Richard L. Cassin Publisher and Editor

Andy Spalding Senior Editor

Jessica Tillipman Senior Editor

Elizabeth K. Spahn Editor Emeritus

Cody Worthington Contributing Editor

Julie DiMauro Contributing Editor

Thomas Fox Contributing Editor

Marc Alain Bohn Contributing Editor

Bill Waite Contributing Editor

Shruti J. Shah Contributing Editor

Russell A. Stamets Contributing Editor

Richard Bistrong Contributing Editor 

Eric Carlson Contributing Editor

Bill Steinman Contributing Editor

Aarti Maharaj Contributing Editor

FCPA Blog Daily News

« Julie DiMauro: You had me until you said ‘Less Regtech’ | Main | Chilean chemical company pays $30.5 million for FCPA violations »

Matt Kelly: Let's talk about an FCPA disclosure regime

So the Trump Administration has nominated a new SEC chairman in the form of Jay Clayton, dealmaker and securities lawyer at Sullivan & Cromwell. The compliance community’s reaction seems to be vague concern, based on a paper (pdf) Clayton co-authored in 2011 criticizing FCPA enforcement.

Let me posit another idea: you’re reading the wrong paper.

If you want to contemplate possible changes to FCPA compliance, the paper really worth reading is one written by James Doty in 2007 when he was general counsel of the Securities and Exchange Commission. (Yes, that James Doty, chairman of the PCAOB for the last six years, who spent most of his career in corporate law.) In his paper, Doty laid out an administrative approach to FCPA compliance that seems much more plausible with a person like Clayton running the Securities and Exchange Commission.

Let’s begin with Clayton’s paper. It doesn’t say much that any FCPA compliance officer couldn’t guess from the mere fact that Clayton is a Donald Trump nominee. Enforcement of the FCPA is overzealous. No regulatory framework exists for companies to understand what a satisfactory FCPA compliance program looks like. Inherited liability from M&A targets and joint ventures undermines U.S. companies’ appetite for international expansion and therefore makes compliance a competitive disadvantage.

In short, the paper is exactly what you’d expect from someone willing to serve in a Trump Administration. We don’t need to dispute Clayton’s arguments here, although we could. The point is that those arguments are nothing compliance officers haven’t heard already.

What did catch my eye in Clayton’s paper was a reference to Doty’s paper: “Toward Regulation FCPA: A Modest Proposal for Change in Administering the Foreign Corrupt Practices Act.”

Doty did more than recite the usual complaints; his paper actually proposed a way forward. Yes, the ideas are 10 years old and would need to be brought into the modern anti-corruption context. But their basic thrust points in the same direction that Clayton probably wants to achieve—so if Clayton has the appetite to push FCPA compliance reform, a modern version of Doty’s ideas could be something compliance officers might see.

Doty’s proposal was for the SEC to adopt a disclosure regime for FCPA compliance, similar to what companies already do for financial filings and other disclosures in the Form 10-K. Regulation FCPA would specify what companies would need to file with the SEC about their compliance program (policies, procedures, controls, and so forth).

Companies would submit those filings, in a “Part I” section that would be public and a “Part II” filing that would be confidential, in case companies had proprietary information they wanted to shield from competitors. SEC staff would then be able to issue comment letters on your FCPA compliance program (just as they already do with financial disclosures), and companies would be able to seek no-action letters when activists might be pushing for stronger programs (just as companies already do for proxy resolutions).

If a company’s compliance disclosures satisfied SEC staff review, the company would be deemed to have an effective FCPA compliance program. Over time, those disclosures would create a comprehensive body of literature so compliance professionals would know what a “standard” compliance program looks like, and could achieve compliance more easily.

As a concept, Doty’s vision is appealing—especially to those about to come into power at the SEC. It moves away from the more arbitrary system we have now, where compliance officers can only gather clues about FCPA compliance by studying enforcement actions and speeches from SEC or Justice Department officials. It creates a safe harbor, which would give companies more ability to plan international business and acquisitions.
What’s more, something like Regulation FCPA would give Clayton and other Trump Administration officials just enough cover to say the FCPA is still a tool they will use to fight corruption, even if they privately view it as a nuisance that gets in the way of doing deals.

And that last point is really what makes a disclosure-based FCPA compliance regime so attractive to Trump World: it lets them do more deals. That is the only point that Trump—and the SEC operating under him—wants to achieve with reform of financial regulation.

Lots could go wrong with this approach, of course. The success of an FCPA disclosure regime would depend on what companies actually have to disclose. If a new regulation set requirements too low, or allowed too much information to hide in a confidential portion of the filing, that would allow companies to operate weaker compliance programs.

Success would also depend on a well-funded SEC that hires staffers who would review these filings. That seems dubious given Republicans’ general dislike of SEC budgets.

I also wonder how a Regulation FCPA might look today, 10 years after Doty proposed it (and six years after Clayton panned FCPA compliance in his paper). Much has changed about FCPA enforcement since then.
For example, at the time of both papers, it was correct to say that companies had no guidance about what an effective compliance program looked like, or what it does. That’s no longer true. First we had the FCPA Guidance of 2012, and now we have the FCPA Pilot Program. Both of those efforts focus more on what a company does to demonstrate that it takes anti-corruption seriously, rather than what a company discloses about its FCPA compliance program—but they are a start.

It was also true back then that virtually no other country took anti-bribery law seriously. Now we have new FCPA-like statutes in Britain, France, Brazil, Canada, and elsewhere. If the SEC adopted a disclosure regime that retreated from those standards, U.S. companies might find themselves at the mercy of more zealous anti-bribery enforcement elsewhere. Before you dismiss that as an empty risk, start counting the number of companies and countries Trump has insulted on Twitter. With every insult he hurls, the target on a global company’s back grows a little bit bigger.

For all my musings here about a new approach to FCPA compliance, we need to remember that Jay Clayton will have larger ambitions for the Securities and Exchange Commission. His priority will be easing rules for the formation of new capital, so companies can do more deals. Clayton is a deal-maker by profession, nominated by a deal-maker.

Reforming FCPA compliance would presumably be on his agenda somewhere, but higher priorities might be goals such as adding more disclosure exemptions for Emerging Growth Company filers, taking control of the PCAOB to relax the pressure of higher audit fees, or pruning back disclosure generally. He may very well focus on issues like those, and “reform” FCPA compliance simply by not enforcing it except in egregious cases.
An ignore-the-problem approach, however, would let the Justice Department lead the new regime of FCPA enforcement. It also wouldn’t do much to give companies what they really want for FCPA compliance, which is not regulators ignoring corrupt payments entirely—it’s certainty about how regulators will handle them.

And once you give Doty’s idea a fresh coat of paint, it doesn’t look half bad.


Matt Kelly is the founder of Radical Compliance, which provides consulting and commentary on corporate compliance, audit, governance, and risk management. He was the long time editor and publisher of Compliance Week until he stepped down at the end of 2015. He writes and speaks frequently on corporate compliance, audit, and governance, and now works with various private clients to understand the those fields and to develop go-to-market strategies or provide other assistance in reaching audiences of compliance professionals. He can be contacted here.

A version of this post first appeared on the Radical Compliance blog and is published here with permission.