We have now had three significant use cases for FCPA enforcement actions in 2019. Each result was different yet all three demonstrated the 2017 FCPA Corporate Enforcement Policy (Policy) at work. At the Ethics and Compliance Initiative (ECI) Impact 2019 Conference, Assistant Attorney General Brian Benczkowski delivered the afternoon Keynote Address where he discussed these enforcement actions and explained the differences in each which led to their three very different results.
FCPA Enforcement Use Case: Without Self-Disclosure
In this first use case, the company did not self-disclose and was therefore not eligible for a declination. Yet the company did receive a 40% reduction from the minimum of the U.S. Sentencing Guidelines as its criminal penalty. They achieved this reduction through an extensive remediation program and robust cooperation with the DOJ in the investigation. It not only included the robust nature of the investigation but its assistance to the DOJ. The company went above and beyond in obtaining and providing documents, securing witness testimony and presenting witnesses to the DOJ and disclosing conduct that was outside the scope of its initial voluntary self-disclosure. In the area of remedial action, the company took swift steps to terminate or separate from employment those directly involved in the bribery schemes, enhancing its internal controls, policies and procedures, upgrading its third-party program and increasing oversight and monitoring.
Yet even with all this, the company was required to have an independent monitor oversee the company’s compliance program. In his speech, Benczkowski said that the Justice Department assesses a compliance program at the time of the incident(s) which led to the violation and at the time of the resolution. If the DOJ is satisfied as to the robustness of the compliance program, it will allow the company to self-report on the implementation of the resolution. If it does not, it will require a monitor. Benczkowski stated, “…the company had made a number of improvements to its compliance program but had not yet fully tested that program, so we imposed a two-year monitorship focused on the factors that gave rise to the underlying misconduct.”
Chat with a solutions expert to learn how you can take your compliance program to the next level of maturity.
FCPA Enforcement Use Case: With Self-Disclosure
While the above FCPA enforcement action did not feature a self-disclosure by the company, this second one did. This self-disclosure was a critical element in the company receiving a full declination in the face of C-Suite directing the bribery scheme. About that declination, Benczkowski said, “Notwithstanding the fact that the misconduct reached the highest levels of the company, we declined prosecution. And we have made it clear why: The company voluntarily self-disclosed the conduct within two weeks of when the company’s board learned of it. As a result, the Department was able to identify the culpable individuals – and indeed, we have announced charges against the former president and the former chief legal officer of the company for their alleged involvement in the scheme.”
In his ECI speech, he went further and explained, the detect prong (prevent, detect, remediate) is very significant for the DOJ; the reason being an effective program is more likely to have the types of controls in place which would pick up bribery and corruption which might occur within an organization. In other words, a “compliance program can play a significant role in the Department’s investigation of criminal wrongdoing.”
This goes a long way in explaining the reasoning behind the declination in this use case. Even with the C-Suite involvement of the CEO and general counsel, the company was still able to obtain a declination. The reason was that the company’s compliance program had detected the issue and the board of directors had taken charge and self-disclosed to the DOJ within two weeks of being notified.
FCPA Enforcement Use Case: Without Self-Disclosure & Lacking Cooperation & Remediation
In our final enforcement action use case, there were none of the factors present that led to above reductions. In applying the policy factors, the company did not voluntarily disclose the matter to the DOJ; its cooperation and remediation was lacking because it was slow to provide information and evidence in response to DOJ requests; and it failed to discipline senior executives involved in the conduct. The DOJ also noted a mitigating factor included the fact that a third party expropriated the company’s assets, resulting in no realized pecuniary gain to the companies. As a result, the DOJ and the company agreed of a total fine equal to 25% above the bottom of the U.S. Sentencing Guidelines range. Beyond the monetary penalty, the company’s wholly owned subsidiary pled guilty to conspiracy to violate the FCPA’s anti-bribery and books and records provisions.
The company was also required to have a three-year monitorship. Benczkowski stated, “… the company had not yet fully implemented or tested a compliance program at the time of the resolution, and we imposed a three-year monitorship.”
Going forward, through this application of the Policy, the DOJ has laid out what companies need to do from the compliance perspective if they find themselves in a FCPA enforcement action.
