Board and Fraud is a blog that aims to bring a practical approach to issues facing the board of directors and the audit committee specifically in the area of governance, risk management, compliance, and internal audit, with a strong focus on fraud, ethics, and internal controls.
Compliance, Corporate Fraud, DOJ, Enforcement, Foreign Corrupt Practices Act, Fraud and Forensic Investigations, Compliance, and Ethics, Fraud Investigations, GRC, Investigations, Red Flag, Risk Assessment, Risk Management, Root Cause, SEC, Third Party, Whistleblower, White Collar Crime
DOJ Updates FCPA Corporate Enforcement Policy
Jonathan T. Marks, CPA, CFF, CITP, CGMA, CFE, PI, and NACD Board Fellow
November 21, 2019
On November 20th, 2019, The Department of Justice ("DOJ") announced updates to its Foreign Corrupt Practices Act ("FCPA") Corporate Enforcement Policy. While the changes were relatively minor, the modifications underscored important principles surrounding the FCPA Corporate Enforcement Policy.
This latest update follows extensive revisions made in March of this year and the announcement that the FCPA Policy will apply as non-binding guidance for all criminal cases; all reflect DOJ’s continued efforts to promote self-disclosures and provide clarity on DOJ’s approach for companies deciding whether to self-disclose. There is little doubt the DOJ has landed on a Corporate Enforcement Policy that took years to develop. The FCPA Corporate Enforcement Policy now applies to all corporate criminal prosecutions except Antirust Division criminal prosecutions that are guided by the Leniency Program. The DOJ is consistently applying the principles and appears to be very comfortable with the results.
DOJ Updates FCPA Corporate Enforcement Policy
On November 20th, 2019, The Department of Justice (“DOJ”) announced updates to its Foreign Corrupt Practices Act (“FCPA”) Corporate Enforcement Policy. While the changes were relatively minor, the modifications underscored important principles surrounding the FCPA Corporate Enforcement Policy.
This latest update followsextensive revisions made in March of this yearand the announcement that the FCPA Policy will apply as non-binding guidance for all criminal cases; all reflect DOJ’s continued efforts to promote self-disclosures and provide clarity on DOJ’s approach for companies deciding whether to self-disclose.
There is little doubt the DOJ has landed on a Corporate Enforcement Policy that took years to develop. The FCPA Corporate Enforcement Policy now applies to all corporate criminal prosecutions except Antirust Division criminal prosecutions that are guided by the Leniency Program. The DOJ is consistently applying the principles and appears to be very comfortable with the results.
At the same time, DOJ has increased transparency in its resolution of corporate enforcement actions. DOJ now publishes declination letters and provides specific descriptions of how factors are applied to a corporate resolution. Note: At the time of this writing there were six (6) corporate resolutions.
The Policy is intended to encourage corporations to self-report, cooperate and remediate – in exchange for a possible declination or significant reductions in penalties. The updated Policy tilts in favor of prosecution of responsible individuals and part of the DOJ’s commitment to seek out and punish wrongdoers.
The Policy now states that a company must disclose “all relevant facts known to it at the time of the disclosure.” DOJ added a footnote, stating that it “recognizes that a company may not be in a position to know all relevant facts at the time of a voluntary self-disclosure.” A company that makes a disclosure while continuing its investigation should make this fact known to DOJ.
Further, to encourage companies to make an early disclosure, the Policy now requires companies to disclose facts “as to any individuals” who played a substantial part in the “misconduct at issue.”
The previous Policy required companies to disclose “all relevant facts” regarding individuals substantially involved in a “violation of law.” A company making a disclosure no longer has to reach a determination (and inform DOJ) that a “violation” occurred at the beginning of an investigation.
Similarly, companies now need only alert DOJ of evidence of the misconduct when they become aware of it. Previously, in order to gain credit, where the company was or should have been aware of relevant evidence outside of its possession, the company had to identify such evidence to DOJ. The Policy has been updated to remove the conditional language, which should ease the burden on companies seeking to comply with the Policy.
Accordingly to Mike Volkov, the updates to the Policy highlight DOJ’s desire for self-disclosures that are both substantive and made at an early stage. They are also practical, in particular removing the requirement that a company identify evidence of which it “should be” aware. The changes are in line with other recent DOJ policy changes, seeking to recognize practical realities of the policies.
With the recent changes to the policy, companies now are obligated only to disclose relevant facts known “at the time of the disclosure” and to provide information regarding any — not all — “individuals substantially involved in or responsible for the misconduct at issue.”
Importantly, companies need not wait to determine that a violation of law has occurred and may report suspected misconduct. As stated in a footnote, this modification reflects the DOJ’s recognition that disclosing companies “may not be in a position to know all relevant facts at the time of a voluntary self-disclosure.” In that case, companies are urged to fully disclose suspected misconduct “based upon a preliminary investigation or assessment of information.”
Volkov further stated, these changes are important because DOJ has clarified the precise information that a self-disclosing company must provide to trigger the potential benefits possible under the policy. From a practical standpoint, companies faced a difficult choice — disclose a potential violation based on a cursory investigation subject to DOJ’s determination that the company failed to disclose “within a reasonably prompt time.”
The DOJ’s modification directs companies to report what they know upon discovery of a suspected violation, while making clear to the DOJ that the disclosure is based on a preliminary findings.
Under the recent revisions, companies are no longer expected to identify every piece of evidence of which they should have been aware or potential collection by the DOJ. Instead, companies now are obligated only to identify relevant evidence not in their possession of which they actually are aware.
The modifications eliminates some of the risk that DOJ could determine that a company was not entitled to cooperation credit when DOJ identifies evidence that a companyshould have known about.
DOJ’s recent revisions indicate that it is satisfied with its Policy and want to make it work even better. By addressing some theoretical concerns that may have caused companies not to disclose potential violations, DOJ is taking steps to encourage companies to step forward and disclose potential violations.
Since its introduction as a pilot program and subsequent adoption into the Justice Manual a few years back, the DOJ has continuously honed its FCPA Policy—each time encouraging prompt but thorough self-disclosures.
Boards of Directors and Senior Leadership should take notice of DOJ’s policy changes and DOJ’s attempts to encourage such disclosures and adjust their tactics and strategy accordingly.
Specifically, it becomes even more important to have experienced investigators that can “ring fence” issues early! This will help in deciding whether or not to self-disclose in order to maximize the potential benefits of the FCPA Policy.