Corporate Enforcement Policy revisions impact FCPA disclosure

After launching as a pilot program in 2016, the FCPA Corporate Enforcement Policy was made permanent in November 2017 giving compliance officers and corporate counsel greater transparency and consistency around how the Criminal Division’s Fraud Section measures and credits voluntary self-disclosure, cooperation, and remediation efforts in criminal matters.

In the previous version of the policy, a company that self-reported to the Justice Department was expected to disclose “all relevant facts known to it,” effectively driving compliance and legal teams to gain a full understanding of any potential FCPA violations before making any sort of disclosure. The revised policy, added in a footnote, includes new language recognizing that a company “may not be in a position to know all relevant facts at the time of a voluntary self-disclosure, especially where only preliminary investigative efforts have been possible.”

This clarifying language went on to state, “In such circumstances, a company should make clear that it is making its disclosure based upon a preliminary investigation or assessment of information, but it should nonetheless provide a fulsome disclosure of the relevant facts known to it at that time.”

Another change removed language from the previous policy that required companies to inform prosecutors of opportunities for the Justice Department “to obtain relevant evidence not in the company’s possession or otherwise known to the Department.” The revised policy, in comparison, encourages a self-reporting company to simply identify any relevant evidence of which it is aware, but not in its possession. “Where the company is aware of relevant evidence not in the company’s possession, it must identify that evidence to the Department,” the policy states.

Past revisions

This is not the first time the Justice Department has revised this policy. In March, it made several other notable changes, one of which was softening its stance concerning retention of business records. Under the original policy, demonstrating “appropriate retention of business records” included “prohibiting employees from using software that generates but does not appropriately retain business records or communications.”

The revised policy acknowledged these concerns and, instead, called on companies to implement “appropriate guidance and controls on the use of personal communications and ephemeral messaging platforms that undermine the company’s ability to appropriately retain business records or communications or otherwise comply with the company’s document retention policies or legal obligations.”

A second notable revision announced in March memorialized the agency’s earlier position concerning cooperation credit in the context of mergers and acquisitions. The policy formally states that “there will be a presumption of a declination” where a company undertakes a merger or acquisition and uncovers misconduct “through thorough and timely due diligence or, in appropriate instances, through post-acquisition audits or compliance integration efforts, and voluntarily self-discloses the misconduct and otherwise takes action consistent with this policy (including, among other requirements, the timely implementation of an effective compliance program at the merged or acquired entity).”