Podcast: Risk Management: Revised FCPA Corporate Enforcement Policy
In November 2017, the U.S. Department of Justice announced a revised Foreign Corrupt Practices Act (FCPA) Enforcement Policy that provides significant incentives for corporations to voluntarily self-disclose potential FCPA violations. In this podcast, litigation & enforcement partners Mimi Yang and Ryan Rohlfsen discuss the new policy and what companies need to know about meeting DOJ standards for having an effective compliance and ethics program. The podcast covers:
- How the Revised Policy differs from the Pilot Program started under the Obama Administration
- How companies can satisfy the standards for voluntary self-disclosure, full cooperation, and timely and appropriate remediation
- Issues for companies to consider when implementing their global compliance program to remain compliant with the Revised Policy
Transcript (Chinese translation):
Mimi Yang: Hello, and welcome to our podcast series on risk mitigation and management. My name is Mimi Yang and I am a Hong Kong-based partner in Ropes & Gray's litigation and enforcement practice. Joining me today is my colleague Ryan Rohlfsen, a litigation and enforcement partner based in Chicago and Washington, D.C. Both Ryan and I focus on representing companies and individuals from around the world in matters focused on government enforcement generally and anti-corruption in particular. Ryan is actually a former U.S. federal prosecutor who served in the FCPA Criminal Enforcement Unit with the U.S. Department of Justice in Washington, D.C. Today we'll be discussing the newly revised FCPA Corporate Enforcement Policy. Ryan, can you provide a little background on this – what is the revised Policy and when did it go into effect?
Ryan Rohlfsen: Yes, absolutely. So the Revised Policy is set forth in what is called the U.S. Attorneys' Manual under the headline “FCPA Corporate Enforcement Policy.” On a high-level, it basically sets out standards for “voluntary self-disclosure,” “full cooperation,” and “timely and appropriate remediation” in order to grant credit for companies who meet these standards above that which is already established in the U.S. Attorneys' Manual (sometimes called the USAM), for companies who are faced with criminal prosecution. It was announced, actually, by the Deputy Attorney General, Rod Rosenstein, in November of 2017, and it builds upon the Pilot Program announced by the FCPA unit back in April 2016. It was really designed to try to encourage corporate self-reporting of potential FCPA violations. So what the Revised Policy really does, is it makes to some extent the Pilot Program permanent, puts it in the U.S. Attorneys' Manual, and then also developed a series of what the Department of Justice called "enhancements" over the initial Pilot Program based upon their experience with that effort. HERE
Mimi Yang: Thanks for that background, Ryan. If we compare the Pilot Program to the Revised Policy, what has changed?
Ryan Rohlfsen: Well, for one thing, really moving it to the USAM as opposed to a temporary statement on policy really made the entire Program permanent. And I think overall, though, at a high-level we saw three key what the Department called "enhancements." The first one is a presumption, a written presumption by the Department, of a declination. So the Pilot Program permitted a prosecutor in the FCPA unit to “consider the declination the prosecution” whenever the standards where “voluntary self-disclosure,” “full cooperation,” and “timely and appropriate remediation” were met. The Revised Policy states that when those standards are met, “there will be a presumption that the company will receive a declination absent “aggravating circumstances” involving the seriousness of the offense or nature of the offender.” What that does is it changes the nature of being a possibility of a declination based upon the prosecutor's discretion to a presumption in favor of declination which is meant to give more certainty, again, to companies who might self-report.
The second enhancement that was identified in the Revised Policy was making certain credit that companies would receive for self-disclosure, cooperation, and remediation built into the Policy. So what I mean by that, is the Pilot Program permitted crediting companies that met the relevant standards up to a 50% reduction off the bottom end of the U.S. Sentencing Guidelines range. When a company meets those standards but does not qualify for a declination due to “aggravating circumstances,” the Revised Policy requires crediting the company with 50% reduction. Again, this shifting you see between the initial Pilot Program and what the formal Policy is, is really a requirement on the prosecutors, again, when the terms of the Policy are met, to have such extra incentives for disclosure and cooperation with the Justice Department.
The third enhancement that we're seeing in there is really specifying standards. So what does it mean to have “timely and appropriate remediation?” So the Pilot Program really specified that to have “an effective compliance and ethics program,” you have to have something that would implement and establish “timely and appropriate remediation” at a very high-level. The Revised Policy actually gives a little more particular to that statement and more specificity. So what it says is that the DOJ will look to a few different things, for example:
- Whether the compliance function has been afforded sufficient authority and independence, and whether its expertise is available to the company's board;
- Whether supervisory employees, and others indirectly responsible for the misconduct, have been appropriately disciplined; and
- Whether the company appropriately retains business records, including by prohibiting employees from using software that generates but does not retain business records or communications.
And we can discuss that last one a little bit later in our podcast here because I think that one's fairly significant and really a new requirement that was established by the Revised Policy over the Pilot Program or frankly DOJ policy in general.
There are a few other changes that I think are important for consideration. One, in the Revised Policy, the DOJ has set forth more-specific standards on “full cooperation.” So, for example, the Pilot Program required “[p]reservation, collection, and disclosure of relevant documents and information,” and that was sort of the standard. The Policy specifies that in order to get “full cooperation,” a company must have “[t]imely preservation, collection, disclosure of all relevant documents and information, including (a) disclosure of overseas documents, where it was found, who found the documents, (b) facilitating third-party production of documents, you know, such as business partners or local partners or consultants who may be involved, and (c) where requested and appropriate, providing actual translations of any documents that are not in English” – so, very much more specific in the Revised Policy and frankly more burdensome. But, again, a lot these things are things that companies do already once they're in front of the government and trying to cooperate as part of their investigation and really seeking to get clarification and understanding of where they stand with the government in any event. You know, there are a couple other express policy statements that memorialize Pilot Program practices. One is “the requirement that a company pays all disgorgement, forfeiture, and restitution resulting from this conduct. And that could be, in fact, resolved by parallel resolution with another regulator.” And really what that means is that the Revised Policy is saying, "Look, if you as a company have a problem and, let's say, 90% of the conduct is in another country and you've resolved with that other country's applicable authority (sort of the counterpart to the DOJ), the DOJ's going to credit you back for doing that." So you're not going to be required to double pay for the same conduct, so I think it's a fairly snipping thing. I think the DOJ’s been doing that over the last few years and trying to do that more and more, but this Policy really formalizes that and says, you know, the DOJ must, in fact, take effort to credit for resolutions in other jurisdictions. The last piece that's sort of interesting that we observed in the Revised Policy is that “declinations under the Policy will be made public.” That's interesting on a few fronts. One, as an ordinary course matter, the DOJ declines investigations all the time, so they may open a file, they may conduct an investigation and may conclude that no criminal conduct occurred and simply close a file or decline to prosecute – and those are not generally made public. What we saw under the Pilot Program was that over time, the DOJ began making public the declinations that it had pursuant to the Pilot Program or related to the Pilot Program. What we observed in the defense community was that we were seeing the DOJ trying to show that, in fact, it was declining cases that were brought to their attention, which, I infer as the DOJ finding significant in order to demonstrate to the defense community to companies around the world that, look, they were, in fact, declining cases. So this is a bit of a departure from the ordinary practice of the Department with respect to cases that are open and closed or declined and obviously very specific to the FCPA in this context.
Mimi Yang: Thanks, Ryan. So that's quite a number of departures even though some of them may be quite nuanced. So what hasn't changed between the Pilot Program and the Current Policy?
Ryan Rohlfsen: Well, I think at a high-level, the fundamental goal of the Revised Policy and the Pilot Program, it's really remained the same. This has been a goal – it's been a long-standing policy position and attempt by the Department to really try to provide greater visibility, transparency, accountability into how it's approaching cases, how it's incentivizing companies in order to develop, you know, sufficient internal controls, compliance programs and the like. And then also to try to give companies more certainty in terms of when they do have an issue and if they do self-disclose, how is that going to be treated by the Justice Department. Are they going to be required to engage in a multi-year very expensive investigation with very uncertain outcome? Or are there certain parameters that may come into play to give them more certainty into how that will look like? And if they are viewed by the Justice Department to be good corporate citizens that do, in fact, take all the right steps, you know, what's their likelihood of getting a declination as opposed to even a minimal fine or some other sort of guilty plea or a criminal resolution which can have a number of collateral consequences to companies, be it civil lawsuits, shareholder lawsuits, other resolutions, reputational loss, and other things that may impact it? So really, the fundamental goal has been consistent, I think, between the initial Pilot Program and the Revised Policy from that perspective. And then in addition to that, I think overall the carrot and the stick approach in terms of self-disclosure and providing for, you know, likely leading to a declination if there aren't “aggravating circumstances,” as well as having a deduction off the guidelines, be it 50% or 25%, those structures have largely remained in place as between the Pilot Program and the Revised Policy.
Mimi Yang: Thanks very much, Ryan. That's a lot of great practical advice and considerations to think about. Thanks, everyone, for listening. Please tune in to our other podcasts on topics related to risk mitigation and management. You can find them on our website at www.ropesgray.com. And, of course, if we can help you navigate any of these challenges, please do not hesitate to get in touch.