FCPA Enforcement and Corporate Compliance: 3 Things to Know for 2018
Last year saw continued aggressive Foreign Corrupt Practices Act (FCPA) enforcement by the U.S. Department of Justice and all indicators are that investigations are not going to slow down in 2018. During the recent ABA White Collar Crimes Conference, current and former enforcement officials from the Department of Justice and the Securities and Exchange Commission discussed updates and current trends, and communicated that we should expect a level of enforcement under the Foreign Corrupt Practices Act that is consistent with past years.
While expectations for compliance will remain high, DOJ indicated it will move more quickly to resolve investigations that fall within the new FCPA Corporate Enforcement Policy, and will likely apply a similar approach to companies that have adopted a culture of compliance and self-disclose other violations handled by the Criminal Division. Here are three things to watch for this year.
1. Continued International Cooperation and Multijurisdictional Enforcement
From this author's perspective, that of an 18-year veteran of the Department of Justice, who also spent several years working overseas, it makes perfect sense that it is business as usual for the career investigators and prosecutors who focus on foreign bribery matters. Based upon recent multi-jurisdictional FCPA case examples, such as the resolutions reached in the Telia, Keppel and SBM investigations, it makes even more sense that momentum will continue to build for multijurisdictional enforcement actions as authorities from different countries increasingly see the benefits of sharing information and pursuing parallel investigations. In each of these three matters, international cooperation resulted in hundreds of millions of dollars in fines being paid to multiple countries.
Success breeds success, and foreign authorities are increasingly interested in cooperating with the United States as a way of also advancing their own domestic prosecutions, and potentially obtaining their own large fines, or working with DOJ to allocate fines that are ultimately paid.
When multijurisdictional cases are ultimately resolved, and fines are paid, DOJ has shown and expressed an interest in dividing up the pie with other cooperating countries based upon multiple considerations, such as the relative investigative roles, the location of the illegal conduct, and the location of the harm. The United States certainly has an interest in having other countries in the anti-bribery game. Another serious international anti-corruption player is of course the U.K.'s Serious Fraud Office (SFO), whose enforcement authority under the U.K. Bribery Act includes the ability to prosecute companies for failing to prevent bribery, a point that was emphasized by the current head of the SFO, who also participated in the ABA White Collar Crimes Conference. Companies who get into trouble based upon the actions of "rogue" employees may well be asked by the SFO and/or DOJ what they did to try and stop the conduct before it occurred.
2. Big Credit for Self-Disclosure and Serious Compliance
DOJ reinforced the positive news for companies who invest in corporate compliance and anti-corruption efforts, and who truly adopt a culture of compliance. Under the new FCPA Corporate Enforcement Policy, announced in November 2017, there is a presumption that DOJ will decline prosecution if a company self-discloses, cooperates and mediates the harm, and where there are no aggravating factors present. While this is always a fact-specific analysis, the presence of a legitimate, reasonably tailored and enforced compliance program is certain to be a factor.
Looking beyond FCPA cases, DOJ officials gave every indication that significant credit will similarly be given for other types of criminal violations investigated by the Criminal Division when companies meet these same criteria. Deputy Attorney General Rod Rosenstein emphasized this point by stating that "we want to reward companies that invest in strong compliance measures." On that note, the "Evaluation of Corporate Compliance Programs" document issued by the DOJ Fraud Section last year is still a very relevant and instructive document. While not intended to be a checklist, the corporate compliance document can help companies assess their own programs using criteria that DOJ created. At the same time, DOJ recognizes that compliance cannot and should not take a one-size-fits-all approach. What works for one business may not work, or be appropriate or feasible, for another. What DOJ will likely be looking for is not whether all the possible elements of a compliance program are present, but rather, whether a company has systematically thought through its compliance plan, implemented it effectively, and also taken steps to evaluate that it is actually working. Here again, some good fact-specific and company-specific analysis will go a long way.
In short, the takeaway from the discussions at the ABA Conference is a sense that thoughtful and creative approaches to compliance are very important, and that compliance needs to move beyond just providing training to include ways that will truly create a culture of compliance. Easy to say, but sometimes hard to do for large multinational companies.
The take-home here may be that spending a lot of money to purchase off-the-shelf compliance products, and signing up for outside compliance services, may not be money well spent if such products and services do not match the individualized needs of each company. Likewise, having a comprehensive compliance plan means little if it is not accompanied by a set of knowledgeable and experienced inside and outside advisors responsible for implementing and reviewing the effectiveness of these efforts.
If DOJ follows through on the intentions of its self-disclosure policy, it may result in quicker resolutions and less time, money and stress on companies who in the past have often had to endure a very lengthy government investigation and decision-making process.
3. Plan Your Preservation
Another topic of discussion related to compliance, and worthy of attention in 2018, is the myriad of ways employees communicate and exchange information both inside and outside of organizations, and how these records are preserved (or not preserved) by companies, a topic which we previously discussed in our blog. It is of course common knowledge that emails are backed up and retained for extended periods of time. The problem is that for many businesses, and certainly for anyone with employees under 30, email is out. The increasingly ubiquitous use of instant messaging apps and work- sharing platforms like Slack, Google Hangouts and Hive make retention policies more complicated, to say nothing of the even more ephemeral seeming WhatsApp and WeChat used routinely throughout much of the world.
Rather than ignore what companies know are increasingly common ways for their employees to communicate, it is likely wise for corporations to develop reasonable use and retention policies for each method of communication being used for business purposes. Here again, from the vantage point of a former prosecutor, it is known that criminals are often first adopters of technologies that can be used to avoid accountability and detection, and good companies don't want to be viewed, rightly or wrongly, as following suit. Thus far, it has likely been viewed as convenient (and perhaps even beneficial) that many communication platforms are encrypted and do not store messages, but those justifications for not preserving what would otherwise be a business record may be challenged by government investigators and prosecutors. In 2018, failing to have a preservation and retention plan that covers all forms of communication may be viewed as a plan in and of itself, with negative inferences being drawn.
Overall, companies can expect DOJ to continue to aggressively enforce the FCPA and white collar criminal statutes, and to hold corporations to high compliance standards. At the same time, companies that can demonstrate that they have thought through all the permutations of a modern compliance program, including, for example, a document retention policy tailored to the realities of their business, and that can voluntarily disclose when something goes wrong, can also expect to be recognized for their efforts to a greater degree than has likely been the case in recent years.
This update is adapted from the article "FCPA Enforcement and Corporate Compliance: Four Things to Know for 2018" published in Bloomberg Law's White Collar Crime Report on March 7, 2018.
© 2018 Perkins Coie LLP