Priorities, Trends and Developments in Enforcement and Compliance
January 10, 2020
Enforcement of anti-bribery, sanctions and money laundering laws remains a top priority for US authorities. In 2019, the US Department of Justice and civil regulators issued new or updated policies aimed at increasing incentives for self-reporting by companies. Different agencies also provided additional guidance about compliance programs, including the role of officers and directors in supervising compliance programs.
Enforcement Priorities and Trends
Over the past year, in line with the administration’s stated priorities, US authorities continued to focus on enforcement actions against US and non-US persons across a variety of industries, based on violations of the Foreign Corrupt Practices Act (FCPA), US sanctions, and money laundering laws. The DOJ has continued to emphasize: (i) holding individuals accountable, including any officers and directors allegedly involved in misconduct; (ii) promoting robust corporate compliance programs; and (iii) giving companies credit for voluntary self-disclosure, cooperation and remediation. We expect these trends to continue in the coming year.
Notable enforcement actions in 2019 include criminal charges the DOJ brought against Chinese telecommunications equipment manufacturer Huawei and Turkish bank Halkbank relating to Iran sanctions violations, money laundering and fraud, as well as criminal resolutions of investigations of Swedish telecommunications company Ericsson (concerning bribery) and Standard Chartered Bank (concerning sanctions violations).
The DOJ’s announcement in October 2018 of a policy relating to the imposition and selection of corporate compliance monitors, a practice that the DOJ described at the time as the exception rather than the rule, did not result in the exclusion of monitorships in several significant resolutions in 2019. The DOJ imposed independent compliance monitors as part of resolutions of bribery cases against Ericsson, Russian telecommunications company Mobile TeleSystems, German medical products company Fresenius Medical Care and US retailer Walmart.
Under the DOJ’s FCPA Corporate Enforcement Policy, the DOJ declined to prosecute US company Cognizant Technology Solutions, despite the alleged involvement of senior management in the conduct (which is an aggravating factor that may warrant a criminal resolution under the policy), and a US digital and print marketing provider, based on voluntary self-disclosures, cooperation, remediation, and other factors.
In addition, last year the DOJ also pursued individuals, including executives and directors, in connection with enforcement actions against companies. In relation to the investigation of Standard Chartered, a former employee pleaded guilty and a former customer was also criminally charged. The DOJ brought charges against Huawei’s CFO and against the former CEO and member of the board of directors (a Brazilian citizen) of Braskem. The DOJ also obtained a conviction against a former senior vice president (a British citizen) of Alstom (based on his actions as an agent of a US subsidiary).
In addition, the DOJ pursued enforcement actions against individuals without also prosecuting affiliated companies. It brought charges against the former president and the former chief legal officer of Cognizant relating to bribery and obtained convictions against a US investment firm’s chairman and CEO and a member of its board of directors relating to bribery and money laundering.
Last year, the SEC’s Division of Enforcement continued its priority of protecting “Main Street” retail investors, focusing on investment advisers, financial frauds and threats to investors stemming from new technologies, such as coin offerings. The Enforcement Division’s enforcement action against pharmaceutical company Mylan, based in part on the company’s disclosures and accounting for loss contingencies in connection with an investigation by the DOJ, served as an important reminder of the risks surrounding a company’s decision about whether, when and how to disclose an investigation.
Other enforcement actions in the past year, including one against Fiat Chrysler, highlighted the Enforcement Division’s return to a focus on alleged earnings management and accounting fraud. Recently, the Enforcement Division announced its plans to continue to speed up investigations, particularly in financial fraud and issuer disclosure cases.
Policies on Self-Reporting
In 2019, US agencies issued several updates to existing policies on self-reporting and also announced new policies. The DOJ made incremental changes to its FCPA Corporate Enforcement Policy, including to codify the application of the policy in the context of mergers and acquisitions. The US Commodity Futures Trading Commission issued an advisory on self-reporting and cooperation for violations of the Commodity Exchange Act involving foreign corrupt practices, signaling its increasing focus on foreign bribery. The advisory takes a similar approach to the FCPA Corporate Enforcement Policy, providing that companies and individuals not registered (or required to be registered) with the CFTC, who are therefore not subject to its reporting requirements but are still subject to the CFTC’s jurisdiction, will receive a presumption of a resolution with no penalty if they make voluntary self-disclosures, cooperate and remediate, absent aggravating circumstances.
The DOJ announced a new Export Controls and Sanctions Enforcement Policy for Business Organizations, which updated earlier guidelines on voluntary self-disclosures in a manner similar to the FCPA Corporate Enforcement Policy. The policy clarifies that a company that voluntarily self-discloses export control or sanctions violations to the DOJ’s National Security Division’s Counterintelligence and Export Control Section, cooperates and remediates will be entitled to a presumption of non-prosecution and will not be fined, absent aggravating circumstances. Reporting only to regulatory agencies will not suffice to obtain credit under the policy. Unlike previous guidelines, the policy is applicable to all businesses, and it does not include a carve-out for financial institutions.
The DOJ also issued guidance explaining how it will provide credit in False Claims Act cases for voluntary self-disclosures, cooperation in an investigation or remedial measures.
Guidance on Compliance
Last year, the DOJ updated its guidance on the factors that prosecutors should consider in evaluating corporate compliance programs. The guidance identifies three fundamental questions to consider:
- Whether a corporation’s compliance program is well-designed.
- Whether the program is being implemented effectively.
- Whether the program actually works in practice.
The guidance specifically addresses the role of officers and directors, including the tone from the top, their interactions with the compliance and control functions and reporting lines to the board or audit committee.
Against the backdrop of the DOJ’s guidance on evaluating corporate compliance programs and expanded sanctions enforcement by US authorities, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) (responsible for civil enforcement of US sanctions) released “A Framework for OFAC Compliance Commitments,” which indicates the elements that OFAC will use to evaluate a company’s compliance efforts in the context of any enforcement action. The Framework endorses a risk-based approach to compliance (recognizing that no two compliance programs will be identical) and the need for a formal program that includes five essential components:
- Management commitment
- Risk assessment
- Internal control
- Testing and auditing
With respect to management commitment, OFAC stated that senior management—including senior leadership, executives and/or the board of directors—must support an organization’s sanctions compliance program and ensure the compliance units have adequate resources and authority and that these units are integrated into daily operations.
The continued focus by US authorities on bribery and sanctions, policies encouraging self-disclosure and agencies’ guidance about compliance underscore the continued importance of maintaining robust internal controls and compliance, which can help prevent misconduct, detect potential issues and mitigate any penalties.
Board members in particular should be attuned to the effectiveness of internal controls and compliance programs given the potential for significant fines and collateral consequences of an enforcement action. If a company discovers misconduct and is faced with the choice of whether to self-disclose, directors involved in the decision-making process should consider the increasing incentives promoted by US authorities when conducting a risk-based analysis of the ultimate decision on self-reporting.