The Department of Justice recently updated and published its guidelines for evaluating corporate compliance programs in the FCPA context. The Guidelines are remarkably thorough, but the text is aimed principally at assisting prosecutors with charging decisions, setting sanction amounts, and crafting subsequent compliance obligations — rather than at the corporate entities that are expected to phase in those compliance programs.
The Guidelines provide some concrete standards for structuring international bribery compliance programs to minimize risks of conducting business abroad, but, more importantly, offer no tangible assurances or incentives for when those compliance programs are effectively implemented. The DOJ, for example, considers nine factors for indictment over the course of an anti-bribery investigation — only one of which considers the existence and effectiveness of the corporation’s pre-existing compliance program.
Significantly, this means that under the FCPA, a corporation can still be held criminally and civilly liable for actions by an unknown employee even if it has implemented a comprehensive compliance program — and perhaps done all it reasonably could to prevent the misconduct.
That is not to say that a corporation should be free of responsibility simply by invoking the amorphous existence of a rogue agent. Such a rogue actor defense, of course, should be given limited credence in anti-bribery investigations; corporations would be too easily granted impunity for misconduct if not held responsible for the actions of employees they should have known would misappropriate corporate funds to influence foreign officials.
In cases, however, where the corporation had a comprehensive (read: expensive) compliance program in place and was still unable to discover the foreign misconduct, imposing significant liability limits the incentives to implement such a program. For a corporation so situated, the costs associated with incremental, beneficial, changes to an already robust compliance program would be prohibitively high — and in all likelihood would not further stave off future anti-bribery sanctions. Remedial credits for comprehensive compliance programs only reduce liability rather than eliminates it, creating somewhat perverse objectives under the FCPA to implement a perfunctory compliance program.
Under the UK Bribery Act, on the other hand, a corporation that “had in place adequate procedures designed to prevent persons associated with [the corporation] from undertaking such conduct,” can rely on the Bribery Act’s adequate procedures defense. It presents a complete bar to liability on a charge that the corporation failed to prevent bribery — eliminating the potential damaging monetary sanctions imposed by the SFO.
Somewhat analogously, in the United States, corporations can be granted a declination after costly internal and external investigations, but as such charging decisions remain a matter of prosecutorial discretion, ample opportunity for unpredictability arises. The dearth of case law and limited public insight into the process of FCPA declination decisions introduce some uncertainty into the prosecutorial thinking process. After all, U.S. authorities tasked with investigating corporate bribery are only obliged to “consider” corporate governance mechanisms that can effectively detect and prevent misconduct. Prosecutorial discretion, though necessary and generally fair in such complex investigations, creates unwarranted unpredictability for corporate compliance officers seeking to address the issue of foreign bribery and can signal that additional compliance efforts are for naught.
Setting pre-enforcement expectations with respect to compliance efforts, by introducing the affirmative defense of adequate compliance procedures, helps both sides eradicate the scourge of international corruption without requiring prohibitive costly compliance measures that may not even limit liability.
Of note, the adequate procedures defense is far from perfect, and perhaps still somewhat ill-defined, as shown last year in R v. Skansen, when the first corporation raising such a defense went to trial in the UK. Skansen failed to impress the jury, who determined the company’s internal procedures were insufficient to constitute “adequate procedures.”
The defense then may not provide a fool-proof solution for addressing the role of an effective compliance programs in assessing corporate liability. But it can be a step in the right direction.
Jesse Van Genugten, pictured above, will start as a first-year associate in October at Shearman & Sterling LLP in the firm’s New York City office. He is the author of Eliminating Schmiergeld: Lessons Learned from the Enforcement of Foreign Anti-Bribery Laws in the United States and Germany in the Georgetown Law Journal.
The views expressed above are those of the author only, and not of Shearman & Sterling LLP.