I’ve written before about how the Department of Justice (DoJ) is stepping up efforts to root out and prosecute corporate fraud, particularly bribery and corruption, under the Foreign Corrupt Practices Act (FCPA). One of the biggest complaints I’ve heard from clients and their counsel is that there are varying degrees of credit and reduced fines and disgorgements granted for companies that self-report and that some have found it difficult to calculate the potential benefits of self-reporting.
The DoJ recognizes this perceived disparity and in April launched a pilot program to encourage corporate compliance through an incentive program offering up to 50 percent off of fines and minimum sentencing guidelines for companies that self-report FCPA violations, cooperate with investigators and take measures to prevent future fraud.
In May, Protiviti held its first FCPA and Anti-Kleptocracy Conference, bringing corporate executives and compliance officers together with government corruption investigators in a neutral environment to share ideas and build constructive alliances. It was a lively exchange. I came away with a lot to think about, and I’ll be sharing some of it here on The Protiviti View, beginning with this post on compliance considerations.
Last year, the Department of Justice signaled an increased focus on corporate crime and international corruption with the creation, in March, of three dedicated FCPA squads, and a subsequent memo from Deputy Attorney General Sally Quillian Yates to DoJ attorneys on the importance of holding individuals accountable in corporate prosecutions.
At the same time, to encourage corporate cooperation and transparency, the DoJ began touting incentives, such as reduced penalties, for executives and corporations that demonstrate good faith in the investigation and a proactive stance toward prevention going forward. The recently announced pilot program is a good example of that. With so much to gain from cooperation and so much to lose, compliance has never been more important.
One of the speakers at the FCPA conference was Laura Perkins, an assistant chief in the DoJ’s FCPA unit, where she supervises and prosecutes FCPA cases against individuals and companies. According to Perkins, one of the first things the DoJ looks at, upon responding to an incident, is the quality of a company’s compliance program and controls. They initiate discussions with the company and quickly begin to form opinions about how transparent and cooperative the organization is going to be in the investigation.
The DoJ will ask about compliance programs prior to the incident, efforts to find root causes, discipline of responsible parties and actions taken post-incident to prevent future corruption.
Perkins mentioned that one of the more significant changes within the DoJ is its retention of a compliance counsel – someone who attends compliance meetings at target companies to get an inside picture, as well as helps some of the trial attorneys who don’t have as much exposure to compliance and controls and what they should look like.
When it comes to discipline, the DoJ isn’t as concerned with outright dismissal as it is with ensuring that the punishment fits the crime. With minor infractions, training is often sufficient. The important thing here, from a compliance perspective, is being able to document and demonstrate the controls and practices in place to ensure FCPA compliance, the mechanisms in place to detect violations, and the rigor and sincerity of corrective efforts to prevent future violations.
From my perspective here at Protiviti, I would add that the best compliance programs are those based on real-world examples. There is much that can be learned from the mistakes of others and from the open exchange of ideas – which was one of the primary motivations for our FCPA conference.
Finally, I would note that a strong anti-corruption culture discourages corrupt parties from targeting your organization in the first place. Here’s what such a culture looks like, according to the DoJ:
- Sufficient compliance-dedicated resources;
- Competent compliance personnel who are sufficiently compensated and promoted;
- Compliance function independence and reporting structure;
- Compliance program crafted from an effective risk assessment; and
- Compliance program audited regularly to assess its effectiveness.
In future posts, I’ll examine the DoJ’s pilot program in greater detail, discuss ways to avoid FCPA successor liability through acquisitions and contracts with third parties, and address some other topics discussed during our FCPA and Anti-Kleptocracy Conference.