By Michael Volkov
The Justice Department, the Securities and Exchange Commission and the FCPA bar spend extraordinary amounts of time discussing and explaining FCPA enforcement and compliance issues. But one of the most important issues never sees the light of day. That is the decision whether or not to disclose a potential FCPA violation to the DOJ and the SEC. That decision has significant implications for a company – it may result in hefty fines, remedial steps across the entire company and possibly the agreement to hire an independent monitor for several years to watch over a company’s entire business operations.
No one can doubt that the engine fueling DOJ’s record fine collections for FCPA violations is the voluntary disclosure process. Company after company walks through the doors of the Justice Department, confesses their sins and then argues about the proper resolution. But the voluntary disclosure process remains shrouded in mystery and some have suggested that they have been subjected to varying policies and results. This is not a good development for the administration of justice. The process requires effective and fair enforcement through the consistent application of policies and results.
These are not new issues in the criminal enforcement world. Criminal defendants face a similar decision everyday in the justice system: should a defendant plead guilty? Should the defendant cooperate? Such a decision requires a weighing of the potential punishment after a trial, after a guilty plea, or after a guilty plea with cooperation. Once the potential benefits are clarified, the risks of each choice is weighed against the potential benefits. To assist in this process, prosecutors and defense counsel try to provide some guidance. In some districts, the US Attorney’s Office has adopted rules for guideline calculations so that defendants know the potential risks and benefits, including specific formulas for cooperation.
These same issues come up in the FCPA context. However, because of the relatively recent aggressive enforcement efforts, policies and standards are a little unclear, and there is not as much guidance on potential benefits. For example, how much of a “discount” can a company expect by voluntarily disclose an FCPA violation? How much is the company’s cooperation worth?
Moreover, there is a significant initial question of whether to engage in the voluntary disclosure process itself — companies which initially discover a violation need to decide whether or not to disclose the conduct to the government. This issue does not necessarily arise in other federal criminal prosecutions involving other crimes.
The decision to disclose involves an important calculation. One the one side is – what is the scope and extent of the violation? Is it systematic across the organization, or isolated to particular country or office? How significant is the violation in the scheme of the overall business? What would be the likely punishment for such violation(s)?
On the other side is – what is the risk that such conduct will be discovered by the government? Unlike many other crimes, the likelihood that the US government will detect foreign bribery activity is low. There is not a line of victims or readily apparent harms. Auditors can sometimes discover questionable entries and potential bribery conduct, but financial accounting standards generally are ineffective because of the focus on “material” transactions. To the extent forensic accountants become part of a standard operating procedure for companies, more and more companies may start to discover potential illegal bribes.
Even without accounting audits, there are significant risks that a disgruntled employee, a whistleblower or a competitor may raise complaints that a company is engaging in illegal bribery activity. Most of the significant FCPA cases have been started through a whistleblower or disgruntled employee. That risk will be even greater if the SEC Whistleblower Bounty program is ever implemented.
There is an alternative course, which more and more companies should consider. It involves an overhaul of a company’s compliance effort. First, a company needs to design and implement an enhanced compliance program. Second, if the company discovers any significant bribery risks during the implementation of the enhanced compliance program, companies should investigate, flesh them out, and remedy the problems as quickly as possible. Third, the company needs to document the steps it took to fix the problem. Assuming that the violations do not rise to the “systematic” level, or constitute a “culture of bribery,” the company should seriously consider avoiding the voluntary disclosure process. In the event that a disgruntled employee reports the issue to the government, the company should walk into the Justice Department with its head held high, explain how they discovered the violations while implementing an enhanced compliance program and they implemented remedies to make sure the problem does not occur again. In this situation, the dynamic behind the closed doors of the Justice Department should change.
While companies continue to struggle with this issue, it bears repeating: The Justice Department and the SEC need to adopt and disseminate standards and policies governing the voluntary disclosure process. The absence of such standards is unfair, breeds disparate treatment of similarly situated companies, and undermines the fair administration of justice.
Michael Volkov is a partner at Mayer Brown LLP in Washington, D.C. His practice focuses on white collar defense, compliance and litigation. He regularly counsels and represents clients on FCPA and UK Anti-Bribery Act issues. He can be contacted here.
My understanding is that the SEC Whistleblower Bounty program has been enacted and is operating. Surely companies, once detecting a breach are far better off reporting than sweeping under the carpet and putting a compliance program in place in order to mitigate any liability at a later stage. In addition, would it not be a breach of the directors duties to fail to disclose to shareholders such events. How would officers and directors legitimately sign off on audit reports and Securities quarterly and annual disclosures? Stand up and be an honest, responsible corporate citizen rather than sweeping it under the carpet and hiding the skeletons in the closet.
A colleague once said that not disclosing is like putting one bullet in a gun with a thousand chambers and pointing it at your head. Disclosing is like putting six bullets in a six-shooter and pointing it at your leg.
The Department's attitude toward self-disclosure has evolved over the years. It used to be that they wanted disclosure before the facts were developed. A more unrealistic stance can't really be imagined. I can't imagine going to the Chief Compliance Officer, much less the GC or the Board, saying "I'm not really sure what the facts are, but I think we should go into the DOJ." Not going to happen.
More recently, they seem more grounded: developing the facts comes first. Find out if there's an systemic issue, then come in.
You're absolutely right, in my opinion, that unless a problem is too big to keep in house, fix the problem and move on. Your remediation has to be defensible, even a little over the top, but if so, you'll probably be fine.
Comments are closed for this article!