FCPA enforcement announced by the DOJ in 2017, Rolls-Royce plc paid $800 million in penalties in a global resolution of criminal charges. According to the DOJ, two former Rolls-Royce employees and an outside consulting firm conspired to bribe foreign officials in order to secure contracts for a foreign Rolls-Royce subsidiary to supply equipment and services to power a gas pipeline from Central Asia to China. Rolls-Royce’s settlement was part of a deferred prosecution agreement that reflected some leniency due to the company’s cooperation in the DOJ’s investigation of the former employees involved in the corrupt activities, and the implementation of significant remedial measures. In contrast to the deferred prosecution arrangement received by Rolls-Royce, the former employees of Rolls-Royce and the outside consultant were individually indicted on criminal violations of the FCPA.
The DOJ has a long history of encouraging companies to develop robust compliance programs, but the incentives offered by the new CEP are a significant step forward. Beginning with the United States Sentencing Guidelines for Organizations first promulgated in 1991, the DOJ has provided incentives for companies to develop sound compliance programs to ensure that compliance risks such as potential FCPA problems are identified and addressed in a reasonable fashion. The benefits of having an effective compliance program include more than just increasing the odds that misconduct is prevented or caught early. The benefits also include an increased likelihood of lenient treatment by the Government should an issue arise despite the existence of a compliance program, which could potentially decrease any potential fine and avoid the need for a compliance monitor. In addition, if an issue arises and there is either no compliance program in place, or the compliance program is woefully deficient, the cost of establishing such a policy after an issue arises will most certainly be more expensive than if a program had been previously established.
In 2012, to specifically encourage self-policing and self-reporting of FCPA violations, the DOJ released “A Resource Guide to the U.S. Foreign Corrupt Practices Act,” providing basic guidance on FCPA compliance. In 2016, the DOJ went a step further in offering incentives to companies by launching the FCPA Pilot Program. The new CEP announced a few weeks ago builds on the Pilot Program by providing additional incentives to self-disclose potential wrongdoing, as well as additional guidance regarding the DOJ’s expectations of corporations seeking to obtain these incentives. The new policy has been incorporated into the United States Attorneys’ Manual (Section 9-47.120).
Among the most significant incentives set forth in the new CEP is the presumption that self-disclosure will result in the DOJ declining to file criminal charges against the disclosing company. Under the CEP, if FCPA misconduct is self-disclosed to the DOJ, the misconduct is timely and appropriately remediated and the company has fully cooperated with the DOJ, there is now a presumption that the matter will be resolved through a declination if certain aggravating circumstances do not exist. Under the previous Pilot Program, federal prosecutors were only obligated to consider issuing a declination to companies that met these same criteria. Another noteworthy incentive of the new CEP is that if a company self-discloses FCPA misconduct and meets all other policy requirements, but aggravating circumstances still lead to an enforcement action, the DOJ will still recommend up to a 50% reduction off of the low end of the sentencing guidelines fine range (except in the case of a criminal recidivist), and will generally not require the appointment of a monitor if the company has in place an effective compliance program.
Although DOJ incentives like the CEP are important, the best method of reducing exposure to FCPA penalties is to implement a reasonable compliance and ethics program that assesses a company’s regulatory obligations and implements reasonable measures to assure compliance. The new CEP makes it clear that an effective compliance program, as part of an overall culture of compliance, is essential to corporations seeking to utilize the new policy incentives to voluntarily disclose FCPA violations.
As discussed in a prior Alert, compliance and ethics programs should be tailored to the company and its specific compliance risks. A smaller, simpler organization could meet its obligations with less formality and fewer resources than would be expected of larger organizations.
With respect to FCPA, a compliance and ethics program would at minimum include the following elements:
- A clear statement of policy regarding compliance with applicable anti-corruption laws
- Appropriate employee training
- A process for diligent investigation and prior approval of any third parties that may be engaged to act on the company’s behalf in high risk countries
- Appropriate language in contracts with third parties requiring compliance with all applicable anti-corruption laws
- Appropriate accounting controls to ensure transparency and accountability
- An internal audit program to assure that the program requirements are being met and opportunities for improvement identified
When dealing with anti-corruption laws such as the FCPA, obtaining sound legal advice, acting quickly and making informed decisions is critical.