Archive for the ‘Enforcement Agency Policy’ Category

In The Words Of Loretta Lynch

Tuesday, November 11th, 2014

LynchRecently President Obama nominated Loretta Lynch (U.S. Attorney, Eastern District of New York) to be the next Attorney General.

This post highlights Lynch’s responses to various Foreign Corrupt Practices Act or FCPA related questions originally posed in this September/October 2013 Q&A with the Society of Corporate Compliance and Ethics’ magazine Compliance & Ethics Professional and posted on the DOJ’s website.

In the Q&A, Lynch speaks generally about corruption and compliance and specifically about Morgan Stanley’s so-called “declination” and the FCPA enforcement action against Ralph Lauren.  For additional information on Morgan Stanley’s so-called “declination” (see here and here) and for additional information on the Ralph Lauren enforcement action (see herehere and here).

Q: What did you learn about compliance programs, good and bad, in your [prior private] practice?

A: The most important thing I learned about compliance programs is also the most basic thing—the tone at the top truly sets the
parameters for whether one has an effective or ineffective compliance program. And by effective, I don’t mean a program in a company where there is never any wrongdoing, because that company does not exist. If there is one message I’d like to leave with corporate America, it is that the government actually does understand that things can and will go wrong, even where there is a strong compliance program. Every company develops issues. It’s how you deal with them that defines your corporate culture and informs me if you are serious about fixing the problem and preventing it from recurring going forward.

Q: One of the things that strikes me about your career in the U.S. Attorney’s Office is that fighting corruption has been an ongoing focus. And, it’s notable to point out that we’re not just talking about the Foreign Corrupt Practices Act (FCPA), but also corruption here in the U.S. Are there common threads that you see among government corruption cases everywhere?

A: Corruption, whether here in Brooklyn or on the other side of the globe, has real and far-reaching consequences. The common
thread is that someone in power loses their connection to the constituency they are supposed to serve, whether citizens or shareholders. When government officials engage in self-dealing, when they abdicate their responsibility, when they succumb to greed, the average citizen pays for it dearly and on many levels. Constituents everywhere end up spending more for services—infrastructure, healthcare, education—and sometimes have to go without these vital services, when government officials line their own pockets with public funds. Law-abiding companies here in the U.S. and abroad are placed at a competitive disadvantage when business is won or lost based on bribes, not the quality of a company’s products and services.

And because corruption involves, at its heart, the breaking of a trust relationship, its ramifications often go far beyond the financial. Corruption infects society as a whole, increasing the level of cynicism and distrust that constituents have about their elected officials and government processes. In this way, corruption also impacts those government officials who are truly trying to do the right thing. They get tarred with the same brush. We all deserve honest and effective representation, and my office is committed to investigating and prosecuting those who trade on the trust we place in them to enrich themselves, who let greed get in the way of helping the people that they represent.

Q: The Morgan Stanley FCPA case was a very high-profile declination by main Justice and your U.S. Attorney’s Office. They don’t come that often, and it’s very rare to see compliance efforts cited so widely as the reason why. Can you give a brief description of the case for those who are not familiar with it?

A: Absolutely. In April of 2012, my office and the Department of Justice’s (DOJ) fraud section prosecuted Garth Peterson, the former Managing Director in charge of the Morgan Stanley’s real estate group in Shanghai, China. Peterson had engaged in a conspiracy to sell an ownership interest in a Shanghai building owned by Morgan Stanley to a local government official who had provided assistance to Peterson in securing business for Morgan Stanley in China. During the conspiracy, Peterson repeatedly and falsely told Morgan Stanley that the corporation buying the ownership interest in the building was owned by the Shanghai government when, in fact, it was owned by Peterson and the local government official, among others. By lying and providing false information to Morgan Stanley, Peterson was circumventing the company’s internal controls, which were created and intended to prevent FCPA violations. Peterson was charged with one count of conspiring to circumvent Morgan Stanley’s internal controls, and after pleading guilty, he was ultimately was sentenced to a period of incarceration. We declined to take any action against Morgan Stanley in that case.

Q: Again, what’s notable is that it was the first major FCPA case I can recall in which there was a public declination, and just as importantly, the compliance program was cited so publicly as a major part of the reason why. In fact, it’s hard to remember many cases of any type in which the compliance program’s effectiveness was cited so publicly, which suggests to me that even people without FCPA risks should take note. What made this case so different?

A: You’re right. This was an unusual case. Morgan Stanley self-reported Peterson’s conduct, and cooperated fully and extensively
with the government’s investigation. But that’s not what made the case different. What set Morgan Stanley apart was that, after considering all the available facts and circumstances, the government concluded that Morgan Stanley was a company that had done all that it could. It had a compliance program specifically tailored to its business risks, with commitment to compliance from the very top of the company, that itself did not tolerate wrongdoing. The bank acted to fire Peterson before any of the facts became
public. We concluded that Peterson was the quintessential “rogue employee” who schemed to affirmatively sidestep compliance because he knew his behavior would  not be countenanced. Every company says its bad actors are “rogues,” and that they do not promote corruption, but at Morgan Stanley we could see it. There was a stark contrast between the bank’s corporate culture and Peterson’s actions.

This presented a fundamentally different situation from companies that say they don’t tolerate wrongdoing, yet push employees to meet goals and quotas overseas with little to no guidance on the risks and consequences. It was fundamentally different from companies who distance themselves from their agents and consultants overseas, and then argue that they have to “go along” to avoid being disadvantaged in overseas markets. And it was fundamentally different from companies that say “That’s not who we are,” yet have nothing on record that informs me otherwise.

What we saw was that Morgan Stanley conducted extensive due diligence with respect to the sale that Peterson orchestrated.
We saw that Peterson had circumvented a compliance program that was an active component of the company’s business—Peterson himself was trained on FCPA compliance seven times and reminded about FCPA compliance at least 35 times. Compliance
at Morgan Stanley was also proactive, with the bank routinely adjusting and updating its compliance program to address new
issues and problems as they arose. It was not simply a program that was put in place 10 years ago, set apart from the business, and
left unchanged over time, without regard to changes in the company’s business or the increasing complexity of transactions. When we looked at Morgan Stanley, we also saw a bank that invested resources, that had internal controls in place to ensure accountability, that regularly monitored transactions, and that randomly audited employees, transactions, and business units.

This case stands out because it also touched on a common complaint in the FCPA world, and that is the supposed lack of transparency regarding the government’s consideration of a company’s compliance efforts in making charging decisions. The lengthy description of Morgan Stanley’s compliance program in the Peterson charging document was a deliberate response to that criticism. The Peterson case was even cited for that purpose in the FCPA Resource Guide prepared by DOJ and the Securities and Exchange Commission (SEC) in November 2012.

Q: What should compliance professionals take away as key learning from that case?

A: There are actually two “takeaways” in this case. The first is that the government will aggressively pursue those who engage in criminal conduct involving corporate corruption. The second is that companies that employ robust and effective compliance programs are not only better able to detect and identify potential compliance issues that may negatively affect the company’s business and reputation, but also those unusual instances where an employee is intent on circumventing a company’s internal controls. An added benefit for a company that employs a robust compliance program is that the company will be in a better position to address concerns raised by regulators or the government, if the company’s conduct ever comes under scrutiny. Morgan Stanley was able to demonstrate that Peterson truly was a “rogue,” that he had betrayed them, and he had rejected their culture of compliance.

Q: More recently we had the declination in the Ralph Lauren case. In that case, Ralph Lauren discovered questionable payments by a third party working on their behalf in Argentina. You were the US attorney on that case as well. What were some of the factors that led to the decision not to prosecute?

A: Actually we did not decline prosecution in that case. Rather, we entered into a non-prosecution agreement with Ralph Lauren. The agreement is for a two-year term and requires the implementation of various corporate reforms. Ralph Lauren also paid an $882,000 penalty to the DOJ and disgorged $700,000 in ill-gotten gains and interest to the SEC. There were several reasons for that outcome. Ralph Lauren discovered criminal conduct involving violations of the FCPA while it was in the midst of trying to improve its internal controls and compliance worldwide. Our investigation revealed that, over the course of five years, the manager of Ralph Lauren’s subsidiary in Argentina had made roughly $580,000 in corrupt payments to customs officials for unwarranted benefits, like obtaining entry for its products into the country without the necessary paperwork or without any inspection at all. The bribes were funneled through a customs broker who, at the manager’s direction, created fictitious invoices that were paid by Ralph Lauren in order to cover up the scheme.

Several factors compelled our decision to enter into a non-prosecution agreement with Ralph Lauren. First, there was the detection
of the wrongdoing by the corporation itself, as part of an effort to improve global compliance standards. Following the discovery of the corruption, the company also undertook an exceedingly thorough internal investigation of the misconduct and cooperated fully with our investigation. They made foreign witnesses available for government interviews; they provided real-time translation
of foreign documents.

It was also very significant that Ralph Lauren implemented a host of extensive, remedial measures, including the termination of employees engaged in the wrongdoing, and improvements in internal controls and compliance programs. Finally, we took into account that they swiftly and voluntarily disclosed the conduct to the government and the SEC. The company first self-reported the misconduct to the government within two weeks of discovering it. They basically did everything that a company that finds itself in that unfortunate situation can possibly do.

Q: This was the first time the SEC publicly stated it would not proceed. What got their attention and led to the decision?

A: I cannot speak for the SEC, but we do typically have parallel investigations of FCPA violations, and I believe that they were swayed by the same factors that we were. Although Ralph Lauren did not have an anti-corruption program and did not provide any anticorruption training or oversight during the five-year span of the conspiracy, all of the government agencies investigating the case were impressed with their resulting commitment to compliance in this area globally, as well as their self-disclosure and full cooperation.

Q: Finally, are we seeing the start of a new era in which compliance programs are going to be looked at more closely by prosecutors? And, just as importantly, will good programs earn organizations public credit for their efforts?

A: Absolutely. Compliance is the lens through which we view your company. A robust compliance program demonstrates to us that the company “gets it.” Making your compliance program a top priority is an investment a company can’t afford not to make. To put it more bluntly, by the time you have a problem that has drawn the government’s attention, under our principles and guidelines that govern corporate prosecutions, the existence of a robust compliance program can save you, as in the Morgan Stanley case.

The Use Of Overblown And Inherently Inconsitent Rhetoric In Connection With FCPA Enforcement Continues

Monday, October 27th, 2014

This post is not about whether the Foreign Corrupt Practices Act is a fundamentally sound statute.  It is, even though the FCPA and FCPA enforcement policies and procedures could be improved.

This post is not about whether FCPA enforcement by the DOJ and SEC – when facts legitimately satisfy FCPA elements – is in the public interest.  It is, for a variety of reasons.

Rather this post is about overblown and inherently inconsistent government rhetoric in connection with FCPA enforcement.

As highlighted in this post, there is seemingly little connection between the bulk of FCPA enforcement actions and U.S. national security.  Indeed, as further highlighted in this post, U.S. national security is, as a matter of law and seemingly as a matter of practice, a reason not to enforce the FCPA.

Last week, Assistant Attorney General Leslie Caldwell delivered this speech.

The general topic was “about the enforcement of our nation’s federal criminal laws in the 21st Century, and how the Justice Department constantly is adapting its approach to new challenges presented by the global economy and expansion of crime beyond national borders.”

As to the FCPA, Caldwell stated:

“The Foreign Corrupt Practices Act, or FCPA, is a law that prohibits the paying of bribes to foreign government officials to assist in obtaining or retaining business.

You may be asking yourself why the U.S. Justice Department is involved in the fight against corruption abroad.  In fact, there are people who claim that taking aim at foreign bribery puts U.S. companies at a competitive disadvantage in countries where bribery is just business as usual.

The threats posed to the United States by international corruption, however, cannot be overlooked.  Foremost, corrupt countries are less safe.  Corruption thwarts economic development, traps entire populations in poverty, and leaves countries without a credible justice system.  Corrupt officials who put their personal enrichment before the benefit of their citizenry create unstable countries.  And as we have seen time and again, unstable countries become the breeding grounds and safe havens for terrorist groups and other criminals who threaten the security of the United States.

International corruption also inhibits the ability of American companies to compete overseas on a level playing field.  Once bribery and corruption take hold, fair and competitive business practices are eliminated.  Nobody but the corrupt official benefits from bribery.

For all of these reasons, fighting foreign corruption is not a service we provide to the global community, but rather a necessary enforcement action to protect our own national security interests and the ability of our U.S. companies to compete on a global scale.

And, it is not just the United States that is recognizing the importance of foreign bribery laws.  There is an ever growing chorus of countries voicing support for the fight against this type of corruption.  More and more countries are joining international bodies that provide uniform standards for the criminalization of bribery of foreign public officials in international business transactions.  This type of collaboration is critical if we are going to have a meaningful impact on international corruption.”

The notion that FCPA enforcement is “necessary” to “protect our own national security” causes me to once again ask the question: do high-ranking DOJ officials actually read the allegations in most FCPA enforcement actions?  (See here for the prior post).

Recent DOJ FCPA enforcement actions have included the following.

  • Against HP related entities concerning conduct that occurred 7-14 years in which alleged improper payments were made in selling telecommunications, computer equipment, and other technology products in Russia, Poland and Mexico.
  • Against an Alcoa entity concerning conduct that occurred  15-20 years in which alleged improper payments were made in connection with an aluminium smelter project in Bahrain.
  • Against ADM concerning alleged improper payments made in Ukraine in connection with value added tax (VAT) refunds, notwithstanding the fact that the company was legitimately owed the VAT refunds.

Moreover, in the past several years approximately 15 corporate FCPA enforcement actions have concerned business relationships with foreign physicians, lab personnel and yes even a mid-wife.

Moreover, during this new era of enforcement, a substantial percentage of FCPA enforcement actions concern alleged conduct in connection with obtaining foreign licenses, permits, certifications and the like.

Moreover, most of the large FCPA enforcement actions in the past several years have concerned alleged improper relationships between foreign companies and foreign officials in which the alleged conduct seemingly has little actual connection to the U.S.

Moreover, many FCPA enforcement actions have involved, to name just a few, allegations about a bottle of wine (see here), a Cartier watch (see here), a camera (see here), kitchen appliances and business suits (see here), television sets, laptops and appliances (see here), and tea sets and office furniture (see here).

I invite anyone to submit a guest post articulating a credible and direct link between the above enforcement activity and U.S. national security.

The implicit suggestion of course from Caldwell’s speech is that if one is critical of certain FCPA enforcement efforts, one is somehow against U.S. national security.

I reject that.

Indeed, U.S. national security is, as a matter of law and seemingly as a matter of practice, a reason not to enforce the FCPA.

The FCPA itself states:

“(3)(A) With respect to matters concerning the national security of the United States, no duty or liability under [the FCPA] shall be imposed upon any person acting in cooperation with the head of any Federal department or agency responsible for such  matters if such act in cooperation with such head of a department or agency was done upon the specific, written directive of the head of such department or agency pursuant to Presidential authority to issue such directives. Each directive issued under this paragraph  shall set forth the specific facts and circumstances with respect to which the provisions of  this paragraph are to be invoked. Each such directive shall, unless renewed in writing,  expire one year after the date of issuance.

(B) Each head of a Federal department or agency of the United States who issues such a directive pursuant to this paragraph shall maintain a complete file of all such directives and shall, on October 1 of each year, transmit a summary of matters covered by such directives in force at any time during the previous year to the Permanent Select Committee on Intelligence of the House of Representatives and the Select Committee on Intelligence of the Senate.”

That the above provision specifically invoke the FCPA’s books and records and internal controls provisions, but not the FCPA’s anti-bribery provisions, would seem to be a scrivener’s error.

Moreover, U.S. national security also seems to be a reason not to enforce the FCPA as a matter of practice.

Consider the BAE enforcement action.  Despite the DOJ alleging conduct that clearly implicated the FCPA’s anti-bribery provisions, BAE (a large U.S. defense contractor) was not charged with violating the FCPA.  (To learn more about the BAE enforcement action, see “The Facade of FCPA Enforcement” pgs. 993-996).

Consider also the mysterious conclusion to the James Giffen enforcement action.  In 2003, James Giffen was criminally charged with “making more than $78 million in unlawful payments to two senior officials of the Republic of Kazakhstan in connection with six separate oil transactions, in which the American oil companies Mobil Oil, Amoco, Texaco and Phillips Petroleum acquired valuable oil and gas rights in Kazakhstan.” However, Giffen’s defense was that his actions were made with the knowledge and support of the CIA, the National Security Council, the Department of State and the White House. The DOJ did not dispute that Giffen had frequent contacts with senior U.S. intelligence officials or that he used his ties within the Kazakh government to assist the United States. With the court’s approval, Giffen sought discovery from the government to support his public authority defense and much of the delay in the case was due to the government’s resistance to such discovery and who was entitled to see such discovery.  In 2010, the enforcement action took a sudden and mysterious turn when Giffen agreed to plead guilty to a one-paragraph superseding indictment charging a misdemeanor tax violation.  The enforcement action ended with the presiding judge imposing no jail time on Giffen and stating that he was a Cold War hero and that the enforcement action should have never been brought in the first place. Giffen presumably prevailed over the DOJ not because of the facts or the law, but because he possessed significant leverage over the government in that he asserted his actions were taken with the knowledge and support of the highest levels of our  government. 

Consider also the fact that there has been no FCPA enforcement actions concerning contracts at the Manas airbase in Kyrgyzstan (which the U.S. used to route personnel and equipment headed for Afghanistan).  (To learn about the Manas contracts see here for a U.S. House hearing devoted to the subject and here, here and here for additional information).

In short, the DOJ’s recent “national security” rhetoric concerning FCPA enforcement was overblown and inherently inconsistent.

*****

Ms. Caldwell of course did not invent overblown or inherently inconsistent rhetoric to describe FCPA enforcement.  Rather such rhetoric is a carry-over from former DOJ officials.   To learn more, read this article.

Friday Roundup

Friday, October 24th, 2014

SEC administrative proceedings, a sorry state of affairs, voluntary disclosure calculus, nice payday but what was really accomplished, and for the reading stack.  It’s all here in the Friday roundup.

SEC Administrative Proceedings

A focus on SEC administrative proceedings here at the Wall Street Journal.

“The Securities and Exchange Commission is increasingly steering cases to hearings in front of the agency’s appointed administrative judges …”

For discussion of this dynamic in the FCPA context, see my article “A Foreign Corrupt Practices Act Narrative” (pgs. 991-995).

“SEC administrative settlements, as well as SEC  DPAs and NPAs, place the SEC in the role of regulator,  prosecutor, judge and jury all at the same time and a notable  feature from 2013 SEC FCPA corporate enforcement is that 4 (1  NPA and 3 administrative orders) of the 8 corporate enforcement  actions (50%) were not subjected to one ounce of judicial  scrutiny.”

In 2014, there have been three SEC corporate FCPA enforcement actions (Smith & Wesson, Alcoa, and HP).  All have been resolved via the SEC’s administrative process.

Sorry State of Affairs

It really is a sorry state of affairs when former government enforcement attorneys go into private practice and then criticize the current enforcement climate that they helped create.  For more on this dynamic in the FCPA context, see this prior post “A Former Enforcement Official Is Likely To Say (Or Has Already Said) The Same Thing.”

Albeit outside the FCPA Context, this ProPublica article, “In Turnabout, Former Regulators Assail Wall St. Watchdogs,” touches on the same general issue.

“Last week, I visited an alternate universe. The real world sees a pandemic of bank misconduct, but to the white-collar defense lawyers of Washington, the banks are the victims as they bow beneath the weight of regulators’ remarkably harsh punishments.

I was attending the Securities Enforcement Forum, a gathering of top regulators and white-collar defense worthies. The marquee section was a panel that included Andrew Ceresney, the current enforcement director of the SEC, and five of his predecessors. Four of those former S.E.C. officials represent corporations at prominent white-collar law firms. [...] The conference turned into a free-for-all of high-powered and influential white-collar defense lawyers hammering regulators on how unfair they have been to their clients, some of America’s largest financial companies.

[...]

This is how power and influence work in Washington. Former top officials, whose portraits mount the walls, weigh in on matters of enforcement. Now working for the private sector, they assail the regulatory “overreach.” Sincerely held or self-serving, these views carry weight in Washington’s clubby legal milieu.

[...]

Former regulators are the mouthpieces. And given what they say in public, one can only imagine what is happening behind closed doors.”

Voluntary Disclosure Calculus

At the Corporate Crime Reporter, Laurence Urgenson (Mayer Brown) talks about, among other topics, voluntary disclosure.

“Voluntary disclosure is still an important option in dealing with FCPA risk,” Urgenson said. “It used to be the default position — people had a predisposition toward it. It’s moved from the default position to one taken only after a clear-eyed case by case analysis of the benefits and the costs.” “That’s because the benefits and costs of voluntary disclosure have shifted. Part of that is the result of globalization. Part of it has to do with the increased penalties.” “It used to be that the Department of Justice and the SEC could provide companies with one stop shopping. If you volunteered to the Department and SEC, and you settled the matter, you had finality.” “That was a big benefit of the voluntary disclosure process. Now, because in part of the high penalties and globalization, the Department and SEC resolution can be the first stop in a long journey, which includes dealing with law enforcement authorities around the world, dealing with NGOs such as the World Bank which has an enforcement process, and navigating the risks of civil litigation.” “Once the Department of Justice resorted to the alternative fine provisions, which greatly increases the potential fines and once the SEC began to use the disgorgement remedy, FCPA settlements became much more costly, so much so that they could affect the stock price and provoke civil actions.” “You really have to sit down with the client and look at the list of pluses and minuses to voluntary disclosure. You have to go through with the client the long list of things that follow from voluntary disclosure.”

Nice Payday But What Was Really Accomplished?

As highlighted in this Law360 article:

“Alcoa Inc. shareholders on Monday asked a Pennsylvania federal judge to approve a settlement between shareholders and the board over allegations that the company paid hundreds of millions of dollars in illegal bribes to government officials in Bahrain. The proposed agreement states that aluminum producer Alcoa “has adopted or will adopt” compliance reforms that include the creation of a chief ethics and compliance officer, an officer-level position that oversees the ethics and compliance program, enhancements to the program that include the development of an anti-corruption policy, and implementation of Alcoa’s due diligence and contracting procedure for intermediaries.

[...]

The proposed settlement also provides that there be a reorganization of Alcoa’s regional and local counsel reporting structure, enhanced mandatory annual Foreign Corrupt Practices Act and employee anti-corruption training, improvements to its business expense policies, and enhancements to its compliance policies for evaluating the effectiveness of preventing corruption.

In addition, the company has agreed to pay $3.75 million to the plaintiffs’ counsel.

Alcoa admits no wrongdoing or liability under the terms of the proposed agreement.”

The issue is the same as highlighted in this prior post – nice payday, plaintiffs’ lawyer,s but what was really accomplished?

In connection with the January 2014 FCPA enforcement action against Alcoa World Alumina, Alcoa basically agreed to the same thing it agreed to do in the above settlement.  (See here at Exhibit 4).

Reading Stack

A review of my book, “The Foreign Corrupt Practices Act in a New Era” published at International Policy Digest by John Giraudo (of the Aspen Institute and formerly a chief compliance officer).  It begins:

“If you care about the rule of law, The Foreign Corrupt Practices Act in the New Era by Mike Koehler, is one of the most important books you can read—to learn how it is being eroded. Professor Koehler’s book … is a must read for people who care about law reform. It is a story of how a good law, the US Foreign Corrupt Practices Act, a criminal law that prevents companies from bribing foreign government officials has been misapplied in recent enforcement actions by the US Department of Justice (DOJ) and the US Securities and Exchange Commission (SEC).”

Miller & Chevalier’s FCPA Autumn Review 2014 is here.

*****

A good weekend to all.

Friday Roundup

Friday, October 10th, 2014

A tribute, resource alert, bureaucratic brazennessscrutiny alerts and updates, a bushel, quotable, and for the reading stack. It’s all here in the Friday roundup.

James McGrath

I join Tom Fox (FCPA Compliance and Ethics Blog) in paying tribute to James McGrath.  Owner of his own Ohio-based firm McGrath & Grace and founder and editor of his own Internal Investigations Blog, McGrath was a bear of a man as Fox wrote.  Yet a gentle and kind bear and I will remember Jim for his desire to learn and engage with students.  He was an occasional contributor to FCPA Professor (see here) and his candid wit resulted in this classic post.  I last communicated with Jim a few weeks ago and he was excited to share some new things in his life and I was happy and excited for him.  Moreover, Jim paid me a visit in Southern Illinois this past spring which is no small feat as one has to make a big of effort to get here.  I enjoyed our visit and discussion.

You will be missed Jim, rest in peace.

Resource Alert

The University of Houston Law Center announced:

“[Release of] a searchable database that contains the compliance codes for Fortune 500 companies.  The project was led by Houston attorney Ryan McConnell, an adjunct professor at the University of Houston Law Center. McConnell worked with a team of recent graduates and current students to develop the database, which covers 42 different topics. “The free database allows any company to conduct benchmarking on virtually every compliance area covered in a code of conduct and to spot compliance trends within their industry,” McConnell explained. “In addition to proactively building a program, when compliance failures occur, whether a foreign bribery violation or environmental issue, stakeholders – whether they are shareholders in a lawsuit or criminal investigators – frequently scrutinize the company’s compliance program.  This database provides a powerful tool for anyone to evaluate the strength of a company’s compliance program, including subject matters addressed in the code and the organization’s core values.”

Bureaucratic Brazenness

This recent Wall Street Journal column “The New Bureaucratic Brazenness” caught my eye.

“We’re all used to a certain amount of doublespeak and bureaucratese in government hearings. That’s as old as forever. But in the past year of listening to testimony from government officials, there is something different about the boredom and indifference with which government testifiers skirt, dodge and withhold the truth. They don’t seem furtive or defensive; they are not in the least afraid. They speak always with a certain carefulness—they are lawyered up—but they have no evident fear of looking evasive. They really don’t care what you think of them. They’re running the show and if you don’t like it, too bad.

[...]

Everything sounds like propaganda. That will happen when government becomes too huge, too present and all-encompassing. Everything almost every level of government says now has the terrible, insincere, lying sound of The Official Line, which no one on the inside, or outside, believes.

[...]

We are locked in some loop where the public figure knows what he must pronounce to achieve his agenda, and the public knows what he must pronounce to achieve his agenda, and we all accept what is being said while at the same time everyone sees right through it. The public figure literally says, “Prepare my talking points,” and the public says, “He’s just reading talking points.” It leaves everyone feeling compromised. Public officials gripe they can’t break through the cynicism. They cause the cynicism.”

I sort of feel this way when I hear DOJ and SEC FCPA enforcement attorneys speak.  Do you?

For instance, last year I attended an event very early in tenure of a high-ranking SEC enforcement official.  This person – who came to the SEC from private practice – candidly stated something to the effect that given his very new position he did not yet know what he was supposed to say.

Scrutiny Alerts and Updates

Sanofi

As recently reported in this Wall Street Journal article:

“Sanofi said it has told U.S. authorities about allegations of improper payments to health-care professionals in the Mideast and East Africa, joining a lineup of pharmaceutical companies that have faced similar claims. Among the allegations are that Sanofi employees made improper payments to doctors in Kenya and other East African nations, handing out perks based on whether the doctors prescribed or planned to prescribe Sanofi drugs, according to the firm and e-mails from a tipster The Wall Street Journal viewed. The French pharmaceutical company said it hired New York law firm Weil Gotshal & Manges LLP to look into the claims and the investigation is continuing. “At this stage, it is too early to draw conclusions,” a company spokesman said. “Sanofi takes these allegations seriously.”

[...]

“The Sanofi investigation began after the firm received a series of anonymous allegations that wrongdoing occurred between 2007 and 2012 in parts of the Middle East and East Africa, the company said. One allegation was that employees of subsidiary Sanofi Kenya bribed medical professionals, a claim made via emails sent to Sanofi senior management last October and in March and viewed by the Journal. Sanofi paid for influential medical professionals to attend conferences, many of which were abroad, and gave them cash and gifts at its own events to win business, the emails allege. Copies of letters the tipster said were sent to Sanofi Kenya by medical professionals, as well as what the emails describe as other Sanofi documents, which were also reviewed by the Journal, indicate that doctors would request money from Sanofi Kenya to attend conferences and events and that Sanofi employees would take into account the applicant’s value to Sanofi’s business before deciding whether to sponsor them or not.”

As highlighted in this August 2013 post, Sanofi’s conduct in China has also been under scrutiny.

GSK

As recently reported in this Reuters article:

“GlaxoSmithKline, which was slapped with a record $489 million fine for corruption in China last month, said on Tuesday it was looking into allegations of corruption in the United Arab Emirates. Britain’s biggest pharmaceuticals group confirmed the investigation following allegations of improper payments set out in a whistleblower’s email sent to its top management on Monday. The email, purporting to be from a GSK sales manager in the Gulf state, was seen by Reuters. The company is already investigating alleged bribery in a number of Middle East countries, including Lebanon, Jordan, Syria and Iraq, as well as Poland. ”As we have already said, we are undertaking an investigation into our operations in the Middle East following complaints made previously. This investigation continues and these specific claims were already being investigated as part of this process,” a GSK spokesman said.”

DynCorp

The Washington Times reports here

“State Department investigators uncovered evidence that agents working for one of the largest U.S. military contractors paid tens of thousands of dollars in bribes to Pakistani officials to obtain visas and weapons licenses, but records show the government closed the case without punishing DynCorp.

[...]

But investigators closed the case after deciding they couldn’t prove or disprove the company had the “requisite corrupt” intent required to prove a violation of the Foreign Corrupt Practices Act (FCPA), which bars U.S. companies from bribing foreign officials.

“There was no evidence to support the allegations that DynCorp or its employees had specific knowledge of bribes paid Pakistani government officials,” an investigator wrote in a memo closing out the case last year.

Still, investigators concluded there were violations of the FCPA involving both Speed-Flo and Inter-Risk, both of which are based in Islamabad.”

AgustaWestland / Finmeccanica Related

As noted in this Wall Street Journal article:

“An Italian court found Giuseppe Orsi, the former chief executive of defense firm Finmeccanica, not guilty of international corruption, absolving him of the most serious charge he faced in connection with a 560-million-euro contract won in 2010 to supply the Indian government with 12 helicopters. The three judge panel found Mr. Orsi, 68, guilty of falsifying invoices and sentenced him for that crime to two years in prison, a penalty that was immediately suspended. “A nightmare is over for me and my family,” a visibly relieved Mr. Orsi told reporters after the judge had read the verdict. Italian prosecutors had argued that Mr. Orsi, who at the time of the alleged corruption was CEO of Finmeccanica unit AgustaWestland, directed a plan to pay tens of millions of dollars to Indian officials, including the former top officer in the Indian air force, to win the helicopter-supply competition. Mr. Orsi rose to become CEO of Finmeccanica in 2011 and resigned last year when the corruption charges surfaced. The court also absolved Bruno Spagnolini, who followed Mr. Orsi as CEO of AgustaWestland, of corruption while finding him guilty of falsifying invoices. In reading the verdict, the judge said that while prosecutors had proven that fake invoices had been issued, there was no corruption. Prosecutors had argued there was a direct connection between the false invoices and the payment of kickbacks.”

A Bushel

Matthew Fishbein (Debevoise & Plimpton) was awarded an FCPA Professor Apple Award for this this recent article titled “Why Aren’t Individuals Prosecuted for Conduct Companies Admit.”  Fishbein continues with his spot-on observations in this recent Corporate Crime Reporter Q&A.  For additional reading on the same topics see:

The Facade of FCPA Enforcement“ (2010)

My 2010 Senate FCPA testimony (“The lack of individual prosecutions in the most high-profile egregious instances of corporate bribery causes one to legitimately wonder whether the conduct was engaged in by ghosts. [...]  However, a reason no individuals have been charged in [most FCPA] enforcement actions may have more to do with the quality of the corporate enforcement action than any other factor. As previously described, given the prevalence of NPAs and DPAs in the FCPA context and the ease in which DOJ offers these alternative resolution vehicles to companies subject to an FCPA inquiry, companies agree to enter into such resolution vehicles regardless of the DOJ’s legal theories or the existence of valid and legitimate defenses. It is simply easier, more cost efficient, and more certain for a company … to agree to a NPA or DPA than it is to be criminally indicted and mount a valid legal defense – even if the DOJ’s theory of prosecution is questionable …”.

But Nobody Was Charged” (2011)

“DOJ Prosecution of Individuals – Are Other Factors At Play?” (2011) (2013) (2014)

Why You Should Be Alarmed by the ADM Enforcement Action” (2014).

Quotable

In this recent speech, SEC Chair Mary Jo White stated:

“In fiscal year 2013, we brought more than 675 enforcement actions and obtained orders for $3.4 billion in total penalties and disgorgement.  We will soon be announcing the results for our 2014 fiscal year, which ended yesterday.  It was another very productive year as those numbers will show. But numbers only tell part of the story. The quality and breadth of actions are really the more meaningful measure of an effective enforcement program. (emphasis added).”

As to international cooperation, White stated:

“International cooperation is essential to the SEC’s enforcement program, and indeed, to all of our enforcement programs.  In today’s global marketplace, fraudulent schemes and other misconduct commonly have cross-border elements, and the need for seamless cooperation among us has never been greater.

The SEC’s investigations and enforcement actions often involve witnesses and evidence in different countries around the world.  And I know that the same is true in your investigations and enforcement cases.

Faced with this simple reality, if we are to continue to conduct these investigations successfully, and prosecute the offenses and wrongdoers to the fullest extent of our laws, broad and effective use of the MMoU, and our bilateral agreements, is more important than ever.

No one knows that better than the SEC.  Virtually every week, I meet with my fellow Commissioners to decide which cases to bring.  Rarely is there a week when one or more of the cases recommended by the enforcement staff does not involve critical international assistance.  In fact, in the last fiscal year, the SEC made more than 900 requests for international assistance and, as a result, we were able to obtain critical evidence that helped us prosecute wrongdoers for a vast array of serious offenses.

In one recent FCPA case, for example, the SEC obtained valuable evidence — bank and other corporate records — from German prosecutors. [HP] And, we received great support from regulators in Australia, Guernsey, Liechtenstein, Norway, Canada, Switzerland, and the United Kingdom in another major FCPA action. [Alcoa].”

From the Houston Chronicle, a Q&A with former Deputy Attorney General – and current FCPA practitioner – George Terwilliger.

Q: How will enforcement of the Foreign Corrupt Practices Act (FCPA) hinder U.S. energy companies from doing business abroad?

A: Notwithstanding all the good things that are happening with energy upstream production in the United States, the real growth opportunities remain overseas. And a lot of them are in places that are ethically challenged at best in terms of their business and legal cultures. Two things cause problems for companies subject to U.S. law.

One, ambiguities are in the law itself. What is a foreign official? What organizations are covered as entities of foreign governments that are state-owned enterprises three times removed?

Then there’s the uncertainty of the parameters of enforcement policy. Why is this case prosecuted and that one isn’t? Why does this case settle for this much money and that one for that much money? There’s not a lot of transparency, and it’s not apparent to the people who work at this all the time exactly where those parameters are.

Q: Why is that a problem?

A: A company subject to U.S. law that is looking at an opportunity overseas looks at what the profitability model is and then they look at the risk inherent in doing business in that environment. The least little thing that comes up in that process — there’s a piece of real estate they want us to use as a staging area that’s owned by the brother-in-law of the cousin of the oil minister — and they look at it and go, “You know what? We’re not going to do that. It’s not worth the risk.”

Q: Are companies passing up business opportunities because of those risks?

A: Yes, that happens. Companies forgo economic opportunities because the uncertainties are perceived to be too great given the potential return on the investment. The objective of the law is to have a corruption-free level playing field. Most American business people I think believe that given a level playing field they can compete very well, particularly with foreign competitors. The problem is when that playing field is knocked out of kilter by the influence of corruption. Perhaps companies from other countries don’t operate under these constraints, then the playing field isn’t level anymore.

Q: What can mitigate those risks and balance the playing field for U.S. companies abroad?

A: For some time I have advocated some kind of corporate amnesty for companies that investigate themselves, fix their problems and disclose them to the government. If companies become aware of corrupt activity, I think given an incentive to report that they would do it. And that will help the government and help the objectives of this program rather than playing a kind of gotcha game.

Q: Are there any incentives now for companies to disclose potential violations?

A: The Securities Exchange Commission and the Justice Department have articulated policies that whatever the penalty should be for some wrongdoing, it will be less if you self-report, cooperate with an investigation and so forth. I don’t think that’s widely believed in the U.S. corporate community. And it’s almost impossible to measure. I have represented companies where we have made voluntary disclosures that have not been prosecuted. And the government has said the reason they are not prosecuting is because of internal investigation and cooperation. So I’m not saying it doesn’t happen. At the end of the day, companies wrestle with the question of, “Is it really worth it?” All the heartache that’s going to flow from a voluntary disclosure, particularly on something that may be marginal as a violation, is it worth what that’s going to cost? In terms of damage to reputation, shareholder issues, management issues with the board and so forth, is that going to be worth it in terms of what a company might get in terms of some forbearance of penalty?

Reading Stack

“It’s as if the FCPA Super Bowl just ended in a tie.”  (See here from Bracewell & Giuliani attorneys Glen Kopp and Kedar Bhatia regarding the Supreme Court recently declining to hear the “foreign official” challenge in U.S. v. Esquenazi).   

A legitimate concern or a bluff?  (See here from The Globe and Mail – “The head of Canadian engineering giant SNC-Lavalin Group Inc. says any move by authorities to charge the company in connection with an extensive bribery scandal would immediately threaten its future and could force it to close down.”).

An interesting video on Bloomberg’s “Market Matters” regarding the DOJ’s approach to prosecuting alleged corporate crime. The FCPA is not specifically discussed, although the issues discussed are FCPA relevant.

From the Economist “The Kings of the Courtroom:  How Prosecutors Came to Dominate the Criminal-Justice System.” (“The prosecutor has more control over life, liberty and reputation than any other person in America,” said Robert Jackson, the attorney-general, in 1940. As the current attorney-general, Eric Holder, prepares to stand down, American prosecutors are more powerful than ever before. Several legal changes have empowered them. The first is the explosion of plea bargaining, where a suspect agrees to plead guilty to a lesser charge if the more serious charges against him are dropped. Plea bargains were unobtainable in the early years of American justice. But today more than 95% of cases end in such deals and thus are never brought to trial.”).

*****

A good weekend to all.

Recent DOJ Speeches

Thursday, October 9th, 2014

Speaking8Previous posts here and here highlighted recent speeches by top Department of Justice officials on topics relevant to the Foreign Corrupt Practices Act.

This post highlights additional recent speeches by Assistant Attorney General for the Criminal Division Leslie Caldwell on October 1st and by Principal Deputy Assistant Attorney General for the Criminal Division Marshall Miller on October 7th.  The speeches are near carbon-copies of each other, but both are excerpted below in one space for ease of reference.  Moreover, Caldwell’s speech further expounds on cooperation issues previously articulated in Miller’s September 17th speech.

Before excerpting the speeches, it is worth noting that the DOJ officials (as prior DOJ officials have in the past) made several important acknowledgments relevant to the difficulties of FCPA compliance and in support of the policy rationales for an FCPA compliance defense.  (See here for the article “Revisiting a Foreign Corrupt Practices Act Compliance Defense”).  In pertinent part, the DOJ officials stated:

“While the Justice Department is often the last line of defense against fraud and corruption, all of you [compliance professionals] are the first.  Criminal prosecutions can and do deter future bad behavior, but they most often serve as an after-the-fact sanction for misconduct.  Your collective work is designed to ensure corporate compliance and ethical practices from the outset.”

“[W]e recognize that even with proper support of a compliance program by management, perfect compliance in this increasingly global economy is incredibly difficult.  Compliance departments are asked to monitor business units that are spread about the globe.”

“Every company hires human beings who, when they are in a tough and maybe unfamiliar situation with no clear guidance about what is expected, will sometimes choose the wrong path.  And that becomes even harder when they are operating in countries with business cultures very different from their own.”

“Corporations do not act, but for the actions of individuals.  In all but a few cases, an individual or group of individuals is responsible for the corporation’s criminal conduct.”

“Compliance must be incentivized.”

“Although increasingly rare in this day and age – more than a decade after the passage of the Sarbanes Oxley Act – we are still encountering prominent companies with no real compliance programs. Hard to believe, but true.”

“[E]ven companies with strong compliance programs can and do detect and report criminal misconduct by employees.”

“While the Justice Department is often the last line of defense against fraud and corruption, all of you who work in compliance are the first. Criminal prosecutions can and do deter future bad behavior, but your work can prevent that conduct before it happens.”

For additional writing and videos on many of the same points discussed in the DOJ speeches see:

Assistant Attorney General Caldwell’s October 1st Speech

“While the Justice Department is often the last line of defense against fraud and corruption, all of you are the first. Criminal prosecutions can and do deter future bad behavior, but they most often serve as an after-the fact sanction for misconduct.

Your collective work is designed to ensure corporate compliance and ethical practices from the outset. The importance of your work cannot be overstated: it serves to protect the integrity of our public markets, the country’s financial systems, our intellectual property, the retirement accounts of our hardworking citizens, and our taxpayer dollars used to fund healthcare programs and government and military contracts.

A very large part of the mission of the Criminal Division is fighting major corporate fraud and corruption. Our Fraud Section employs approximately 100 prosecutors who are experienced in investigating health care fraud, defense procurement fraud, securities and financial fraud, and violations of the Foreign Corrupt Practices Act.

Our Asset Forfeiture and Money Laundering Section investigates and prosecutes international money laundering and violations of U.S. sanctions laws, and it recovers the proceeds of foreign official corruption by kleptocrats.

Unfortunately, in our fraud, corruption, money laundering, and sanctions cases, we have seen too many failures of corporate compliance.

In this day and age – more than a decade after the Sarbanes-Oxley Act – we come across very few companies that do not have any compliance program. In fact, we have seen a marked improvement in compliance programs over the years. In years past, it was not uncommon to see companies with only rudimentary compliance programs.

That situation is illustrated by a case resolved just last year, involving Weatherford International, a Swiss oil services company that trades on the New York Stock Exchange. Three subsidiaries of Weatherford International pleaded guilty to violating the anti-bribery provisions of the Foreign Corrupt Practices Act and export controls violations.

Before 2008, the company had little more than a weak paper compliance program. The subsidiaries admitted that the company did not have a dedicated compliance officer or compliance personnel, did not conduct anti-corruption training, and did not have an effective system for investigating employee reporting of ethics and compliance violations. Weatherford companies paid $252 million in penalties and fines.

It is increasingly rare that we encounter circumstances in which a company has such a feeble compliance program. And I doubt that anyone in this audience works for a company like that, or you probably would not be here.

More often, we encounter companies with compliance programs that are strong on paper, but much weaker in practice.”

[...]

“Now, we recognize that even with proper support of a compliance program by management, perfect compliance in this increasingly global economy is incredibly difficult. Compliance departments are asked to monitor business units that are spread about the globe.

More than the geographic divide, however, there often are cultural divides from country-to-country that you must bridge.”

[...]

“There is no doubt that monitoring compliance on a global scale is a difficult, but difficulty cannot be used as an excuse to turn a blind eye to problematic business practices. Compliance programs must be put into place and—more importantly—communicated repeatedly and enforced properly throughout the entire organization.

The emphasis on compliance must be heard not only in the executive suites at headquarters, but wherever the company operates around the globe.

When considering criminal action against a company, one factor that the Justice Department evaluates is the company’s compliance program.

Under the department’s internal guidance, the Principles of Federal Prosecution of Business Organizations, prosecutors must consider “the existence and effectiveness of the corporation’s pre-existing compliance program.”

As all of you know, the United States Sentencing Guidelines also expressly include a company’s corporate compliance program as a factor in corporate sentencing in criminal cases.

There is, of course, no “off the rack” compliance program that can be installed at every company. Effective compliance programs must be tailored to the unique needs and risks faced by each company.

But there are hallmarks of good compliance programs. The department includes many of these in our non-prosecution agreements and deferred prosecution agreements, and I’d like to discuss them with you.

1. High-level commitment. A company must ensure that its directors and senior management provide strong, explicit, and visible commitment to its corporate compliance policy. Stated differently, and again, “tone from the top.”

This means that the importance of compliance should be communicated from the very top of the company. I once heard of a large company whose prominent CEO refused to put his signature on a company-wide communication announcing the company’s new compliance program.

When asked why not, he replied: “Because we don’t hire those kinds of people.” Well, he could not have been more wrong. Every company hires “those kinds of people.”

Every company hires human beings who, when they are in a tough and maybe unfamiliar situation with no clear guidance about what is expected, will sometimes choose the wrong path. And that becomes even harder when they are operating in countries with business cultures very different from our own.

2. Written Policies. A company should have a clearly articulated and visible corporate compliance policy memorialized in a written compliance code. Again, employees need to know what to do–or not do–when faced with a tough judgment call involving business ethics. Companies need to make that as easy as possible for their employees.

3. Periodic Risk-Based Review. A company should periodically evaluate these compliance codes on the basis of a risk assessment addressing the individual circumstances of the company. Companies change over time through natural growth, mergers, and acquisitions.

Compliance policies should be live organisms that also change and grow with the company. You are only as strong as your weakest flank.

I once represented a company that had an A+ compliance program. But then they acquired a Chinese subsidiary and for several years failed to communicate to their new—and then not-so new–Chinese employees the need for FCPA compliance.

The predictable result: the Chinese employees continued doing business in the way that was familiar to them. And the US parent found itself in deep violation of the FCPA.

4. Proper Oversight and Independence. A company should assign responsibility to senior executives for the implementation and oversight of the compliance program.

Those executives should have the authority to report directly to independent monitoring bodies, including internal audit and the Board of Directors, and should have autonomy from management. Compliance programs needed to be funded; they need to have resources.

And they need to have teeth and respect within the company. For years, Wall Street banks housed their compliance programs across the Hudson River, in New Jersey. They were out of sight, out of mind. They were underpaid. And nobody paid much attention to them.

Compliance programs need to have an appropriate stature within the company, or compliance will be the last thing on the mind of an employee tempted to engage in wrongdoing.

5. Training and Guidance. A company should implement mechanisms designed to ensure that its compliance code is effectively communicated to all directors, officers, employees. This means repeated communication, frequent and effective training, and an ability to provide guidance when issues arise.

And as I said before, employees should see that the importance of compliance is being communicated from the top—whether the CEO, the Board, the General Counsel, or some other very highly respected senior-level figure within the company.

6. Internal Reporting. A company should have an effective system for confidential, internal reporting of compliance violations. I know that many companies have multiple mechanisms, which is good.

7. Investigation. A company should establish an effective process with sufficient resources for responding to, investigating, and documenting allegations of violations. What this means on the ground will depend on the company. A sophisticated multi-national corporation obviously will be expected to have more resources devoted to compliance than a small regional company.

8. Enforcement and Discipline. A company should implement mechanisms designed to enforce its compliance code, including appropriately incentivizing compliance and disciplining violations.

And the response to a violation must be even-handed. Too often, we see situations where low level employees who may have implemented the bad conduct are fired, but their boss, who saw what they were doing and did nothing—and maybe even the directed the conduct—is left in place.

This should not happen. Not only from a department perspective, but from a business perspective. Leaving in place senior managers who sanction bad behavior sends a very wrong message about the company’s true commitment to compliance and ethics.

People watch what people do much more carefully than what they say. When it comes to compliance, you must both say and do.

9. Third-Party Relationships. A company should institute compliance requirements pertaining to the oversight of all agents and business partners.

I cannot emphasize strongly enough the need to sensitize third parties, like vendors, agents, and consultants, to the importance of not compliance.

And these partners need to understand that the company really expects its partners to be compliant. This often means more than just including a boilerplate paragraph in a contract in which the partner promises to comply with the law and company policies. It means warning, and even terminating, relationships with partners who fail to behave in a compliant manner.

10. Monitoring and Testing. A company should conduct periodic reviews and testing of its compliance code to improve its effectiveness in preventing and detecting violations. Kick the tires regularly. As I said, compliance programs must evolve with changes in the law, business practices, technology and culture.

As I said, there is no “one-size fits all” compliance program. But these are guideposts that we consider important to the success of a strong program.

And as important as the compliance program itself is implementation. When we investigate a case, we look at the messages about compliance that are given to employees.

More than just reading the paper program or the code of conduct, we look at what employees are told in their day-to-day work.

We are looking at e-mails, chats, and recorded phone calls. We are talking to witnesses about the messages they received from their supervisors and management – did they receive messages about compliance, or about making money at all costs.

And we examine the incentives that a company provides to encourage compliant behavior – or not. If a company is actually encouraging compliance, if its values are to be ethical and within the law, then that message must be conveyed to employees in a meaningful way. Otherwise, the Department of Justice will not view the compliance program as credible.

And sometimes, effective implementation of a compliance program means standing apart from the other companies in your industry. We have seen significant misconduct taking place throughout an industry.

But the excuse that “everyone else is doing it” didnd’t work in grade school, and it sure won’t work when federal agents come knocking at your door.”

[...]

“Effective compliance programs must be embedded in a company’s culture. And they need to be applied even in the face of misconduct by other companies in the same industry, even if that might mean a short-term competitive disadvantage.

A company’s executives can choose to rise above the rest — or race to the bottom. I am telling you that the Criminal Division will hold responsible companies and individuals that knowingly violate the law, no matter if the excuse is that “everyone” was doing it.

Now what should you do when your robust compliance program fails? Or, when it works, allowing you to discover criminal misconduct? I encourage you to conduct a thorough investigation and to disclose potentially criminal misconduct to the Justice Department.

When criminal misconduct is discovered, a critical factor in the department’s prosecutorial decision making is the extent and nature of the company’s cooperation.

The department’s Principles of Federal Prosecution of Business Organizations provides that prosecutors should consider “the corporation’s timely and voluntary disclosure of wrongdoing and its willingness to cooperate in the investigation of its agents.”

Now let me flesh out the often discussed, but sometimes poorly understood, concept of cooperation.

Most companies now understand the benefits of voluntarily disclosing the misconduct before we come asking, and the benefits of conducting an internal investigation and providing facts about the misconduct to the government.

But companies all too often tout what they view as strong cooperation, while ignoring that prosecutors specifically consider “the company’s willingness to cooperate in the investigation of its agents.”

Corporations do not act, but for the actions of individuals. In all but a few cases, an individual or group of individuals is responsible for the corporation’s criminal conduct. The prosecution of culpable individuals – including corporate executives – for their criminal wrongdoing continues to be a high priority for the department.

For a company to receive full cooperation credit following a self-report, it must root out the misconduct and identify the individuals responsible, even if they are senior executives.

We are not asking that you become surrogate FBI agents or prosecutors, or that you use law enforcement tactics like body wires. And we do not need to hear you say that executive A violated a particular criminal law. All we are saying is that we expect you to provide us with facts. We will take it from there.

But a company that interviews its employees in an effort to whitewash the facts or spread the company’s narrative spin risks receiving any cooperation credit.

Additionally, for a company to receive full cooperation credit, the company must provide relevant documents and evidence, and should do so in a timely fashion.

We find that global companies are increasingly hasty to invoke foreign data privacy laws to avoid providing evidence to the department. While we recognize that some of these laws pose real challenges to data access and transfer, many do not.

As a result, we are looking closely – with an ever more skeptical eye – to ensure that these claims are honest and not obstructionist. A company that reads foreign data protection laws expansively, to restrict its disclosure of documents, when it could be read more narrowly, is in dangerous territory if it wants to receive full cooperation credit.

Although the department welcomes and encourages corporate cooperation, we do not rely upon it. We conduct our own robust investigations – often alongside that of the company – to build our own criminal cases and to pressure-test corporate claims of cooperation.

Companies claiming to cooperate while conducting lackluster investigations with little results should not be surprised when they do not get credit for their supposed efforts. And they should not be surprised when they face the consequences of our own investigations.

The benefits of corporate cooperation are clear. We often explicitly describe the benefits when we reach resolutions with companies. As just one example, earlier this year, the department announced Alcoa World Alumina’s guilty plea to FCPA charges stemming from its payment of millions of dollars in bribes to officials of the Kingdom of Bahrain.

As part of the plea, Alcoa paid $223 million in criminal fines and forfeiture. The department publicly commended Alcoa for its cooperation, which included conducting an extensive internal investigation, making proffers to the government, voluntarily making current and former employees available for interviews, and providing relevant documents to the department.

Alcoa’s cooperation was mentioned specifically as a factor that lowered the size of the criminal fine. In fact, absent cooperation, Alcoa could have faced a fine of more than $1 billion. Many people, however, want concrete examples of cases where we decided not to pursue charges at all in light of a company’s cooperation. The department is not typically in a position to disclose these declinations, and indeed many companies do not want the world to know that they were under department scrutiny.”

[...]

“The Criminal Division is more committed than ever to investigating corporate fraud and corruption. We will investigate regardless whether a company choses to cooperate.

But for a company to receive credit for its compliance program, it must have demonstrated effectiveness, with messages about compliance that come from the top and echo throughout the corporate hallways.

And for a company to receive full cooperation credit, it must uncover the misconduct, identify the responsible individuals, and fully disclose the facts to the department.”

Deputy Attorney General Miller’s October 7th Speech

“I suspect that everybody in this room is familiar with the Principles of Federal Prosecution of Business Organizations, or the Filip factors, upon which we base our corporate charging and resolution decisions. One of those factors expressly directs us to consider “the existence and effectiveness of the corporation’s pre-existing compliance program” in deciding whether to charge a corporation with a crime.

In fact, one is hard-pressed to find a corporate resolution with the Justice Department that does not contain a prominent reference – positive or negative – to the corporation’s compliance program. The existence of an effective compliance program can make all the difference when a corporation is in the Justice Department’s sights.

Today, I would like to highlight a few primary strengths and weaknesses that we have observed in corporate compliance programs of late. As an overarching theme, the failure to expand compliance programs to meet the needs of growing corporations – particularly global corporations – drives many of the compliance problems we have seen. On the flip side, compliance programs that have widespread prophylactic and training mechanisms – as well as procedures designed to uncover wrongdoing and expose individuals responsible for criminal behavior – are the most effective.

A corporation’s ability to use compliance to uncover misconduct and, just as importantly, identify wrongdoers is central to the Justice Department’s evaluation of a compliance program.

As you know, there is no off-the-rack, one-size-fits-all compliance program. Companies must tailor compliance programs to manage their unique risks. There are, however, characteristics that should be present in each program.

In 2012, the Justice Department and the SEC published the Foreign Corrupt Practices Act, or FCPA, Resource Guide, which contains an entire section entitled, “Hallmarks of Effective Compliance Programs.” While the hallmarks in the FCPA Guide are focused on anti-corruption compliance programs, the principles identified apply universally.

Now, I’m not going to go through all the hallmarks with you today – but I will make a couple of overarching points. First, the Justice Department’s hallmarks are designed to encourage a ‘culture of compliance,’ which begins – but doesn’t end – with ‘a tone from the top,’ and extends to actions throughout a company’s ranks.

So hallmark # 1 is high-level commitment. When employees truly understand that a company’s leadership is committed to compliance – even when it runs up against profits – only then does a company truly have a successful compliance program. The quickest way to check on that commitment is to take a look at corporate structure. If you see compliance executives sitting in true positions of authority at a corporation, reporting directly to independent monitoring bodies, like internal audit committees or boards of directors, you likely are looking at a strong compliance program. Compliance programs also need to be resourced; they need to have teeth and respect. By contrast, for years, Wall Street banks housed their compliance programs across the Hudson River, in New Jersey. They were out of sight, out of mind. Compliance programs need to have appropriate stature within corporations.

Another key hallmark is whether the program grows with the company. Any good compliance program needs to be periodically evaluated, using risk assessment models aimed at the individual circumstances of the company. As companies change over time, so must compliance policies.

A strong compliance program must also involve enforcement and discipline. It is human nature to pay more attention to what people do than to what they say. Compliance must be incentivized; violations disciplined. And the response must be even-handed. Too often we see low-level employees who implemented bad conduct fired, but bosses, who did nothing to stop the conduct – and may even have directed it – left in place without sanction.

Although increasingly rare in this day and age – more than a decade after the passage of the Sarbanes Oxley Act – we are still encountering prominent companies with no real compliance programs. Hard to believe, but true.

Just last year, three subsidiaries of Weatherford International, a Swiss oil services company listed on the New York Stock Exchange, pleaded guilty to FCPA and export control violations. Over a period of many years, Weatherford subsidiaries in Africa, the Middle East, and Iraq paid bribes to foreign officials in exchange for lucrative contracts and inside information about competitors. Some of Weatherford’s international subsidiaries also illegally exported oil and gas drilling equipment to countries under United States sanctions – countries like Cuba, Iran, Sudan, and Syria.

But more important to this audience than Weatherford’s conduct itself may be the admissions it made regarding the state of its compliance programs. Weatherford admitted that prior to 2008, the company did not have a dedicated compliance officer or compliance personnel, did not conduct anti-corruption training, and did not have an effective system for investigating employee reporting of ethics and compliance violations.

The most glaring failures occurred in its overseas offices and subsidiaries. Let me give you a revealing example: Despite its global presence, Weatherford did not even bother to translate its compliance policy into languages other than English. Think about that for a second. Weatherford had subsidiaries and operations in more than 100 countries across the globe. It operated in the high-risk environment that is the oil extraction industry. And yet Weatherford didn’t even bother to make its compliance program intelligible to many of its employees – in languages they could understand.

And there’s more. Though in 2004 it began circulating an ethics questionnaire asking if employees were aware of payments to foreign officials, Weatherford had no process to investigate affirmative responses. Indeed, Weatherford did not conduct any follow-up investigation in response to allegations of corruption.

Put simply, Weatherford’s compliance policy was a program in name only. It wasn’t worth the paper it was written on. Had Weatherford employed even a basic compliance program, it may not have found itself paying over $252 million in penalties and fines.

Just last year, three subsidiaries of Weatherford International, a Swiss oil services company listed on the New York Stock Exchange, pleaded guilty to FCPA and export control violations. Over a period of many years, Weatherford subsidiaries in Africa, the Middle East, and Iraq paid bribes to foreign officials in exchange for lucrative contracts and inside information about competitors. Some of Weatherford’s international subsidiaries also illegally exported oil and gas drilling equipment to countries under United States sanctions – countries like Cuba, Iran, Sudan, and Syria.

But more important to this audience than Weatherford’s conduct itself may be the admissions it made regarding the state of its compliance programs. Weatherford admitted that prior to 2008, the company did not have a dedicated compliance officer or compliance personnel, did not conduct anti-corruption training, and did not have an effective system for investigating employee reporting of ethics and compliance violations.

The most glaring failures occurred in its overseas offices and subsidiaries. Let me give you a revealing example: Despite its global presence, Weatherford did not even bother to translate its compliance policy into languages other than English. Think about that for a second. Weatherford had subsidiaries and operations in more than 100 countries across the globe. It operated in the high-risk environment that is the oil extraction industry. And yet Weatherford didn’t even bother to make its compliance program intelligible to many of its employees – in languages they could understand.

And there’s more. Though in 2004 it began circulating an ethics questionnaire asking if employees were aware of payments to foreign officials, Weatherford had no process to investigate affirmative responses. Indeed, Weatherford did not conduct any follow-up investigation in response to allegations of corruption.

Put simply, Weatherford’s compliance policy was a program in name only. It wasn’t worth the paper it was written on. Had Weatherford employed even a basic compliance program, it may not have found itself paying over $252 million in penalties and fines.”

[...]

While the Justice Department is often the last line of defense against fraud and corruption, all of you who work in compliance are the first. Criminal prosecutions can and do deter future bad behavior, but your work can prevent that conduct before it happens.”