Foreign Corrupt Practices Act

Chief compliance officer certifications, compensation structures, voluntary self-disclosures, and compliance monitorships were just a few prevalent themes senior officials with the Department of Justice and the Securities and Exchange Commission discussed at the American Conference Institute’s 39th International Conference on the Foreign Corrupt Practices Act (FCPA).

Several panel discussions and keynotes over the course of the two-day flagship FCPA event harkened back to a memorandum U.S. Deputy Attorney General (DAG) Lisa Monaco issued on Sept. 15, 2022, announcing several important updates to the Department of Justice’s criminal enforcement policies.

One prevailing theme throughout focused on the topic of voluntary self-disclosure. During a keynote panel kicking off the event, David Last, Chief of the Criminal Division’s Fraud Unit, noted that several controlling factors make it “a much tougher proposition these days” for a company not to make a voluntarily self-disclosure when it becomes aware of potential misconduct.

“If a company wants to roll the dice, that’s fine—but they’re going to have to understand that is a risk that they face,” Last said. If a whistleblower comes forward first, if an adverse media report comes out, if a corporate office in another country gets raided by local law enforcement, “it’s going to be a much different conversation, because instead of coming to us, we are probably coming to them and issuing a subpoena,” he added.

Nicole Argentieri, Acting Principal Deputy Assistant Attorney General at the Criminal Division reiterated that warning in a kickoff keynote given on the second day of the event. “The message here is clear: Do not wait for us to call you. By then, it is too late,” she said.

In answering a question about what constitutes “timely” self-disclosure—an explicit factor called out in DAG Monaco’s memo for receiving full cooperation credit—Last responded, it’s “very fact-dependent. Sooner is obviously better.”

The DoJ is going to want to hear the company’s perspective about what it views as “reasonably prompt,” he continued. “Companies tend to know when they are pushing the envelope a bit in terms of the outer boundary of what might be reasonably prompt.”

Executive compensation structures

Executive compensation structures and clawback policies were another prevailing theme discussed among senior DoJ officials over the course of the two-day event. In light of the latest revisions to the DoJ’s criminal enforcement policy, companies’ executive compensation structures will face heightened scrutiny by the agency in evaluating the strength of the compliance program.

Prosecutors will now more closely consider whether compensation structures not only incentivize compliance-promoting practices, but also whether companies “impose financial sanctions on employees, executives, or directors whose direct or supervisory actions or omission contributed to the criminal conduct,” DAG Monaco said in her remarks announcing the memo.

Specifically, prosecutors will “evaluate what companies say and what they do, including whether, after learning of misconduct, a company actually claws back compensation or otherwise imposes financial penalties,” DAG Monaco added.

Given the newness of DAG Monaco’s guidance, Last said, “we understand that companies are still thinking about this issue and putting it into place.” At least, that is what the agency expects of companies. “Part of what we want to know is, is the company thinking about this issue? Is it trying to put processes in place?” he said. For some companies, it might not be on their radar at all. “That’s not so great, but we’d appreciate the candor.”

Last added that further guidance from the Criminal Division on how the agency will reward companies that employ claw back arrangements is expected “in the coming months, if not sooner.”

During her keynote remarks, Argentieri provided further context around the forthcoming guidance. She said the Criminal Division is meeting with agency partners, including the SEC, members of the defense bar, and executive compensation experts “to gain valuable perspectives.”

Based on their input, Argentieri added, “we are considering how prosecutors might reward companies that employ claw back policies and/or bonuses and positive incentives for compliant behavior. This initiative underlines the importance of developing good corporate culture—a culture that rejects wrongdoing for the sake of profit, that incentivizes good citizenship, and that empowers ethical employees.”

CCO certifications

Among the compliance and legal community, CCO certifications are another hot topic, and one that was also repeatedly mentioned throughout the event. The discussions stem from public remarks made in March , when Assistant Attorney General Kenneth Polite announced that for all corporate resolutions going forward—guilty pleas, deferred prosecution agreements, and non-prosecution agreements—CCOs and chief executive must “certify at the end of the term of the agreement that the company’s compliance program is reasonably designed and implemented to detect and prevent violations of the law—based on the nature of the legal violation that gave rise to the resolution, as relevant—and is functioning effectively.”

This topic was discussed further in a special one-on-one interview with Glenn Leon, Chief of the Fraud Section. On the subject of CCO certifications, Leon, a former CCO himself, commented that the certification requirement should not be a “hard ask.”

“If you’re a CCO that has had a several-year relationship with the DoJ and have been reporting out to my team and having regular touchpoints, you should be able to say, ‘My program is reasonably designed to protect against and detect violations of the law,’” Leon said.

On day two of the event, Argentieri in her keynote reiterated comments made in previous months by other senior DoJ officials: “This change is meant to empower, not punish, compliance teams and to ensure compliance officers have a seat at the table and an important voice in the organization,” she said.

Independent compliance monitors

A third prevailing theme that took center stage concerned the DoJ’s renewed focus on compliance monitors, prompted by DAG Monaco’s recently released guidance for prosecutors on, as DAG Monaco explained, “how to identify the need for a monitor, how to select a monitor, and how to oversee the monitor’s work to increase the likelihood of success.”

On this topic, David Fuhr, Assistant Chief of the FCPA Unit, Fraud Section, in the DoJ’s Criminal Division, said, “It has been, continues to be, and will be a fact-specific analysis when we have a company before us at a time of resolution and we are trying to understand whether the company needs a monitor.”

As the DAG memo made clear, “there is no presumption against a monitor,” Fuhr continued. The analysis and factors the DoJ applies in determining whether a company needs a monitor “have not changed all that much,” he said. Those include the seriousness of the offense; involvement of senior-level management; the duration of the offense, whether it was pervasive or occurred across multiple countries; what remedial measures the company has done; and how effectively it has implemented a compliance program.

“The last one is really where a lot of companies get tripped up, because by the time they are before us—and it has been a while, perhaps, since the misconduct happened—they have had a chance to develop a program, but it is not always at the stage where it is robust enough and where it has been tested sufficiently so that we can have the confidence that it’s unlikely the misconduct will occur again,” Fuhr said.

For companies in the United Kingdom, however, it’s a different story. In a keynote address, Lisa Osofsky, Director of the U.K. Serious Fraud Office, said, while the United Kingdom has “monitorship-like elements,” like reviews of bribery and corruption policies, corporate deferred prosecution agreements are still a new concept, having been introduced in February 2014. “We are still in the baby phase compared to the United States,” she said.

Reiterating a question on the minds of many as to why compliance monitorships have not come into play yet in the United Kingdom, Osofsky said, “Why hasn’t it happened yet? We are interested in waiting for the right case and the right set of facts.”

Third-party messaging apps

The use of personal devices and third-party messaging applications for business purposes was another common theme throughout the event. As DAG Monaco explained in the new enforcement memo, “As a general rule, all corporations with robust compliance programs should have effective policies governing the use of personal devices and third-party messaging platforms for corporate communications, should provide clear training to employees about such policies, and should enforce such policies when violations are identified.” DAG Monaco has further directed prosecutors to consider “whether a corporation seeking cooperation credit in connection with an investigation has instituted policies to ensure that it will be able to collect and provide to the government all non-privileged responsive documents relevant to the investigation, including work-related communications (e.g., texts, e-messages, or chats), and data contained on phones, tablets, or other devices that are used by its employees for business purposes.”

Last described ephemeral messaging and third-party messaging applications as “challenging and complicated issues,” a sentiment shared by many in the legal and compliance profession. “We get that some companies are struggling with how to address this issue internally,” he said, adding that the reason it’s addressed in the corporate enforcement policy is to make sure companies are thinking about it.

“From our perspective, we are looking at it from a risk-based approach,” Last said. “Is the company identifying these risks, and how are they addressing them? We want to understand how the company is being responsible around this issue. How does its policy on messaging apps compare with other data retention policies in the company? Is the company policy reasonable in light of its risk profile?

“Our approach has always been risk-based, understanding what the company’s policies and practices are in connection with messaging applications and whether that is reasonable to that company’s risk profile,” said Lorinda Lareya, Acting Co-Principal Deputy Chief of the Fraud Section.

The Criminal Division is currently examining whether additional guidance is necessary regarding best practices for companies on the use of personal devices and third-party messaging apps.

Broader enforcement trends

Several SEC and DoJ officials challenged assertions that FCPA enforcement activity is slowing down. “I don’t think there has been a precipitous decline, especially when you consider the number of individual cases the Department has been bringing,” said Laryea, adding that the FCPA Unit is “still firing on all cylinders.”

There is always an “ebb and flow” of cases that come out of the pipeline, but “that is all that it is,” said Charles Cain, Chief of the SEC’s FCPA Unit. Some cases take years to reach a resolution, so enforcement numbers are not a great benchmark. “We are just as busy as we have ever been,” he said.

As cooperation by foreign enforcement authorities continues to broaden, this will continue to only accelerate the scope and size of global anticorruption enforcement cases. Today, the DoJ has several foreign partners in the international fight against bribery and corruption, including, but not limited to, governments in the United Kingdom, Brazil, Malaysia, Switzerland, Ecuador, France, Netherlands, and others, Argentieri stressed. “As a Department, we will continue to work tirelessly with our international partners to detect and prosecute corruption,” she said. “Simply put, the recent trend of coordinated investigations and resolutions is here to stay.”

For questions, concerns or more information about ACI Insights, please contact:
Chris Corbin
Associate Director of Marketing
American Conference Institute | The Canadian Institute | C5
E: [email protected]