Cracking the FCPA Code: Interpreting Recent DOJ and SEC Enforcement and Messaging

Without a doubt, the number-one message that continues to be delivered by the DOJ and Securities and Exchange Commission (SEC) ' both in speaking appearances and in enforcement matters ' is the importance of a high-functioning corporate compliance program. No longer the academic afterthought of FCPA enforcement to be pondered merely by FCPA scholars, the government's emphasis on the internal accounting controls provisions is now a primary driver in the size and nature of enforcement actions. As Deputy Chief Stokes recently stated, “If you look at our largest resolutions, I think one very clear pattern that can be drawn from them is the big resolutions very closely correlate with very poor internal controls and weak compliance.”

This development is not entirely unanticipated as, following its watershed expansion of the internal accounting controls requirements in 2012's Oracle enforcement matter, the SEC has continued to stake out its position that essentially defines the internal accounting controls requirements as coextensive with the elements of an effective compliance program as defined in the federal sentencing guidelines and the DOJ's and SEC's 2012, A Resource Guide to the U.S. Foreign Corrupt Practices Act ' a position with little support in the legislative history of the FCPA. While the DOJ has ' appropriately, in these authors' opinions ' continued to exercise its discretion in passing on several of these expansive enforcement matters, the vitality and strength of a company's corporate compliance program remains just as important to the DOJ in its charging decisions. Underscoring this importance, the DOJ is in the final stages of hiring for a new position in the Fraud Section: a dedicated compliance program expert.

Putting aside the debate over what compliance elements the FCPA actually requires, the internal accounting controls provisions are plainly viewed by both the DOJ and SEC as providing a window into a company's culture and its priorities, and they are critical not only to the DOJ's and SEC's positions on the necessity of imposing a compliance monitor or consultant, but also to answering the query of whether charges will be brought in the first place, as seen most prominently in the public declination provided to financial services provider Morgan Stanley in April 2012. It is also somewhat encouraging that the government seems to recognize and appreciate that no compliance program is failsafe; even good companies with robust compliance programs will have to deal with violations, and many times those violations merit internal remediation, rather than external enforcement action.

Consequently, in this vigorous, but pragmatic, enforcement environment, companies must now ensure that their compliance programs are battle-tested. Demonstrating efficacy to the DOJ and the SEC requires a truly tailored risk assessment, with corresponding systems and processes that are not only effective, but capable of generating metrics and statistics indicating complete control over the financial activities of the company.

A Voluntary Disclosure Renaissance?

In the early- and mid-2000s, amidst the boom in FCPA enforcement, companies routinely rushed into the DOJ and SEC as volunteers when faced with an FCPA issue. Doing so was thought to provide valuable voluntary disclosure credit and a corresponding reduction in financial exposure. Over time, however, it became increasingly harder for FCPA practitioners and commentators to quantify the benefits of this practice, as investigative costs soared and the combined penalties for disclosed matters skyrocketed. In addition, as other jurisdictions (such as the United Kingdom) have increased their enforcement activities, companies, including those that volunteered, face the very real risk of multiple prosecutions and corresponding financial penalties.

When new tools were provided to both the DOJ and SEC (including the formation of a specialized FCPA unit at the SEC, allocation of dedicated agents at the FBI, and the passage of Dodd-Frank in 2010 ' bringing with it the creation of the SEC's Office of the Whistleblower ' the government began publicly downplaying the need for voluntary disclosure as a tool for FCPA enforcement. As noted recently by the SEC's FCPA Unit Chief, Kara Novaco Brockmeyer, roughly two-thirds of enforcement matters are now no longer based on voluntary disclosure.

However, the DOJ and SEC have been making concerted attempts to tip the calculus back in favor of this traditional force multiplier. The FCPA enforcers have gone on the offensive, emphasizing the tangible benefits of voluntary disclosure, most notably in the context of the Avon matter. For example, Deputy Chief Stokes noted this year during a speaking appearance that the beauty products company ' which faced a potential criminal penalty of $142 million for its conduct ' could have paid a penalty as low as $42 million, if it had self-reported the activity in addition to cooperating with DOJ. Without voluntary disclosure, cooperation alone ultimately resulted in a $68 million criminal penalty for Avon, a difference of $26 million.

Further, on a closely related topic, the DOJ and SEC have also attempted to provide clarity regarding what is required to receive cooperation credit once you are in the government's crosshairs, in part to allay fears that disclosed matters regularly turn into unchecked, “boil-the-ocean”-style investigations. The government has emphasized that exorbitant investigations are neither its requirement nor preference in most instances, but that cooperation must truly be provided if credit is to be gained. Commentary on the Alstom matter has served as the government's example when discussing this concept, as the French power and transmission company did not initially cooperate with the DOJ and ultimately paid $772 million in December 2014, the largest criminal fine in the history of the FCPA.

Deputy Chief Stokes has emphasized that Alstom could have saved approximately $565 million of that amount if it had voluntarily disclosed the conduct, cooperated from the outset, and remediated the identified issue. DOJ's new policy memorandum, Individual Accountability for Corporate Wrongdoing (the “Yates Memorandum”), issued on Sept. 9, has the potential to undercut this messaging, though, as several of its requirements, including that “[t]o be eligible for any cooperation credit, corporations must provide to the [DOJ] all relevant facts about the individuals involved in corporate misconduct,” and “[c]orporate cases should not be resolved without a clear plan to resolve related individual cases before the statute of limitations expires and declinations as to individuals in such cases must be memorialized,” have the potential to significantly expand the costs and length of investigations.

So what should be the new status quo regarding voluntary disclosure? Despite the DOJ's and SEC's ability to show a tangible benefit in certain instances, it is not a return to the past, where voluntary disclosure was the default position when an FCPA issue arose. Rather, companies are moving to a case-by-case analysis of the pros and cons of each contemplated disclosure ' without any preconception that disclosure is the “right” result.

The Demise of 'One-Stop Shopping'

While the DOJ's and SEC's emphasis on the tangible benefits of voluntary disclosure and cooperation may bear fruit, another message from recent enforcement actions and DOJ/SEC speaking appearances pulls in the opposite direction: DOJ and SEC are no longer able to offer “one-stop shopping.” Anti-corruption enforcement is increasingly global, FCPA matters inherently involve conduct outside the United States, and, as Deputy Chief Stokes remarked recently, there are “more and more instances of countries where we are conducting in [sic] parallel investigations of companies ' there may be multiple resolutions brought against a company by different countries.”

Examples of this new reality abound: The recent Petrobras and FIFA scandals involve a multitude of anti-corruption enforcement authorities; the anti-corruption entities at the multi-lateral development banks are reaching new levels of maturity; and the head of the SFO, David Green, has been pushing to execute the UK's first deferred prosecution agreement, a tool regularly employed in the U.S., prior to exiting office. The resulting enforcement environment is one of insecurity and unpredictability.

Companies must be prepared for this new reality ' one where the DOJ and SEC are no longer the only game in town. This greatly complicates the nature of representations and the potential exposure for corporations. Other aggressive prosecutors and regulators are on the prowl, and now, spurred on by the big numbers from FCPA enforcement, they have resources to support their appetites for enforcement. Before it begins any discussion with the DOJ and SEC, every company must assess the potential for expansion of the groups around the settlement table ' and whether those additional members will be joining the discussion concurrently or joining the fray successively ' as international double jeopardy is not a concept held in high regard (formally or informally) by prosecutors and regulators.

Conclusion

The FCPA enforcement environment is an ever-evolving and complex landscape filled with nuance, as well as numerous pitfalls. In-house and outside counsel must continue to heed the messages from enforcement matters and the enforcers alike. However, with careful thought, a course can be plotted that reduces the damage and pain from FCPA exposure.

Laurence A. Urgenson ([email protected]), Chairman of this newsletter's Board of Editors, is a partner at Mayer Brown. Matthew J. Alexander (mailto:[email protected]), an Associate Editor of this newsletter, is also with Mayer Brown. Colleen Snow ([email protected]) is a Litigation & Dispute Resolution associate. All three authors are resident in the firm's Washington, DC, office.

Notwithstanding expectations of a shift in government enforcement priorities, after more than a decade, Foreign Corrupt Practices Act (FCPA) enforcement still shows no signs of slowing down. Indeed, the last two years each welcomed two new members to the list of 10 largest corporate enforcement matters: Total and Weatherford in 2013, and Alstom and Alcoa in 2014.

Despite increased corporate focus on anti-corruption generally and the FCPA specifically, the world is slow to change. Business norms in many high-risk jurisdictions and industries around the globe remain largely unaffected by the wave of anti-corruption enforcement. Further, as seen in the unfolding Petrobras scandal in Brazil, prosecutors and regulators outside the United States are now seizing the opportunity to initiate (rather than just participate in) U.S.-style investigations and resolutions. Finally, this vigorous global enforcement environment coincides with a period of high turnover in leadership at the Department of Justice (DOJ), including a new Attorney General (Loretta Lynch), Assistant Attorney General in charge of the Criminal Division (Leslie Caldwell), Chief of the Fraud Section (Andrew Weissmann), and Deputy Chief of the Fraud Section's FCPA unit (Patrick Stokes), among others. New leaders bring new perspectives, priorities and messages, and ' given the dearth of judicial oversight in FCPA enforcement ' it is critically important to understand what these new FCPA enforcers are saying about the future of FCPA enforcement.

Corporate Compliance Programs: An Increasingly Critical Factor in Charging Decisions

Without a doubt, the number-one message that continues to be delivered by the DOJ and Securities and Exchange Commission (SEC) ' both in speaking appearances and in enforcement matters ' is the importance of a high-functioning corporate compliance program. No longer the academic afterthought of FCPA enforcement to be pondered merely by FCPA scholars, the government's emphasis on the internal accounting controls provisions is now a primary driver in the size and nature of enforcement actions. As Deputy Chief Stokes recently stated, “If you look at our largest resolutions, I think one very clear pattern that can be drawn from them is the big resolutions very closely correlate with very poor internal controls and weak compliance.”

This development is not entirely unanticipated as, following its watershed expansion of the internal accounting controls requirements in 2012's Oracle enforcement matter, the SEC has continued to stake out its position that essentially defines the internal accounting controls requirements as coextensive with the elements of an effective compliance program as defined in the federal sentencing guidelines and the DOJ's and SEC's 2012, A Resource Guide to the U.S. Foreign Corrupt Practices Act ' a position with little support in the legislative history of the FCPA. While the DOJ has ' appropriately, in these authors' opinions ' continued to exercise its discretion in passing on several of these expansive enforcement matters, the vitality and strength of a company's corporate compliance program remains just as important to the DOJ in its charging decisions. Underscoring this importance, the DOJ is in the final stages of hiring for a new position in the Fraud Section: a dedicated compliance program expert.

Putting aside the debate over what compliance elements the FCPA actually requires, the internal accounting controls provisions are plainly viewed by both the DOJ and SEC as providing a window into a company's culture and its priorities, and they are critical not only to the DOJ's and SEC's positions on the necessity of imposing a compliance monitor or consultant, but also to answering the query of whether charges will be brought in the first place, as seen most prominently in the public declination provided to financial services provider Morgan Stanley in April 2012. It is also somewhat encouraging that the government seems to recognize and appreciate that no compliance program is failsafe; even good companies with robust compliance programs will have to deal with violations, and many times those violations merit internal remediation, rather than external enforcement action.

Consequently, in this vigorous, but pragmatic, enforcement environment, companies must now ensure that their compliance programs are battle-tested. Demonstrating efficacy to the DOJ and the SEC requires a truly tailored risk assessment, with corresponding systems and processes that are not only effective, but capable of generating metrics and statistics indicating complete control over the financial activities of the company.

A Voluntary Disclosure Renaissance?

In the early- and mid-2000s, amidst the boom in FCPA enforcement, companies routinely rushed into the DOJ and SEC as volunteers when faced with an FCPA issue. Doing so was thought to provide valuable voluntary disclosure credit and a corresponding reduction in financial exposure. Over time, however, it became increasingly harder for FCPA practitioners and commentators to quantify the benefits of this practice, as investigative costs soared and the combined penalties for disclosed matters skyrocketed. In addition, as other jurisdictions (such as the United Kingdom) have increased their enforcement activities, companies, including those that volunteered, face the very real risk of multiple prosecutions and corresponding financial penalties.

When new tools were provided to both the DOJ and SEC (including the formation of a specialized FCPA unit at the SEC, allocation of dedicated agents at the FBI, and the passage of Dodd-Frank in 2010 ' bringing with it the creation of the SEC's Office of the Whistleblower ' the government began publicly downplaying the need for voluntary disclosure as a tool for FCPA enforcement. As noted recently by the SEC's FCPA Unit Chief, Kara Novaco Brockmeyer, roughly two-thirds of enforcement matters are now no longer based on voluntary disclosure.

However, the DOJ and SEC have been making concerted attempts to tip the calculus back in favor of this traditional force multiplier. The FCPA enforcers have gone on the offensive, emphasizing the tangible benefits of voluntary disclosure, most notably in the context of the Avon matter. For example, Deputy Chief Stokes noted this year during a speaking appearance that the beauty products company ' which faced a potential criminal penalty of $142 million for its conduct ' could have paid a penalty as low as $42 million, if it had self-reported the activity in addition to cooperating with DOJ. Without voluntary disclosure, cooperation alone ultimately resulted in a $68 million criminal penalty for Avon, a difference of $26 million.

Further, on a closely related topic, the DOJ and SEC have also attempted to provide clarity regarding what is required to receive cooperation credit once you are in the government's crosshairs, in part to allay fears that disclosed matters regularly turn into unchecked, “boil-the-ocean”-style investigations. The government has emphasized that exorbitant investigations are neither its requirement nor preference in most instances, but that cooperation must truly be provided if credit is to be gained. Commentary on the Alstom matter has served as the government's example when discussing this concept, as the French power and transmission company did not initially cooperate with the DOJ and ultimately paid $772 million in December 2014, the largest criminal fine in the history of the FCPA.

Deputy Chief Stokes has emphasized that Alstom could have saved approximately $565 million of that amount if it had voluntarily disclosed the conduct, cooperated from the outset, and remediated the identified issue. DOJ's new policy memorandum, Individual Accountability for Corporate Wrongdoing (the “Yates Memorandum”), issued on Sept. 9, has the potential to undercut this messaging, though, as several of its requirements, including that “[t]o be eligible for any cooperation credit, corporations must provide to the [DOJ] all relevant facts about the individuals involved in corporate misconduct,” and “[c]orporate cases should not be resolved without a clear plan to resolve related individual cases before the statute of limitations expires and declinations as to individuals in such cases must be memorialized,” have the potential to significantly expand the costs and length of investigations.

So what should be the new status quo regarding voluntary disclosure? Despite the DOJ's and SEC's ability to show a tangible benefit in certain instances, it is not a return to the past, where voluntary disclosure was the default position when an FCPA issue arose. Rather, companies are moving to a case-by-case analysis of the pros and cons of each contemplated disclosure ' without any preconception that disclosure is the “right” result.

The Demise of 'One-Stop Shopping'

While the DOJ's and SEC's emphasis on the tangible benefits of voluntary disclosure and cooperation may bear fruit, another message from recent enforcement actions and DOJ/SEC speaking appearances pulls in the opposite direction: DOJ and SEC are no longer able to offer “one-stop shopping.” Anti-corruption enforcement is increasingly global, FCPA matters inherently involve conduct outside the United States, and, as Deputy Chief Stokes remarked recently, there are “more and more instances of countries where we are conducting in [sic] parallel investigations of companies ' there may be multiple resolutions brought against a company by different countries.”

Examples of this new reality abound: The recent Petrobras and FIFA scandals involve a multitude of anti-corruption enforcement authorities; the anti-corruption entities at the multi-lateral development banks are reaching new levels of maturity; and the head of the SFO, David Green, has been pushing to execute the UK's first deferred prosecution agreement, a tool regularly employed in the U.S., prior to exiting office. The resulting enforcement environment is one of insecurity and unpredictability.

Companies must be prepared for this new reality ' one where the DOJ and SEC are no longer the only game in town. This greatly complicates the nature of representations and the potential exposure for corporations. Other aggressive prosecutors and regulators are on the prowl, and now, spurred on by the big numbers from FCPA enforcement, they have resources to support their appetites for enforcement. Before it begins any discussion with the DOJ and SEC, every company must assess the potential for expansion of the groups around the settlement table ' and whether those additional members will be joining the discussion concurrently or joining the fray successively ' as international double jeopardy is not a concept held in high regard (formally or informally) by prosecutors and regulators.

Conclusion

The FCPA enforcement environment is an ever-evolving and complex landscape filled with nuance, as well as numerous pitfalls. In-house and outside counsel must continue to heed the messages from enforcement matters and the enforcers alike. However, with careful thought, a course can be plotted that reduces the damage and pain from FCPA exposure.

Laurence A. Urgenson ([email protected]), Chairman of this newsletter's Board of Editors, is a partner at Mayer Brown. Matthew J. Alexander (mailto:[email protected]), an Associate Editor of this newsletter, is also with Mayer Brown. Colleen Snow ([email protected]) is a Litigation & Dispute Resolution associate. All three authors are resident in the firm's Washington, DC, office.