Last week, the Department of Justice premiered a new policy regarding Foreign Corrupt Practices Act (FCPA) enforcement. Deputy Attorney General Rod Rosenstein, in a speech, called it the FCPA Corporate Enforcement Policy and stated that it is now “incorporated into the United States Attorneys’ Manual.” The Policy has much to say to the compliance practitioner about what constitutes a best practices compliance program and how you should go about engendering one.
There are several different points to note about compliance programs under the new Corporate Enforcement Policy. The first is the incorporation of the 10 Hallmarks of an Effective Compliance Program through reference to the 2012 FCPA Resource Guide. Second is the language that makes clear that credit for a best practices compliance program is available for programs which are beyond simply the bare minimum under the US Sentencing Guidelines. Finally, is that language and concepts in this new Policy come from a variety of sources, including the DOJ’s 2016 FCPA Pilot Program and the 2017 Evaluation of Corporate Compliance Programs (Evaluation). This builds upon the 10 Hallmarks of an Effective Compliance Program incorporated through reference into the new Enforcement Policy.
Once again for the compliance professional, the new FCPA Corporate Enforcement Policy makes the importance of a best practices compliance program even more critical. The new Policy emphasizes not only the importance of the specific exercise of compliance but also the data driven approach to a best practices compliance program. It is more than simply learning from your mistakes, it is taking the information from your root cause analysis and incorporating it back into your compliance program. A compliance program is dynamic and not static. This final fact is what separates the type of analysis the DOJ puts forward from those who want a paper program to constitute a full and complete compliance defense.