Self-reporting FCPA misconduct: A one-year pilot from the DOJ

In a move designed to motivate firms to be transparent with the U.S. Department of Justice (DOJ), the Fraud Section’s Foreign Corrupt Practices Unit announced that is instituting a one-year pilot program, as of April 5, 2016, to encourage companies to self-disclose Foreign Corrupt Practices Act (FCPA) misconduct. If firms hope to benefit from this pilot program, they will need to pay close attention to the requirements of the pilot program and, in particular, the levels of cooperation that will be expected from them.

The pilot program is intended to encourage companies to come forward with potential FCPA misconduct. In 2017, DOJ will evaluate the success of the program and whether to extend or modify it. These new cooperation requirements are part of an ongoing effort to pursue FCPA cases and also to provide transparency to the enforcement process. The FCPA Unit’s new pilot program is being implemented concurrently with a renewed dedication of resources to FCPA cases: the Unit has 10 additional prosecutors (more than a 50% increase in staffing) and the FBI has established three new squads of special agents devoted to FCPA cases. Assistant Attorney General Leslie Caldwell also emphasized that the Criminal Division has been strengthening its coordination with foreign regulators, including sharing leads and making documents and witnesses available to each other. The pilot program and cooperation requirements are intended to supplement the existing sentencing guidelines for corporations and the so-called “Yates Memo” that addresses individual responsibility – corporations will be required to provide information related to senior executives, officers, and employees’ criminal misconduct to be considered for cooperation credit.

What is ‘FCPA-related’ conduct?

The FCPA criminalizes various acts of bribery of non-U.S. public officials to retain or obtain a business advantage and related accounting fraud. The FCPA may be implicated in a variety of sectors and violations can occur at any point where a company interacts with government, such as to obtain a contract, customs and duties, tax negotiations, or lobbying government. Both the DOJ and the Securities and Exchange Commission (SEC) have jurisdiction over FCPA cases.

The bottom line on penalty discounts

Successful self-reporting and cooperation of FCPA-related conduct could result in:

• Up to a 25% reduction in financial penalties if the firm cooperates, but did not self-disclose; and
• Up to a 50% reduction in financial penalties if the firm cooperates and voluntarily discloses the activity;

Not surprisingly, in establishing these maximum reductions in penalties, DOJ has not surrendered its discretion or flexibility. First of all, these reductions would be taken from the low end of the Sentencing Guideline range for the conduct at issue. Of course, determining that starting point on the Sentencing Guidelines scale is an important step before reaching the question of a reduction of penalties. Second, whether a discount is warranted and the scale of that discount remains largely within the DOJ’s discretion for each case. The discretion and unique facts of each case means that it would be impossible to reverse engineer the potential reductions in penalty to make a determination at the outset as to the precise monetary benefit of self-reporting.

New Co-operation credit requirements

Co-operation is a topic that has attracted a considerable amount of attention and comment from regulators and authorities around the world, including, for example, the UK Financial Conduct Authority and the UK Serious Fraud Office.

To determine whether a company is entitled to any credit for cooperation, DOJ has articulated some more specific factors it will consider. These are not novel concepts, but the level of specificity and formulation had not previously been articulated in this manner.

The DOJ’s analysis regarding cooperation credit will consider three (quite broad) categories of factors relating to the disclosure itself, the scope of the cooperation, and the scope of remediation efforts.

• Category 1 – Disclosure: Disclosure should be made prior to government involvement, in a reasonably prompt manner, and be fulsome;
• Category 2 – Cooperation: Cooperation should also be fulsome, which is based on such factors as whether facts relating to individuals’ criminal activity (employees, officers, and third-parties) are disclosed, witnesses are provided for interviews, documents are preserved, documents abroad are made available and translated where necessary, and timely updates are provided to the DOJ regarding the company’s internal investigation; and
• Category 3 – Remediation: Remediation should be appropriate and timely to reduce recidivism and DOJ will consider such factors as the company’s culture of compliance, the resources and compensation for compliance, the quality, experience, and independence of compliance personnel, whether an effective risk assessment has been conducted and the compliance program is tailored to that assessment, and audits of the compliance function.

Deferred Prosecution Agreements

In cases where all three categories above are satisfied, the DOJ will also consider offering deferred prosecution agreements (DPAs) to firms. A DPA is an agreement by which the DOJ agrees not to pursue criminal charges in exchange for the company agreeing to remedy issues and comply with various requirements, which often includes the payment of a penalty. DPAs may also include a requirement that an independent monitor be appointed to ensure that the company is satisfying the terms of the settlement, including making the necessary compliance changes. Monitorships can be costly as the company is required to pay the monitor and some settlements will require that the monitor issue reports on the status of compliance to the DOJ. The new guidelines state that if an appropriate compliance program is already in place, the appointment of a monitor will not be necessary.

In another interesting recent development, the DC Circuit (considered to be the second highest court in the US) upheld prosecutors’ authority to enter into flexible DPAs with limited oversight from judges. In some recent high profile cases, a judges have rejected heavily negotiated DPAs, claiming that the penalties should be stronger in light of the conduct at issue. This appellate court rejection of the idea that judges should “second-guess” prosecutors could lead to even greater flexibility from DOJ on the terms of a DPA even in significant cases.

It is also worth noting that the SEC late last year affirmatively stated that no corporation will receive a DPA unless the activity at issue was self-disclosed.

So what does this all mean and what should firms be doing?

As a general matter, in light of the broader programmatic changes and demonstrations that FCPA enforce is only likely to increase, firms should thing strategically about their FCPA risk and identify compliance program gaps. DOJ’s guidance specifically references conducting risk assessments to identify the company’s FCPA high-risk areas and tailoring the compliance program to the risk assessment. Doing so will not only assist in preventing FCPA-related conduct from occurring, but a strong compliance program will be a mitigating factor, as discussed above in Category 3 – Remediation. Given that the DOJ will evaluate the company’s culture of compliance, the dedication of resources to the compliance function, and the relative role of compliance in terms of the overall structure of the company, a broader look at the compliance function – not limited to FCPA compliance – is important.

Specifically with respect to the pilot program, firms should evaluate whether making a filing is a beneficial decision. Absent further action, firms will have until April 5, 2017 to file the application -- all matters disclosed during the pilot program period will be eligible for newly articulated cooperation credit requirements.

Due to these FCPA developments, companies with potential FCPA liability should consider:

• whether to conduct a risk assessment and whether the compliance program should be adjusted to respond to the identified risks;
• whether any high-risk areas should be subject to further internal review or investigation; and
• whether any conduct has been identified in a particular region or business line that is a candidate for self-disclosure.