This recent post highlighted the DOJ’s apparent new compliance program certification requirement in connection with the Glencore FCPA enforcement action.
As discussed in the post, the underlying certification process is plagued by legal standards that simply do not exist; internally inconsistent standards; and/or vague or ambiguous terms.
This is a big deal because executive officers and compliance professionals are being asked to make the certification subject to certain criminal statutes (18 USC 1001 and 18 USC 1519).
Beginning with the KT Corp. enforcement action in February 2022, continuing with the Stericycle enforcement action in April 2022, and most recently in the Tenaris enforcement action, SEC administrative orders used to resolve FCPA enforcement actions likewise contain a certification requirement.
However, as discussed below, the SEC’s apparent new certification language is significantly different – and much less problematic – compared to the DOJ’s certification language.
The SEC’s apparent new certification language (the language set forth below is from the Tenaris matter) generally states under the title “Undertakings” as follows:
“Certify, in writing, compliance with the undertaking(s) set forth above. The certification shall identify the undertaking(s), provide written evidence of compliance in the form of a narrative, and be supported by exhibits sufficient to demonstrate compliance. The Commission staff may make reasonable requests for further evidence of compliance, and Respondent agrees to provide such evidence. The certification and supporting material shall be submitted to Tracy L. Price, Deputy Unit Chief, FCPA Unit, with a copy to the Office of Chief Counsel of the Enforcement Division, no later than sixty (60) days from the date of the completion of the undertakings.”
The certification language refers to the other undertakings which generally provide as follows.
“During a two-year term [Company] shall report to the Commission staff periodically, at no less than six-month intervals, the status of its remediation and implementation of compliance measures related to the effectiveness of the anti-corruption policies, procedures, practices, internal accounting controls, recordkeeping, and financing reporting processes particularly as to preventing the use of unaccounted funds for illicit purposes to benefit Tenaris, including the use of funds available to Tenaris’ officers, directors, employees and/or agents as a result of their dual affiliation with Tenaris and San Faustin and related entities.
During this two-year period, should [Company] discover credible evidence, not already reported to the Commission staff, that questionable or corrupt payments or questionable or corrupt transfers of value may have been offered, promised, paid, or authorized by [Company], or any entity or person acting on behalf of [Company], or that related false books and records have been maintained; or that [Company’s] internal controls failed to detect and prevent such conduct, [Company] shall promptly report such conduct to the Commission staff.
During this two-year period, [Company] shall (1) conduct an initial review and submit an initial report, and (2) conduct and submit at least two follow-up reviews and reports, and (3) conduct and submit a Final Report, as described below:
[Company] shall submit to the Commission staff a written report within 180 calendar days of the entry of this Order setting forth a complete description of its Foreign Corrupt Practices Act (“FCPA”) and anti-corruption related remediation efforts to date, its proposals reasonably designed to improve the policies and procedures of [Company] for ensuring compliance with the FCPA and other applicable anticorruption laws, and the parameters of the subsequent reviews (the “Initial Report”).
[Company] shall undertake at least two follow-up reviews, incorporating any comments provided by the Commission staff on the previous report, to further monitor and assess whether the policies and procedures of [Company] are reasonably designed to detect and prevent violations of the FCPA and other applicable anti-corruption laws (the Follow-up Reports).
[Company] shall undertake a final review to further monitor and assess the operation of its FCPA and anti-corruption compliance program and whether [Company’s] policies and procedures are reasonably designed to detect and prevent violations of the FCPA and other applicable anti-corruption laws (the “Final Report”).”
While the SEC certification requirement, like the DOJ certification requirement, makes several mentions to a legal standard that simply does not exist in the FCPA (detect and prevent violations of the FCPA), the SEC certification requirements are significantly less problematic compared to the DOJ certification requirements.
By and large, the SEC certification requirements concern procedural issues: (i) the company did report to the SEC about the status of its remediation and implementation of compliance measures including as to specific issues; (ii) the company did not discover credible evidence of additional FCPA issues; and (iii) the company conducted an initial review and submitted an initial report, conducted and submitted at least two follow-up reviews and reports and conducted and submitted a Final report.
Moreover, the SEC certification requirement is not subject to certain criminal statutes as is the DOJ certification requirement.