How the DOJ Looks at Compliance Programs Part I

Tuesday, May 22, 2012

Thomas Fox

59d9b46aa00c70238bb89056cfeb96c0

Although often discussed in Deferred Prosecution Agreements (DPAs) or Non-Prosecution Agreements (NPAs), most compliance practitioners are not familiar with one of the most important sources of Department of Justice (DOJ) policy regarding the charging of corporations under the Foreign Corrupt Practices Act (FCPA).

This source is found in the United States Attorney’s Manual section, entitled “Principles of Federal Prosecution of Business Organizations” (“the Principles”).

However, there is an excellent discussion found on this issue in the January 2012 publication of “Complying with the Foreign Corrupt Practices Act: A Practical Primer” (“the Primer”), published by the ABA Criminal Justice Section, Global Anti-Corruption Task Force.

The Primer has several authors including Salen Churi, David Finkelstein, Joe Mueller; persons from the University of Chicago School of Law, Dean David Zarfes, Michael Bloom and Sean Kramer; the Microsoft Corporation, including John Frank and Michel Gahard (collectively “the authors”).

The Principles themselves recognize that while prosecutors are to apply “the same factors in determining whether to charge a corporation as they do with respect to individuals” such as evidence, likelihood of trial success, deterrent to others similarly situated and others factors, the prosecution of corporations is different than prosecuting individuals.

The Primer notes that the Principles state “that prosecutors have a duty to protect economic and capital market, to protect those compete in those markets through lawful means and to generally protect the American public from corporate misconduct.” 

To assist prosecutors in making these determinations, the Principles provide a list of factors which must be considered in any decision on whether or not to bring charges or enter into DPAs or NPAs with companies. They are:

  • The nature and seriousness of the offense, including the risk of harm to the public and any policies governing the prosecution of corporations for specific types of crimes;
  • The pervasiveness of wrongdoing within the corporation, including managerial complicity;
  • The organization’s history of similar misconduct;
  • The corporation’s disclosure of wrongdoing and willingness to cooperate;
  • The existence and effectiveness of the corporation’s compliance program;
  • The corporation’s remedial actions, including efforts to implement or improve effective compliance programs, to replace management, to discipline or terminate wrongdoers, to pay restitution, and to cooperate with government agencies;
  • The harmful collateral consequences of charges or agreements, including those to investors and the public;
  • The adequacy of personal prosecution as opposed to organizational prosecution; and
  • The adequacy of non-criminal remedies.

In addition to these specific guidelines, the Principles “indicate that compliance programs are specifically relevant to the DOJ’s evaluation of four general contexts: (1) the pervasiveness of wrongdoing within the corporate; (2) the history of a corporation’s conduct; (3) whether a corporation should be eligible for a reduced sanction because of voluntary disclosures; and (4) whether a corporation has taken significant remedial actions to deter future violations.”

The Principles also require a prosecutor to “independently consider the sufficiency of a company’s compliance program.” The Primer further discussed these four general contexts plus the requirement for an independent consideration of a company’s compliance program.

Pervasiveness of Wrongdoing

The Primer initially notes that a company should not be held liable for isolated or small numbers of FCPA violations by company employees particularly if the company has a “robust compliance program in place.” Pervasiveness will be determined on a case-by-case basis and is a fact intensive analysis.

However, one of the clearest pronouncements is that corporate management is responsible for “a corporate culture in which criminal conduct is either discouraged or tacitly encouraged”. In other words, tone at the top does matter. The Primer relates that “in evaluating pervasiveness, compliance programs are relevant in determining when any wrongdoing can be fairly attributed to the actions of a corporate management and the culture it has fostered.”

History of Conduct

The history of a wrongful conduct is relevant in how the DOJ may well resolve a case. This means that your company had better have a written compliance program in place but such written program should not simply be a paper program, present as window dressing in case the DOJ comes knocking.

This is the document, document and document part that I continually write and speak about. Not only must you document your actions and decisions but you must be able to call up such documentation in a reasonable time frame. Further, if the company has a history of misconduct it may well be construed by the DOJ as “probative of a corporate culture” which condones, if not actively encourages, violations of the FCPA.

Voluntary Disclosures

Voluntary disclosures and compliance programs converge in the DOJ’s analysis because, as the Primer denotes the DOJ desires that company’s “conduct internal investigations and to disclose …relevant facts to the appropriate authorities.”

Recognizing that under Dodd-Frank, or other legislation, a disclosure could come to the DOJ via another mechanism, it is still important to understand that a prosecutor “may consider a corporation’s timely and voluntary disclosure in evaluating the adequacy of the corporation’s compliance program and its management’s commitment to the compliance program.”

Remedial Actions

The Primer reports that the DOJ assesses several factors when looking at a corporation’s response to a FCPA violation. The Primer lists these factors as the following:

  • Has the corporation “appropriately disciplined the wrongdoers, even if they are at the highest level of seniority?;
  • Is the company focused on ‘the integrity and credibility of its remedial and disciplinary measures” rather than the protection of the wrongdoers?;
  • Has the corporation paid restitution in advance of a court order, most particularly under the restitution has the corporation accepted responsibility for its actions?; and
  • Whether the corporation “quickly recognized the flaws in its compliance program and has made efforts to improve the program?”

These four factors seem to boil down into two areas: (1) did the company take “meaningful” steps to ensure the conduct does not occur again; and (2) did the company take responsibility for its own actions?

Tomorrow we will take a look at how a prosecutor might analyze a company’s compliance program and also review the US Sentences Guidelines related to FCPA compliance.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

Cross-posted from Tom Fox Law

Possibly Related Articles:
8311
General
General Legal
Legal Compliance Enterprise Security Risk Management DOJ Lawsuit Corporations cco Prosecution
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.