Step Right Up With your FCPA Violation
Just a few days ago, we reported on our blog about the November 14 DOJ/SEC issuance of the 130-page guidance document titled “A Resource Guide to the U.S. Foreign Corrupt Practices Act.” Now it’s time to get into some of the details.
About half way through the new FCPA guidance, an interesting amount of information is put together, including from the DOJ’s “Principles of Federal Prosecution of Business Organizations.” The DOJ pitches out the message in black-and-white that those of us in compliance have believed to be the golden parachute: if you tell us before we find you, there is a direct and substantial benefit that will flow through to settlement options, calculations of monetary penalties, and even jail time.
Concerning criminal offenses, while there is no “entitlement to immunity” (Prosecution, 9-28.740), a DOJ evaluation of a request for immunity, amnesty, or reduced sanctions includes “the adequacy of the corporation’s compliance program and its management’s commitment to the compliance program” (Prosecution, 9-28.750). These phrases tie directly into the federal sentencing “Guidelines Manual” 2-prong test of an “effective compliance and ethics program” as one that affirmatively seeks to prevent and detect criminal conduct and otherwise promote an organizational culture that encourages ethical conduct and legal compliance (Guidelines §8B2.1).
Why talk about the new guidance document, making reference to the criminal aspects of federal enforcement? Because in the 2012 FCPA guidance document, the section titled “Corporate Compliance Program” headlines “An effective compliance program prompts ‘an organizational culture that encourages ethical conduct and a commitment to compliance with the law.’”
For you, the question becomes how to evaluate whether your company’s FCPA and other compliance programs are “effective” and properly “encouraging.” If you do not have any written program document, nor FCPA standard operating procedure, then it’s time to contact us at Orchid Advisors, so that we can immediately shift you into high gear for FCPA and other compliance matters.
If you do already the proverbial “something” in play, how can you evaluate your SOP library? The new guidance document expressly comments, “DOJ and SEC have no formulaic requirements regarding compliance programs.” It’s a misleading turn-of-phrase that can cost you into the millions of dollars in fines, if that is all you read on this subject.
In fact, the new FCPA guidance goes on to lay out “three basic questions” that DOJ/SEC will use to evaluate compliance programs: (1) is the company’s compliance program well designed; (2) is it being applied in good faith; and, (3) does it work? Note the use of the word “program,” meaning a comprehensive, company-wide set of documents, trainings, and employee certifications. Note also the active verb in the second question, “applied,” carrying with it the expectation that the compliance program is active and on-going.
Perhaps most interesting is question number three, “does it work?” This is the question that circles us back to the headline of this blog, which is whether your company has identified an occurrence for self-reporting before becoming the subject of an investigation. The proof of your effective and active FCPA and other compliance programs is your company’s ability to initiate a self-report of a potential violation with remediation.