Search

Editors

Richard L. Cassin Publisher and Editor

Andy Spalding Senior Editor

Jessica Tillipman Senior Editor

Elizabeth K. Spahn Editor Emeritus

Cody Worthington Contributing Editor

Julie DiMauro Contributing Editor

Thomas Fox Contributing Editor

Marc Alain Bohn Contributing Editor

Bill Waite Contributing Editor

Shruti J. Shah Contributing Editor

Russell A. Stamets Contributing Editor

Richard Bistrong Contributing Editor 

Eric Carlson Contributing Editor

Bill Steinman Contributing Editor

Aarti Maharaj Contributing Editor


FCPA Blog Daily News

« Telia also tops our new Top Ten Disgorgements list | Main | Job: Sr. Corporate Counsel, Governance and Compliance »
Monday
Sep252017

Andy Spalding: A plea to the DOJ -- bring back pre-existing compliance

At a recent conference, I had the good fortune of asking a former high-ranking DOJ official, “how is it that pre-existing compliance is no part of the Pilot Program’s penalty reductions and declinations?”

His answer may surprise you: “Good catch. I think somebody probably forgot.”

I share that story not to impugn anyone. FCPA enforcement is a dynamic space these days; the DOJ is juggling a variety of policies. I find it entirely credible, and not at all scandalous, that we may have simply come to overlook pre-existing compliance. It’s actually the best explanation. Far more troubling would be a conscious policy determination that pre-existing compliance no longer matters as much.

And if it’s just an oversight, it’s an easy fix.

Recognize that incentivizing pre-existing compliance has been a cornerstone of FCPA enforcement policy for decades. It started with the U.S. Sentencing Guidelines, which include pre-existing compliance as a mitigating factor. The importance of preventative (rather than remedial) compliance was reinforced by the Caremark decision in 1996. Then came the series of DOJ memos named after the Deputy Attorneys General – Holder (1999), Thompson (2003), McNulty (2007), Morford (2008), and Filip (2008) -- all of which kept pre-existing compliance front and center in enforcement decisions. The U.S. Attorney’s Manual incorporated the factors first provided in these memos, further cementing the centrality of pre-existing compliance. Sarbanes-Oxley, in 2002, only helped the cause.

But for the most fulsome defense of pre-existing compliance, see the 2012 FCPA Guidance. There, starting at page 56, the DOJ and SEC at great length encourage companies to invest in compliance before violations occur. That shouldn’t surprise us. But the level of detail, the quotations from white papers, even the faintly impassioned tone, are striking. Let there be no doubting the message: we want you to invest in pre-existing compliance.

Throughout all of the above documents, remedial compliance receives very little mention; pre-existing compliance is the focus. And the reason is obvious. We have always been steadfast in our commitment to investing in compliance before a violation occurs. And we should be proud of it. It’s the most cost-efficient way to prevent bribery.

Look to other countries now, like Brazil and South Korea, as they adopt historic new statutes that incentivize investments in pre-existing anti-bribery compliance. They’re following the example the United States first set.

Today, some question the U.S. commitment to remaining at the forefront of global anti-corruption enforcement and compliance. Indeed, some would say that the UK, in adopting its “adequate procedures” (i.e. compliance) defense, has taken over the leading role in rewarding pre-existing compliance.

Does the United States wish to remain a leader in encouraging companies to invest in compliance before a violation is detected? That is, before we get to remediation? This is a question for the DOJ to answer.

If, as may well be the case, assessments of pre-existing compliance are in fact central to our declination practice, we simply need to make it more public. Say so in the policy memo and the declination announcements. Give GCs and CCOs something they can take to their board. Let them say, “here’s another reason to invest in compliance.”

But if we are indeed assessing corporate liability without much regard to pre-existing compliance -- still hard to believe, but the Pilot Program makes us wonder -- we may have a more fundamental problem. All the more reason to address it now.

Ultimately, my message -- my plea -- is very simple. Bring pre-existing compliance back. Put it in the Pilot Program. Put it in the declination announcements. Remind us that we believe today, as much as we ever have, that pre-existing compliance matters.

Remind us that it matters a lot.

*    *    *

A more in-depth discussion of these topics is here. Comments on any of the above are most welcome.

This is the sixth and final post in a series. The first post is here, the second is here, the third is here, the fourth is here, and the fifth post is here.

____

Andy Spalding is a lecturer at the International Anti-Corruption Academy, Professor at the University of Richmond School of Law, and Senior Editor of the FCPA Blog.

Reader Comments (1)

Andy, you make a very important point. Installing a program after a violation occurs is not something the Department needs to promote or publicize. When the guys with badges and guns are at your door, you get it. Sure, implement a compliance program after you get caught, and get a cut in sentence. No brainer.

But remember, remediation only occurs after the harm is done. We need to focus on preventing the harm in the first place. The Department really needs to lead the way on this. Show companies that having a rigorous program before trouble arises is what matters most. Give us in the compliance & ethics profession something to take to our boards and executives to convince them to be serious about compliance.

We need the Department to be diligent in this. When DOJ says, merely in passing, “they had a compliance program” as a factor in treating a company, this is helpful, but still weak. Just adding that statement, without more, tends to look like a makeweight. When DOJ talks at length about cooperation and remediation, but only says less than a sentence about existing compliance efforts, this may be understood to mean that compliance is not very important. Show us that the company’s pre-existing program really matters, that you in DOJ know and understand this field, and that things this particular company did made a difference.

People were impressed by the Fraud Section’s list of questions to be asked in evaluating a program. The list clearly conveyed that the Section knew what it was doing. Please, follow this lead. When enforcers examine a company’s pre-existing program, they need to tell us more. How did it compare to the evaluation questions? What did the company do right that really caught the enforcers’ attention? What could it have done better? Give us enough facts that all of us in this field can continue to learn and improve our companies’ programs.

Cheers, Joe
September 25, 2017 | Unregistered CommenterJoseph Murphy
Comments for this entry have been disabled. Additional comments may not be added to this entry at this time.