In a significant FCPA enforcement development, DOJ’s Deputy Attorney General (“DAG”) Rod Rosenstein last announced the implementation of a new FCPA Corporate Enforcement Policy. (Here). The announcement was not a surprise based on earlier statements made by DAG Rosenstein.
Before outlining the specific five takeaways, there are a few issues surrounding the release of the new policy that require some comment. DAG Rosenstein implemented the policy without typical fanfare or release of a policy memorandum, which would bear his name, the Rosenstein Memorandum. Instead, DOJ announced specific amendments to the US Attorney’s Manual that implements the new policy and governs all federal prosecutions.
Interestingly, the new policy is limited to FCPA enforcement actions and does not extend to any other corporate criminal activity, such as fraud, antitrust cartels, or tax. The justification for this limitation is the “inherent international nature” of FCPA investigations and prosecutions. Given the difficulty of international criminal investigations, the new policy is intended to provide increased incentives to corporations to voluntarily disclose, cooperate and remediate their compliance programs.
With these general observations, the five key takeaways from the new policy include:
Presumption of Declination: Companies can earn a presumption of a declination when they comply with the FCPA Enforcement Policy requirements that they voluntarily disclose potential wrongdoing, cooperate with the Justice Department’s investigation and remediate any potential deficiencies in the company’s compliance program. The new enforcement policy preserves the ability of DOJ to prosecute a company when “aggravating circumstances” are present, including (but not limited to) involvement by executive management of the company in the misconduct; a significant profit to the company from the misconduct; pervasiveness of the misconduct within the company; and criminal recidivism.
The presumption of a declination is a significant incentive for corporations to re-calculate the balance between disclosure and cooperation against non-disclosure and remediation. Even when DOJ declines to prosecute a company, DOJ stated companies would be required to pay disgorgement, forfeiture or restitution, if applicable.
Fixed 50 Percent Discount: Under the new FCPA Corporate Enforcement Policy, companies that do not qualify for a declination (presumably because of the presence of aggravating factors) can still earn a 50 percent discount from the bottom of the Sentencing Guidelines range, and will usually avoid the imposition of a corporate monitor. The key features here are two – a guarantee of a 50 percent discount and the probable avoidance of a corporate monitor. The two features outlined in Numbers 1 and 2 provide significant incentives for companies contemplating voluntary disclosure and cooperation to seek the benefits under the new program.
In the event that a company does not qualify for a voluntary disclosure but cooperates and remediates its compliance program, the company can still earn up to a 25 percent discount from the bottom of the Sentencing Guidelines range.
Root Cause Analysis: The new FCPA Corporate Enforcement Policy contains two significant additions to the remediation prong. The first relates to a root cause analysis and the second to the role of a chief compliance officer. To qualify under the remediation prong, a company must conduct a “root cause analysis,”
Demonstration of thorough analysis of causes of underlying conduct (i.e., a root cause analysis) and, where appropriate, remediation to address the root causes;
The “root cause” analysis has taken on greater significance through the years, and is an important inquiry needed to understand why financial and compliance controls were not able to detect and prevent the illegal conduct. It is a more intensive review and analysis than a risk and compliance program assessment, and is targeted to the specific facts underlying the violations.
Chief Compliance Officer Role: The Justice Department’s remediation requirement includes a modification from the FCPA Pilot Program. The original language included the factor, “The independence of the compliance function.” The new FCPA Corporate Enforcement Policy added the following italicized language:
The authority and independence of the compliance function and the availability of compliance expertise to the board;
The new language includes the addition of “authority” of the compliance function, and the reporting relationship of the compliance function to the board of directors. I am not trying to make a mountain out of a molehill but the term “authority” reinforces the overall trend of maintaining an empowered CCO in corporate governance structures. Additionally, the CCO’s access to the board and regular reporting to the board is emphasized with the new language, and reflects increasing concern over the importance of regular reporting by the CCO to the board.
Document Retention: The FCPA Corporate Enforcement Policy adds a new factor relating to document preservation requiring companies to maintain appropriate retention of business records and prohibiting the destruction or deletion of business records, including software that generates communications but does not retain business records (e.g. SnapChat). The Justice Department’s concern about document retention reflects unfortunate experiences when companies fail to retain documents or use technologies that do not retain the record of the communications.