DOJ’s FCPA Corporate Enforcement Policy

On November 29, 2017, Deputy Attorney General Rod J. Rosenstein announced the implementation of the Department of Justice’s (“DOJ”) Foreign Corrupt Practices Act (“FCPA”) Corporate Enforcement Policy (the “Policy”). The Policy expands upon, and is a permanent replacement for, the FCPA Pilot Program that was announced on April 5, 2016.¹ The Pilot Program sought to incentivize companies to self-report FCPA violations and provide active, full cooperation with the DOJ by giving companies guidance on the mitigation credit available at the end of an investigation. The Policy enhances the rewards offered by the Pilot Program and provides even greater clarity on the potential benefits of cooperation. As Mr. Rosenstein noted during his speech, “it makes sense to treat corporations differently than individuals, because corporate liability is vicarious; it is only derivative of individual liability.”

In the Policy, the DOJ outlines guidelines for the resolution of FCPA investigations, the steps a company must follow to effectively cooperate with an investigation and remediate, and the features of an effective internal FCPA compliance program.²

Some key elements of the Policy:

• When a company satisfies the standards of voluntary self-disclosure, full cooperation, and timely and appropriate remediation, absent aggravating circumstances, there will be a presumption in favor of resolving the case through a declination.
• If a company voluntarily self-discloses and satisfies other requirements, but aggravating factors compel an enforcement action, the DOJ will recommend a 50% reduction off the low end of the U.S. Sentencing Guidelines (“U.S.S.G.”) fine range.
• Importantly, in order to receive full cooperation credit, a company must disclose all relevant facts known to it about individuals involved in the violation of the law.

With the Policy, it is clear that the DOJ is looking to increase the number of corporate voluntary self-disclosures, which it considers essential to deterrence. This focus on corporate compliance, coupled with its continuing emphasis on holding individuals accountable for criminal FCPA violations, is consistent with the September 2015 Memorandum by then Deputy Attorney General Sally Q. Yates.³ Indeed, in his speech, Mr. Rosenstein sought to “reinforce the [DOJ’s] commitment to hold individuals accountable for criminal activity,” as opposed to a policy where the DOJ would “just announce large corporate fines and celebrate penalizing shareholders.” In doing so, and as outlined in further detail below, the Policy still requires disclosure of facts related to any criminal activity by a company’s officers, employees or agents.

The following is a detailed overview of the Policy.

Possible Resolutions to an FCPA Investigation

Declination

As outlined above, if a company voluntarily self-discloses, fully cooperates with the DOJ’s investigation, and appropriately remediates the cause of an FCPA violation, absent aggravating circumstances, there will be a presumption that the company will receive a declination. Declinations awarded under the Policy will be made public.

Notably, under the prior Pilot Program, voluntary self-disclosure and full cooperation, absent aggravating circumstances, created only the possibility that an FCPA investigation would result in a declination.

Voluntary Self-Disclosure but Aggravating Circumstances

If a company voluntarily self-discloses and fully cooperates with an investigation, despite the presence of aggravating circumstances, the Policy states that the DOJ may not require a corporate monitor and will recommend to the sentencing court up to a 50% reduction off the low end of the U.S.S.G. fine range.

Aggravating circumstances include, but are not limited to, involvement by executive management of the company in the misconduct, significant profit to the company from the misconduct, the pervasiveness of the misconduct, and criminal recidivism.

No Voluntary Self-Disclosure but Full Cooperation

Lastly, the Policy provides that if a company has not voluntarily self-disclosed but does later fully cooperate with the DOJ’s investigation, the DOJ will recommend to the sentencing court up to a 25% reduction off the low end of the U.S.S.G. fine range.

***

Importantly, the USAM makes clear that in order for a company to qualify for any credit under the Policy, the company must pay all disgorgement, forfeiture, and/or restitution from the misconduct at issue. This requirement may be satisfied by a parallel resolution with a relevant regulator, such as the Securities and Exchange Commission.

The Requirements of Full Cooperation

• Disclosure on a timely and rolling basis of all relevant facts, including those gathered during a company’s own internal investigation. A company is also required to make the disclosure within a “reasonably prompt” time after the conduct at issue comes to light;
• Proactive cooperation, which means, for example, that a company must timely disclose facts that are relevant to the investigation, even when not specifically asked to do so, and including facts related to the involvement in criminal activity of the company’s officers, employees, or agents;
• Timely preservation, collection, and disclosure of relevant documents and information relating to their provenance including, importantly, information regarding overseas documents;
• The “de-confliction” of witness interviews and other investigative steps that a company intends to take as part of its internal investigation with steps that the DOJ intends to take as part of its own investigation. Typically such requests appear to arise in situations where the government does not want another company or individual to be aware of the investigation; and
• The company should make available for interviews by DOJ company officers and employees who possess relevant information.

The Requirements of Remediation

• A thorough analysis of the cause(s) of the underlying conduct and, where appropriate, remediation of the root cause(s);
• The appropriate discipline of employees, including both those directly involved in the misconduct and those with supervisory responsibility for the area where the criminal conduct occurred;
• The appropriate retention of business records and the prevention of the destruction of business records. Of particular note, the Policy specifically mentions prohibiting the use of “software that generates but does not appropriately retain business records or communications,” like WhatsApp, Signal or Telegram;
• Any additional steps to demonstrate a recognition of the seriousness of the problem, accepting responsibility and taking steps to prevent a recurrence of any misconduct;
• The implementation of an effective compliance and ethics program. In describing the elements of an effective compliance program, the DOJ identifies a series of criteria that will be used in assessing the program. These elements carry over from the Pilot Program, as well as the FCPA Resource Guide from 2012 and the Evaluation of Corporate Compliance Programs release earlier this year. The criteria may include:
• The company’s culture of compliance;
• The resources that the company has devoted to compliance;
• The quality and experience of the personnel involved in compliance, such that they can understand and identify activities that pose a potential risk;
• The authority and independence of the compliance function and the availability of compliance expertise on the board;
• The effectiveness of the company’s risk assessment and the manner in which the company’s compliance program has been tailored based on that risk assessment;
• The compensation and promotion of the personnel involved in compliance;
• The auditing of the compliance program to assure effectiveness; and
• The reporting structure of any compliance personnel employed or contracted by the company.

Key Takeaways

So what does the decision to implement the policy tell us? For one, it indicates that the DOJ thought that the Pilot Program was a success. As Mr. Rosenstein noted in his speech, there was an uptick in self-reporting during the 18 month pendency of the Pilot Program, with the Fraud Section receiving 30 voluntary disclosures as compared with 18 disclosures over the prior 18 month period. At the same time, the changes to the Policy indicate that the DOJ thought it necessary to increase the incentives for companies to self-report by offering more certainty and a better ability to calculate the benefits of cooperation.

The need for increased certainty in the program makes sense. The decision to self-report is a significant one for companies. Investigations can take on a life of their own, stretching on for years and encompassing business units beyond those where they start. Investigations also consume resources from a company’s core business and can occupy large swaths of time for key employees and executives. If a corporation is going to take on those risks the benefits need to be both substantial and clear. The Policy takes a positive step in that direction, though it remains to be seen if it will provide sufficient incentive for companies faced with a decision about whether to self-report.

For companies that are not facing an immediate FCPA issue, the Policy provides an important incentive to take stock of their compliance programs and make sure they are in the best position possible to take advantage of the program if an issue is identified. That means taking a hard look at the risk factors in their business lines, making sure they are conducting regular tests of the compliance program, and creating a culture of compliance. A robust and effective compliance program will provide a company with an opportunity to spot misconduct before it comes to the attention of the government and self-report any violations. It will also provide assurances that problems are contained and do not spread across multiple business units.

¹ https://www.justice.gov/opa/speech/deputy-attorney-general-rosenstein-delivers-remarks-34th-international-conference-foreign
²  https://www.justice.gov/criminal-fraud/file/838416/download
³ https://www.justice.gov/archives/dag/file/769036/download; There, the DOJ similarly stated that for a company to obtain cooperation credit in a civil corporate matter, the company must provide to the DOJ all relevant facts, including those relating to individual responsible for the misconduct. The DOJ further highlighted that its investigations should focus on individuals from the inception of the investigation and that absent extraordinary circumstances or approved department policy, the DOJ will not release culpable individuals from civil or criminal liability when resolving a matter with a company.