When the DOJ and SEC published their FCPA Resource Guide, they emphasized the connection between remedial action and enforcement. The Guide makes clear that no company can expect a favorable FCPA resolution unless it takes adequate remedial action, and conversely, companies that fail to do that are more likely to face charges and harsher FCPA penalties.
Remedial action appears more than 20 times in the Resource Guide, as remedial action and also as remedial efforts, remedial measures, a remedial plan, and remedial improvements. The discussion stretches over various sections, including DOJ Principles of Federal Prosecution of Business Organizations, DOJ FCPA Corporate Enforcement Policy, Criminal Cases, Civil Cases, Successor Liability, and so on.
One way companies with FCPA problems demonstrate their commitment to compliance is through remedial action — that is, “by taking steps to implement the personnel, operational, and organizational changes necessary to establish an awareness among employees that criminal conduct will not be tolerated.”
The Guide’s discussion about remedial action relies heavily on a 2001 SEC release commonly known as the Seaboard Report. That release is about a books-and-records case that didn’t involve the FCPA. But it sets out 13 non-exclusive criteria the SEC uses for determining “whether, and how much, to credit self-policing, self-reporting, remediation and cooperation.”
The Seaboard Report guides the SEC when it’s considering the “extraordinary step of taking no enforcement action [or] bringing reduced charges, seeking lighter sanctions, or including mitigating language in documents [the SEC will] use to announce and resolve enforcement actions.”
The DOJ’s Evaluation of Corporate Compliance Programs similarly instructs prosecutors in FCPA cases to consider “the nature and thoroughness of the company’s remedial efforts . . . including, for example, disciplinary action against past violators uncovered by the prior compliance program.”
The Evaluation cites the older Justice Manual (the U.S. Attorneys’ handbook). JM 98-28.800 instructs federal prosecutors to assess whether companies took appropriate remedial action by identifying and disciplining employees responsible for misconduct up and down the corporate ladder, “either through direct participation or failure in oversight, as well as those with supervisory authority.”
The Justice Manual itself goes further. Remedial action, it says, is how companies demonstrate that they recognize the seriousness of their misconduct and accept responsibility for it.
Remedial action also plays a significant role in the DOJ’s decisions about independent compliance monitors. The Monaco Memo published last week lists remedial action as one of ten factors prosecutors should consider when evaluating the necessity for a monitor.
Whether the corporation took adequate investigative or remedial measures to address the underlying criminal conduct, including, where appropriate, the termination of business relationships and practices that contributed to the criminal conduct, and discipline or termination of personnel involved, including with respect to those with supervisory, management, or oversight responsibilities for the misconduct.
The DOJ’s 2018 Benczkowski Memo (also about monitors) logically links remedial action with continuous compliance improvements.
Even debarment decisions are based in part on remedial action. Bribery convictions and civil findings are grounds for debarment. The DOJ and SEC don’t make debarment decisions; instead, those determinations are left to independent “debarment authorities” within each agency, such as the Department of Defense or the General Services Administration. Debarment authorities consider “whether the contractor has effective internal control systems in place, self reported the misconduct in a timely manner, and has taken remedial measures,” according to the FCPA Resource Guide.
The Federal Sentencing Guidelines list the elements of an effective compliance program, and on that list remedial action comes near the end, probably because remedial action typically happens after the discovery of compliance problems.
But you know how lists work. Even if the order is arbitrary or chronological, sometimes we rank the importance of each item by where it appears; we think items low on a list must have lower importance. I made that mistake with remedial action, which became for me a sort of compliance caboose.
I got remedial action wrong and later learned better. It’s not a compliance caboose but an essential and ongoing part of any effective compliance program.