This recent FCPA Blog post asks “How Big a Problem Is Corporate FCPA Recidivism?” The post asserts that there have been 13 repeat FCPA defendants. However, like a lot of data on the FCPA Blog, this number is wrong.
As highlighted in this prior post, there have been 17 repeat corporate FCPA offenders and the post contained the complete list.
While the difference between 13 and 17 may seem like a trivial matter, the difference is statistically meaningful. Moreover, the FCPA Blog’s calculation of the corporate FCPA recidivism rate is also misleading.
The FCPA Blog asserts:
“The DOJ and SEC have prosecuted 240 different companies … for FCPA offenses. Of those 240 companies, 13 have been repeat FCPA defendants. That means the recidivism rate for all corporate FCPA defendants is about 5.5 percent.”
This is misleading because several companies that have resolved FCPA enforcement actions are no longer in existence. Some corporate FCPA violators became non-operational entities or ceased operating soon after FCPA enforcement actions. Other corporate FCPA violators (generally speaking small privately held companies) simply ceased operating with the passage of time. Still other corporate FCPA violators (including several then publicly traded companies) were merged into and/or acquired by other companies.
Simply put, many corporate FCPA violators are incapable of becoming repeat offender because they no longer exist.
Given the above dynamics, the more accurate corporate FCPA recidivism rate is likely double, if not triple, the rate calculated by the FCPA Blog.
Regardless of the actual rate, the question still remains what to make of corporate FCPA repeat offenders.
This 2015 post highlighted how Biomet’s 2013 FCPA deferred prosecution agreement (concerning conduct in Brazil, Argentina, and China) was being extended because of the company’s additional FCPA scrutiny in Brazil and Mexico and offered two thoughts on FCPA repeat offenders. (As highlighted here Biomet indeed became a repeat offender in 2017).
First, repeat offenders make the DOJ (and SEC) look foolish given the often breathless rhetoric the enforcement agencies use in describing typical corporate resolution vehicles. For instance, the DOJ has frequently advanced the policy position that DPAs (and NPAs) “have had a truly transformative effect on particular companies and, more generally, on corporate culture across the globe” (see here for the prior post) and that “the companies against which DPAs and NPAs have been brought have often undergone dramatic changes.” (See here for the prior post).
What’s interesting however in reviewing the list of 17 corporate FCPA offenders is that in many instances the business organization resolved its first (not to mention its second) FCPA enforcement action through an DPA or NPA. (Note: these alternative resolution vehicles were first brought to the FCPA context in 2004).
So much for that “truly transformative effect” and “dramatic changes” the DOJ often talks about when business organizations resolve an enforcement action through a DPA or NPA.
Second, and perhaps more importantly, the growing list of FCPA repeat offenders demonstrates just how difficult FCPA (or other legal compliance) is given the fundamental legal principle of respondeat superior which provides that a business organization can face legal exposure (civil or criminal) based on the acts of any employee or agent to the extent the conduct was within the scope of employment/agency and was intended, at least in part, to benefit the organization.
In other words, not even companies that have resolved one FCPA enforcement action (and by doing so are generally subject to post-enforcement action compliance obligations and actual prosecution for the criminal charges deferred or passed upon by virtue of the DPA or NPA) can ensure FCPA compliance at all times.
Given the application of respondeat superior (generally speaking a uniquely American principle) business organizations often resolve FCPA enforcement actions based on the conduct of a single or small group of employees in connection with one business transaction or business unit.
The pages have frequently talked about this dynamic in terms of how 99% success is generally rewarded in life and other areas (see here and here for prior posts among others). However, when a business organization is 99% FCPA compliant across its business organization, it leaves 1% non-compliant and many FCPA enforcement actions concern this 1% non-compliant portion of the business.