I conclude my three-part series based upon my podcast interview of noted white-collar defense lawyer and Foreign Corrupt Practices Act (FCPA) practitioner Mara Senn, a partner at Arnold & Porter LLP. In Part I, I considered Senn’s thoughts on conducting internal investigations. In Part II, I looked at Senn’s decision-making calculus around the decision to self-disclose if you have determined that a potential FCPA violation existed. Today, I consider her thoughts on what steps a company should take if it comes to the decision not to self-report a potential FCPA violation. These include the remediation of potential or actual conduct that might arguably violate the FCPA and the actions you should take on an ongoing basis.
One of the things Senn made clear is that whether you decide to self-disclose or not, your company must fully remediate the issue which led to that. She suggested that a company should act as if they will draw government scrutiny. She said, “the best way to go about it is to assume, act as if, the government is breathing down their necks on this very issue and fully remediate. The nice thing is they can decide what that means, fully remediate.”
I inquired as to whether that meant a systemic look at the company’s operations on a global, worldwide basis, particularly in view of Assistant Attorney General Leslie Caldwell’s recent admonition not to ‘boil the ocean’ in the context of your FCPA internal investigation. Senn replied, “It used to be that in the government’s view, fully remediating meant go to 10 different countries, even if there’s no suspicion of any activity going on, just to make sure that everything’s okay. They’re now backing away from that, and in fact, they’re saying that the private sector is the one who started that whole trend, which is not quite consistent with history.”
Recognizing that there is always a risk that the government will come knocking, either via a whistleblower or other mechanism, Senn replied, “you want to be squeaky clean, so that when the government comes to you, if in the future, like a year down the line, you have another problem or the government has a whistleblower or whatever, that you can say, look, in our opinion, we did an analysis, and we thought it was not necessary to self-disclose. On the other hand, we were horrified and very upset by the fact that this potential infraction happened on our watch, and we’ve done the following 5 things, and we’ve remediated.”
She went on to explain, “What you want to do is show to the government, “We understand the problems that caused this, and we got to the root of it. Either it’s a bad apple, and we got rid of that bad apple, or it was really a failure of compliance structures, and we’ve fixed that part of the compliance structures. In fact, we’ve added more, just to double check and make sure that in this particular area or similar areas, depending on what it is, we will detect, prevent, and if we detect something, we will remediate.” They, the government, can feel comfortable that you did what they would have asked you to do anyways. That doesn’t always have to be onerous, sometimes it is depending on the scope of the issue, but that’s what I would say about that.”
Senn listed several actions that a company could engage in to demonstrate that it had taken solid remediation steps. Obviously, a company can “bulk up its compliance program.” But she added that it is important that a company demonstrate action taken against the nefarious party or parties. A company can discipline up to and including discharge. But do not forget lesser forms of discipline including docking pay or suspension without pay or other steps short of termination. I would add that you should consider the FCPA Guidance on this final point where it notes, “A compliance program should apply from the board room to the supply room—no one should be beyond its reach. DOJ and SEC will thus consider whether, when enforcing a compliance program, a company has appropriate and clear disciplinary procedures, whether those procedures are applied reliably and promptly, and whether they are commensurate with the violation.” [emphasis supplied]
Yet more than simply remediating an issue or even violation, Senn believes that a company should work to stay on top of its program thereafter. Certainly if you agree to a Deferred Prosecution Agreement (DPA) or Non-Prosecution Agreement (NPA), your company will either have an external monitor or reporting obligation to the Department of Justice (DOJ) going forward.
I asked her about ongoing monitoring of your compliance program; both the enhancements you might put in place to remedy generally and the specific issues that caused the problem initially. Senn agreed that is an important step going forward, she stated, “Absolutely, but I think that the monitoring requirement has now essentially expanded to the whole program. The government really expects you now to be having ongoing improvement and ongoing monitoring, so it’s not like you put in a policy 3 years ago and don’t do anything and then assume it’s okay. I think maybe you would put in a special extra audit or something like that on that particular situation, but really you should have in your compliance program an overall monitoring function that allows you to do that for all of your programs to various levels and various degrees. Yes, I think so, but it may not be as intensive as your typical external monitor, because you’re going to be integrating that into a program that’s really more holistic than just checking on that one thing. You’re going to be checking on a system-wide basis.”
Clearly this position was articulated in the FCPA Guidance as Hallmark Nine of an Effective Compliance Program. The Guidance states, “An organization should take the time to review and test its controls, and it should think critically about its potential weaknesses and risk areas.” The Guidance ended this Hallmark by stating, “Although the nature and the frequency of proactive evaluations may vary depending on the size and complexity of an organization, the idea behind such efforts is the same: continuous improvement and sustainability.”
To listen to the full Mara Senn interview, go to the FCPA Compliance and Ethics Report, by clicking here, or download it from iTunes.