FCPA practitioners welcomed Rod Rosenstein’s announcement that the Department of Justice has made the FCPA Pilot Program permanent, and incorporated it into the U.S. Attorneys’ Manual. In the words of one of my colleagues, the audience “noticeably lightened up” at the Deputy AG’s news.
Now that we’ve had an opportunity to digest the newly-styled FCPA Corporate Enforcement Policy, let’s examine some of the key differences from the original 2016 FCPA Pilot Program.
1. Presumption of declination. Under the original Pilot Program, the DOJ promised to “consider a declination of prosecution” for companies that companies that disclosed FCPA violations and demonstrated sound cooperation and robust remediation. In the new FCPA Corporate Enforcement Policy, the agency goes further; companies that satisfy the cooperation standards will enjoy “a presumption” that they’ll receive a declination. However, before we celebrate quite yet, it’s important to note that said presumption is subject to several rather substantial qualifiers. In particular, that “presumption” disappears if “aggravating circumstances involving the seriousness of the offense or the nature of the offender” are present. A non-exclusive list of such aggravating factors include involvement by executives, significant profit from the wrong-doing, pervasiveness of the issues within the company, and recidivism. In my view, these factors, together with the fact that the DOJ is free to consider other circumstances not specifically named in the policy, end up swallowing the presumption itself. I therefore don’t believe this is a significant “sweetener” for companies considering self-reporting.
2. 50% Credit. Under the original Pilot Program, companies that received credit for voluntary self-disclosure, full cooperation and timely and appropriate remediation could qualify for “up to a 50% reduction off the bottom end of the Sentencing Guidelines fine range.” The new FCPA Corporate Enforcement Policy omits the “up to” qualifier, and instead offers up a straight “50% reduction.” A typo? Probably not, particularly given that Rosenstein also left out the “up to” in his remarks unveiling the new policy. Assuming this is intentional, it represents a significant incentive for companies to avail themselves of the program. As an aside, the new policy only promises a fine reduction of “up to 25% for companies that don’t voluntarily report their FCPA woes, but subsequently cooperate and take the right remedial efforts.
3. Getting a handle on self-destructing message apps. Many of us in the FCPA bar have over the last few years encountered the challenge of conducting internal investigations in the age of self-destructing message apps. While email is still a common mode of communications for those engaging in bribery, wrong-doers are increasingly turning to the same apps used by teenagers to hide their communications, using tools such as Snapchat, Telegram, Wickr, Hash and others to give electronic communications the ephemeral quality of face-to-face conversations. The DOJ has hurled down the gauntlet on this issue; to receive full remediation credit, corporations must prohibit “employees from using software that generates but does not appropriately retain business records or communications.” This is, of course, technologically challenging, particularly since just about every employee has a smartphone with more computing power than NASA’s next generation crewed spacecraft, Orion.
4. A bit more clarity around “de-confliction.” When the Pilot Program first landed in 2016, practitioners longed for more clarity about what the DOJ meant by “de-confliction of an internal investigation.” In the FCPA Corporate Enforcement Policy, the agency sheds a bit more light on this concept. In particular, the new policy makes clear that the DOJ may request companies to hold off on certain investigative steps (such as interviewing specific individuals) so that the agency can proceed with its own investigation. The DOJ has clarified that de-confliction requests will be “narrowly tailored,” and will last for a “limited period of time.” Moreover, the agency will notify the company when it has lifted the de-confliction request. The additional structure and detail around de-confliction is certainly a welcome addition, though it does not render more palatable the disruption such requests cause when conducting an internal investigation.
5. Root cause analysis. The new policy adds a new requirement for companies seeking to demonstrate appropriate remediation — the company must undertake a root cause analysis of the conduct in question. Of all the changes in the new policy, this is perhaps my favorite. As any ethics professional worth her or his salt will tell you, perhaps the most fundamental part of recovering from a lapse in appropriate conduct is figuring out how it happened in the first place. You can’t really move forward toward fixing a problem unless you’ve asked and until you’ve clearly answered questions like “why did this happen here?” or “what about our company made our people think this was ok?” I believe — or at least I hope — what the DOJ is saying here is that remediation involves not only concrete improvements to internal controls, but also taking a step back and asking fundamental questions about corporate ethics and culture writ large.
6. Less editorializing. Finally, the FCPA Corporate Enforcement Policy contains a lot less obiter dicta about why the program exists and how some of its elements will work in practice. This is not an implicit change to how the DOJ will implement the program. Rather, it’s a reflection of the fact that this is no longer something novel. When the DOJ announced the Pilot Program in 2016, it was a bold stroke, intended to put substance behind the DOJ’s long-espoused but amorphous promise that voluntary disclosure and cooperation would result in credit. The Pilot Program hung more meat on those bones, and gave us a better idea of what companies needed to do, what the agency expected, and exactly what was meant by “credit.” Ultimately, that sea change in 2016 required some socialization. Now that we’ve lived with those concepts for over a year, we don’t really need the explication. The result is a document that minces no words and gets right to the point.
* * *
The DOJ’s FCPA Corporate Enforcement Policy is now in the U.S. Attorneys’ Manual at Title 9-47.120.
Bill Steinman, pictured above, is a Contributing Editor of the FCPA Blog. He’s the senior partner at Steinman & Rodgers LLP, a boutique law firm in Washington, D.C. specializing in international anti-corruption compliance and investigations.