Dec. 19 marks a very important anniversary for the world of compliance. It was 40 years ago this week, following the Watergate scandal, that Congress enacted the Foreign Corrupt Practices Act.
A groundbreaking law at the time, the FCPA ultimately would play a leading role in the evolution of corporate anti-corruption compliance programs today. Most significant to compliance officers are the FCPA’s anti-bribery provisions, which make it unlawful for companies and individuals to bribe foreign government officials to assist in obtaining or retaining business.
Moreover, of significance to audit and financial executives, the FCPA additionally requires companies with securities listed in the United States to (a) make and keep books and records that accurately and fairly reflect the transactions of the company and (b) devise and maintain an adequate system of internal accounting controls.
Since the FCPA’s early days, Department of Justice officials have touted the relevance of anti-corruption compliance efforts when deciding whether to bring charges. In a 1979 speech outlining the agency’s FCPA enforcement priorities, Assistant Attorney General Philip Heymann said, “[W]here a company has been making good-faith efforts to monitor its employees, that will be relevant in our decision how to proceed.”
Added Heymann: “The most efficient means of implementing the [FCPA] is voluntary compliance by the American business community.”
Forty years later, U.S. enforcement authorities continue to reinforce that message: “A company with a robust compliance program can prevent corruption and reduce the need for enforcement,” Deputy Attorney General Rod Rosenstein said in remarks on Nov. 29, 2017, the same day the agency concurrently announced its revised FCPA Corporate Enforcement Policy.
If what Justice Department officials say is true—that they place just as much emphasis on proactive anti-corruption compliance efforts as they do enforcing the law—that message brings about two key questions: To what extent are U.S. enforcement authorities incentivizing good faith, anti-corruption compliance efforts versus punishing companies when those efforts fail? And what role has FCPA enforcement had in encouraging companies to implement anti-corruption compliance programs?
The answers, much like the FCPA itself, warrants further consideration. On the one hand, “FCPA enforcement has greatly contributed to the rise of compliance and the emphasis on compliance in corporate America,” says Matt Queler, former assistant chief in the FCPA Unit and now a principal at Deloitte Financial Advisory Services. “Many companies adopted compliance [programs] under the theory that an ounce of prevention was worth more than the pound of flesh that the Department of Justice might take if they were caught violating the rules.”
The widespread adoption of anti-corruption compliance programs has been far more evolutionary, however, than revolutionary. “The FCPA has made an impact [on anti-corruption compliance programs], but it’s still a work in progress,” says Philip Urofsky, former assistant chief of the Fraud Section and now a partner at law firm Shearman & Sterling.
In the early days of the FCPA, the books-and-records and internal accounting control requirements, in combination with FCPA enforcement actions, prompted at least some companies to adopt an anti-corruption compliance program—rudimentary as they may have been at the time. Companies that had already suffered an enforcement action, as well as those in in high-risk or highly regulated industries lead the way—the defense and oil and gas sectors, for example.
“So, there was this initial surge,” Urofsky says. What has happened over the last 40 years of the FCPA is that it has “penetrated deeper into the corporate world,” he adds.
The continuing evolution of policy guidance that the Justice Department has issued throughout the years has played a part in more companies increasingly adopting anti-corruption compliance programs, says Matthew Miner, a partner at law firm Morgan Lewis. That process really began with the 1991 Federal Sentencing Guidelines and continued thereafter with the Thompson Memorandum; McNulty Memorandum; Filip Factors; FCPA Resource Guide; Yates Memorandum; Evaluation of Corporate Compliance Programs guide; and culminating most recently in the 2017 revised FCPA Corporate Enforcement Policy.
“FCPA enforcement has greatly contributed to the rise of compliance and the emphasis on compliance in corporate America.”
Matthew Queler, Principal, Deloitte Financial Advisory Services
“The messaging has been consistent throughout that there needs to be an investment in compliance and that adequately resourced compliance programs are viewed as an essential tool for preventing or detecting violations,” Miner says.
In addition to policy guidance, the FCPA has provided compliance officers with many other frameworks against which to benchmark their anti-corruption compliance programs, including the enforcement resolutions themselves. These include deferred prosecution agreements, non-prosecution agreements, as well as cases in which the Justice Department has given declinations; a prime example is the declination given to Morgan Stanley in 2012.
Over time, through policy guidance, Justice Department officials have tried to increase their level of transparency “to show companies that there is real reward for doing the right thing,” Queler says. Like anti-corruption compliance programs themselves, the Justice Department’s transparency efforts, too, have evolved over time, he says.
For example, announced in November 2017, the Department’s revised FCPA Corporate Enforcement Policy—the permanent replacement to last year’s FCPA pilot program—states that when a company has (1) voluntarily self-disclosed misconduct in an FCPA matter, (2) fully cooperated, and (3) remediated in a timely and appropriate manner, that it will receive a “presumption” of declination, absent aggravating circumstances.
In announcing the enforcement policy, Rosenstein said that it “provides…greater certainty for companies struggling with the question of whether to make voluntary disclosures of wrongdoing.”
This simply isn’t so, some FCPA experts say. “They tout this presumption of a declination, but it’s not a true declination,” says Mark Srere, a partner at law firm Bryan Cave. A true declination would be no prosecution at all.
“What they’re offering is just another point on the continuum of enforcement,” agrees Urofsky. Not only must the company pay disgorgement—the equivalent of a financial penalty—but any declination awarded to a company will be made public, he says.
Some FCPA experts have long argued in favor of a compliance defense as a better alternative. “If the Department of Justice was serious about it achieving its goal of more voluntary disclosure—which would then yield more individual enforcement actions, which would then achieve maximum deterrence—it would support an actual compliance defense amendment to the FCPA statute,” says Mike Koehler, associate professor of law at Southern Illinois University School of Law and author of the FCPA Professor blog.
Koehler says what he hopes to see in the coming years is more FCPA case law in which companies that are subject of FCPA scrutiny put U.S. enforcement authorities to their burden of proof in challenging disputed facts and legal theories. “Those making business decisions of behalf of companies need to understand that putting the Department of Justice or Securities and Exchange Commission to its burden of proof is a viable option in many instances, because much of FCPA enforcement is untethered from legal authority,” he says.
On the other end of the spectrum, others argue that companies have a greater incentive to simply concede to wrongdoing by striking a DPA or NPA with the government. Although the company walks away without a criminal conviction, sometimes the compliance requirements they must fulfill can be quite onerous, Urofsky says. “That’s a combination of carrot and stick,” he says.
From a legal and compliance standpoint, other competing factors come into play, too. “It’s not entirely in the control of the Department of Justice to create the perfect balance between carrots and sticks,” Queler says. “It’s more complicated that.”
Specifically, U.S. enforcement authorities are no longer the only enforcement cops on the anti-corruption beat like they were in the early years of the FCPA. “More and more countries are passing anti-corruption laws and more rigorously enforcing those laws,” Queler adds. And they don’t all afford the same stated protections as U.S. enforcement authorities.
All of this is to say that, with or without the new enforcement program, voluntary disclosure is not always the best option. Companies must still consider when they uncover potential misconduct whether it is better to stop the misconduct, remediate the issue, and enhance the compliance program without self-disclosure.
The legal and compliance ramifications of FCPA enforcement actions must also be weighed. Critics of the FCPA argue that the law punishes honest companies trying to do the right thing and generally amounts to enforcement overreach by U.S. enforcement authorities.
“The goal of the FCPA has always been to reduce bribery and corruption in the global marketplace,” Koehler says. If that’s the case, he reasons, the result should be less FCPA enforcement, not more.
Yet, not only has the amount of resources dedicated to FCPA enforcement expanded over time, but many argue that U.S. enforcement authorities in recent years continue to employ more expansive and novel legal theories. Moreover, in recent years, even the SEC has started to dabble in enforcement of the FCPA’s anti-bribery provisions, resulting in overlapping enforcement jurisdiction.
“Over the last 40 years, enforcement of the FCPA has been a fundamental part of the SEC’s enforcement mission,” Steven Peikin, Co-Director of the SEC’s Enforcement Division, said in remarks in November at New York University School of Law. In 2010, the Enforcement Division formed a specialized FCPA unit, which today has approximately three dozen attorneys and forensic accountants.
“This dedicated focus on FCPA enforcement has yielded significant results,” Peikin said. “Since the creation of the FCPA Unit in 2010, the Commission has brought 106 FCPA-related actions against 101 entities and 38 individuals.”
While FCPA enforcement has helped advance the adoption of anti-corruption compliance programs among multinational companies around the world, more fine-tuning may be necessary to further tone down the U.S. government’s enforcement approach.
Prudent compliance officers already know and recognize the importance of anti-corruption compliance efforts. Thus, as Rosenstein said, “Corporate America should regard law enforcement as an ally.” The key word there is “should.” It will be interesting to observe over the next 40 years of the FCPA how U.S. enforcement authorities practice what they preach.