Two compliance-related facts have emerged since the start of 2021, and they must be related. First, the DOJ’s enforcement priority has shifted to individuals who commit white-collar “corporate” crimes and away from the corporations themselves. Second, corporate FCPA enforcement actions are far less common today and way smaller than during the prior five years.
Let’s start with the second fact first — that FCPA enforcement actions are fewer and smaller.
From 2016 through 2020, 83 companies paid about $16.8 billion to resolve FCPA enforcement actions. During those years, an average of 16 companies settled FCPA cases each year. But since the start of 2021, there have only been six FCPA enforcement actions overall — four in 2021 and two so far in 2022 — with a total dollar value of around $371 million. The average FCPA settlement from 2016 through 2020 was about $202 million, but since the start of 2021, the average has fallen to about $62 million per settlement.
How do we explain it? That’s where the other fact — the DOJ’s new priority of holding individuals accountable for corporate white-collar crimes — comes in. Start with this:
Attorney General Garland has made clear it is unambiguously this department’s first priority in corporate criminal matters to prosecute the individuals who commit and profit from corporate malfeasance.
Who said that? Deputy Attorney General Lisa Monaco, in her keynote to the ABA white-collar crime confab in Washington, DC in October 2021.
And this year, Attorney General Garland himself re-emphasized the DOJ’s new priority:
As the Deputy Attorney General noted [last year], I have made it clear that the Department’s first priority in corporate criminal cases is to prosecute the individuals who commit and profit from corporate malfeasance.
It is our first priority because corporations only act through individuals.
It is our first priority because penalties imposed on individual wrongdoers are felt by those wrongdoers, rather than by shareholders or inanimate organizations.
So, we have new DOJ enforcement priorities and falling numbers and dollar values of corporate FCPA enforcement actions.
Let’s add a third factor to this discussion: To go along with its new white-collar enforcement priority focused on individuals, the DOJ has new expectations about how corporate compliance programs should work.
Here’s the DOJ’s criminal division chief, Assistant Attorney General Kenneth Polite, during a talk in San Francisco in March this year:
Critically, when allegations of wrongdoing surface, to receive any credit for cooperation, a corporation must notify the department of all relevant, non-privileged facts and evidence about the misconduct and all of the individuals involved. Our policies plainly serve our goal of securing evidence of individual wrongdoing because of the high priority that we place upon holding individual wrongdoers accountable.
Assistant AG Polite then talked about remediation. And remediation, I think, is the key to understanding how much the DOJ now expects from corporate compliance programs:
For example, even if there is not any evidence that a CEO personally committed a crime, upon discovery of a crime, a corporation should examine whether a change in leadership is necessary, not for change’s sake, but because he modeled poor ethical behavior for the workforce, or fostered a climate in which subordinates committed wrongdoing with intent to benefit the company, or permitted weak internal controls that allowed the crimes of individuals to go undetected.
If the DOJ expects companies to consider firing CEOs when others in the company commit FCPA offenses, even when the CEOs didn’t know about the offenses, remedial action takes on a new scope and seriousness. The end product of compliance becomes corporate regime change.
Taking it a step further, if companies fire those who commit or abet FCPA offenses and presiding management, what’s left for the DOJ to do concerning corporate enforcement? The corporation’s criminal act (imputed to it by respondeat superior) has already been remediated.
What, then, is the final objective of corporate anti-corruption compliance? Right, it’s corporate self-enforcement.
Assistant AG Polite described the extent of the DOJ’s expectations plainly. He said compliance today isn’t just about “creating, maintaining and supporting an ethical culture, the question again goes to individual accountability.” That individual accountability comes, he said, when corporations “notify the department of all relevant, non-privileged facts and evidence about the misconduct and all of the individuals involved,” and when they “examine whether a change in leadership is necessary,” even if the leadership didn’t personally commit a crime.
It’s implied that corporations which meet the DOJ’s new expectations aren’t likely to be criminally prosecuted for FCPA offenses. Is that why there are fewer and smaller corporate FCPA resolutions?
Beyond the DOJ’s new priorities and expectations, other powerful forces are pushing corporations to self-enforce FCPA offenses. The ESG/Stakeholder Capitalism movement has brought more accountability to corporate leadership than ever before. That accountability ultimately translates into strong remedial action if there’s a compliance problem.
Also, the DOJ has raised the priority of white-collar crimes that directly involve wasting or stealing government funds, including Covid-19 fraud and traditional False Claims Act actions, especially related to healthcare. Other high-priority white-collar crimes are those that sometimes threaten national security, such as state-sponsored hacking, ransomware attacks, cryptocurrency frauds, and, of course, sanctions violations and money laundering related to Russia and the oligarchs. The DOJ has plenty to do.
For all these reasons, it’s no wonder federal prosecutors have placed remedial action on center stage and thereby shifted the final goal from mere corporate compliance to corporate self-enforcement.