Yesterday, DOJ Principal Deputy Assistant Attorney General John Cronan delivered this speech “about the importance of law enforcement and private industry working together in pursuit of common, shared objectives.”
Cronan’s speech touched upon a number of topics including the DOJ’s FCPA Corporate Enforcement Policy, so-called declinations, transparency in law enforcement, and merger and acquisition issues. This post excerpts the speech and provides various rebuttal points.
Cronan began as follows:
“There can be a perception – and I would say, often a misperception – of the Department of Justice and private industry as adversaries. While that certainly is sometimes the case, viewing law enforcement and the private sector in such stark black and white terms all too often is an oversimplification and simply inaccurate. That misperception not only can pose an obstacle to effective law enforcement, but it can also work against the interests of corporations that are victimized by crime or whose employees engage in misconduct.
In reality, prosecutors and companies frequently are very much aligned in their shared desire to prevent and detect criminal conduct. Both the Department of Justice and private industry have an overwhelming interest in combatting cyber intrusions and attacks on U.S. companies, as well as protecting our businesses from the theft of their trade secrets. It similarly behooves us to recognize that a culture of compliance with the rule of law inures to our mutual benefit – just as corruption and crime work to the detriment of both the private sector and the public trust. Prosecutors and companies alike play a critical role in fostering that corporate culture.”
While one can easily imagine a situation – such as a data or cyber-security breach by an outside third party – where the DOJ’s and the company’s interests are mostly aligned, make no mistake, when a company is under FCPA scrutiny the DOJ is an adversary and any suggestion to the contrary is reflective of the roll-over-and-play dead mentality many in the Washington D.C. legal community seem to have.
Cronan continued:
“In-house counsel are also on the front lines of efforts to promote lawful business practices. Those of us in law enforcement well recognize that in-house counsel – together with boards of directors and senior management – are leading the charge from within companies to detect, deter, and rectify corporate misconduct and misbehaviors. It is often you who will confront difficult decisions about how to respond to bad actors; what compliance, audit, and ethics programs will look like; what resources will be devoted to those programs; and the level of access that compliance personnel will have to management and the board. It therefore is you to whom we in government want to make our message clear about the incentives for companies to prevent and redress corporate misconduct.”
Kudos to Cronan for nicely articulating the policy rationale for an FCPA compliance defense. (See here for a prior post among many others).
Cronan continued:
“To that end, the Department is striving to bring greater clarity to the “rules of the road” by which prosecutors exercise their discretion in enforcing our laws. We have sought to establish and articulate more predictable and settled guideposts by which companies and business leaders can gauge expectations and conform their conduct. We want companies to comprehend what actions on their part will be favorably credited and what will be penalized, as well as the standards and factors that will guide our decisions at the Department to pursue or not pursue charges.
The Department, of course, has instituted a framework for incentivizing industry with respect to our enforcement of the Foreign Corrupt Practices Act through the Corporate Enforcement Policy. The Policy, in clear terms, sets out how prosecutors should evaluate a company’s violation of the FCPA, based on our assessment of actions taken by that company in the face of the misconduct and the credit we afford those actions.
The key takeaway from the FCPA Corporate Enforcement Policy is as follows: If a company voluntarily self-discloses the misconduct in a timely manner, fully cooperates with the Department, and engages in timely and appropriate remediation, including by paying all disgorgement, forfeiture, and restitution for the misconduct, there will be a presumption of a declination.”
Time out.
There is little that is clear about a non-binding DOJ policy document peppered with vague and ambiguous terms that the DOJ has refused to provide additional clarity on (see here).
Moreover, a declination with disgorgement (the best a business organization can hope for under the Corporate Enforcement Policy) is hardly some prize. Indeed, some of these enforcement actions (and that is what they are) have required companies to pay in excess of $10 million.
Cronan continued:
“Transparency in this space can induce results that benefit law enforcement and the private sector alike. We realize that companies regularly face difficult decisions with respect to law enforcement – perhaps most notably, for purposes of today’s attendees, how to respond after uncovering misconduct. If a company knows what factors we will consider in making prosecutorial decisions, and what outcome the company can reasonably expect based on the actions it takes, that company is better positioned to make an informed, rational decision as to what course of action is in its interests. To state that more directly, we believe that if we articulate guiding prosecutorial principles that are set with an eye on both incentivizing good corporate behavior and pursuing fair and appropriate corporate resolutions, companies are more likely to in fact engage in that good corporate behavior by implementing robust internal controls and effective compliance programs, and if they uncover misconduct, by voluntarily disclosing to law enforcement, cooperating, and remediating.”
This too is a nice articulation of the policy rationale for an FCPA compliance defense and as highlighted in this post, if the DOJ truly wants to encourage voluntary disclosure a compliance defense is the best answer.
Next, Cronan stated:
“The bottom line is this: Whether prosecutors or companies, whether compliance officers or in-house counsel or boards, whether in the white-collar arena or the cyber arena, we all have critical roles to play in compliance. And we all stand to benefit from companies that build effective compliance programs and internal controls that not only prevent and deter criminal incidents from occurring in the first instance, but also pave the way for more open channels of communication between government and industry.
To be sure, when we at the Department talk about compliance, we are referring to effective compliance. The Principles of Federal Prosecution of Business Organizations make that clear. Under those Principles, in determining whether to charge a corporation, prosecutors must consider, among other factors, the existence and effectiveness of the corporation’s preexisting compliance program, as well as the corporation’s subsequent remedial actions including efforts to implement an effective compliance program or improve an existing one. In assessing a compliance program, the Principles specifically direct prosecutors to consider “whether a corporation’s compliance program is merely a ‘paper program’ or whether it was designed, implemented, reviewed, and revised, as appropriate, in an effective manner.”
For the record, the FCPA’s internal controls provisions require issuers to “devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that” certain limited financial objectives are met.
Cronan then stated:
“On the flip side, the Department has sought to reward companies that have taken meaningful, effective compliance seriously. That entails, upon uncovering misconduct, prosecutors looking at a business’s compliance both retrospectively and prospectively. Of course, companies that lack adequate compliance measures are less likely to deter and prevent misconduct, and also are less likely to uncover a problem at an early stage. But at the same time, we appreciate that, even if a company has implemented a strong and effective compliance program, that program still may not prevent one or a few bad actors from engaging in misconduct. What matters to us in the Criminal Division – as embodied in the FCPA Corporate Enforcement Policy and the application of its principles outside the FCPA – is both the effectiveness of the program in place at the time of the misconduct, as well as how the company responds upon discovering the misconduct in terms of disclosing to law enforcement, cooperating with the government, and taking meaningful remedial measures.
Our discretionary prosecutorial decisions have made plain the benefits for a company that does the right thing upon uncovering misconduct. Thus far in 2018, we have issued multiple corporate declinations under the FCPA Corporate Enforcement Policy. In August, for instance, we declined to prosecute the Insurance Corporation of Barbados Limited (ICBL) for bribery of a Barbadian government official in exchange for insurance contracts. Our declination letter cited, among other relevant factors, the company’s voluntary disclosure, significant remediation efforts, and cooperation with the Department’s investigation, including with respect to culpable individuals. We emphasized that ICBL conducted a comprehensive investigation and undertook remedial actions that included terminating all employees involved in the misconduct and implementing an enhanced compliance program and internal accounting controls.
Just three days before the ICBL declination, we issued a declination letter for Guralp Systems Limited for bribery of an earthquake research center in Korea. We similarly declined in that case because of, among other things, the company’s voluntary self-disclosure, substantial cooperation, and significant remedial efforts.
These two declinations are particularly notable because the conduct at issue in both cases entailed the involvement of senior executives in the companies. While the involvement of senior management is an aggravating factor that can weigh against a declination, it did not preclude declinations in these cases in light of the companies’ overall efforts to do the right thing. And that included cooperation with law enforcement that enabled the Department to bring charges against culpable individuals in both of these cases.
I also note that the Department of Justice has made public the ICBL and Guralp declination letters, as well as eight other declinations that preceded them under the Corporate Enforcement Policy and the predecessor Pilot Program. Publishing these declination letters further promotes transparency and reflects our broader interest in conveying to the private sector the measures taken by companies that prosecutors have credited in issuing declinations, so other companies in the future can guide their conduct accordingly.”
Time out on so-called declinations.
Before drinking the Kool-Aid, perhaps the better question is just what viable criminal charges the DOJ actually declines in many so-called declinations? (See here and here for prior posts). Based on information in the public domain, the answer seems to be a mystery.
Regarding M&A issues, Cronan stated:
“I want to say a few words about compliance in the context of mergers and acquisitions. When we talk of top-to-bottom cultures of compliance, the Department fully recognizes that there are unique challenges that arise during mergers and acquisitions.
Let me start with stating the obvious. We recognize that considerable benefits flow from law-abiding companies with robust and effective compliance programs acquiring or merging with companies with inferior compliance programs. The acquiring or merging company can help uncover compliance shortcomings or employee misconduct, and then right the ship going forward after acquisition or merger. This, of course, is a good thing, and something we want to encourage. We also do not want concerns about future exposure to deter good actors from acquiring or merging with troubled companies, and as a result giving way to acquisition or merger by companies with weaker compliance.
That is why, as I mentioned before, we have announced that the FCPA Corporate Enforcement Policy applies to mergers and acquisitions, and that the Criminal Division would apply the principles of the Corporate Enforcement Policy to mergers and acquisitions outside the FCPA context.
We recognize that it would be a rare situation for an acquiring or merging company to conduct a full, worldwide pre-acquisition deep dive on the acquisition or merger target, but it makes sense to get an understanding of the target company’s risk profile and control systems. This permits the acquiring or merging company to identify what areas it needs to take a close look at, as well as any subsidiaries or divisions it wants to focus on reviewing.
It stands in a company’s interest to take a close look at those soft spots and, if misconduct is uncovered, to attempt to address the issue prior to merger or acquisition. This could entail disclosure of the issues, if appropriate given the posture of the merger or acquisition, or it could entail taking advantage of the Fraud Section’s FCPA Opinion Procedure. For those unfamiliar with the FCPA Opinion Procedure, issuers and domestic concerns can obtain an opinion from the Department of Justice as to whether certain specified, prospective conduct conforms with the Department’s present enforcement policy under the FCPA.
Why does that make sense? By taking such pre-merger or acquisition action – whether through self-disclosure or an FCPA Opinion – the companies entering into the merger or acquisition are able to receive more certainty going into the transaction and more accurately build that certainty into the transaction. The government may respond after a merger or acquisition in a manner that the companies did not anticipate and, as a result, the companies failed to appropriately price the transaction. Similarly, self-disclosure prior to an acquisition, or at the earlier possible point, permits companies to take full advantage of the significant benefits that are available to voluntarily disclosing companies. Furthermore, when two companies are involved in a transaction, the chance that a whistleblower will learn of the misconduct and report it only increases.
But we also realize that, in some circumstances, even the best pre-acquisition due diligence may not uncover problems until after a deal closes. And even an acquiring company with a strong culture of compliance may struggle to impose and imprint that culture on a newly-acquired business. But again, the Department endeavors to be clear-eyed about the importance of self-reporting and proactively addressing problems as they arise, whenever they come to light, even if it is after-the-fact. Our interest will be to zero in on the culpable individuals, and to focus on giving due credit to efforts to cooperate and remediate, not to punish a company for punishment’s sake.”
As highlighted in this prior post, the DOJ’s FCPA Opinion Procedure program is widely viewed as being close to worthless and the DOJ has not issued an opinion under the program since November 2014.
In closing, Cronan stated:
“Compliance is a fast-moving and fluid field. Companies and business leaders – as well as prosecutors – must navigate issues of compliance in the face of emerging technologies, such as ephemeral and encrypted messaging services, which pose a challenge to traditional investigative methodologies. Companies will have to navigate implementation challenges to compliance programs in foreign jurisdictions where certain laws might impede procedures or programs that have proven effective in the United States. Companies will also have their pick of an increasing array of data analytics and other tools that purport to facilitate compliance.
At bottom, government and industry should be grappling with these ever-evolving issues and challenges together. Our interests in rooting out corporate crime are invariably aligned, and our collective efforts are necessary to achieve that end.”
FCPA Institute - Zoom (Oct. 10-12, 2023)
Elevate your FCPA knowledge and practical skills. Nine hours of integrated and cohesive instruction led by Professor Koehler (an FCPA expert with teaching experience). Learn more, spend less. Professional credential available.
Learn More and Register
