At the end of May 2010 US assistant attorney general Lanny A. Breuer, head of the Criminal Division of the US Department of Justice (DOJ), delivered a speech at a public conference in Washington DC with a particularly long-winded name: Compliance Week’s 5th Annual Conference for Corporate Financial, Legal, Risk, Audit & Compliance Officers. DOJ officials frequently participate in events, but those participating do not often hold as senior a position as Mr. Breuer. Mr. Breuer has one of the two second-ranking DOJ positions under US attorney general Eric Holder.
Mr. Breuer’s prepared remarks offered important insights for deciphering how DOJ approaches Foreign Corrupt Practices Act (FCPA) cases, which it continues to emphasize strongly. His points included the following:
Involvement of High-Level Officers
Since 2004 DOJ’s Fraud Section has charged 81 individuals with FCPA violations and related offenses. More than half (46) were initiated in the last 18 months alone. Among those charged are senior-level officers such as CEOs and CFOs.
The surge is striking; according to Mr. Breuer, the 81-individual count tops the total from the preceding seven years combined.
Recently amended sentencing guidelines reflect the vital need to place responsibility for compliance functions at the top of corporate management structures. To underscore this priority, guidelines now allow for “credit” at sentencing if an effective compliance program was in place, even when high-level personnel were involved in the offense. To qualify for such credit, however:
- A direct reporting relationship must exist between the individual possessing operational responsibility for the compliance program and the governing body of the corporation, and
- The corporation must have discovered and reported the offense to enforcement officials before it otherwise comes to their attention.
With these guideline amendments and in public statements in recent years, DOJ arguably has codified its position that they will give credit to companies that self-report FCPA violations occurring within their ranks. A recent example of DOJ’s allotment of credit is Helmerich & Payne, a company that resolved a matter of improper payments after making self-disclosure to DOJ – and received a 30-percent lower penalty than the minimum of the range specified in the guidelines. Mr. Breuer also reiterated that DOJ is more inclined to use alternative settlement agreements with cooperating and self-reporting companies; these include deferred prosecution agreements, nonprosecution agreements and below-guidelines fines.
Disdain for “Paper Programs”
As its comments made clear when the Siemens case was resolved, DOJ holds a healthy disdain for what it perceives as “paper” compliance programs – those appearing well-conceived and comprehensive in writing that turn out to be essentially meaningless in practice. Mr. Breuer stated that while there are neither formulaic requirements nor check-the-box answers as to what constitutes an effective corporate compliance program, DOJ’s Principles of Federal Prosecution of Business Organizations offer relevant benchmarks. When deciding whether a compliance program carries its weight, a prosecutor should consider whether it is:
- Well designed,
- Applied earnestly and in good faith, and
- Something that actually works.
When considering those questions, the prosecutor should look at the:
- Comprehensiveness of the program;
- Extent and pervasiveness of the criminal misconduct;
- Number and level of the employees involved;
- Seriousness, duration and frequency of the misconduct; and
- Any remedial actions taken by the corporation including disciplinary action against violators and revisions to its program.
Mr. Breuer also urged companies to consider tailoring their compliance programs to the Organisation for Economic Co-Operation and Development’s Good Practice Guidance on Internal Controls, Ethics and Compliance. Recommendations for compliance programs include:
- Risk assessment addressing a company’s individual circumstances.
- Support from senior management that is explicit, visible and committed to the company’s internal controls.
- Policy that articulates and visibly prohibits foreign bribery.
- Training measures designed to ensure communication, at all levels and as appropriate for subsidiaries, about the company’s ethics and compliance regarding foreign bribery.
- Direct reporting and autonomy, with senior-level team members exerting oversight over the actual functioning of the program, and the authority to report directly to independent monitoring bodies such as an audit committee or supervisory board.
Disclose First, Investigate Later
The conventional wisdom on voluntary disclosure up until recently has been that a company should thoroughly investigate a potential violation, both to be able properly to characterize the wrongdoing and demonstrate good faith and responsibility, before deciding whether to approach DOJ and self-disclose an FCPA violation. In his recent speech, however, Mr. Breuer urged, “[T]he corporation should seriously consider seeking the government’s input at the front end of the internal investigation. We encourage a company to come in and describe its work plan for conducting the investigation.” (emphasis added) He explained, “Often we have questions, or helpful suggestions … the dialogue can be very helpful in ensuring at the outset that the corporation has an effective, cost-effective plan in place to investigate and deal with the problem.”
Mr. Breuer’s observations that voluntary upfront disclosure is the preferred path for resolving an FCPA violation are, in one sense, the natural extension of DOJ’s position in recent years. In another sense, however, his remarks are quite radical. They imply that investigations conducted after voluntary self-disclosure will be considered more efficient and targeted – perhaps more creditworthy – than those done prior to a voluntary disclosure. He doesn’t say so explicitly, but it is natural to wonder whether this efficiency is intended to suggest ”less costly.” Given the high stakes involved, however, it is also natural for companies facing this prospect to be apprehensive about approaching DOJ before they know what nasty surprises might pop out in the ensuing investigation.
Prevention Is the Best Medicine
Any company concerned about FCPA exposure should revisit whether its compliance plan is overseen at a sufficiently high level within its organizational structure. Particular attention should be paid to devising direct lines of communication to, and oversight by, independent monitoring bodies.
If you would like to consult on any points mentioned here or other concerns about your company’s compliance plan or FCPA risk, please contact any of the Anticorruption Compliance & Foreign Corrupt Practices Act Practice Group members listed in this Alert.