Compliance Defense – The Movie

by Thomas Fox

OscarsIn honor of The Movie Channel’s annual 28 days of Oscar, the upcoming Academy Awards and inspired by Jay Rosen’s prior career and the FCPA Professors hypothetical discussion between a Chief Compliance Officer (CCO) and his Chief Executive Officer (CEO) last week, in a post entitled “It’s More Like Bronze Dust”; I thought I might write about Compliance Defense- The Movie. So starting with the Professor’s fictional Scenario B

Compliance Officer: Boss, I need more money and resources to devote to FCPA compliance.

Executive: Why?

Compliance Officer: Well, boss, an effective FCPA compliance program can reduce our legal exposure as a matter of law.

Executive: What do you mean?

Compliance Officer: Well, the money we spend on investing in FCPA best practices will be relevant as a matter of law.  In other words, if we make good faith efforts to comply with the FCPA when doing business in the international marketplace, we will not face any legal exposure when a non-executive employee or agent acts contrary to our compliance policies and/or circumvents our policies.




In the heart of the energy capital of the world, in a darkened office, CEO reads a letter from the US Department of Justice (DOJ), which informs him that his company is under investigation for payments to third parties that may have violated the Foreign Corrupt Practices Act (FCPA).


(screaming) Ms. Pepper – what is this letter about?

MS. PEPPER – the long time admin for the CEO comes hurriedly comes into CEO’s massive office.


It is a letter from the DOJ saying we’re under investigation for allegedly paying some bribes.


Well get me that Compliance Officer, what’s his name?


Don’t you remember you let him go 3 months ago, after he installed that compliance program software you saw advertised at Office Depot?


Well then take a letter to the DOJ and tell them that we have a compliance program and that should be an absolute defense to any claims against us. They obviously don’t know how seriously we take compliance around here.


I am not sure that is enough sir, I think that the program has to be effective.


What do you mean effective? After the CCO installed the compliance program on our computer server, everyone knew they had to follow it. The people who work here follow the law and I won the “Mr. Ethical Award” from the Chamber of Commerce last year. Everyone around here knows to follow the law.


Sir, I think that the CCO said that it is more than having a compliance program in place; you actually have to do compliance. He might even have said you need to put some resources into it to show you were serious.


I spent $5,000 on that software program, which is pretty serious. Do you mean to say I have to do something else?


Yes sir, I think that he said that not only does the program have to be effective, you have to be able to show it is effective.


Well that is about the stupidest thing I have ever heard, how are we supposed to compete if we can’t help out our friends so they stay our friends? And besides if any bribes were paid it’s because those greedy foreigners have their hands out. Surely we can’t be responsible for that?

The above dialogue is (hopefully) fictional. Unfortunately it may well be more close to the truth than we like to think. Those who have worked in the corporate world will know any costs which are indirect costs, such as compliance, are viewed as something to be avoided. This means spending money and providing personnel for compliance will be kept to the barest minimum. This is the major problem I see with thinking that a compliance defense is or should be a magic bullet for any corporation to use in a FCPA matter. Every compliance professional I have spoken with on this subject understands that your company will receive a free pass by having a written compliance program, then many companies will install such a paper program. For it is not having a program that is the critical factor but it is the doing of compliance, which makes a program effective.

Equally important is that for a compliance program to be effective, it has to evolve because both the sophistication of compliance and the risks in business evolve. Ten years ago, having a paper program was in the running to make your company an industry leader. Today, having only a paper program is a recipe for disaster. Just as risks evolve, so does the management of those risks. Continuous monitoring was not even considered 10 years ago. It has gone from an enhanced compliance solution, to a best practice, to a standard practice. Five years ago, most lawyers thought that distributors would not be subject to the FCPA because in a distributor sales model, they took title and risk of loss for the products they purchased. But it turns out that bribery and corruption can occur through a distributor sales model, just as it can through a sales agent model.

The clear model for all of this is the dramatic change that companies made in how they viewed safety on the job. Many point to the Exxon Valdez shipwreck as the seminal moment to see the shift in how safety was viewed by corporate America. Certainly after this event, Exxon made safety priority Number 1 in its corporate culture. As a trial lawyer defending corporations, I saw the shift to make safety ingrained into corporate culture in the energy industry, driven in large part by massive jury awards and high insurance premiums paid by corporations to cover those costs. The business solution was not only to put safety programs in place but also to run the business safely. This was drilled down even to those of us in corporate legal departments, not just the guys out on the drilling rigs or in the petrochemical plants.

In the corporate world there existed no magic bullet in the form of safety programs as an absolute defense to a company that violated its own or federal safety laws. Companies invested more money in safety because the costs of not doing so were greater. Under the FCPA, there currently is credit given for companies who have an effective compliance program. It is set out in the US Federal Sentencing Guidelines and discussed at some length in the FCPA Guidance. Such credit is given in the form of declinations to prosecute. While I wish that there was more public information made available on why the DOJ gives declinations, this lack of public information does not diminish the fact that they exist or that companies are clearly given credit for having an effective compliance program in place or simply doing compliance.

I began this post with a (hopefully) fictional dialogue. One thing I am not certain about though is what category it should sit in, comedy; drama or perhaps even tragedy. Enjoy the Oscar season.

Although I do disagree with the FCPA Professor on the need for a compliance defense under the FCPA, one thing I do agree with him about is his creation of a best in class compliance training video, which he announced Monday. I have had the opportunity to view the full version and it is excellent recap of the FCPA and the obligations under the law. It has an interactive aspect that allows learning and practice with situations that is both instructive and enjoyable. As you would expect from the FCPA Professor, it has the text to drive greater understanding for those who might wish to do so. So if your company needs a first-rate FCPA training module, you should check this one out. You can do so by clicking here.


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Thomas Fox, Compliance Evangelist | Attorney Advertising

Written by:

Thomas Fox

Compliance Evangelist on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at:

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.