At a recent conference, I had the good fortune of asking a former high-ranking DOJ official, “how is it that pre-existing compliance is no part of the Pilot Program’s penalty reductions and declinations?”
His answer may surprise you: “Good catch. I think somebody probably forgot.”
I share that story not to impugn anyone. FCPA enforcement is a dynamic space these days; the DOJ is juggling a variety of policies. I find it entirely credible, and not at all scandalous, that we may have simply come to overlook pre-existing compliance. It’s actually the best explanation. Far more troubling would be a conscious policy determination that pre-existing compliance no longer matters as much.
And if it’s just an oversight, it’s an easy fix.
Recognize that incentivizing pre-existing compliance has been a cornerstone of FCPA enforcement policy for decades. It started with the U.S. Sentencing Guidelines, which include pre-existing compliance as a mitigating factor. The importance of preventative (rather than remedial) compliance was reinforced by the Caremark decision in 1996. Then came the series of DOJ memos named after the Deputy Attorneys General – Holder (1999), Thompson (2003), McNulty (2007), Morford (2008), and Filip (2008) — all of which kept pre-existing compliance front and center in enforcement decisions. The U.S. Attorney’s Manual incorporated the factors first provided in these memos, further cementing the centrality of pre-existing compliance. Sarbanes-Oxley, in 2002, only helped the cause.
But for the most fulsome defense of pre-existing compliance, see the 2012 FCPA Guidance. There, starting at page 56, the DOJ and SEC at great length encourage companies to invest in compliance before violations occur. That shouldn’t surprise us. But the level of detail, the quotations from white papers, even the faintly impassioned tone, are striking. Let there be no doubting the message: we want you to invest in pre-existing compliance.
Throughout all of the above documents, remedial compliance receives very little mention; pre-existing compliance is the focus. And the reason is obvious. We have always been steadfast in our commitment to investing in compliance before a violation occurs. And we should be proud of it. It’s the most cost-efficient way to prevent bribery.
Look to other countries now, like Brazil and South Korea, as they adopt historic new statutes that incentivize investments in pre-existing anti-bribery compliance. They’re following the example the United States first set.
Today, some question the U.S. commitment to remaining at the forefront of global anti-corruption enforcement and compliance. Indeed, some would say that the UK, in adopting its “adequate procedures” (i.e. compliance) defense, has taken over the leading role in rewarding pre-existing compliance.
Does the United States wish to remain a leader in encouraging companies to invest in compliance before a violation is detected? That is, before we get to remediation? This is a question for the DOJ to answer.
If, as may well be the case, assessments of pre-existing compliance are in fact central to our declination practice, we simply need to make it more public. Say so in the policy memo and the declination announcements. Give GCs and CCOs something they can take to their board. Let them say, “here’s another reason to invest in compliance.”
But if we are indeed assessing corporate liability without much regard to pre-existing compliance — still hard to believe, but the Pilot Program makes us wonder — we may have a more fundamental problem. All the more reason to address it now.
Ultimately, my message — my plea — is very simple. Bring pre-existing compliance back. Put it in the Pilot Program. Put it in the declination announcements. Remind us that we believe today, as much as we ever have, that pre-existing compliance matters.
Remind us that it matters a lot.
* * *
A more in-depth discussion of these topics is here. Comments on any of the above are most welcome.
Andy Spalding is a lecturer at the International Anti-Corruption Academy, Professor at the University of Richmond School of Law, and Senior Editor of the FCPA Blog.