In honor of The Movie Channel’s annual 28 days of Oscar, the upcoming Academy Awards and inspired by Jay Rosen’s prior career and the FCPA Professor’s hypothetical discussion between a Chief Compliance Officer (CCO) and his Chief Executive Officer (CEO) last week, in a post entitled “It’s More Like Bronze Dust”; I thought I might write about Compliance Defense- The Movie. So starting with the Professor’s fictional Scenario B…
Compliance Officer: Boss, I need more money and resources to devote to FCPA compliance.
Compliance Officer: Well, boss, an effective FCPA compliance program can reduce our legal exposure as a matter of law.
Executive: What do you mean?
Compliance Officer: Well, the money we spend on investing in FCPA best practices will be relevant as a matter of law. In other words, if we make good faith efforts to comply with the FCPA when doing business in the international marketplace, we will not face any legal exposure when a non-executive employee or agent acts contrary to our compliance policies and/or circumvents our policies.
SIX MONTHS LATER…
INTERIOR-OFFICE OF EXECUTIVE
In the heart of the energy capital of the world, in a darkened office, CEO reads a letter from the US Department of Justice (DOJ), which informs him that his company is under investigation for payments to third parties that may have violated the Foreign Corrupt Practices Act (FCPA).
(screaming) Ms. Pepper – what is this letter about?
MS. PEPPER – the long time admin for the CEO comes hurriedly comes into CEO’s massive office.
It is a letter from the DOJ saying we’re under investigation for allegedly paying some bribes.
Well get me that Compliance Officer, what’s his name?
Don’t you remember you let him go 3 months ago, after he installed that compliance program software you saw advertised at Office Depot?
Well then take a letter to the DOJ and tell them that we have a compliance program and that should be an absolute defense to any claims against us. They obviously don’t know how seriously we take compliance around here.
I am not sure that is enough sir, I think that the program has to be effective.
What do you mean effective? After the CCO installed the compliance program on our computer server, everyone knew they had to follow it. The people who work here follow the law and I won the “Mr. Ethical Award” from the Chamber of Commerce last year. Everyone around here knows to follow the law.
Sir, I think that the CCO said that it is more than having a compliance program in place; you actually have to do compliance. He might even have said you need to put some resources into it to show you were serious.
I spent $5,000 on that software program, which is pretty serious. Do you mean to say I have to do something else?
Yes sir, I think that he said that not only does the program have to be effective, you have to be able to show it is effective.
Well that is about the stupidest thing I have ever heard, how are we supposed to compete if we can’t help out our friends so they stay our friends? And besides if any bribes were paid it’s because those greedy foreigners have their hands out. Surely we can’t be responsible for that?
The above dialogue is (hopefully) fictional. Unfortunately it may well be more close to the truth than we like to think. Those who have worked in the corporate world will know any costs which are indirect costs, such as compliance, are viewed as something to be avoided. This means spending money and providing personnel for compliance will be kept to the barest minimum. This is the major problem I see with thinking that a compliance defense is or should be a magic bullet for any corporation to use in a FCPA matter. Every compliance professional I have spoken with on this subject understands that your company will receive a free pass by having a written compliance program, then many companies will install such a paper program. For it is not having a program that is the critical factor but it is the doing of compliance, which makes a program effective.
Equally important is that for a compliance program to be effective, it has to evolve because both the sophistication of compliance and the risks in business evolve. Ten years ago, having a paper program was in the running to make your company an industry leader. Today, having only a paper program is a recipe for disaster. Just as risks evolve, so does the management of those risks. Continuous monitoring was not even considered 10 years ago. It has gone from an enhanced compliance solution, to a best practice, to a standard practice. Five years ago, most lawyers thought that distributors would not be subject to the FCPA because in a distributor sales model, they took title and risk of loss for the products they purchased. But it turns out that bribery and corruption can occur through a distributor sales model, just as it can through a sales agent model.
The clear model for all of this is the dramatic change that companies made in how they viewed safety on the job. Many point to the Exxon Valdez shipwreck as the seminal moment to see the shift in how safety was viewed by corporate America. Certainly after this event, Exxon made safety priority Number 1 in its corporate culture. As a trial lawyer defending corporations, I saw the shift to make safety ingrained into corporate culture in the energy industry, driven in large part by massive jury awards and high insurance premiums paid by corporations to cover those costs. The business solution was not only to put safety programs in place but also to run the business safely. This was drilled down even to those of us in corporate legal departments, not just the guys out on the drilling rigs or in the petrochemical plants.
In the corporate world there existed no magic bullet in the form of safety programs as an absolute defense to a company that violated its own or federal safety laws. Companies invested more money in safety because the costs of not doing so were greater. Under the FCPA, there currently is credit given for companies who have an effective compliance program. It is set out in the US Federal Sentencing Guidelines and discussed at some length in the FCPA Guidance. Such credit is given in the form of declinations to prosecute. While I wish that there was more public information made available on why the DOJ gives declinations, this lack of public information does not diminish the fact that they exist or that companies are clearly given credit for having an effective compliance program in place or simply doing compliance.
I began this post with a (hopefully) fictional dialogue. One thing I am not certain about though is what category it should sit in, comedy; drama or perhaps even tragedy. Enjoy the Oscar season.
Although I do disagree with the FCPA Professor on the need for a compliance defense under the FCPA, one thing I do agree with him about is his creation of a best in class compliance training video, which he announced Monday. I have had the opportunity to view the full version and it is excellent recap of the FCPA and the obligations under the law. It has an interactive aspect that allows learning and practice with situations that is both instructive and enjoyable. As you would expect from the FCPA Professor, it has the text to drive greater understanding for those who might wish to do so. So if your company needs a first-rate FCPA training module, you should check this one out. You can do so by clicking here.