Effective Compliance Programs in 2019

In 2018, the U.S. Department of Justice (“DOJ”) announced several significant policy changes that will have a meaningful impact on corporate fraud and anticorruption investigations. Collectively, these policies underscore the continuing effort by the DOJ to create incentives for companies to self-identify and report misconduct, including by providing greater transparency about the benefits of doing so. One of the principal takeaways from these developments is that companies should prioritize implementing and maintaining effective compliance programs, which will not only help identify internal bad actors and malfeasance, but will also best position companies to voluntarily disclose misconduct, remediate any issues, and maximize the benefits of amnesty and leniency programs if they choose to do so.

Expansion of FCPA Corporate Enforcement Policy

As we previously reported, in late 2017, the DOJ announced the Foreign Corrupt Practices Act (“FCPA”) Corporate Enforcement Policy (the “Enforcement Policy”), which built upon its FCPA Pilot Program in effect since April 2016. Under the Enforcement Policy, absent “aggravating circumstances,” there is a presumption that the DOJ will decline to prosecute a company that:

• voluntarily self-discloses wrongdoing before “an imminent threat” that the government will learn of the matter;
• provides “full cooperation,” including by proactively producing documents and other information, providing evidence with respect to the culpability of individuals, and making available witnesses located in the United States and abroad to the DOJ; and
• engages in “timely and appropriate” remediation, including the disgorgement of any profits from the wrongdoing.

In this context, “aggravating circumstances” can include pervasive wrongdoing at the company, the involvement of senior management, obtaining a significant profit from the misconduct, or recidivism. Companies that meet all three criteria but do not qualify for a declination due to aggravating circumstances are promised a reduction of up to 50% off the bottom end of the U.S. Sentencing Guidelines fine range. Companies that do not meet the self-reporting criteria, but fully cooperate and remediate in a timely and appropriate manner, are eligible for up to a 25% reduction off the bottom of the U.S. Sentencing Guidelines fine range.

In March 2018, the DOJ expanded the application of the Enforcement Policy, announcing that the policy would serve as nonbinding guidance in all DOJ Criminal Division matters, including corporate fraud investigations outside of the FCPA context. The expanded application of the Enforcement Policy therefore broadens the types of misconduct for which companies have incentives to self-disclose and cooperate. On July 25, 2018, the DOJ announced a further expansion of the Enforcement Policy in the context of M&A transactions. Specifically, the DOJ will now “apply the principles contained in the Enforcement Policy to successor companies that uncover wrongdoing in connection with mergers and acquisitions and thereafter disclose that wrongdoing and provide cooperation, consistent with the terms of the Policy.”

This expansion reaffirms the importance of diligence in M&A transactions, remediation if wrongdoing is identified, and ensuring that an acquired company has appropriate compliance programs and controls in place to prevent and detect misconduct.

Cooperation Obligations with Respect to Individuals

In addition to providing greater transparency regarding the benefits of cooperation credit and self-reporting, the DOJ also provided greater clarity about its expectations regarding its previously-expressed requirement that companies provide relevant information about individuals involved in any misconduct as part of its cooperation obligations.

Previously, under the DOJ’s 2015 “Yates Memo,” in order for companies to receive full cooperation credit, they had to provide information about all individuals involved in culpable activity. This led to complaints that certain prosecutors were unreasonably interpreting this requirement to require companies to provide evidence on every individual potentially involved in misconduct no matter how limited the connection, which, in cases involving widespread or long-running fraud or corruption, could arguably amount to hundreds of individuals.

On November 29, 2018, Deputy Attorney General Rod Rosenstein announced a policy change to address this concern. Companies seeking cooperation credit are now only required to identify every individual who was “substantially” involved in or responsible for the criminal conduct. According to Rosenstein, “the most important aspect of our policy is that a company must identify all wrongdoing by senior officials, including members of senior management or the board of directors, if it wants to earn any credit for cooperating in a civil case.” The announced policy change also provides DOJ’s civil lawyers, when bringing civil enforcement actions, new discretion in determining who is pursued and how companies are rewarded for cooperating in civil cases.

Anti-“Piling On” Policy

The changes to corporate enforcement policies in 2018 have been coupled with an effort to reduce the burdens on companies facing overlapping investigations involving multiple jurisdictions and U.S. agencies.¹  On May 9, 2018, the DOJ announced a new policy, the Policy on Coordination of Corporate Resolution Penalties, designed to promote coordination and limit the imposition of multiple penalties on a company for the same conduct, commonly known as “piling on.”

The policy encourages federal prosecutors to consider the potential imposition of penalties on companies by different regulators and authorities in the United States and abroad for the same underlying misconduct. The new policy is also intended to encourage cross-border and intra-agency cooperation on investigations, as well as the global resolution of investigations of corporate wrongdoing. In practice, this results in the DOJ calculating the total criminal penalty against a company under the U.S. Sentencing Guidelines fine range, and then crediting payments to other agencies or authorities.

During 2018 we have seen several examples of crediting by the DOJ of payments made to other agencies, including: (i) the DOJ’s agreement to credit Société Générale’s payment to the French Parquet National Financier for 50% of the DOJ’s total criminal penalty; (ii) the DOJ’s agreement to credit Petrobras’ payments to the Ministerio Público Federal in Brazil and the SEC for 90% of the DOJ’s criminal penalty; and (iii) the DOJ’s decision to decline to prosecute Guralp Systems because of the company’s commitment to accept responsibility for its conduct through a resolution with the United Kingdom’s Serious Fraud Office.

The changes to DOJ policy throughout 2018 reinforce the DOJ’s efforts to encourage companies to self-report, cooperate and resolve criminal investigations, both by providing companies with greater transparency regarding the benefits of their cooperation, and by offering the possibility of a coordinated, global resolution that minimizes a company’s financial exposure to multiple authorities. These changes further highlight the benefits of adopting and improving compliance programs, not only to deter misconduct, but also to help identify and remediate possible wrongdoing at the earliest possible point in time, which, in turn, will provide a company with the maximum ability to take advantage of the benefits of self-reporting and remediation.

Boards of directors should, in turn, continue to exercise oversight over the compliance function, ensuring that it is independent, is provided with sufficient resources to operate, and complies with best practices. Such oversight will also pay dividends in setting the appropriate tone at the top and emphasizing the company’s ethical and compliance culture–thereby, hopefully, preventing misconduct from occurring in the first place.