Compliance ‘Half Measures’ and the Ghost of Christmas Yet to Come

By Jeffrey M. Kaplan

For FCPA practitioners and the companies they advise, one of the good news stories of 2010 is that the Justice Department has finally begun to take a more public approach to providing credit in enforcement decisions for companies that had a good compliance program at the time of their offense, i.e., a good “pre-existing” program.

Looking out at 2011 and beyond, it seems likely that compliance programs will play an increasingly greater role in enforcement decisions. But that does not mean we have entered an era of easy leniency. To the contrary, if compliance programs start to count for more it seems inevitable that prosecutors will review them in a more informed – and thus more demanding – way.

This brings me to the recent case involving RAE Systems in which, according to the non-prosecution agreement, the company learned of a practice of FCPA violations in a joint venture it had in China but also concluded that “implementing an effective compliance program could hurt sales,” and so did not take meaningful steps to prevent the wrongdoing.  Some of its personnel did, however, want to “evidence” that they were trying to stop bribery and so they provided “some FCPA training to [the at-risk personnel] and did tell [them] to stop paying bribes and providing other improper benefits,…” But, as the non-prosecution agreement notes, “such steps were half-measures. RAE Systems did not impose sufficient internal controls or make sufficient changes to high-risk practices.”

An obvious lesson here is that for an organization with any real FCPA risk, training – while necessary – is not by itself sufficient. Rather, the “harder edges” of compliance – controls, auditing and real enforcement – are also indispensable to program efficacy. This has always been the case as a matter of fact (as well as of law, given the internal controls requirements of the FCPA); but I imagine that we will hear more about it as a matter of future enforcement decision making.

RAE Systems – and particularly some of the above-quoted language from the non-prosecution agreement – is also worth considering vis-à-vis potential individual accountability for taking compliance “half-measures,” at least in cases involving a wrongful intent (which I am not suggesting was present there).  Perhaps this occurred to me because I once represented two lawyers who were suspected by a federal prosecutor of having deliberately conducted a half-measure internal investigation for deceptive purposes. No charges were brought (and, from my perspective, none were even close to being warranted).  But with the wrong set of facts the result could be different in a case involving compliance program half-measures – especially if, as I believe will happen, there is a generally decreasing tolerance by prosecutors for Potemkin programs.

Finally, I should emphasize that I am being entirely speculative here, and know of no FCPA cases where a prosecution of this sort has been brought.  But, in the spirit of the Ghost of Christmas Yet to Come, I offer the “shadows” of some unhappy possibilities so that they never might come to pass.