There are a number of best practices that those participating in global FCPA investigations should understand, noted Charles Duross, Deputy Chief of the FCPA Unit in the Criminal Division of the Department of Justice (DOJ). They must set realistic expectations; know what to look for and have solutions to get the evidence; respect the sovereignty of other nations; and give credit for corporate remediation efforts.
Duross, above, spoke Tuesday at the American Conference Institute’s FCPA conference in National Harbor, Md., on a panel including Kara Brockmeyer, Chief of the FCPA Unit at the Securities and Exchange Commission (SEC). The panel was moderated by Amy Conway-Hatcher, a partner at Kaye Scholer LLP.
Know what to look for and have solutions. It is important for companies to come forward at the point of discovering a violation and before they complete their own investigations to look for and collect evidence. The DOJ and SEC will explain to companies what they are looking for and what the scope of their document collection should look like, but companies should not wait until the time at which a subpoena is delivered to begin a collection of evidence.
As noted above, the process of collecting evidence takes a lot of time, and evidence of other wrongdoing could even crop up, so beginning early can only benefit all parties.
Respect the sovereignty of other nations. Regulators overseas are often willing to help in these investigations. When there are data privacy laws in a jurisdiction, normally the SEC and DOJ can work within the framework of these laws to make sure that certain information, like particular names, are redacted, while maintaining the usefulness of the evidence. The only problem that could come up is when a company suddenly starts to cite a data privacy law it never followed before to deny us access to relevant documents, which smacks of bad faith to thwart an investigation rather than cooperate with it.
Give credit to corporate remediation efforts. “We want companies to explain to us what efforts it has taken to strengthen and fix their compliance programs, the efforts taken while they are investigating the violation. We don’t want them to just say ‘we’ll do this in the future,’ but to show us what they’ve done to create a more robust internal audit function and a better third-party screening procedure, for example,” Duross said.
Brockmeyer added that the company should not wait until the lengthy investigation has taken place to begin writing and implementing the new compliance program. “It certainly takes time to develop one and test it, but companies should not wait until resolution time to begin taking those steps.”
Internal audit and the compliance department should remain involved in the creation of these policies, both speakers emphasized. Outside counsel and other advisers can participate in this process, but it’s more compelling to the SEC and DOJ that the people on the ground at the company – the chief compliance officer, internal audit, general counsel – explain how the new policies and procedures are working and how they have been tested.
“We know you cannot eliminate risk 100 percent,” Duross said. “But we want you to show us that changes you have made to your compliance program would have prevented the violation from occurring in the first place.”
Julie DiMauro is the executive editor of FCPA Blog. She can be reached here.