December 4, 2017 – On November 29, 2017, Deputy Attorney General Rod Rosenstein announced the adoption of the FCPA Corporate Enforcement Policy (“Enforcement Policy”), which attempts to further encourage voluntary disclosure of FCPA violations by companies. The Enforcement Policy attempts to clarify certain aspects of the FCPA Pilot Program launched by the Fraud Section in April 2016 and removes its “pilot” status by incorporating the general framework for credit for voluntary disclosure of FCPA violations into the United States Attorney’s Manual (USAM).
The new Enforcement Policy creates a presumption that the Department of Justice (DOJ) will decline to bring enforcement actions when companies self-disclose, fully cooperate with the government’s investigation, remediate any misconduct, and disgorge any ill-gotten profits, provided that there are no aggravating circumstances that would make a declination inappropriate. The Enforcement Policy gives DOJ significant discretion in determining whether the presumption should apply. It thus falls short of a true “amnesty” program, but it does increase the incentive for companies to self-disclose, as it increases the likelihood of receiving a declination and all but guarantees that non-recidivist companies that do not receive a declination, but satisfy the terms of the Enforcement Policy, will receive a 50% reduction off of the low end of the applicable United States Sentencing Guidelines fine range.
Pilot Program Background
The Pilot Program, announced in 2016, created a temporary system to encourage voluntary reporting of FCPA violations. Companies that voluntarily disclosed an FCPA violation, cooperated fully with the resulting government investigation, remediated the misconduct, and disgorged any tainted profits, could receive a reduction of up to 50% off the bottom of the United States Sentencing Guidelines fine range. Under the Pilot Program, the DOJ would also consider a declination of prosecution and would generally not require the imposition of a compliance monitor if these conditions were met.
Moreover, under the framework established by the Pilot Program, companies failing to voluntarily disclose FCPA violations could not receive more than a 25% discount off the bottom of the U.S. Sentencing Guidelines fine range, regardless of their level of cooperation or remediation.
In addition to incorporating the general framework of the Pilot Program into the USAM, the Enforcement Policy makes certain important changes to further encourage voluntary disclosure of FCPA violations. Most notably, the Enforcement Policy adopts a presumption in favor of a declination for companies that meet the conditions of voluntary disclosure, full cooperation, remediation, and disgorgement of profits. This presumption can be overcome where there are “aggravating circumstances,” such as involvement by senior management in the misconduct, significant profit to the company from the misconduct, pervasiveness of the misconduct within the company, and “criminal recidivism.”
Even when there are aggravating circumstances (except for cases of criminal recidivism), the Enforcement Policy states that the DOJ “will accord” a 50% reduction off the bottom of the U.S. Sentencing Guidelines fine range if the company otherwise meets the conditions described in the Enforcement Policy. This is a meaningful contrast to the more discretionary “may accord up to” language from the Pilot Program, especially when considering that this is the fallback position in the Enforcement Policy, to be deployed only when aggravating circumstances prevent a declination.
There are other, more subtle differences between the Pilot Program and the Enforcement Policy. For example, under the Pilot Program, disclosure was not considered voluntary if it was required by law, agreement, or contract. This same exception is not included in the Enforcement Policy, making it possible that a company will still receive credit for voluntary disclosure even if it was legally required to make the disclosure.
The Enforcement Policy also adds certain requirements to what will be considered full remediation. For example, the Enforcement Policy explicitly requires companies to conduct a root-cause analysis to identify and remediate the root cause of the misconduct. Additionally, companies are expected to take steps to ensure that business records are appropriately retained, including by prohibiting employees from communicating using software that fails to retain the communications.
Deputy Attorney General Rosenstein was clear that the Enforcement Policy was designed to allow for prosecutorial discretion and that, like other DOJ operating procedures, it does not create any private rights and is not enforceable in court. Nevertheless, the additional clarity provided by the Enforcement Policy may allow companies to make more informed decisions regarding voluntary disclosure. If the Pilot Program increased voluntary disclosure as much as the DOJ believes, it seems likely that the Enforcement Policy will have the same, if not greater, effect.
Considerations for Companies Considering Voluntary Disclosure
As described above, the revised framework under the Enforcement Policy resolves some of the ambiguity that existed under the Pilot Program. Still, certain questions persist about the specifics of the Enforcement Policy and how it will be applied.
For example, it remains to be seen how the DOJ will apply the “aggravating circumstances” exception. The headline of the Enforcement Policy is the presumption in favor of declination. However, that presumption can be overcome if there are aggravating circumstances regarding the nature of the offense or the offender. While the Enforcement Policy provides some examples of what will be considered aggravating circumstances, it is a non-exhaustive list and even the examples provided leave significant room for interpretation.
It is also unclear what the DOJ will consider “criminal recidivism.” Companies worried about whether an aggravating circumstance may deprive them of the full benefits of the Enforcement Policy can take some comfort in the fact that they will receive, at worst, a 50% reduction off the bottom of the Sentencing Guidelines fine range if they meet the conditions of the Enforcement Policy. The same cannot be said for companies considered to be criminal recidivists, which are excepted from both the presumption for declination and the 50% reduction benefit. It is unclear from the Enforcement Policy what will be considered criminal recidivism. Will it be limited to prior FCPA violations? How will prior SEC enforcement actions be treated? How will foreign criminal actions be treated? What is the relevant timeframe?
In the end, the decision whether to voluntarily disclose an FCPA violation will remain highly fact specific. However, there are certain steps companies can take immediately upon learning of a potential violation to preserve optionality with respect to voluntary disclosure under the Enforcement Policy.
First, conducting an effective and efficient internal investigation immediately upon becoming aware of the potential violation is critical. In order to make an informed decision regarding voluntary disclosure, it is important to have a firm understanding of relevant facts and circumstances. Such an understanding can only come from an effective internal investigation. Moreover, the Enforcement Policy requires a company to conduct a root-cause analysis and fully remediate the misconduct by the time of the resolution. To accomplish this, a company must have a clear understanding of what happened, why it happened, and who was involved as soon as possible so that there is time to take appropriate action in response.
Second, given the DOJ’s apparent interest in communication software with self-deleting functionality, companies will need to confirm that their policies and procedures prohibit the use by employees of such software and applications for business purposes. Indeed, companies should take special efforts to ensure that all business records are appropriately retained. Because the destruction of potentially relevant material and communication is such a hot-button issue, it appears doubtful that the DOJ will readily forgive a company if the company failed to take action to prevent employees from destroying records and communications.
Third, it is important to perform a self-evaluation of the company’s compliance program and to act to bring the program in line with the general standards articulated in the Enforcement Policy. Ideally this should be done as a preventative measure and as a regular practice of continually improving the corporate compliance program. However, it should also be done as soon as possible upon learning of a potential violation. Under the Enforcement Policy, the DOJ expects companies to have implemented an effective compliance program by the time of the resolution. For some companies, this may mean a significant overhaul to the existing compliance program, making an early start imperative.
Even with the increased potential for a declination under the Enforcement Policy, voluntary disclosure may not be right for every company in every circumstance. However, the benefits offered by the Enforcement Policy are significant enough that companies should at least consider voluntary disclosure and take steps to preserve the option. Fortunately, the above steps are best practices and add value even if a company ultimately decides not to avail itself of the benefits afforded by the Enforcement Policy by voluntarily disclosing the violation.