This post has a similar theme to this  prior post. The theme is – all one has to do is wait for former DOJ and SEC FCPA enforcement officials to blast various aspects of the current FCPA enforcement climate.
Touching upon the same issues I first highlighted in this  August 2012 post titled “The Dilution of FCPA Enforcement Has Reached a New Level With the SEC’s Enforcement Action Against Oracle,” as well as prior posts here , here  and here , a former Assistant Chief of the DOJ’s FCPA Unit (William Stuckwisch  – currently a partner at Kirkland & Ellis) blasts certain aspects of SEC FCPA enforcement in this  recent article published in Criminal Justice.
The article begins:
“Imagine the following scenario: You have guided your client, a publicly traded company, through the long and winding process that is a Foreign Corrupt Practices Act (FCPA) internal investigation. Afterward, or increasingly more often simultaneously, you then lead your client through presentation of the results of the investigation to the United States Department of Justice (DOJ) and Securities and Exchange Commission (SEC) (collectively, “government”). Ultimately, neither the internal investigation nor the government’s investigation finds any improper payment (or offers of payments) to any foreign official, or any other knowing misconduct. As a result, the government cannot pursue substantive FCPA antibribery charges against your client, and the DOJ cannot pursue any other FCPA-related criminal charges. Just when you begin to savor this significant success, you are ripped back to reality, as the SEC informs you that, nevertheless, your client faces civil enforcement under the FCPA’s internal controls provision and demands a significant penalty. Unfortunately, this scenario is not a hypothetical for the FCPA Bar to deliberate at conferences and include as footnotes in memoranda addressing real-world client issues. Instead, it mirrors the facts publicly alleged in the SEC’s August 2012 enforcement action against Oracle Corporation, a case considered by many FCPA practitioners to be a stunning result. […] In Oracle, the SEC faulted the US parent corporation for not auditing local distributors hired by its Indian subsidiary, without alleging that the distributors (or anyone else) had made any improper payment to any foreign government official. Oracle is the latest example of the SEC’s expansive enforcement of the FCPA’s internal controls provision, and it potentially paints a bleak picture—one in which the provision is essentially enforced as a strict liability statute that means whatever the SEC says it means (after the fact).”
Elsewhere, Stuckwisch, the lead author of the article, notes:
“[G]iven the highly subjective nature of the internal controls provisions, companies will continue to feel at the SEC’s mercy once it opens an FCPA investigation, even if no improper payments (or offers of payments) are ever found.” […] In our view, the true lesson of Oracle is not that this particular type of internal control is required, but rather that the internal controls provision is so broad, and the statutory standard of reasonable assurances so subjective, that the SEC has an almost unfettered ability to insist on a settlement, including a civil penalty, at the conclusion of virtually any FCPA investigation. Companies may be willing to enter into such settlements—particularly because, in the absence of a parallel DOJ action, they need not make any factual admissions (due to the “neither admit nor deny” nature of SEC settlements in such circumstances), and the cost of a settlement is often lower than continuing investigative and representative costs. But such settlements can have severe, unintended consequences. Perhaps most significantly, these settlements can lead other companies to misdirect their scarce compliance resources.”
Stuckwisch’s final observation is of course spot-on and generally restates the thesis from my 2010 article “The Facade of FCPA Enforcement. “