I’m sure Deputy Attorney General Rod Rosenstein does more than just give speeches, but lately (well he actually addressed this in his speech).
Earlier today, Rosenstein delivered this speech at Compliance Week and this post excerpts the speech.
Rosenstein stated: “When a company creates and fosters a culture of compliance, it creates value. Compliance is an investment. Ethical, law-abiding companies can better attract investors and partners. People want to do business with companies that they perceive as honest and reliable.”
Thereafter, Rosenstein stated:
“Compliance mitigates risk, making companies more valuable and less likely to encounter unanticipated costs that may result from protracted investigations and penalties. Compliance should not be treated as separate and distinct from other business goals. A culture of compliance must be fully integrated into corporate culture. Employees should be trained and encouraged to think about compliance issues in making business decisions. In a company with an adequate and effective compliance program, the legal, compliance, and audit departments are not the only repositories of professionals monitoring and evaluating what the business side does.”
Next, Rosenstein stated:
“When companies come under investigation, we ask two principal questions about the company’s compliance function: First, what was the state of the compliance program at the time of the improper conduct? Second, what is the current state of the compliance function, after remediation to address any lessons learned?
[W]e recognize that even the best compliance program may not stop individual bad actors. Corporate compliance programs are sometimes compared to preventative medicine. It’s a good analogy. Getting an annual physical doesn’t mean you won’t get sick. But those screenings – just like a robust compliance program – help to ensure that issues will be detected and addressed at an early stage. We do not only look at a company’s past conduct and compliance lapses. We are also focused on the business’s health going forward.
That concept is reflected in the FCPA Corporate Enforcement Policy that we announced in November 2017. The Policy incentivizes companies to promptly report misconduct and fully cooperate, as well as to enact effective remedial measures. Companies that lack adequate compliance measures are less likely to uncover a problem at an early stage. They are less likely to be able to make a voluntary disclosure that qualifies them for the most significant benefits under the Corporate Enforcement Policy. And they are less likely to stop the conduct before it becomes pervasive. Companies without adequate compliance programs need to undertake more dramatic efforts to remediate damage and change their culture.
Compliance is not a one-size-fits-all proposition. If a small private business consists of a founder, a general counsel, and a handful of employees, the risk profile of the company may be different from that of a large complex business. But as companies grow, risk profiles change. For example, a company that decides to raise funds by going public faces an entirely new set of risks. It needs to concern itself with all the laws that govern public companies, including making appropriate securities disclosures. Companies that venture into foreign markets face risks under the Foreign Corrupt Practices Act. Even blue-chip, multinational corporations with strong preexisting programs must continuously evaluate their risk profiles and adapt to new circumstances. If a company uncovers misconduct that occurred despite an otherwise effective compliance program, the FCPA Policy tells prosecutors to consider whether the company subsequently analyzed the underlying cause of the problem. A company that properly manages its risks through a robust and appropriate compliance function – one that grows along with the rest of the company – will remain ahead of the curve. Our Department does not use a rigid formula to assess the effectiveness of corporate compliance. Each company’s risk profile and solutions to reduce its risks warrant consideration. We make an individualized determination in each case.
Two weeks ago, we announced another corporate enforcement policy designed to ensure fairness and consistency in our corporate resolutions. The policy addresses the coordination of corporate resolution penalties across multiple enforcement authorities. It seeks to avoid what the business and legal communities refer to as “piling on.” In football, the term “piling on” refers to a player jumping on a pile of other players after the opponent is already tackled. It is important for law enforcement to be aggressive in pursuing corporate wrongdoers. But we should discourage disproportionate and duplicative penalties imposed by multiple authorities. Our new policy discourages “piling on” by instructing Department components to appropriately coordinate with one another and with other enforcement agencies to attempt to seek an equitable outcome in joint and parallel investigations of the same misconduct. We incorporated this policy, like the FCPA Corporate Enforcement Policy, directly into the United States Attorneys’ Manual.
We hope that your companies and your clients will never have to confront our policies and enforcement actions. I know most business executives, most employees, and most companies try to do the right thing. A company with a robust compliance program can prevent misconduct. That frees our investigators and attorneys to focus on corporate criminals who post the most dangerous and imminent threats to the American people – terrorists, drug traffickers, transnational cyber criminals. Those groups do not have compliance programs. They do not make voluntary disclosures. They are not our partners in keeping the American economy healthy and prosperous.”
FCPA Institute - Denver (May 4-5)
A unique two-day learning experience ideal for a diverse group of professionals seeking to elevate their FCPA knowledge and practical skills through active learning. Learn more, spend less. CLE credit is available.