There is an underlying logic to a Foreign Corrupt Practices Act compliance defense.
In “Revisiting a Foreign Corrupt Practices Act Compliance Defense,” I argued, among other things, that a compliance defense will better incentivize corporate compliance and reduce improper conduct. Compliance is a cost center within business organizations and expenditure of finite resources on FCPA compliance is an investment best sold if it can reduce legal exposure, not merely lessen the impact of legal exposure.
In a recent speech before the Society of Corporate Compliance and Ethics, Stephen Cohen (SEC Associate Director of Enforcement) rightly acknowledged the underlying logic supporting a compliance defense.
In his speech, Cohen “fully appreciated” that the compliance professionals in the room “are on the front lines in the battle to persuade companies to invest” in compliance programs. (emphasis added). Elsewhere, Cohen stated: “So, as you go back to your companies to advocate for more resources and stature, tell your management that they will get much more credit from regulators by demonstrating that misconduct is an outlier in a highly ethical and compliance-driven culture rather than a remedial step after investors suffered losses.” (emphasis added).
As highlighted in “Revisiting an FCPA Compliance Defense,” at present, the incentives organizations have to adopt FCPA compliance policies and procedures are solely to lessen the impact of legal exposure. These present incentives thus represent “baby carrots,” when what is needed to better incentivize more robust FCPA compliance are real “carrots.” An FCPA compliance defense is a real “carrot” that will better incentivize compliance across the business landscape. Organizations with existing FCPA compliance policies and procedures will be incentivized to make existing programs better. Likewise, organizations currently without stand-alone FCPA policies and procedures—and statistics indicate there are many—will be incentivized to spend finite resources to implement FCPA compliance policies and procedures.
In short, an FCPA compliance defense will best allow compliance professionals in the FCPA context to – in the words of Cohen – win “the battle to persuade companies to invest” in compliance programs and to “advocate for more resources and stature.”
A few other issues from Cohen’s recent speech.
It contains a curious reference to the Ralph Lauren enforcement action. As to the general topic that “isolated conduct combined with good compliance and internal controls make it less likely that [the SEC] will bring an action at all,” Cohen stated that a “great example for compliance professionals is the recent non-prosecution agreement with Ralph Lauren.”
This is a curious reference given that the DOJ (as highlighted in this prior post) specifically stated that “[Ralph Lauren – RLC] did not have an anti-corruption program and did not provide any anti-corruption training or oversight with respect to [the relevant subsidiary].” Likewise, the SEC specifically stated that “RLC’s policies, procedures and training related to anticorruption and the Foreign Corrupt Practices Act (“FCPA”) compliance in place at that time of the misconduct warranted further strengthening to ensure effective compliance with the related laws.”
Yes, both the SEC and DOJ did commend RLC on its compliance remediation, but this goes to the following point Cohen made in his speech. He stated.
“I am surprised how infrequently companies try to persuade us at the front end of an investigation that they have a robust compliance culture and record of ethical conduct. Invariably, the discussion about a company’s compliance program takes place during settlement negotiations in the context of the substantial remediation that the company has undertaken since violations occurred.”
Aside from the above issues, Cohen’s speech did contain a useful section titled “Warning Signs” of value – in the FCPA context and otherwise – to the compliance practitioner. This section, stated in full, as follows.
“Warning Signs
Where we find fraud, there are often early warning signs that may have suggested a corporate compliance culture that is not meeting appropriate standards.
Pushing the envelope.
Risk-taking in the area of legal and ethical obligations invariably leads to bad outcomes. Any company or person prepared to come close to the line when it comes to legal and ethical standards is already on dangerous ground.
Tolerating close-to-the-line behavior sends a terrible message throughout an organization that pushing the envelope is acceptable.
Technical Compliance.
Be on the lookout for people who are overly technical in their approach to issues of ethics and professional responsibility. Pay particular attention to those who may disparage or diminish the importance of respect for the law and protecting the organization from reputational harm.
Be Skeptical.
Be skeptical of explanations that don’t add up regardless of who provides them. If someone explains something to you in a way that you don’t understand, don’t accept it.
In many ways, one of the important lessons of the financial crisis is that highly sophisticated models that can explain away risk but defy common sense shouldn’t be trusted. We often see people come in and testify that they failed to follow up on their hunches until after it was too late.
Lack of Empowerment.
Another warning sign is an organization that limits the access of legal and compliance personnel to senior leadership of the company.
These leaders need to hear candidly and regularly from those on the front lines of compliance efforts. Compliance professionals are not hallway monitors. Companies that empower these professionals to act as trusted advisors are more likely to stay out of harm’s way.”