The Justice Department and the SEC released long-awaited joint guidance on enforcement and compliance with the Foreign Corrupt Practices Act yesterday. Many have pointed out that the guidance does not cover much new ground but does compile a good deal of information that was previously scattered among different sources.
One of the things the guidance does at least scratch the surface of are instances in which the two agencies have come across FCPA violations that they have declined to prosecute. As we have covered in this space before – and certainly others as well – the SEC and DOJ have been notoriously tight-lipped about those cases. They exist, of course. We learned yesterday that the Justice Department has declined several dozen potential FCPA cases against companies in just the last two years. And the agencies might figure out a way to describe them discreetly, with a view toward defining (1) the contours of appropriate conduct and (2) productive self-reporting to and cooperation with the government. But as the DOJ puts it, “[t]o protect the privacy rights and interests of the uncharged and other potentially interested parties, DOJ has a long-standing policy not to provide, without the party’s consent, non-public information on matters it has declined to prosecute.”
But it is possible to describe these cases, and the guidance shows us how, with six different examples.
Example No. 1
- The public U.S. company discovered that its employees had received competitor bid information from a third party with connections to the foreign government.
- The company began an internal investigation, withdrew its contract bid, terminated the employees involved, severed ties to the third-party agent, and voluntarily disclosed the conduct to DOJ’s Antitrust Division, which also declined prosecution.
- The internal investigation uncovered various FCPA red flags, including prior concerns about the third-party agent, all of which the company voluntarily disclosed.
- The company immediately took substantial steps to improve its compliance program.
Example No. 2
- With knowledge of employees of the public U.S. company’s subsidiary, a retained construction company paid relatively small bribes, which were wrongly approved by the company’s local law firm, to foreign building code inspectors.
- When the company learned of the bribes, it immediately ended the conduct, terminated its relationship with the construction company and law firm, and terminated or disciplined the employees involved.
- A thorough internal investigation and voluntary disclosure followed.
- The company reorganized its compliance department, appointed a new compliance officer dedicated to anti-corruption, improved the training and compliance program, and undertook a review of all of the company’s international third-party relationships.
Example No. 3
DOJ and SEC declined to take action against a U.S. publicly held industrial services company for bribes paid by a small foreign subsidiary.
- The company self-reported the conduct to DOJ and SEC.
- The total amount of the improper payments was relatively small, and the activity appeared to be an isolated incident by a single employee at the subsidiary.
- The profits potentially obtained from the improper payments were very small.
- The payments were detected by the company’s existing internal controls. The company’s audit committee conducted a thorough independent internal investigation. The results of the investigation were provided to the government.
- The company cooperated fully with investigations by DOJ and SEC.
- The company implemented significant remedial actions and enhanced its internal control structure.
Example No. 4
DOJ and SEC declined to take enforcement action against a U.S. publicly held oil-and-gas services company for small bribes paid by a foreign subsidiary’s customs agent.
- The company’s internal controls timely detected a potential bribe before a payment was made.
- When company management learned of the potential bribe, management immediately reported the issue to the company’s General Counsel and Audit Committee and prevented the payment from occurring.
- Within weeks of learning of the attempted bribe, the company provided in-person FCPA training to employees of the subsidiary and undertook an extensive internal investigation to determine whether any of the company’s subsidiaries in the same region had engaged in misconduct.
- The company self-reported the misconduct and the results of its internal investigation, and cooperated fully with investigations by DOJ and SEC.
- In addition to the immediate training at the relevant subsidiary, the company provided comprehensive FCPA training to all of its employees and conducted an extensive review of its anti-corruption compliance program.
- The company enhanced its internal controls and record-keeping policies and procedures, including requiring periodic internal audits of customs payments.
- As part of its remediation, the company directed that local lawyers rather than customs agents be used to handle its permits, with instructions that “no matter what, we don’t pay bribes”—a policy that resulted in a longer and costlier permit procedure.
Example No. 5
DOJ and SEC declined to act against a U.S. publicly held consumer products company in connection with its acquisition of a foreign company.
- The company identified the potential improper payments to local government officials as part of its pre-acquisition due diligence.
- The company promptly developed a comprehensive plan to investigate, correct, and remediate any FCPA issues after acquisition.
- The company promptly self-reported the issues before acquisition and provided the results of its investigation to the government on a real-time basis.
- The acquiring company’s existing internal controls and compliance program were robust.
- After the acquisition closed, the company implemented a comprehensive remedial plan, ensured that all improper payments stopped, provided extensive FCPA training to employees of the new subsidiary, and promptly incorporated the new subsidiary into the company’s existing internal controls and compliance environment.
Example No. 6
In 2011, DOJ declined to take prosecutorial action against a privately held U.S. company and its foreign subsidiary.
- The company voluntarily disclosed low-level bribes paid to social security officials in a foreign country.
- When discovered, the corrupt practices were immediately terminated.
- The conduct was thoroughly investigated, and the results promptly provided to DOJ.
- All individuals involved were either terminated or disciplined. The company also terminated its relationship with its foreign law firm.
- The company improved its training and compliance programs in a way commensurate with its size and risk exposure.
I have several thoughts. One is that Example No. 4 is not really a declination opinion since it is impossible to tell what violation might have occurred. It seems to be a situation in which the company’s internal controls worked exactly as intended. If the Justice Department and SEC had wanted to bring charges in that case, I’m not sure what they would have done. The level of self-flagellation in Example No. 4 is almost unseemly. Also, it would have been useful for the agencies to specify some dollar amounts here. I am quite sure they don’t want to imply a floor below which the improper payments would be tolerated. Still, these examples are a helpful starting point for companies to study in learning what misconduct and which remedial steps will be involved in decisions not to prosecute. Baby steps, I suppose.