I spoke with Aaron Murphy, author of the book, Foreign Corrupt Practices Act: A Practical Resource for Managers and Executives and, as of 2014, a partner in the litigation practice of Akin Gump Strauss Hauer & Feld LLP's office in San Francisco.
We discussed compliance best practices and training programs, the lessons from 2013 cases, senior executive and board-level involvement in FCPA matters, and how the government could better incentivize corporate self-disclosure.
In his prior law firm positions, he has handled corruption investigations in more than 25 countries, including numerous multi-jurisdictional FCPA probes, plus many other bribery, corruption-related and money laundering offenses and congressional investigations.
JD: What are some of the anti-corruption best practices you will be sharing with your clients this year? I ask, understanding that such advice needs to be tailored to a company's business and the regions in which it conducts it, of course.
AM: More and more, companies are faced with overlapping anti-corruption initiatives across multiple countries. As countries adopt new legislation or modify existing laws, such as Brazil and Russia most recently, companies are finding their activities subject to two, three, or even more regulatory schemes simultaneously.
It is no longer just the FCPA and the UK's Bribery Act that companies must consider.
Compliance programs do not need to just pass muster with U.S. regulators any more. This is leading to a broader discussion of what actions will comply with all of the relevant laws to which a multinational business will be exposed.
But I see a consensus emerging. I think we are already reaching a period in which there is no longer much debate about what ought to be included in compliance programs. The main discussion will be on what significant benefits a company will get from the various jurisdictions to which they're subjected.
And the analysis will be truly a risk-based allocation of compliance resources, such as determining which employees most need the ongoing compliance training -- such as finance, marketing and salespeople, and top-level executives in all areas -- as opposed to spending the money on training those that will work on assembly lines in factories.
They will analyze how to spend their resources accordingly, but there won't be many questions about the key ingredients of a successful program.
JD: We've been covering Brazil's Clean Company Act at FCPA Blog. A criticism that has been made of it is that it will operate at a local, state and national level, creating some inefficiency, confusion and possibly open the door to bribery acts as regulators jostle for control. What are your thoughts?
AM: Brazil's new law brings up a host of questions, I agree.
It is so helpful to know what entities you'll be dealing with in terms of your bribery investigation. We have this in the United States. The danger of having local, state and national representatives charged with enforcing the FCPA is that all of these people have an incredible number of other issues to deal with, especially local regulators.
How are they really going to have the level of training and experience needed to handle these broad-based, complicated bribery investigations?
To have to answer to ever-shifting regulators, with differing levels of expertise and attention, will make the environment quite unpredictable. It is something Brazil needs to think through.
If your policy goal is to fight corruption, then your number one goal should be to stop your own officials from taking bribes, thereby restoring the public's faith in anti-corruption measures. Creating a system with a complex system of enforcement bodies, and the opportunity to forum shop potentially across those jurisdictions, is just a big distraction.
What I find really fascinating, though, about Brazil's new legislation is its use of antitrust-style mechanisms. The law provides discounts off of fines for self-reporting, in a manner borrowed from already well-established antitrust regimes. That is a potentially interesting idea, but I think it should go further than it does.
In the antitrust world, when you apply for leniency, you can secure immunity from prosecution for the disclosed activities. If a country's goal is to stop its own officials from seeking or accepting bribes, this is possibly a great way to leverage all of those corporate compliance programs and put them to work in cooperation with the government.
I think if a country provided that kind of immunity many companies would be willing to participate. But companies need certainty for a program like that to make sense for them.
Brazil's legislation suffers from two fundamental problems. The first is that it doesn't offer full immunity like a true antitrust program. So that makes it less attractive. Second, it's the first country to try this approach, and leniency programs work a lot better when you can secure leniency across all of the affected jurisdictions.
So, in applying for leniency in Brazil, a company will have to admit to behavior that might also constitute a violation of the FCPA, the UK Bribery Act, as well as other regulatory regimes. This can really put companies in a bind.
I think this kind of program will only work if other jurisdictions offered the same such immunity. As the first to adopt this approach, Brazil faces real challenges in getting multinationals to embrace it.
It's a classic collective action problem. Other jurisdictions without similar programs can essentially take the leniency application and craft an indictment out of it.
JD: Do you find that compliance professionals are increasingly gaining access to c-suite-level executives and baords of directors as their status in companies grows?
AM: The CCO role is becoming a more senior-level one, as it should. They are increasingly meeting directly and regularly with boards or the board's audit committee.
Companies should consider making the CCO at least as prominent and well-regarded as the ehad of internal audit, enabling the CCO to make quarterly updates to the board's audit committee, if they are not already doing so.
There are still many different models in terms of the role of the compliance officer, but the past few years have seen an elevation in their role.
JD: Is compliance training becoming more of a regular feature for compliance departments, or does it often take the threat of an investigation to compel them to revisit their training protocols?
AM: I'm mostly concerned with the situation in which board members and c-suites are not getting the training as often as others in the company, if at all.
It's not only access to c-suite executives that the CCO needs. He or she should be able to train these executives as well, and sometimes that is not happening. Although c-suite executives are typically very smart, experienced people, they might not fully appreciate what they compliance procedures mean for the company and their own personal liability.
Some of the recent cases we've seen show the SEC focusing on how well the company spots an issue of concern. There are still gaps in terms of spotting it and then handling it appropriately and in a timely way.
For instance, it's never a good situation when a company becomes aware of a problem, attempts to deal with it internally, and is then forced to report to the regulators after the fact.
The best practice is stop the behavior once you detect it with aggressive remediation yourself, and report it to the regulators. I think of it in terms of basic storytelling. Does what you're depicting evidence a company that is serious about compliance? Or does it show a company that is trying to minimize any disruption on the ongoing business?
It can be a fine line, but you want to paint the best possible picture.
JD: There has been increasing use of deferred prosecution agreements (DPAs) and non-prosecution agreements (NPAs) as rewards for cooperation. Will we likely see this continue, and how do you advise your clients in terms of their use?
AM: There could be more use of NPAs in the future as regulators increasingly try to find a means to negotiate a resolution that will not be subject to court scrutiny. Companies that strive to cooperate early and fully, reporting the conduct to the SEC and DOJ may be rewarded at the penalty stage, like Ralph Lauren was last year.
I remind me clients, though, that there are no guarantees that penalties will be lower when you cooperate fully. There is always a risk that the government won't see the facts the way you do.
But in that vein, I making declinations more public would also be of great benefit. I've said for years that the government walks away from more cases than most people would ever guess, but there is little public evidence of it.
Such information could educate companies on what actions received credit and why. What most companies want is some predictability. Tell us what we have to do, give us some assurances that there are real benefits, and we'll be happy to do it.
In a lot of ways, the United States has had the equivalent of an adequate procedures defense for years, it's just that it's poorly understood and even more poorly advertised.
Please note that Aaron Murphy kindly submitted a post to FCPA Blog 3 years ago that warned us about compliance training programs that don't actually train employees.
Julie DiMauro is the executive editor of FCPA Blog and can be reached here.