Out in Force in 2016: FCPA and DOJ Preparing for Action

March 17, 2016

5273Despite a slowdown in Foreign Corrupt Practices Act (FCPA) enforcement in 2015, 2016 is shaping up to be a particularly active year.

The FCPA proscribes the bribing of foreign government officials to obtain or retain business, and applies to U.S. citizens and companies along with foreign entities that have a class of securities registered under the Securities and Exchange Act of 1934, or are otherwise required to file reports thereunder.

2015 was notable for the sharp decrease observed in the number of FCPA cases resolved by the U.S. Department of Justice (DOJ) (which is jointly responsible for enforcing the FCPA along with the Securities and Exchange Commission (SEC)).  This slowdown was attributable to both a decline in corporate self-reporting as well as a “strategic shift away” from investigating smaller cases to probing more complex cases and prosecuting individuals.

But, as mentioned earlier, 2016 is going to be different.

How do we know?  First of all, the DOJ and SEC have both stated as much, with the DOJ announcing that it will “add 10 new prosecutors to the Fraud Section’s FCPA Unit, increasing its size by 50 percent.”  In the same announcement, the DOJ stated that it also added “three new fully operational squads to the FBI’s International Corruption Unit that are focusing on FCPA … matters.”

So it appears that FCPA enforcement is truly looking at an upswing in 2016.  But what does this mean for companies?

If your company is absolutely free of any FCPA violations, then you have nothing to worry about.  Of course, virtually no entity can claim such complete influence over its own operations and employees and officers that it can say with any level of confidence that it is not currently nor will it ever experience such a violation.

As such, companies should prepare for this heightened level of enforcement.  And one area that undoubtedly needs addressing by entities is their own compliance program.  The DOJ made clear last fall that it plans on evaluating the compliance programs of companies that the agency investigates in deciding whether to bring charges.

Specifically, the DOJ, with the assistance of recently retained “full-time compliance expert” Hui Chen, will help assess a company’s compliance program to determine whether it “truly is thoughtfully designed and sufficiently resourced to address the company’s compliance risks, or essentially window dressing.”

In short, a company’s compliance program may decide whether it faces FCPA charges – but at the very least, it seems it will play strongly into the DOJ’s calculus.  Fortunately, the DOJ hasn’t been opaque in tes expectations of such programs: In May of last year, Assistant Attorney General Leslie Caldwell laid out what she viewed as “some general hallmarks of effective compliance programs.”  Naturally, this guidance would be a good starting point for any company, but there is no one-size-fits-all for compliance programs; each should specially fit the company it for which it was created.

But compliance programs are, by and large, proactive measures that hope to prevent regulatory violations.  What do you do if a violation has already occurred?

Assuming that the feds aren’t already aware, a company should strongly consider self-disclosure.  As a caveat, the DOJ claims that “ there is no requirement that a company self-disclose” and that a failure to do so, “in and of itself, does not mean that charges will be filed against a company.”

That being said, the DOJ also asserts that “a company that wishes to be eligible for the maximum mitigation credit in an FCPA case must do three things: (1) voluntarily self-disclose, (2) fully cooperate and (3) timely and appropriately remediate.”

In other words, while the DOJ claims that there is no requirement to self-disclose, only companies that do so – and prior to the start of a DOJ investigation into the conduct – will be eligible for mitigation credit.

One important point worth noting: the DOJ now considers a valid self-disclosure to contain “all relevant facts about the individuals involved in the conduct.”  In light of the DOJ’s stated “strategic shift” toward “prosecuting individuals,” it’s not difficult to understand why the agency now demands the names of those involved in the alleged misconduct.

But you’ll notice that self-disclosure is only one of three requisites to “maximum mitigation credit,” with the other two being full cooperation and timely and appropriate remediation.

Caldwell gives an example of both a company that met all three of these requirements to the department’s satisfaction and one that did not.  While there doesn’t appear to be any broadly applicable for any company to follow, it seems prudent that, upon the decision to self-disclose, that a company fully cooperate with the DOJ and take any remedial measures that may be necessary (including following any advice from the department on such measures).

Although the decision whether to self-disclose ultimately lies with the company itself, the changing FCPA regulatory landscape of 2016 – not to mention the ever increasing protections and incentives for whistleblowers – makes self-disclosing all the more attractive, even with the enhanced requirements.