The DOJ's FCPA Pilot Program A New Era or Business as Usual?
The DOJ's FCPA Pilot Program A New Era or Business as Usual?
Companies could save millions by complying with three requirements, but questions remain regarding the program’s enforcement under the Trump administration.
The Foreign Corrupt Practices Act (FCPA) was enacted in 1977 after the U.S. Securities and Exchange Commission (SEC) discovered that more than 400 U.S. companies had paid hundreds of millions of dollars in bribes to foreign government officials in order to obtain international business. The FCPA legally prohibits the payment of cash or anything else of value – directly or indirectly – to a foreign official for the purposes of obtaining or retaining business.
The rationale behind the edict is straightforward: this type of corruption impedes economic growth and is harmful to free trade, as it ultimately hinders the competition necessary to keep the cost of global business in check. The FCPA applies with not only to large, publicly traded companies with significant global operations but also to small and midsize privately held companies with limited international presence. In fact, the government announced in 2014 that it had increased its FCPA enforcement review activities for midsize companies and private equity firms.1
With great fanfare, the Department of Justice (DOJ) Fraud Section unveiled its one-year pilot program (the “Pilot Program”) on April 5, 2016, to promote greater accountability for individuals and companies that run afoul of the FCPA by motivating them to: 1) voluntarily self-disclose FCPA-related misconduct, 2) fully cooperate with any Fraud Section investigations, and 3) remediate flaws in their controls and compliance programs.2 Companies that satisfy these three conditions may receive a credit of up to a 50% reduction off the bottom end of the U.S. sentencing guidelines fine range and eliminate the need for a corporate monitor if a company has implemented a compliance program that is deemed to be effective at the time of resolution.3
In light of the aforementioned developments and the fact that the DOJ and SEC have collected billions of dollars since the inception of the FCPA, the Pilot Program presents a compelling opportunity for companies that may potentially face FCPA issues to save significant money on fines and curtail business disruption. But what exactly do companies that run afoul of the law need to do to comply with the Pilot Program requirements in order to receive a financial credit? What lessons can be learned by reflecting on recent cases that have been resolved under the Pilot Program? And what is the likely future of FCPA enforcement under the Trump administration?
First Pilot Program Requirement: Voluntary Self-Disclosure
The voluntary self-disclosure requirement is fact-specific; does not include any disclosure that a company is required to make by law, agreement, or contract; and must occur prior to an imminent threat of disclosure or government investigation.4 In order to fulfill this requirement, the company must disclose its questionable conduct to the DOJ within a reasonable amount of time after becoming aware of the offense,5 and the burden is on the company to demonstrate its timeliness.6 The company must also disclose all relevant facts known to it, including all relevant facts about individuals involved in any FCPA violation.7
Second Pilot Program Requirement: Full Cooperation With the Investigation
While the Pilot Program makes clear that it “does not expect a small company to conduct as expansive an investigation in as short a period of time as [would] a Fortune 100 company,” a company must fulfill the following items in order to be deemed to have fully cooperated with the investigation:
- Timely disclosure of all facts relevant to the wrongdoing at issue, including all facts related to involvement in the criminal activity by the corporation’s officers, employees, or agents
- Proactive (rather than “reactive”) cooperation, which means a company must include relevant facts even when not specifically asked to do so, and must identify opportunities for the government to obtain relevant evidence not in the company’s possession and not otherwise known to the government
- Preservation, collection, and disclosure of relevant documents and information
- Provision of timely updates on a company’s internal investigation, including but not limited to rolling disclosures of information
- Where requested, de-confliction of an internal investigation with the government investigation
- Provision of all facts relevant to potential criminal conduct by all third-party companies (including their officers and/or employees) and third-party individuals
- Upon request, making current and former company officers and employees who possess relevant information available for governmental interviews regardless of location, subject to the individuals’ Fifth Amendment rights
- Disclosure of all relevant facts gathered during a company’s independent investigation, including attribution of facts to specific sources where such attribution does not violate the attorney-client privilege, rather than a general narrative of the facts
- Disclosure of overseas documents, the location in which such documents were found, and who found the documents (except where such disclosure is impossible due to foreign law, including but not limited to foreign data privacy laws)
- Unless legally prohibited, facilitation of the third-party production of documents and witnesses from foreign jurisdictions
- Where requested and appropriate, provision of translations of relevant documents in foreign languages8
These cooperation requirements are not news to FCPA counsel. Indeed, Leslie Caldwell, assistant attorney general for the Justice Department’s Criminal Division, emphasized in her November 2014 remarks to the American Conference Institute’s 31st International Conference on the FCPA that, while “we do not expect you to boil the ocean in conducting your investigation,” the DOJ expects companies “to conduct a thorough, appropriately tailored investigation of the misconduct.”9 Caldwell emphasized that such investigation and disclosure include “providing relevant documents in a timely fashion, even if those documents are located overseas.”10
Third Pilot Program Requirement: Remediation
In order to fulfill the remediation requirement, a company will generally be required to implement an effective compliance and ethics program that will include information regarding:
- Whether the company has established a culture of compliance, including an awareness among employees that any criminal conduct, including the conduct underlying the investigation, will not be tolerated
- Whether the company dedicates sufficient resources to the compliance function, including the quality and experience of the compliance personnel and independence of the compliance function
- Whether the company’s compliance program has performed an effective risk assessment and tailored the compliance program based on that assessment
- How a company’s compliance personnel are compensated and promoted compared with other employees
- The auditing of the compliance program to assure its effectiveness
- The reporting structure of compliance personnel within the company11
Other elements of an effective compliance program must include:
- Appropriate discipline of employees, including those identified by the corporation as responsible for the misconduct, as well as a system that provides for the possibility of disciplining others with oversight of the responsible individuals and considers how compensation is affected by both disciplinary infractions and failure to supervise adequately
- Any additional steps that demonstrate recognition of the seriousness of the corporation’s misconduct, acceptance of responsibility for it, and implementation of measures to reduce the risk of repetition of such misconduct, including measures to identify further risk12
The DOJ concedes that “remediation can be difficult to ascertain and highly case specific,” which may make it challenging for a company to ascertain whether its remediation efforts are sufficient to qualify for credit under the Pilot Program.13 What’s more, specialized legal and forensic accounting knowledge may be required to assess potential risks, and to identify and implement appropriate remediation steps.
While recent declinations issued by the DOJ under the Pilot Program have provided virtually no details regarding what steps companies took to satisfy the remediation requirement,14 a nonprosecution agreement (NPA) between the DOJ and BK Medical ApS that was issued after the implementation of the Pilot Program may provide companies with some insight into what the DOJ might be looking for regarding compliance plans and remediation. Additionally, for companies subject to the FCPA but not currently under investigation, the BK Medical NPA provides guidance for the structure of a compliance program that may lead to early detection of violations and facilitate self-disclosure, the first requirement of the Pilot Program.
In the BK Medical NPA, the company admitted to, among other things, a scheme in which artificially inflated and fictitious invoices were created for the sales of medical equipment to distributors, which were then sold to hospitals or other medical facilities in “Russia that were instrumentalities of the Russian government.”15 The distributors would remit payment on the fictitious invoices and then direct BK Medical to pay the excess funds to a third-party recipient.16 At least some of these payments by BK Medical to third parties were to doctors employed by Russian state-owned entities.17
Attachment B of the BK Medical NPA, the Corporate Compliance Program (the “Compliance Program”), is a seven-page document that describes the company’s efforts to “address any deficiencies in its internal controls, compliance codes, policies, and procedures regarding compliance…”18 The Compliance Program is divided into 10 main topics, which are briefly summarized below.
The 10 Main Topics of BK Medical’s Compliance Program
1. High Level of Commitment
How BK Medical is setting the “tone at the top” for a culture of compliance.
2. Policies and Procedures
The efforts that BK Medical will undertake to “develop and promulgate compliance policies and procedures designed to reduce the prospect of violations of the anticorruption laws and the company’s compliance code…” It then identifies individuals to whom the policies and procedures will apply as well as the classes of transactions the policies will address. It also provides for the maintenance of “financial and accounting procedures, including a system of internal controls, reasonably designed to ensure the maintenance of fair and accurate books, records, and accounts.”
3. Periodic Risk-Based Reviews
BK Medical agrees to perform periodic risk assessments, with a focus on foreign bribery risk. It promises that it will review its anticorruption compliance policies and procedures no less frequently than annually to ensure its continued effectiveness.
4. Proper Oversight and Independence
Senior corporate executives will be responsible for the implementation and oversight of the anticorruption policies and procedures, and will have the authority and responsibility to report to independent monitoring bodies, such as internal auditors and the company’s board of directors.
5. Training and Guidance
BK Medical will effectively communicate anticorruption compliance policies and procedures to employees, agents, and business partners or other individuals who pose a corruption risk. This initiative will include training and compliance certifications. BK Medical will also provide on-demand guidance as necessary.
6. Internal Reporting and Investigation
BK Medical will establish a system for the reporting, confidentially if possible, of potential violations of the anticorruption laws and policies. The company will also establish a reliable process for responding to, investigating, and documenting these reports.
7. Enforcement and Discipline
BK Medical will implement new disciplinary procedures to address violations of anticorruption laws and policies. Importantly, the indicated discipline is promised to be applied consistently and fairly, regardless of position. Additionally, BK Medical establishes under this topic that it will take reasonable steps to remedy harm from the misconduct as well as to prevent further similar misconduct.
8. Third-Party Relationships
BK Medical will adopt risk-based due diligence and compliance requirements relating to the retention and oversight of its agents and business partners. Specific steps, such as the inclusion of standard language in agreements and contracts, are further discussed.
9. Mergers and Acquisitions
BK Medical will implement procedures to conduct riskbased due diligence on potential new business acquisitions, including appropriate FCPA and anticorruption due diligence. Moreover, its policies and procedures will be implemented at an acquired company as quickly as is practicable.
10. Monitoring and Testing
BK Medical will conduct periodic reviews of its anticorruption policies and procedures in order to evaluate and improve their overall effectiveness.
BK Medical’s Compliance Program also includes reporting requirements to the DOJ “regarding remediation and implementation of the compliance program and internal controls, policies, and procedures…”19
Future of FCPA Enforcement Under the Trump Administration
In the wake of President Trump’s election, FCPA experts and commentators have mixed views regarding the likelihood of continued robust FCPA enforcement – and by extension the future of the Pilot Program. Commentators who maintain that FCPA enforcement is likely to decrease under the Trump administration cite the fact that Jay Clayton, President Trump’s pick to head the SEC, chaired a New York City Bar Association that concluded in 2011 that “the current anti-bribery regime…is causing lasting harm to the competitiveness of U.S. regulated companies and the U.S. capital markets.”20 These commentators also point to President Trump’s remarks in a 2012 CNBC interview that the FCPA is a “horrible law” that “should be changed.”21
Conversely, both the National Law Review and The New York Times recently maintained in separate articles that, notwithstanding the remarks President Trump or members of his administration made prior to assuming governmental roles, it is doubtful that President Trump will want to be seen as being soft on corruption in light of his rhetoric on the campaign trail.22 And “given that corruption can be a ‘root cause’ of terrorist activity, the FCPA has become a key component in the internal fight against terrorism” – a key priority of President Trump’s administration.23
A Prudent Strategy
The Pilot Program underscores the need for counsel and accounting professionals who are experienced with the FCPA to conduct a timely and thorough internal investigation and work with a company, if appropriate, to self-disclose and implement robust remediation measures. While FCPA enforcement could decrease in the coming years of the Trump administration, the prudent strategy is to abide by the overarching policies of the Pilot Program and adopt or maintain robust FCPA compliance programs. Abandoning these efforts could result in the unwelcome possibility of paying millions of dollars in government penalties and legal and accounting fees, as well as reputational damage, business disruption, and the possibility of a dealing with a corporate monitor.
Also contributing to this article:
Jennifer Dowdell Armstrong, Esq.
Member – Government Compliance, Investigations, and White Collar Criminal Defense
McDonald Hopkins, LLC
- SEC Press Release, “SEC Charges Smith & Wesson With FCPA Violations,” July 28, 2014.
- DOJ Fraud Section’s FCPA Enforcement Plan and Guidance (“Pilot Program”), April 5, 2016.
- Assistant Attorney General Leslie R. Caldwell speaks at American Conference Institute’s 31st International Conference on the FCPA, November 19, 2014.
- See Pilot Program, supra.
- See, e.g., DOJ declination letter to Akamai Technologies fromDaniel Kahn, deputy chief, June 6, 2016. (“Consistent with the FCPA Pilot Program, we have reached this conclusion…based on a number of factors, including but not limited to…the steps that the Company has taken to enhance its compliance program and its internal accounting controls, the Company’s full remediation…”)
- Non-prosecution agreement, RE: BK Medical ApS, Andrew Weissmann, chief, Fraud Section, Criminal Division, U.S. Department of Justice, June 21, 2016.
- Samuel Rubenfeld, “Some Experts Predict FCPA Enforcement Drop Under Trump,” Risk and Compliance Journal, Wall Street Journal, November 11, 2016.
- Brian F. Saulnier and Nicole A. Stockey, “FCPA Enforcement Under Trump: Don’t Call Off the Calvary Just Yet,” National Law Journal, January 6, 2017; Peter J. Henning, “How Trump’s Presidency Will Change the Justice Dept. and the SEC,” White Collar Watch, The New York Times, November 9, 2016.
- See supra, Saulnier and Stockey at n. 27.