The U.S. legal system doesn’t provide for an FCPA compliance defense, which would relieve a company of liability for FCPA violations if it can prove that it created and maintained an effective FCPA compliance program at the time the violation occurred.
The U.S. Sentencing Guidelines for Organizations do provide for the consideration of a reasonably effective compliance program when determining the penalties and fines in corporate enforcement actions. However, this does not remove liability from the company, nor does it have any remedial effects on the damage which occurs to their reputation through FCPA enforcement actions.
There are several reasons why introducing an FCPA compliance defense into the company’s toolbox would be beneficial both to businesses and also to the government.
Incentive for self-disclosure. Currently, companies that discover FCPA related misconduct during internal investigations are under no legal obligation to disclose such findings to the DOJ or the SEC. The companies are encouraged to do so and may receive sentencing credit in cases when their disclosure leads to a successful enforcement action, or even a declination under the DPJ’s Pilot Program.
However, companies that self report also risk opening an official investigation which can last for several years and have implications far beyond the intended self-disclosure, even in cases where ultimately there is no liability on the company’s side.
The enforcement agencies may seek to inquire deeper into the business conduct of the organization, sometimes even requiring data related to their subsidiaries abroad. In extreme cases, foreign enforcement agencies may also get involved. This can lead to additional costs, reputational damage and long-term financial losses without any actual FCPA related benefits arising out of the self-disclosure.
With all the stated risks and absence of certain and predictable incentives, relevant cases may remain undisclosed until the conduct has had severe detrimental effects or come to light through whistleblower activity.
Therefore, allowing a company to rely on its existing FCPA compliance program to avoid potential liability would encourage self-disclosure in cases of misconduct outside the company’s knowledge and control.
Incentive to develop robust ethics and compliance programs and to nurture a culture of compliance. In some companies, ethics and compliance programs remain at basic levels where they fulfill mandatory requirements and standards but fail to meet ever evolving global corruption risks. Those companies may comfort themselves with a “check the box” approach that meets legal expectations but doesn’t produce the level of integrity and ethical culture to prevent corrupt actions from occurring.
Knowing that compliance with the FCPA could lead to measurable and tangible benefits in cases of FCPA claims being raised against an innocent organization could be a strong incentive to proactively cultivate a robust ethics and compliance program, while simultaneously developing a culture of compliance throughout the company.
A more intentional, risk-based compliance program would reduce the possibility of corrupt acts by employees and agents and would be more flexible and responsive to actual cases of misconduct.
More willingness to point to responsible individuals. Corrupt acts by companies happen through employees, agents, managers and directors. These flesh and blood individuals are the ones making the corrupt arrangements and payments. Yet companies carry most of the burden of FCPA offenses through financial sanctions and reputational harm, while few individuals are prosecuted or penaltized.
Even though the DOJ has expressed its determination to prosecute individuals for FCPA violations (most notably in the Yates Memo), most enforcement actions brought by the DOJ and SEC have not resulted in charges against individual employees. This has an adverse effect both on the deterrence of corrupt conduct as well as the willingness of companies to reveal the responsible individuals, if the resulting investigation and enforcement action will expose the company to substantial financial and reputational risk.
If the company could rely on an FCPA compliance defense as a shield from liability, then its healthy ethics and compliance program might encourage increased prosecution and punishment of the individuals responsible for the misconduct in question. The results would contribute to the fair resolution of FCPA-related enforcement actions, as well as accomplishing the government’s goal of holding individuals accountable.
Fahira Brodlija is an LLM graduate of the University of Pittsburgh School of Law and a graduate of the Sarajevo Faculty of Law. Her main fields of interest are anti-corruption law, international arbitration and commercial law which she developed through the International Vis Moot competition in Vienna where she was involved both as a participant and coach. She was also involved in the legal analysis leading to the development of the ACCOUNT anti-corruption action plan for B&H. She’s currently working as an intern at the Ethics and Compliance department of a U.S.-based company. She can be contacted here.