In December, the U.S. Foreign Corrupt Practices Act (FCPA) turned 40. Just prior to its birthday, Deputy Attorney General Rod Rosenstein announced a new Corporate Enforcement Policy that provides greater clarity regarding the risk of corporate prosecution for FCPA violations.
The policy’s goal is to provide stronger incentives for businesses to identify and report suspected violations by individuals. In exchange for offering up corrupt employees and taking other actions that will facilitate the government’s investigation, businesses can potentially obtain a declination of criminal prosecution.
As Rosenstein noted, “Law enforcement agencies prosecute criminal wrongdoing only after it occurs. Those prosecutions achieve deterrence indirectly. But a company with a robust compliance program can prevent corruption and reduce the need for enforcement.”1
A company must satisfy three criteria to potentially qualify for a presumption of declination of prosecution.2
First, a business must voluntarily self-disclose “all relevant facts known to it, including...about all individuals involved in the violation of the law.” Such disclosure must occur “prior to an imminent threat of disclosure or government investigation.”
Second, a company must make a timely disclosure of all relevant facts gathered in an independent internal investigation, including those relating to criminal activity by the company’s officers, employees or agents. It must disclose relevant facts voluntarily, not only in response to requests by the Department of Justice (DOJ).
Third, companies must take several remedial actions. These include conducting a root cause analysis of wrongdoing, conducting thorough remediation, and implementing an “effective ethics and compliance program,” which requires companies to conduct a corruption risk-assessment process and tailor their compliance programs to the key risks identified.
The policy also includes several “aggravating circumstances” exceptions that are potentially broad, including criminal activity by executive management, “significant profit” from the misconduct, pervasiveness of the misconduct and “criminal recidivism.”
The new policy reinforces one of the most important indicators of an effective compliance program—namely, a company’s willingness to undertake a tailored and thorough corruption risk assessment process and implement and maintain a compliance program that is appropriately designed to address its principal risks.
And as ever, the flip side of increased leniency for companies that “do the right thing” (in Rosenstein’s words) is likely to be more severe sanctions for those that don’t.
In sum, the DOJ has provided the carrot to encourage businesses to step up their compliance efforts and cooperation relating to the FCPA, and we likely will begin to see the length and shape of the stick over the coming year. The new policy should ensure that the FCPA enjoys a vigorous middle age.
2 In addition to these criteria, to qualify for a declination a company must pay all disgorgement, forfeiture or restitution resulting from the misconduct at issue.