Skip to content


Harry Cassin
Publisher and Editor

Andy Spalding
Senior Editor

Jessica Tillipman
Senior Editor

Bill Steinman
Senior Editor

Richard L. Cassin
Editor at Large

Elizabeth K. Spahn
Editor Emeritus

Cody Worthington
Contributing Editor

Julie DiMauro
Contributing Editor

Thomas Fox
Contributing Editor

Marc Alain Bohn
Contributing Editor

Bill Waite
Contributing Editor

Shruti J. Shah
Contributing Editor

Russell A. Stamets
Contributing Editor

Richard Bistrong
Contributing Editor

Eric Carlson
Contributing Editor

Andy Spalding: The Pilot Program’s missing piece

I’ve argued in prior posts that above all else, the Pilot Program is our FCPA declination policy. We’ve been asking for this now for years, and thus it is an important step. But still, something is missing. Let’s figure that out.

So what does a declination represent?  The DOJ has announced seven declinations under the Pilot Program, compiled here.

(And again, to be clear, the DOJ has also made a number of other declinations, which I’m calling “clandestine declinations” because the DOJ says nothing about them publicly and we have no express policy guiding them.  We hear about them only from the companies’ disclosures or occasionally from parallel SEC announcements.)

All seven public, Pilot Program declinations involved evidence of (at least possible) employee misconduct, but the DOJ determined the employer should not be liable. So for purposes of this discussion, we’re talking about a company declination in the face of (actual or possible) employee violations (as opposed to declinations issued due to insufficient evidence of anyone’s wrongdoing). And we’re talking about declinations made with a formal DOJ announcement, pursuant to an explicit declination policy (which is the Pilot Program).

As explained in the 2012 FCPA Guidance, declinations are, or should be, based on several factors.  Some have to do with enforcement priorities and the sentence’s long-term effects. But central to this analysis is, obviously, “the person’s culpability in connection with the offense.” (Remember that we are here talking about “legal persons,” i.e. the company). And that makes sense.

But how do we, or should we, determine a company’s culpability for the conduct of its employee(s)?

We might start with authorization by management. That’s easy. But beyond that, what do we look to? How do we determine whether the company shares responsibility for the violation?

Answer: we should look to whether the company had an adequate compliance program in place at the time of the violation. It, more than anything else, bears on the question of whether, at the time of the violation, the company was doing something wrong or failing to do something that it really should have been doing.  We would look to other factors as well, but whether the company had a compliance program in place at the time of the violation would be, or should be, central to determining company liability. Right?

I don’t think that’s a particularly controversial statement. But look at the Pilot Program memo. It rewards voluntary disclosure, cooperation, remediation, and disgorgement. It does not explicitly reward pre-existing compliance.

Then look at the seven declinations we have issued under the Pilot Program. In all seven announcements, the DOJ rewarded the defendant company with a declination due to five (sometimes counted as six) factors (a slight variation on the Pilot Program’s four-factor analysis). Those five factors are: voluntary disclosure, a thorough investigation, cooperation, remediation (including employee termination and compliance improvements, sometimes counted as two) and disgorgement (either to the DOJ or SEC).

Here’s the upshot: we are announcing declinations without mention of the compliance program that was or was not in place at the time of the violation. That just doesn’t seem right.

For all the DOJ tells us, these companies could have had excellent compliance programs. Or lousy ones. Or none at all.  We simply don’t know. The reason we don’t know is that the Pilot Program does not build pre-existing compliance into the factors it considers when issuing declinations and, following this template, the declinations issued under the Pilot Program make no mention of it.

The only mention of compliance in these declinations concerns remedial compliance — that is, investing in compliance after the violation occurred. They’re not talking about, and rewarding, investing in compliance before a violation occurs. And that’s exactly what we want to incentivize, isn’t it? Indeed, the Pilot Program memo states that “if successful,” the program will “encourage companies to implement strong anti-corruption compliance programs to prevent and detect FCPA violations.”

How can we encourage companies to invest in pre-existing compliance if we award declinations with no discussion of the quality, or even existence, of the pre-existing compliance program?

As I discuss at greater length here, I think this is a bug in the Pilot Program system that needs to be fixed. I’ll explain further in the next post.


Andy Spalding is a lecturer at the International Anti-Corruption Academy, Professor at the University of Richmond School of Law, and Senior Editor of the FCPA Blog.

Share this post



  1. Andy– An interesting article and food for thought. TI always enjoy your writing and perspective.

  2. Andy,

    I totally agree. If the government wants value based compliance, companies need an incentive to make the investment to mitigate actions of rogue employees (e.g. Volkswagen). GRC is a dynamic initiative and requires focus, commitment and engagement.

  3. Andy,

    Great article. I absolutely agree with you. The declination(s) should include whether or not companies had compliance programs in place at the time of violation. The Memo mentioned Section 8C2.5(g)(1) of the "Sentencing Guidelines" (USSG). It did not mention Section 8C2.5(f) which provides "Culpability Score" concerning whether an organization had an effective compliance program in place at the time of violation. In addition to "employee conduct," the agent ( under agency relationship laws) should also fall under the category. The company is also liable for agents' unauthorized conduct. Again, I agree with with the compliance programs must be in place "before the violation occurs."

Comments are closed for this article!