Archive for the ‘Enforcement Agency Policy’ Category

Recent DOJ Speeches

Thursday, October 9th, 2014

Speaking8Previous posts here and here highlighted recent speeches by top Department of Justice officials on topics relevant to the Foreign Corrupt Practices Act.

This post highlights additional recent speeches by Assistant Attorney General for the Criminal Division Leslie Caldwell on October 1st and by Principal Deputy Assistant Attorney General for the Criminal Division Marshall Miller on October 7th.  The speeches are near carbon-copies of each other, but both are excerpted below in one space for ease of reference.  Moreover, Caldwell’s speech further expounds on cooperation issues previously articulated in Miller’s September 17th speech.

Before excerpting the speeches, it is worth noting that the DOJ officials (as prior DOJ officials have in the past) made several important acknowledgments relevant to the difficulties of FCPA compliance and in support of the policy rationales for an FCPA compliance defense.  (See here for the article “Revisiting a Foreign Corrupt Practices Act Compliance Defense”).  In pertinent part, the DOJ officials stated:

“While the Justice Department is often the last line of defense against fraud and corruption, all of you [compliance professionals] are the first.  Criminal prosecutions can and do deter future bad behavior, but they most often serve as an after-the-fact sanction for misconduct.  Your collective work is designed to ensure corporate compliance and ethical practices from the outset.”

“[W]e recognize that even with proper support of a compliance program by management, perfect compliance in this increasingly global economy is incredibly difficult.  Compliance departments are asked to monitor business units that are spread about the globe.”

“Every company hires human beings who, when they are in a tough and maybe unfamiliar situation with no clear guidance about what is expected, will sometimes choose the wrong path.  And that becomes even harder when they are operating in countries with business cultures very different from their own.”

“Corporations do not act, but for the actions of individuals.  In all but a few cases, an individual or group of individuals is responsible for the corporation’s criminal conduct.”

“Compliance must be incentivized.”

“Although increasingly rare in this day and age – more than a decade after the passage of the Sarbanes Oxley Act – we are still encountering prominent companies with no real compliance programs. Hard to believe, but true.”

“[E]ven companies with strong compliance programs can and do detect and report criminal misconduct by employees.”

“While the Justice Department is often the last line of defense against fraud and corruption, all of you who work in compliance are the first. Criminal prosecutions can and do deter future bad behavior, but your work can prevent that conduct before it happens.”

For additional writing and videos on many of the same points discussed in the DOJ speeches see:

Assistant Attorney General Caldwell’s October 1st Speech

“While the Justice Department is often the last line of defense against fraud and corruption, all of you are the first. Criminal prosecutions can and do deter future bad behavior, but they most often serve as an after-the fact sanction for misconduct.

Your collective work is designed to ensure corporate compliance and ethical practices from the outset. The importance of your work cannot be overstated: it serves to protect the integrity of our public markets, the country’s financial systems, our intellectual property, the retirement accounts of our hardworking citizens, and our taxpayer dollars used to fund healthcare programs and government and military contracts.

A very large part of the mission of the Criminal Division is fighting major corporate fraud and corruption. Our Fraud Section employs approximately 100 prosecutors who are experienced in investigating health care fraud, defense procurement fraud, securities and financial fraud, and violations of the Foreign Corrupt Practices Act.

Our Asset Forfeiture and Money Laundering Section investigates and prosecutes international money laundering and violations of U.S. sanctions laws, and it recovers the proceeds of foreign official corruption by kleptocrats.

Unfortunately, in our fraud, corruption, money laundering, and sanctions cases, we have seen too many failures of corporate compliance.

In this day and age – more than a decade after the Sarbanes-Oxley Act – we come across very few companies that do not have any compliance program. In fact, we have seen a marked improvement in compliance programs over the years. In years past, it was not uncommon to see companies with only rudimentary compliance programs.

That situation is illustrated by a case resolved just last year, involving Weatherford International, a Swiss oil services company that trades on the New York Stock Exchange. Three subsidiaries of Weatherford International pleaded guilty to violating the anti-bribery provisions of the Foreign Corrupt Practices Act and export controls violations.

Before 2008, the company had little more than a weak paper compliance program. The subsidiaries admitted that the company did not have a dedicated compliance officer or compliance personnel, did not conduct anti-corruption training, and did not have an effective system for investigating employee reporting of ethics and compliance violations. Weatherford companies paid $252 million in penalties and fines.

It is increasingly rare that we encounter circumstances in which a company has such a feeble compliance program. And I doubt that anyone in this audience works for a company like that, or you probably would not be here.

More often, we encounter companies with compliance programs that are strong on paper, but much weaker in practice.”

[...]

“Now, we recognize that even with proper support of a compliance program by management, perfect compliance in this increasingly global economy is incredibly difficult. Compliance departments are asked to monitor business units that are spread about the globe.

More than the geographic divide, however, there often are cultural divides from country-to-country that you must bridge.”

[...]

“There is no doubt that monitoring compliance on a global scale is a difficult, but difficulty cannot be used as an excuse to turn a blind eye to problematic business practices. Compliance programs must be put into place and—more importantly—communicated repeatedly and enforced properly throughout the entire organization.

The emphasis on compliance must be heard not only in the executive suites at headquarters, but wherever the company operates around the globe.

When considering criminal action against a company, one factor that the Justice Department evaluates is the company’s compliance program.

Under the department’s internal guidance, the Principles of Federal Prosecution of Business Organizations, prosecutors must consider “the existence and effectiveness of the corporation’s pre-existing compliance program.”

As all of you know, the United States Sentencing Guidelines also expressly include a company’s corporate compliance program as a factor in corporate sentencing in criminal cases.

There is, of course, no “off the rack” compliance program that can be installed at every company. Effective compliance programs must be tailored to the unique needs and risks faced by each company.

But there are hallmarks of good compliance programs. The department includes many of these in our non-prosecution agreements and deferred prosecution agreements, and I’d like to discuss them with you.

1. High-level commitment. A company must ensure that its directors and senior management provide strong, explicit, and visible commitment to its corporate compliance policy. Stated differently, and again, “tone from the top.”

This means that the importance of compliance should be communicated from the very top of the company. I once heard of a large company whose prominent CEO refused to put his signature on a company-wide communication announcing the company’s new compliance program.

When asked why not, he replied: “Because we don’t hire those kinds of people.” Well, he could not have been more wrong. Every company hires “those kinds of people.”

Every company hires human beings who, when they are in a tough and maybe unfamiliar situation with no clear guidance about what is expected, will sometimes choose the wrong path. And that becomes even harder when they are operating in countries with business cultures very different from our own.

2. Written Policies. A company should have a clearly articulated and visible corporate compliance policy memorialized in a written compliance code. Again, employees need to know what to do–or not do–when faced with a tough judgment call involving business ethics. Companies need to make that as easy as possible for their employees.

3. Periodic Risk-Based Review. A company should periodically evaluate these compliance codes on the basis of a risk assessment addressing the individual circumstances of the company. Companies change over time through natural growth, mergers, and acquisitions.

Compliance policies should be live organisms that also change and grow with the company. You are only as strong as your weakest flank.

I once represented a company that had an A+ compliance program. But then they acquired a Chinese subsidiary and for several years failed to communicate to their new—and then not-so new–Chinese employees the need for FCPA compliance.

The predictable result: the Chinese employees continued doing business in the way that was familiar to them. And the US parent found itself in deep violation of the FCPA.

4. Proper Oversight and Independence. A company should assign responsibility to senior executives for the implementation and oversight of the compliance program.

Those executives should have the authority to report directly to independent monitoring bodies, including internal audit and the Board of Directors, and should have autonomy from management. Compliance programs needed to be funded; they need to have resources.

And they need to have teeth and respect within the company. For years, Wall Street banks housed their compliance programs across the Hudson River, in New Jersey. They were out of sight, out of mind. They were underpaid. And nobody paid much attention to them.

Compliance programs need to have an appropriate stature within the company, or compliance will be the last thing on the mind of an employee tempted to engage in wrongdoing.

5. Training and Guidance. A company should implement mechanisms designed to ensure that its compliance code is effectively communicated to all directors, officers, employees. This means repeated communication, frequent and effective training, and an ability to provide guidance when issues arise.

And as I said before, employees should see that the importance of compliance is being communicated from the top—whether the CEO, the Board, the General Counsel, or some other very highly respected senior-level figure within the company.

6. Internal Reporting. A company should have an effective system for confidential, internal reporting of compliance violations. I know that many companies have multiple mechanisms, which is good.

7. Investigation. A company should establish an effective process with sufficient resources for responding to, investigating, and documenting allegations of violations. What this means on the ground will depend on the company. A sophisticated multi-national corporation obviously will be expected to have more resources devoted to compliance than a small regional company.

8. Enforcement and Discipline. A company should implement mechanisms designed to enforce its compliance code, including appropriately incentivizing compliance and disciplining violations.

And the response to a violation must be even-handed. Too often, we see situations where low level employees who may have implemented the bad conduct are fired, but their boss, who saw what they were doing and did nothing—and maybe even the directed the conduct—is left in place.

This should not happen. Not only from a department perspective, but from a business perspective. Leaving in place senior managers who sanction bad behavior sends a very wrong message about the company’s true commitment to compliance and ethics.

People watch what people do much more carefully than what they say. When it comes to compliance, you must both say and do.

9. Third-Party Relationships. A company should institute compliance requirements pertaining to the oversight of all agents and business partners.

I cannot emphasize strongly enough the need to sensitize third parties, like vendors, agents, and consultants, to the importance of not compliance.

And these partners need to understand that the company really expects its partners to be compliant. This often means more than just including a boilerplate paragraph in a contract in which the partner promises to comply with the law and company policies. It means warning, and even terminating, relationships with partners who fail to behave in a compliant manner.

10. Monitoring and Testing. A company should conduct periodic reviews and testing of its compliance code to improve its effectiveness in preventing and detecting violations. Kick the tires regularly. As I said, compliance programs must evolve with changes in the law, business practices, technology and culture.

As I said, there is no “one-size fits all” compliance program. But these are guideposts that we consider important to the success of a strong program.

And as important as the compliance program itself is implementation. When we investigate a case, we look at the messages about compliance that are given to employees.

More than just reading the paper program or the code of conduct, we look at what employees are told in their day-to-day work.

We are looking at e-mails, chats, and recorded phone calls. We are talking to witnesses about the messages they received from their supervisors and management – did they receive messages about compliance, or about making money at all costs.

And we examine the incentives that a company provides to encourage compliant behavior – or not. If a company is actually encouraging compliance, if its values are to be ethical and within the law, then that message must be conveyed to employees in a meaningful way. Otherwise, the Department of Justice will not view the compliance program as credible.

And sometimes, effective implementation of a compliance program means standing apart from the other companies in your industry. We have seen significant misconduct taking place throughout an industry.

But the excuse that “everyone else is doing it” didnd’t work in grade school, and it sure won’t work when federal agents come knocking at your door.”

[...]

“Effective compliance programs must be embedded in a company’s culture. And they need to be applied even in the face of misconduct by other companies in the same industry, even if that might mean a short-term competitive disadvantage.

A company’s executives can choose to rise above the rest — or race to the bottom. I am telling you that the Criminal Division will hold responsible companies and individuals that knowingly violate the law, no matter if the excuse is that “everyone” was doing it.

Now what should you do when your robust compliance program fails? Or, when it works, allowing you to discover criminal misconduct? I encourage you to conduct a thorough investigation and to disclose potentially criminal misconduct to the Justice Department.

When criminal misconduct is discovered, a critical factor in the department’s prosecutorial decision making is the extent and nature of the company’s cooperation.

The department’s Principles of Federal Prosecution of Business Organizations provides that prosecutors should consider “the corporation’s timely and voluntary disclosure of wrongdoing and its willingness to cooperate in the investigation of its agents.”

Now let me flesh out the often discussed, but sometimes poorly understood, concept of cooperation.

Most companies now understand the benefits of voluntarily disclosing the misconduct before we come asking, and the benefits of conducting an internal investigation and providing facts about the misconduct to the government.

But companies all too often tout what they view as strong cooperation, while ignoring that prosecutors specifically consider “the company’s willingness to cooperate in the investigation of its agents.”

Corporations do not act, but for the actions of individuals. In all but a few cases, an individual or group of individuals is responsible for the corporation’s criminal conduct. The prosecution of culpable individuals – including corporate executives – for their criminal wrongdoing continues to be a high priority for the department.

For a company to receive full cooperation credit following a self-report, it must root out the misconduct and identify the individuals responsible, even if they are senior executives.

We are not asking that you become surrogate FBI agents or prosecutors, or that you use law enforcement tactics like body wires. And we do not need to hear you say that executive A violated a particular criminal law. All we are saying is that we expect you to provide us with facts. We will take it from there.

But a company that interviews its employees in an effort to whitewash the facts or spread the company’s narrative spin risks receiving any cooperation credit.

Additionally, for a company to receive full cooperation credit, the company must provide relevant documents and evidence, and should do so in a timely fashion.

We find that global companies are increasingly hasty to invoke foreign data privacy laws to avoid providing evidence to the department. While we recognize that some of these laws pose real challenges to data access and transfer, many do not.

As a result, we are looking closely – with an ever more skeptical eye – to ensure that these claims are honest and not obstructionist. A company that reads foreign data protection laws expansively, to restrict its disclosure of documents, when it could be read more narrowly, is in dangerous territory if it wants to receive full cooperation credit.

Although the department welcomes and encourages corporate cooperation, we do not rely upon it. We conduct our own robust investigations – often alongside that of the company – to build our own criminal cases and to pressure-test corporate claims of cooperation.

Companies claiming to cooperate while conducting lackluster investigations with little results should not be surprised when they do not get credit for their supposed efforts. And they should not be surprised when they face the consequences of our own investigations.

The benefits of corporate cooperation are clear. We often explicitly describe the benefits when we reach resolutions with companies. As just one example, earlier this year, the department announced Alcoa World Alumina’s guilty plea to FCPA charges stemming from its payment of millions of dollars in bribes to officials of the Kingdom of Bahrain.

As part of the plea, Alcoa paid $223 million in criminal fines and forfeiture. The department publicly commended Alcoa for its cooperation, which included conducting an extensive internal investigation, making proffers to the government, voluntarily making current and former employees available for interviews, and providing relevant documents to the department.

Alcoa’s cooperation was mentioned specifically as a factor that lowered the size of the criminal fine. In fact, absent cooperation, Alcoa could have faced a fine of more than $1 billion. Many people, however, want concrete examples of cases where we decided not to pursue charges at all in light of a company’s cooperation. The department is not typically in a position to disclose these declinations, and indeed many companies do not want the world to know that they were under department scrutiny.”

[...]

“The Criminal Division is more committed than ever to investigating corporate fraud and corruption. We will investigate regardless whether a company choses to cooperate.

But for a company to receive credit for its compliance program, it must have demonstrated effectiveness, with messages about compliance that come from the top and echo throughout the corporate hallways.

And for a company to receive full cooperation credit, it must uncover the misconduct, identify the responsible individuals, and fully disclose the facts to the department.”

Deputy Attorney General Miller’s October 7th Speech

“I suspect that everybody in this room is familiar with the Principles of Federal Prosecution of Business Organizations, or the Filip factors, upon which we base our corporate charging and resolution decisions. One of those factors expressly directs us to consider “the existence and effectiveness of the corporation’s pre-existing compliance program” in deciding whether to charge a corporation with a crime.

In fact, one is hard-pressed to find a corporate resolution with the Justice Department that does not contain a prominent reference – positive or negative – to the corporation’s compliance program. The existence of an effective compliance program can make all the difference when a corporation is in the Justice Department’s sights.

Today, I would like to highlight a few primary strengths and weaknesses that we have observed in corporate compliance programs of late. As an overarching theme, the failure to expand compliance programs to meet the needs of growing corporations – particularly global corporations – drives many of the compliance problems we have seen. On the flip side, compliance programs that have widespread prophylactic and training mechanisms – as well as procedures designed to uncover wrongdoing and expose individuals responsible for criminal behavior – are the most effective.

A corporation’s ability to use compliance to uncover misconduct and, just as importantly, identify wrongdoers is central to the Justice Department’s evaluation of a compliance program.

As you know, there is no off-the-rack, one-size-fits-all compliance program. Companies must tailor compliance programs to manage their unique risks. There are, however, characteristics that should be present in each program.

In 2012, the Justice Department and the SEC published the Foreign Corrupt Practices Act, or FCPA, Resource Guide, which contains an entire section entitled, “Hallmarks of Effective Compliance Programs.” While the hallmarks in the FCPA Guide are focused on anti-corruption compliance programs, the principles identified apply universally.

Now, I’m not going to go through all the hallmarks with you today – but I will make a couple of overarching points. First, the Justice Department’s hallmarks are designed to encourage a ‘culture of compliance,’ which begins – but doesn’t end – with ‘a tone from the top,’ and extends to actions throughout a company’s ranks.

So hallmark # 1 is high-level commitment. When employees truly understand that a company’s leadership is committed to compliance – even when it runs up against profits – only then does a company truly have a successful compliance program. The quickest way to check on that commitment is to take a look at corporate structure. If you see compliance executives sitting in true positions of authority at a corporation, reporting directly to independent monitoring bodies, like internal audit committees or boards of directors, you likely are looking at a strong compliance program. Compliance programs also need to be resourced; they need to have teeth and respect. By contrast, for years, Wall Street banks housed their compliance programs across the Hudson River, in New Jersey. They were out of sight, out of mind. Compliance programs need to have appropriate stature within corporations.

Another key hallmark is whether the program grows with the company. Any good compliance program needs to be periodically evaluated, using risk assessment models aimed at the individual circumstances of the company. As companies change over time, so must compliance policies.

A strong compliance program must also involve enforcement and discipline. It is human nature to pay more attention to what people do than to what they say. Compliance must be incentivized; violations disciplined. And the response must be even-handed. Too often we see low-level employees who implemented bad conduct fired, but bosses, who did nothing to stop the conduct – and may even have directed it – left in place without sanction.

Although increasingly rare in this day and age – more than a decade after the passage of the Sarbanes Oxley Act – we are still encountering prominent companies with no real compliance programs. Hard to believe, but true.

Just last year, three subsidiaries of Weatherford International, a Swiss oil services company listed on the New York Stock Exchange, pleaded guilty to FCPA and export control violations. Over a period of many years, Weatherford subsidiaries in Africa, the Middle East, and Iraq paid bribes to foreign officials in exchange for lucrative contracts and inside information about competitors. Some of Weatherford’s international subsidiaries also illegally exported oil and gas drilling equipment to countries under United States sanctions – countries like Cuba, Iran, Sudan, and Syria.

But more important to this audience than Weatherford’s conduct itself may be the admissions it made regarding the state of its compliance programs. Weatherford admitted that prior to 2008, the company did not have a dedicated compliance officer or compliance personnel, did not conduct anti-corruption training, and did not have an effective system for investigating employee reporting of ethics and compliance violations.

The most glaring failures occurred in its overseas offices and subsidiaries. Let me give you a revealing example: Despite its global presence, Weatherford did not even bother to translate its compliance policy into languages other than English. Think about that for a second. Weatherford had subsidiaries and operations in more than 100 countries across the globe. It operated in the high-risk environment that is the oil extraction industry. And yet Weatherford didn’t even bother to make its compliance program intelligible to many of its employees – in languages they could understand.

And there’s more. Though in 2004 it began circulating an ethics questionnaire asking if employees were aware of payments to foreign officials, Weatherford had no process to investigate affirmative responses. Indeed, Weatherford did not conduct any follow-up investigation in response to allegations of corruption.

Put simply, Weatherford’s compliance policy was a program in name only. It wasn’t worth the paper it was written on. Had Weatherford employed even a basic compliance program, it may not have found itself paying over $252 million in penalties and fines.

Just last year, three subsidiaries of Weatherford International, a Swiss oil services company listed on the New York Stock Exchange, pleaded guilty to FCPA and export control violations. Over a period of many years, Weatherford subsidiaries in Africa, the Middle East, and Iraq paid bribes to foreign officials in exchange for lucrative contracts and inside information about competitors. Some of Weatherford’s international subsidiaries also illegally exported oil and gas drilling equipment to countries under United States sanctions – countries like Cuba, Iran, Sudan, and Syria.

But more important to this audience than Weatherford’s conduct itself may be the admissions it made regarding the state of its compliance programs. Weatherford admitted that prior to 2008, the company did not have a dedicated compliance officer or compliance personnel, did not conduct anti-corruption training, and did not have an effective system for investigating employee reporting of ethics and compliance violations.

The most glaring failures occurred in its overseas offices and subsidiaries. Let me give you a revealing example: Despite its global presence, Weatherford did not even bother to translate its compliance policy into languages other than English. Think about that for a second. Weatherford had subsidiaries and operations in more than 100 countries across the globe. It operated in the high-risk environment that is the oil extraction industry. And yet Weatherford didn’t even bother to make its compliance program intelligible to many of its employees – in languages they could understand.

And there’s more. Though in 2004 it began circulating an ethics questionnaire asking if employees were aware of payments to foreign officials, Weatherford had no process to investigate affirmative responses. Indeed, Weatherford did not conduct any follow-up investigation in response to allegations of corruption.

Put simply, Weatherford’s compliance policy was a program in name only. It wasn’t worth the paper it was written on. Had Weatherford employed even a basic compliance program, it may not have found itself paying over $252 million in penalties and fines.”

[...]

While the Justice Department is often the last line of defense against fraud and corruption, all of you who work in compliance are the first. Criminal prosecutions can and do deter future bad behavior, but your work can prevent that conduct before it happens.”

Friday Roundup

Friday, October 3rd, 2014

Yesterday at an American Bar Association event in Washington, D.C. Kara Brockmeyer (Chief of the SEC’s FCPA Unit) and Patrick Stokes (Chief of the DOJ’s FCPA Unit) spoke on a panel titled “DOJ-SEC FCPA Update:  Trends and Significant Developments.”  This post rounds up their comments and responses to certain questions.

*****

Brockmeyer began by providing a general overview of the types of FCPA issues that the SEC often encounters.  She commented that – much to her surprise – “old-school sprawling bribery” cases still exist.  She also mentioned gifts, travel and entertainment type cases, charitable donations, and the use of third party intermediaries.

Brockmeyer mentioned the increasing international cooperation the SEC has with law enforcement agencies in other countries.  She indicated that some of this cooperation is visible to the outside world, but is even more visible inside the SEC.  According to Brockmeyer, the increase in international cooperation may not be a “positive development for companies” (she used the analogy that there are “more cooks in the kitchen”), but she did indicate that this dynamic will have a “positive long term impact” because it will level the playing field for U.S. companies.

Consistent with prior statements made by Brockmeyer, she also indicated that more FCPA enforcement will be handled through the SEC’s administrative process.

According to Brockmeyer, corporate self-reporting is “worth it.”  She stated that a “disproportionate number of cases we decline” are because of corporate self-reporting even if the SEC does not report this to the public.  Brockmeyer stated – “declinations are not unicorns – they do exist.”

In response to a question from Peter Clark (moderator of the panel and himself the former head of the DOJ’s FCPA Unit) concerning the quality of corporate compliance programs, Brockmeyer said that the SEC still sees a “lot of paper programs, lots of boxes, forms, but no teeth, no testing.”  She specifically mentioned small to medium size companies as generally having deficient compliance policies and procedures and stated that a message the SEC intended to send with the Smith & Wesson action (here) was that small to medium size companies trying to break into international markets need to have internal controls in place.

Stokes began his talk with statistics and reminded the audience of DOJ enforcement statistics and stressed that a number of cases in the pipeline are significant.  According to Stokes, the “past is a good window into where [the DOJ] is going in the near term.”

Stokes next highlighted various take-away points from recent cases that he thought were instructive.  The first was that the DOJ doesn’t “have a preference or bias for any particular industry.”  He said that the DOJ is “opportunistic” and will look for evidence of crimes anywhere and follow the evidence where it leads.  He reminded the audience that from DOJ’s perspective, it is “not just about high risk industries, but high risk jurisdictions.”

According to Stokes, the DOJ is aware that companies “are trying to push FCPA risk out of the company and onto third parties.”  He said that the DOJ is evolving as bribery schemes evolve and will use more investigative techniques to uncover bribery schemes.

As to another take-away point, Stokes stated that the DOJ is “very focused” on prosecuting individuals (executives, intermediaries) as well as companies.  According to Stokes, “going after one or the other is not sufficient for deterrence purposes.”  Stokes next reminded the audience that the DOJ is using various law enforcement tools available to it and that “corporate executives should wonder who is listening in on their calls and conversations.”

As to corporate self-disclosures, Stokes acknowledged that he often hears from people that there is no benefit.  He disputed this and stated that the reality is the DOJ has declined a number of cases in instances of self-reports as well as based on corporate cooperation and remediation.  According to Stokes, not all cases of voluntary disclosure are going to be rewarded with a declination because the DOJ still needs to prosecute “bad conduct.”

According to Stokes, self-reports are also rewarded in the following ways: various forms of resolution the DOJ uses, including which entity which be included in the enforcement action; penalty amounts; and whether or not a monitor may be required.

According to Stokes, the “risks are high” if a company does not self report because of whistleblowers and foreign law enforcement investigations.

Moderator Clark next asked Stokes if the DOJ has or will consider on an annual basis disclosing the matters that have been declined.  Stokes acknowledged that there is a “tremendous amount of interest in [DOJ] declinations” something that “never ceases to amaze” him.  He said that the DOJ is “very aware of the interest in providing more information about declinations.”

Nevertheless Stokes stated that it is a “difficult balance” because of a corporation’s privacy interest.  Moreover, Stokes noted that many factors go into the declination decision  including the quality of the evidence, self-disclosure, cooperation, whether employees were truly rogue, and whether the company had a strong compliance program.  According to Stokes, it is often a challenge for the DOJ to “encapsulate in a meaningful and helpful way” when it declines and the reason why.

In the end, Stokes stated that “raw” declination numbers might be useful to show the public that the DOJ is “living up to [its] word and declining cases” and that there is “value in the public understanding how [the DOJ is] exercising discretion.” One did get the sense from Stokes’s comments that this is an issue the DOJ is actively considering.  That would be a good thing and I have suggested since 2010 that when a company voluntarily discloses an FCPA internal investigation to the DOJ and the SEC, and when the DOJ and the SEC decline enforcement, the agencies should publicly state, in a thorough and transparent manner, the facts the company disclosed and why the agencies declined enforcement on those facts. (see here).

Stokes was asked a question from the audience – how is one “truly to determine who is a foreign official?”  He mentioned the recent 11th Circuit decision as factors the DOJ “will be looking to” and stated that these factors are “very consistent” with DOJ’s interpretation in other cases.  Stokes also mentioned that the DOJ has an Opinion Procedure Release program in which companies can seek a DOJ opinion.  Asked whether a question could be submitted as to the specific issue of whether someone is a “foreign official,” Stokes stated “yes we can answer that” so long as it is a real issue and forward looking.

As indicated above, both Brockmeyer and Stokes talked about the importance of individual prosecutions.  I asked Brockmeyer and Stokes to respond to statistics (see here, here and here) which highlight that approximately 80% of corporate FCPA enforcement actions lack any related enforcement actions against company employees.

Their response will be the focus of a future post.

The White House Omits Several Facts And Other Information From Its “Fact Sheet”

Tuesday, September 30th, 2014

The White House recently released this “Fact Sheet: The U.S. Global Anticorruption Agenda.”

It is an informative read as it sets forth in one document the policy views of the White House on bribery and corruption topics.

The fact sheet also highlights that FCPA enforcement is merely one prong of the U.S. government’s multi-dimensional approach to fighting bribery and corruption.  Other prongs mentioned include asset recovery, denial of visas, money laundering, curtailing the use of shell companies, increasing transparency in certain industries, and other open government initiatives.

As to the FCPA specifically, the White House Fact Sheet states:

“The United States has been a global leader on anticorruption efforts since enacting the first foreign bribery law, the Foreign Corrupt Practices Act (FCPA), in 1977.  [...]  The United States continues to apply the FCPA to prosecute those who pay bribes to foreign officials to obtain business benefits.  Since 2009, the United States has resolved criminal cases against more than 50 corporations worldwide with penalties of approximately $3 billion, and it has convicted more than 50 individuals, including CEOs, CFOs, and other high-level corporate executives, for FCPA and FCPA-related crimes.”

However, and consistent with prior examples of political actors or advocates describing FCPA enforcement – see here and here for instance), the White House “fact” sheet omits several salient facts or other relevant information concerning FCPA enforcement and/or the general fight against bribery and corruption.

Such as:

Since 2008 approximately 80% of DOJ/SEC corporate FCPA enforcement actions have not resulted in any related charges against company employees.  In other words, the U.S. government’s FCPA enforcement efforts are, to a large extent, corporate only and not achieving, as even the enforcement agencies recognize, maximum deterrence as only individual enforcement can achieve.

The U.S. government has an overall losing record – including during this so-called new era of FCPA enforcement – when put to its ultimate burden of proof in FCPA enforcement actions.  In other words, the White House is emphasizing the quantity of FCPA enforcement over the quality of FCPA enforcement.  However, in a legal system based on the rule of law, quality of enforcement should take priority over quantity.

The U.S. government largely enforces the FCPA through non-prosecution agreements, deferred prosecution agreements, and other vehicles (such as with increasing frequency SEC administrative settlements) not subjected to any meaningful judicial scrutiny.  These resolution vehicles – in the minds of many – are inconsistent with rule of law principles such as limited government authority, a system of checks and balances, and transparency in law enforcement.

The U.S. crusade against bribery suffers from several uncomfortable truths or double standards.  For instance, the U.S. government offers bags of cash to influence foreign leaders.  For instance, some of the most egregious FCPA violators, per the U.S. government’s own allegations, have involved U.S. government contractors or suppliers including of goods and services critical to national security, and because of this, those companies were not even charged with FCPA anti-bribery violations.  For instance, a notable example of FCPA enforcement (the Giffen case) ended with a whimper after the defendant asserted that the alleged bribery occurred with the knowledge and support of the highest levels of the U.S. government.  For instance, the general fight against bribery and corruption suffers from a double standard in that corporate interaction with “foreign officials” under the FCPA is judged by different standards than corporate interaction with U.S. officials under other U.S. laws.

In sum, the recent White House document is an informative read and to be sure the U.S. government does deserve credit for advancing certain of the policy objectives and initiatives described in the document.

However, the purpose of this post was to provide additional data points and information concerning the topics discussed in the recent White House document.

How The DOJ Can Better Achieve Its FCPA Policy Objectives

Wednesday, September 24th, 2014

Last week the DOJ’s Principal Deputy Assistant Attorney General for the Criminal Division, Marshall Miller, delivered this speech focused on how the DOJ is “addressing criminal conduct when it takes place at corporations and other institutions.”  While not specific to the Foreign Corrupt Practices Act, Miller did reference the FCPA several times during the speech.

The post is not about the DOJ’s empty rhetoric when it comes to individual FCPA prosecutions – that post was published last week the same day that Miller carried forward DOJ talking points on individual prosecutions.

Nor is this post about Miller carrying forward the DOJ’s talking points on Morgan Stanley’s so-called declination.  That post was published here in 2012.

Nor is this post about Miller’s suggestion that PetroTiger did not face any charges “of any kind [...] and no non-prosecution agreement was entered” because the company voluntarily disclosed and cooperated.  As highlighted in this post regarding the charges against the former PetroTiger executives, the core DOJ allegations concerned self-dealing by the executives and not disclosing conflicts of interest to their employer and other investors involved in a business deal.  To be sure, there have been several companies – ADM, Diebold, Ralph Lauren, Maxwell Technologies, and Tyson Foods to name just a few –  that have voluntarily disclosed and cooperated yet received NPAs or DPAs in the FCPA context.

Nor is this post about the “wow” factor of Miller’s speech – as termed by the FCPA Blog – because contrary to the suggestion by the FCPA Blog, the FCPA information in Miller’s speech was not new – all was previously mentioned in original source documents and/or previously highlighted in prior FCPA Professor posts or by others (see herehere, and here).

Rather, this post highlights for the DOJ (and others) how an FCPA reform proposal can help the DOJ better achieve its policy objectives, as sensibly articulated in Miller’s speech,. in the FCPA context.

For starters, I realize – based on reliable information – that I am a persona non grata within the DOJ’s FCPA Unit.  Nevertheless, I share an interest in advancing policies to make FCPA enforcement more effective so that the laudable objectives of the FCPA can best be achieved.

I’ve written about the below issue several times (see here for “Revisiting a Foreign Corrupt Practices Act Compliance Defense” and see here for the prior post “Seeing the Light From the Dark Ages”).

In his speech, Miller stated the following sensible policy objectives.

“[W]e would like corporations to cooperate.  We will ensure that there are appropriate incentives for corporations to do so.

[...]

I want to focus today on an aspect of [The Principles of Federal Prosecution of Business Organization and/or the DOJ's internal "Filip" factors]  that I believe, at times, receives insufficient attention – but that lies at the heart of our approach at the Criminal Division.   And that is what the factors have to say about the importance of individual prosecutions to the decision on how to approach a corporation.

[...]

[In analyzing cooperate cooperation], companies are always quick to tout voluntary disclosure of corporate misconduct and the breadth of an internal investigation.   What is sometimes given short shrift, however, is in many ways the heart of effective corporate cooperation: whether that cooperation exposed, and provided evidence against, the culpable individuals who engaged in criminal activity [...].

The importance of cooperating regarding individuals is set forth, in black and white, in the text of the [Principles of Prosecution] itself.   Factor Four expressly states that prosecutors should evaluate a corporation’s “willingness to cooperate in the investigation of [its] agents.”   This key point is fleshed out later in the guidance section, where prosecutors are directed to consider the corporation’s “willingness to provide relevant information and evidence and identify relevant actors within and outside the corporation, including senior executives.”

Voluntary disclosure of corporate misconduct does not constitute true cooperation, if the company avoids identifying the individuals who are criminally responsible.  Even the identification of culpable individuals is not true cooperation, if the company fails to locate and provide facts and evidence at their disposal that implicate those individuals.

This principle of cooperation is not new or unique to companies.   We have applied it to criminal cases of all kinds for decades.   Take, for example, organized crime cases.   Mob cooperators do not receive cooperation credit merely for halting or disclosing their own criminal conduct.   Attempted cooperators should not get reduced sentences if they refuse to provide testimony or fail to turn over evidence against other culpable parties.   A true cooperator – whether a mobster or a company – must forthrightly provide all the available facts and evidence so that the most culpable individuals can be prosecuted.

The importance of this principle is enhanced by a second Filip factor – Factor Eight – which states that, in deciding whether to charge a corporation, prosecutors must consider “the adequacy of the prosecution of individuals responsible for the corporation’s malfeasance.”   So, effective and complete corporate cooperation in the investigation and prosecution of culpable individuals is not only called for by Factor Four, but reinforced by Factor Eight.

[...]

Corporations do not act criminally, but for the actions of individuals.   The Criminal Division intends to prosecute those individuals, whether they’re sitting on a sales desk or in a corporate suite.

The prosecution of individuals – including corporate executives – for white-collar crimes is at the very top of the Criminal Division’s priority list under Assistant Attorney General Caldwell.”

The above are all sensible policy statements from the DOJ and are consistent with Attorney General Eric Holder’s similar sensible policy statements articulated on the same day in a different speech.  As Holder stated:

“[T]he department recognizes the inherent value of bringing enforcement actions against individuals, as opposed to simply the companies that employ them.  We believe that doing so is both important – and appropriate – for several reasons:

First, it enhances accountability.  Despite the growing jurisprudence that seeks to equate corporations with people, corporate misconduct must necessarily be committed by flesh-and-blood human beings.  So wherever misconduct occurs within a company, it is essential that we seek to identify the decision-makers at the company who ought to be held responsible.

Second, it promotes fairness – because, when misconduct is the work of a known bad actor, or a handful of known bad actors, it’s not right for punishment to be borne exclusively by the company, its employees, and its innocent shareholders.

And finally, it has a powerful deterrent effect.  All other things being equal, few things discourage criminal activity at a firm – or incentivize changes in corporate behavior – like the prospect of individual decision-makers being held accountable.  A corporation may enter a guilty plea and still see its stock price rise the next day.  But an individual who is found guilty of a serious fraud crime is most likely going to prison.”

Again, sensible policy statements.

The problem is – at least in the FCPA context – the DOJ is not achieving its policy objectives.  This is the unmistakable conclusion from the following statistics.

  • As highlighted in this previous post (with statistics calculated through the end of 2013) since 2008 approximately 75% of corporate FCPA enforcement have not (at least yet) resulted in any DOJ charges against company employees.
  • As highlighted in this previous post, in the 20 most recent DOJ corporate FCPA enforcement actions, only one has resulted (at least yet) in any DOJ charges against company employees.

An FCPA compliance defense can help the DOJ better achieve its above-stated policy objectives.

As stated in my article “Revisiting a Foreign Corrupt Practices Act Compliance Defense.”

“An FCPA compliance defense will better facilitate the DOJ’s prosecution of culpable individuals and advance the objectives of its FCPA enforcement program. At present, business organizations that learn through internal reporting mechanisms of rogue employee conduct implicating the FCPA are often hesitant to report such conduct to the enforcement authorities. In such situations, business organizations are rightfully diffident to submit to the DOJ’s opaque, inconsistent, and unpredictable decision-making process and are rightfully concerned that its pre-existing FCPA compliance policies and procedures and its good faith compliance efforts will not be properly recognized. The end result is that the DOJ often does not become aware of individuals who make improper payments in violation of the FCPA and the individuals are thus not held legally accountable for their actions. An FCPA compliance defense surely will not cause every business organization that learns of rogue employee conduct to disclose such conduct to the enforcement agencies. However, it is reasonable to conclude that an FCPA compliance defense will cause more organizations with robust FCPA compliance policies and procedures to disclose rogue employee conduct to the enforcement agencies. Thus, an FCPA compliance defense can better facilitate DOJ prosecution of culpable individuals and increase the deterrent effect of FCPA enforcement actions.”

Is the DOJ capable of viewing an FCPA compliance defense, not as a race to the bottom, but a race to the top?  Is the DOJ capable of viewing an FCPA compliance defense as helping it better achieve its FCPA policy objectives?

Let’s hope so.

*****

In his speech, Marshall also provided specifics as to what type of cooperation the DOJ looks for.  He stated:

“[I]f a corporation wants credit for cooperation, it must engage in comprehensive and timely cooperation; lip service simply will not do.

Corporations are often too quick to claim that they cannot retrieve overseas documents, emails or other evidence regarding individuals due to foreign data privacy laws.   Just as we carefully test – and at times reject – corporate claims about collateral consequences of a corporate prosecution, the department will scrutinize a claimed inability to provide foreign documents or evidence.   We have forged deepening relationships with foreign governments and developed growing sophistication and experience in analyzing foreign laws.   A company that tries to hide culpable individuals or otherwise available evidence behind inaccurately expansive interpretations of foreign data protection laws places its cooperation credit at great risk.   We strongly encourage careful analysis of those laws with an eye toward cooperating with our investigations, not stalling them.

Understand too, that we will use our own parallel investigation to pressure test a company’s internal investigation: to determine whether the company actually sought to root out the wrongdoing and identify those responsible, as far up the corporate ladder as the misconduct goes, or instead merely checked a box on a cooperation punch list.

Companies that have not conducted comprehensive investigations will not secure significant cooperation benefits.   Worse, companies that hamper the government’s investigation while conducting an internal investigation – for example, by conducting interviews that serve to spread corporate talking points rather than secure facts relating to individual culpability – will pay a price when they ask for cooperation credit.

A few final words: when you come in to discuss the results of an internal investigation to the Criminal Division and make a Filip factor presentation – expect that a primary focus will be on what evidence you uncovered as to culpable individuals, what steps you took to see if individual culpability crept up the corporate ladder, how tireless your efforts were to find the people responsible.

At the risk of being a little too Brooklyn, I’m going to be blunt.

If you want full cooperation credit, make your extensive efforts to secure evidence of individual culpability the first thing you talk about when you walk in the door to make your presentation.

Make those efforts the last thing you talk about before you walk out.

And most importantly, make securing evidence of individual culpability the focus of your investigative efforts so that you have a strong record on which to rely.”

Attorney General Holder – “The Buck Needs to Stop Somewhere” – But Does It Stop With Him?

Tuesday, September 23rd, 2014

Buck Stops HereLast week U.S. Attorney General Eric Holder delivered this speech at New York University School of Law.  While focusing on financial fraud issues, the speech also touched upon several issues of general interest such as Holder’s statement that “the buck needs to stop somewhere where corporate misconduct is concerned.”  (emphasis in original).  Holder spoke of corporate structures that “blur lines of authority and prevent responsibility for individual business decisions from residing with a single person.”  Holder also highlighted that:

“[A]t some institutions that engaged in inappropriate conduct before, and may yet again, the buck still stops nowhere.  Responsibility remains so diffuse, and top executives so insulated, that any misconduct could again be considered more a symptom of the institution’s culture than a result of the willful actions of single individual.”

Recognizing that there are obvious differences between a government department and a business organization, the fact remains there are many similarities between the two when it comes to internal behavior, diffusion of responsibility and insulation of top leadership.

For instance and to borrow corporate analogies, Attorney General Holder is the CEO of DOJ Inc. and even the DOJ describes itself as the “world’s largest law office, employing more than 10,000 attorneys nationwide.”  That employee headcount (obviously the DOJ also employs non-attorneys as well) is rather small compared to a typical corporation doing business in the global marketplace through employees and hundreds, if not thousands, of third parties.

Returning to an issue previously highlighted here and here, if the DOJ was a business organization and subject to the same legal principles its uses to prosecute business organizations, the DOJ would constantly be under scrutiny and the subject of numerous enforcement actions.

Why?

Because as highlighted in this recent report by the Project on Government Oversight (“POGO”) titled “Hundreds of Justice Department Attorneys Violated Professional Rules, Laws, or Ethical Standards:”

“An internal affairs office at the Justice Department has found that, over the last decade, hundreds of federal prosecutors and other Justice employees violated rules, laws, or ethical standards governing their work.”

[...]

“From fiscal year 2002 through fiscal year 2013, the Justice Department’s Office of Professional Responsibility (OPR) documented more than 650 infractions … In the majority of the matters – more than 400 – OPR categorized the violations as being at the more severe end of the scale:  recklessness or intentional misconduct, as distinct from error or poor judgment.”

Although not specifically discussed in the POGO report, Foreign Corrupt Practices Act enforcement actions have seen instances of prosecutorial misconduct.  For instance, as highlighted in this post, in the DOJ’s enforcement action against Lindsey Manufacturing and two of its executives, the judge in dismissing the case, stated that the instances of misconduct were “so varied, and occurr[ed] over so lengthy a period … that they add up to an unusual and extreme picture of a prosecution gone badly awry.” In the failed Africa Sting case, the judge in dismissing the cases, stated that certain of the DOJ’s conduct had “no place in a federal courtroom.”  (See here).

The DOJ’s Principles of Prosecution of Business Organizations state, among the factors prosecutors should consider in deciding whether – and how – to charge a business organization as follows.

“Among the factors prosecutors should consider and weigh are whether the corporation appropriately disciplined wrongdoers, once those employees are identified by the corporation as culpable for the misconduct.”

Against this backdrop, the POGO report stated that several “examples of misconduct” within the DOJ often result in lenient sanctions such as a 10, 14 or 30 day suspensions.  Moreover, if I am not mistaken, certain of the DOJ prosecutors in the above FCPA enforcement actions – far from being disciplined – were promoted after their conduct was called into question by the federal judiciary.

The policy question needs to be asked: as a matter of principle should not the prosecutor / regulator and the prosecuted / regulated be held to the same general standards?

As a matter of principle and borrowing Holder’s policy pronouncements, should not the buck somewhere in the DOJ when improper conduct occurs within its ranks?  Is responsibility so diffuse in the DOJ that top leaders are insulated from accountability?

As noted in the POGO report, “high-level DOJ officials have said in the past that given the context – tens of thousands of its attorneys working on tens of thousands of cases each year – the amount of misconduct is small.”  (See here).

Could not the same be said of a typical business organization doing business in the global marketplace?  After all, dig into the details of many corporate FCPA enforcement actions and you will quickly learn that the conduct at issue was engaged in by a “small fraction” of the company’s global workforce to borrow the phrase the DOJ used in the HP enforcement action.

To be clear, the point of this post is not to call (as some actually have) for Holder’s resignation or to insist that Holder ought to be personally responsible, legally or ethically, for the improper conduct that has taken place in the DOJ under his leadership.

Rather, the point of this post is to highlight from a policy perspective the similarities between the DOJ and a business organization when it comes to compliance, internal behavior, diffusion of responsibility and insulation of top leadership.

These similarities ought to make top government enforcement officials less confident and less sweeping in their policy statements and simplistic views of legal and ethical culpability.  And if not, the similarities should at least cause top government enforcement officials to recognize that the same statements and views can be appropriately used to shine a light on the organizations they are tasked with running.

*****

For additional views of Holder’s recent speech, see here from Debevoise & Plimpton and here from Professor Peter Henning at his White Collar Crime Watch column in the New York Times.