The federal sentencing guidelines since 2004 have softened the outcome. They allow mitigation of penalties of up to 95% for companies that can demonstrate an effective compliance program, even if a violation of the FCPA happened.
That’s comforting but it didn’t really solve the problem. The benefit under the sentencing guidelines always comes after a criminal conviction — too late, in theory, to protect a company from the harm caused by an FCPA violation. Despite help from the sentencing guidelines, a criminal conviction in court can start a chain events — loan defaults, loss of export privileges, client defections — that might ultimately lead to corporate death.
In practice, the DOJ has been careful about prosecuting companies for FCPA offenses. Instead of forcing them into court to face a potential guilty verdict, it has let them plead and enter into deferred or non-prosecution agreements. The DOJ’s charging decisions, and judgments about who would end up with a more lenient pre-trial agreement, have included a look at how strong the defendant’s compliance program was, even if the program didn’t prevent the violation that had caused the immediate problem.
Still, the risk of being prosecuted and punished despite having a strong compliance program was always there. And there was nothing official that said otherwise.
That changed about a year ago with release of the new Resource Guide to the Foreign Corrupt Practices Act. The guidance may not be as strong as judicial precedent or a new piece of legislation. But it’s strong enough to influence how lawyers should talk to clients, and how organizations should think about compliance programs. And no doubt it will be strong enough to influence the DOJ’s own decisions about who is prosecuted and how much their financial penalties should be.
Here’s what the DOJ and SEC said about compliance programs, charging decisions, and penalties. This language, we think, is among the most important and welcome in the FCPA guidance:
These considerations [whether to prosecute] reflect the recognition that a company’s failure to prevent every single violation does not necessarily mean that a particular company’s compliance program was not generally effective. DOJ and SEC understand that “no compliance program can ever prevent all criminal activity by a corporation’s employees,” and they do not hold companies to a standard of perfection. An assessment of a company’s compliance program, including its design and good faith implementation and enforcement, is an important part of the government’s assessment of whether a violation occurred, and if so, what action should be taken. In appropriate circumstances, DOJ and SEC may decline to pursue charges against a company based on the company’s effective compliance program, or may otherwise seek to reward a company for its program, even when that program did not prevent the particular underlying FCPA violation that gave rise to the investigation.
We added the italics.
Organizations with potential violations may still need to plead their case with the DOJ about why they shouldn’t be charged or why they deserve a more lenient pre-trial agreement. But armed with the guidance, they’ll have the words of the feds themselves to argue from. Any advocate should feel great about that.
Some defense lawyers and commentators hoped for more from the 2012 FCPA guidance and were disappointed it didn’t go further. But the guidance was a big step and made the strongest argument yet why every company should want an effective compliance program.
The 2012 FCPA guidance is available from the DOJ here (pdf).
Richard L. Cassin is the Publisher and Editor of the FCPA Blog. He can be contacted here.