On April 5, 2016, the Department of Justice (DOJ) announced the launch of a one-year pilot program to motivate companies to self-report violations of the Foreign Corrupt Practices Act (FCPA), cooperate with criminal investigations, and remediate deficiencies in their compliance programs. This new program follows a year where both the DOJ and the Securities and Exchange Commission (SEC) provided significant guidance relating to credit received by companies that cooperated with FCPA investigations. Companies should draw from last year’s guidance (including various policy statements and settlements) and the details of the new pilot program to better understand the government’s cooperation calculus in the event a potential FCPA violation is suspected. More importantly, these materials provide practical steps that companies with international operations should take to protect against the occurrence of FCPA violations by strengthening their compliance and ethics programs.
The DOJ and SEC Continue to Encourage Self-Reporting, Cooperation, and Remediation
Last year the DOJ and SEC provided significant guidance – in the form of four speeches and a memorandum by senior DOJ officials and two speeches by a senior SEC official – on each of their views relating to cooperation, particularly relating to FCPA investigations. In many respects, these policy statements mirror each other and emphasize the following points.
First, to be eligible for cooperation credit, companies must at the very least conduct a thorough internal investigation and promptly turn over all nonprivileged evidence of wrongdoing, including evidence inculpating senior executives and other individuals. This is consistent with the DOJ’s and SEC’s repeated emphasis that individual accountability remains one of their top priorities. For example, in a September 2015 speech and accompanying memorandum by Deputy Attorney General Sally Q. Yates (widely referred to as the Yates Memo), the DOJ indicated that cooperation is “all or nothing” and that it would no longer accept corporate defendants “picking and choosing what gets disclosed.” Assistant Attorney General Caldwell added in a November 2015 speech, “In addition to identifying the individuals involved, full cooperation includes providing timely updates on the status of the internal investigation, making officers and employees available for interviews – to the extent that is within the company’s control – and proactive document production, especially for evidence located in foreign countries.”
Second, both the DOJ and SEC recognize that there is no “off the rack” internal investigation. They each also recognize that internal investigations can be unnecessarily expensive and even dilatory if they are not appropriately focused. For example, Assistant Attorney General Caldwell noted in an April 2015 speech that there is no need to “aimlessly boil the ocean,” and “if a company discovers an FCPA violation in one country, and has no basis to suspect that violations are occurring elsewhere, we would not necessarily expect it to extend its investigation beyond the conduct in that country.” Nevertheless, the DOJ and SEC each note there are certain “hallmarks of all good internal investigations,” including ones that remain independent, are designed to uncover the relevant facts relating to the misconduct and how it occurred, and ultimately identify the wrongdoers.
Third, compliance programs and remediation measures are also significant factors in the cooperation calculus of the DOJ and SEC. For example, in the November 2015 speech, Assistant Attorney General Caldwell stated, “[W]hen examining remediation, we consider whether and how the company has disciplined the employees involved in the misconduct. We also examine the company’s culture of compliance, including an awareness among employees that any criminal conduct, including the conduct underlying the investigation, will not be tolerated. A well-designed and fully implemented compliance program is key. Such a program should have sufficient resources relative to the company’s size to effectively train employees on their legal obligation and to uncover misconduct in its earliest stages. Compliance personnel should be sufficiently independent so that they are free to report misconduct even when committed by high-ranking officials.” To this end, the DOJ retained an experienced compliance counsel to assess whether compliance programs are reasonably tailored and whether proposed remedial measures are realistic and sufficient.
Fourth, the DOJ and SEC each warn that cooperation credit may be limited or withheld entirely if they find out about the misconduct from another source. For example, SEC Director of the Division of Enforcement Andrew Ceresney stated in two speeches last year that, given the success of the SEC’s whistleblower program, companies are “gambling” if they fail to self-report FCPA misconduct. In the second speech, Director Ceresney noted, “If the Enforcement Division finds the violations through its own investigation or from a whistleblower, the consequences to the company will likely be worse and the opportunity to earn additional cooperation credit may well be lost.” To reinforce this point, the SEC now has a policy that companies must self-report FCPA misconduct to be eligible for a deferred prosecution agreement (DPA) or a nonprosecution agreement (NPA).
Finally, both the DOJ and SEC recognize that companies (particularly nonregulated entities) generally are not obligated to cooperate with government investigations. They each understand that whether and to what extent a company cooperates with a government investigation is a business decision. Given this, both the DOJ and SEC are more transparent regarding the cooperation calculus they each use to encourage companies to self-report and cooperate with government investigations. This transparency includes highlighting in their releases and settlement documents the benefits of cooperating (e.g., not requiring admissions or industry suspensions/bars, reducing or eliminating penalties, entering into DPAs or NPAs, and even declining to bring charges altogether) as well as the consequences of not cooperating. For example, Assistant Attorney General Leslie R. Caldwell indicated in three speeches that Alstom’s failure to cooperate in the DOJ’s FCPA investigation despite being aware for years of the misconduct of its corporate executives resulted in multiple criminal charges and guilty pleas as well as a $772 million criminal penalty levied against the company. Through this type of transparency, the DOJ and SEC each underscore that the type of credit provided to cooperating defendants depends on the facts and circumstances. In particular, the DOJ still applies the factors outlined in the Filip Memo, whereas the SEC continues to apply the factors set forth in its Seaboard Report.
The DOJ Fraud Unit’s FCPA Pilot Program
The FCPA Enforcement Plan and Guidance, which outlines the DOJ’s FCPA pilot program, builds on the above points by describing what constitutes voluntary and prompt self-disclosure, full cooperation, and timely and appropriate remediation.
With respect to whether disclosure is voluntary or prompt, the Plan and Guidance notes that it depends on the following circumstances:
- disclosures already required by law, agreement, or contract are not voluntary;
- disclosures occurring “prior to an imminent threat of disclosure or government investigation” may qualify as voluntary;
- disclosures must occur “within a reasonably prompt time after [the company] become[s] aware of the offense” to qualify as voluntary; and
- disclosures must include all relevant facts, including ones relating to individuals involved in any FCPA violation.
With respect to whether cooperation is full, the Plan and Guidance notes that it is a facts-and-circumstances determination that takes into consideration the size of the company, the scope and nature of its operations, and the misconduct at issue. In particular, the Plan and Guidance notes that the program will continue to follow the principles set forth in the U.S. Attorney’s Manual and encourages, among other things, the following forms of cooperation:
- “proactive cooperation, rather than reactive,” including timely updates on the status of an internal investigation and rolling disclosures;
- preservation, collection, and disclosure of relevant documents, including those residing abroad and those relating to FCPA violations by corporate officers, employees, or agents and third parties;
- upon request, making witnesses available for interview and providing translations of relevant foreign-language documents; and
- providing information relating to the provenance of relevant documents or attribution of facts so long as it does not violate attorney-client privilege.
Finally, with respect to whether remediation is timely and appropriate, the Plan and Guidance notes it is “highly case specific” and that the DOJ is working with the Fraud Section’s compliance counsel to refine its compliance benchmarks. Among other things, the Plan and Guidance recommends that companies address the following points in shaping their compliance and ethics programs:
- periodically conduct a risk assessment and reasonably tailor the program to address the company’s risks in light of its business, size, and resources;
- establish a culture of compliance that reinforces zero tolerance for misconduct;
- devote sufficient resources to the compliance function by compensating and promoting compliance personnel appropriately, structuring the compliance function to maintain its independence, and provide clear reporting lines; and
- discipline employees who are responsible for the misconduct.
The Plan and Guidance also outlines the type of credit a company may receive in connection with the FCPA pilot program.
- Where a company fully cooperates and timely and appropriate remediates but did not initially self-report, the company may receive a 25-percent reduction off the bottom end of the Sentencing Guidelines range.
- Where a company voluntarily and promptly self-reports, fully cooperates, and timely and appropriately remediates, the company may receive a 50-percent reduction off the bottom end of the Sentencing Guidelines range, may avoid the appointment of a monitor, and may even be able to avoid a prosecution altogether.
- No matter the circumstances, companies must still disgorge all profits resulting from the FCPA violation.
These concrete benefits underscore the following remarks made by Assistant Attorney General Caldwell when she announced the program: “In short, the guidance provides that if a company chooses not to voluntarily disclose its FCPA misconduct, it may receive limited credit if it later fully cooperates and timely and appropriately remediates – but any such credit will be markedly less than that afforded to companies that do self-disclose wrongdoing.”
Last Year’s FCPA Settlements Also Underscore the Benefits of Self-Reporting, Cooperation, and Remediation
The following FCPA settlements from last year track this guidance and reflect how the DOJ and SEC reward companies for self-reporting, cooperation, and remediation.
In January 2015, the SEC entered into a DPA with The PBSJ Corporation to settle FCPA violations. By way of background, PBSJ learned of the misconduct after one of its executives reported to its in-house counsel that PBSJ won two, multimillion-dollar development contracts in Qatar and Morocco by bribing Qatari government officials with so-called agency fees. In response, PBSJ immediately launched a full internal investigation and thereafter self-reported its preliminary findings to the SEC and the DOJ in December 2009. PBSJ also suspended the executive for his conduct and cooperated with the SEC’s investigation by, among other things, providing factual chronologies, timelines, internal summaries, and full forensic images. The SEC recognized PBSJ’s “substantial cooperation” with a two-year DPA whereby PBSJ agreed to: (i) accept responsibility for its misconduct; (ii) pay disgorgement and interest of $3,032,875; (iii) pay a civil penalty in the amount of $375,000 – approximately 12 percent of the disgorgement amount; and (iv) comply with certain undertakings that, on their face appear to be no more onerous than what is merely required by law (e.g., annually review and update its internal controls and policies and procedures, certify compliance with code of conduct, and train officers, managers, and employees).
In February 2015, The Goodyear Tire & Rubber Company entered into a settled administrative order to resolve the SEC’s investigation relating to Goodyear’s alleged failure to prevent or detect more than $3.2 million in bribes paid by its subsidiaries to officials in sub-Saharan Africa from 2007 through 2011. According to the order, Goodyear neither admitted nor denied the SEC’s findings and was ordered to pay disgorgement in the amount of $14,122,525, prejudgment interest in the amount of $2,105,540, and to report the status of its remediation to the SEC every year for three years. Notably, Goodyear was not ordered to pay a civil penalty in connection with the settlement based upon its cooperation. In particular, the SEC indicated that Goodyear’s cooperation and remediation included, among other things: (i) halting the allegedly improper payments and self-reporting to the SEC; (ii) conducting an internal investigation and providing such information to the SEC; (iii) divesting ownership interest in a particular subsidiary and ceasing all business dealings with it; (iv) disciplining certain employees who had oversight responsibility over the particular operations; and (v) enhancing its compliance program by updating policies and procedures, expanding training, facilitating regular audits, assessing risk on a quarterly basis, certifying assessments, implementing new compliance structure, and hiring additional compliance staff.
In June 2015, the DOJ announced that it would not prosecute PetroTiger Ltd., a British Virgin Islands oil and gas company, for FCPA violations committed by its former co-CEOs. The release announcing this declination noted PetroTiger’s “voluntary disclosure, cooperation, and remediation,” but did not go into further detail. In the November 2015 speech, Assistant Attorney General Caldwell expanded on the DOJ’s reasons for the declination: “Just a few months ago, the former co-CEO of PetroTiger pleaded guilty to conspiring to violate the FCPA. He joined his fellow co-CEO and the company’s former general counsel in being convicted of bribery and fraud charges after a DOJ investigation that revealed a scheme to secure a $39 million oil-services contract for PetroTiger through bribery of Colombian officials. This was serious misconduct that went to the very top of the company, and in a typical case, criminal charges for the company may well also have been appropriate. We learned about this misconduct through voluntary disclosure by PetroTiger, however. And after that self-disclosure, the company fully cooperated with the department’s investigation of the misconduct and of the individuals responsible for it. As you likely know, the department ultimately declined to prosecute the company, or to seek any NPA or DPA with it, even though we clearly could have done so.”
In July 2015, Louis Berger International, Inc. entered into a three-year DPA with the DOJ to settle FCPA violations stemming from charges that it paid $3.9 million in bribes to foreign officials in India, Indonesia, Vietnam, and Kuwait masked as “commitment fees,” “counterpart per diems,” and “field operation expenses” to secure government construction-management contracts. Pursuant to the DPA, the company admitted its criminal conduct and agreed to pay a $17.1 million criminal penalty, which was the lowest amount in the fine range according to the Sentencing Guidelines. The company also agreed to improve its internal controls and retain a compliance monitor for at least three years. In the release accompanying the DPA, the DOJ recognized that the company: (i) self-reported; (ii) made employees available for interviews; (iii) collected and organized evidence; (iv) undertook “extensive” remedial measures; and (v) demonstrated to the DOJ its commitment to improving its compliance program.
In August 2015, the SEC announced a settled order with The Bank of New York Mellon Corporation for alleged FCPA violations in connection with BNY Mellon’s providing student internships to family members of foreign government officials affiliated with a Middle Eastern sovereign wealth fund. Without admitting or denying the order’s findings, BNY Mellon agreed to: (i) cease and desist from committing future FCPA violations; (ii) pay disgorgement and prejudgment interest in the amount of $9.8 million; and (iii) pay a civil penalty in the amount of $5 million – or just over half the disgorgement amount. BNY Mellon expressly acknowledged in the order that the SEC did not impose a civil penalty in excess of $5 million based upon BNY Mellon’s cooperation during the SEC’s investigation. According to the order, prior to the investigation, BNY Mellon began enhancing its anticorruption compliance program to address the hiring process of government officials’ relatives, including, among other things, requiring a centralized hiring process overseen by BNY Mellon’s anticorruption office where applicants must identify whether they have close personal connections to a government official.
As evidenced by the above policy statements and settlements, companies with international operations stand to benefit from reviewing and strengthening their compliance and ethics programs to address corruption risks. Robust corporate compliance programs help companies in many ways but are particularly helpful here in two respects. First, they protect against misconduct that could form the basis of an FCPA violation, and, second, they protect against harsher sanctions in the event misconduct occurs despite the operation of the compliance program.
Companies can take comfort that the DOJ and SEC understand that compliance programs are not one size fits all, and that they must be tailored to address particular business operations and risks. Yet companies should also recognize that there are certain touchstones to an effective compliance program; namely, a company should at the very least ensure that its compliance program is not mere window dressing by adopting the following best practices:
- support an independent compliance function that is respected within the organization and has clear reporting lines to senior management and the board of directors;
- periodically train employees with respect to the company’s code of conduct and cultivate a work environment in which employees are encouraged to report potential misconduct without fear of reprisal or adverse consequences;
- investigate any reports of potential misconduct, and, where necessary, discipline employees who violate the code of conduct and take other appropriate action to remediate the situation; and
- conduct targeted due diligence on agents, business partners, and counterparties to understand their relationships and risks.
Addressing these points is also critically important in light of recent policy statements that now seem to deputize companies to police themselves at their own peril. Given the increasing number of FCPA cases, it does not appear that the government’s anticorruption efforts will wane anytime in the near future.