Glencore’s FCPA resolution last month included a plea agreement requiring the parent company’s Chief Compliance Officer to certify its compliance program and reports to the DOJ. The CCO’s certification is subject to the false statements statute, punishable by up to five years in prison, and the federal obstruction law, which carries a potential prison sentence of up to 20 years.
Assistant Attorney General Kenneth Polite, head of the DOJ’s criminal division, announced the requirement for CCO certifications in March. He said the new policy is “not punitive in nature” but intended to ensure “Chief Compliance Officers receive all relevant compliance-related information and can voice any concerns they may have prior to certification.”
Maybe the DOJ doesn’t intend the new CCO certification requirement to be “punitive in nature,” but that doesn’t mean it’s a good idea.
CCOs can’t know everything that happens in their company. Take Glencore. It operates about 150 sites in 35 countries and has 135,000 employees and contractors on its payroll. In a business that big and complex, a CCO can know what should happen but won’t always know what does happen.
The certification form attached to Glencore’s plea agreement doesn’t leave room for the CCO to say, “To the best of my knowledge” or “It is my good faith belief and understanding.” Instead, the CCO (who didn’t sign the plea agreement; the general counsel and outside lawyers did that) has to certify that “based on a review of the Company’s reports submitted to the Department of Justice . . . the reports were true, accurate, and complete as of the date they were submitted.” It’s true or false and nothing in between.
Speaking of gray areas, compliance involves judgments and interpretations. Glencore’s CCO will have to certify the company’s compliance program is reasonably designed to detect and prevent violations of the Foreign Corrupt Practices Act and other applicable anti-corruption laws. A CCO running a compliance program in 35 countries is likely to see some things differently than the DOJ, which views it all from the outside. If the CCO and DOJ disagree about what “reasonably designed” means, then what?
There’s this: CCOs sometimes change jobs. In Glencore’s case, what happens if the incumbent leaves before three years, when the CCO certification is due? Can a new CCO learn enough to certify the program and company reports? What happens if the new CCO asks the DOJ for more time? Will the DOJ punish somebody — maybe the company or the former or current CCOs?
Let’s talk more about the false statements statute, 18 U.S. Code § 1001, and 18 U.S.C. § 1519, the obstruction law. With those swords dangling overhead, would any CCO feel comfortable editing reports from other compliance officers or outside counsel? Could the DOJ use edits to build an obstruction or false statements case?
Don’t laugh. Remember when the DOJ accused the former associate general counsel of GlaxoSmithKline, Lauren Stevens, of making false statements and concealing documents in submissions to the Food and Drug Administration, notwithstanding extensive evidence showing she acted on the advice of counsel and without any intent to violate the law?
A federal district judge acquitted her over objections from the DOJ and said, “[O]nly with a jaundiced eye and with an inference of guilt that’s inconsistent with the presumption of innocence could a reasonable jury ever convict this defendant.” Who knows what the DOJ had in mind with that prosecution?
What if a CCO gets cold feet and refuses to certify anything and says to the CEO or the board, “Hey, you don’t pay me enough to sign a document like that.”
Could the DOJ interpret the CCO’s remark as a demand for hush money and threatened extortion? Would that be grounds for the DOJ to allege obstruction?
I don’t know the answers to all these questions, and neither do CCOs. That’s the problem.
The DOJ wants personal accountability for CCOs to prevent recidivist FCPA violations. We all get that. But is injecting uncertainty about criminal liability into the lives of CCOs any way to treat already burdened corporate gatekeepers?
Whatever the DOJ’s motives, CCO certifications like Glencore’s are a rotten idea.