The Justice Department is going to expand the benefits of the FCPA Pilot Program and make those benefits permanent policy, in a sweeping gesture to entice more corporations to confess possible FCPA violations and then cooperate in investigating them.
Most important detail: from now on, if your company discloses an FCPA violation and meets the other criteria of the Pilot Program—cooperate fully, and remediate the underlying failures that allowed the violation to happen—the Justice Department’s default position will be to decline to prosecute.
That’s a big step beyond FCPA enforcement policy until now, which promised discounts in monetary penalties and the possibility of a declination; but didn’t start with the presumption that no charges would ensue. (And even under the new policy, the department will reserve the right to prosecute if “aggravating circumstances” exist, such as senior management participating in the FCPA misconduct.)
The Justice Department disclosed the new policy Wednesday morning, ahead of a speech deputy attorney general Rod Rosenstein gave where he unveiled it formally.
“The new policy enables the Department to efficiently identify and punish criminal conduct, and it provides guidance and greater certainty for companies struggling with the question of whether to make voluntary disclosures of wrongdoing,” Rosenstein said.
The policy change itself should surprise nobody who has been paying attention. (I floated this outcome months ago.) The political logic is in perfect step with what the Trump Administration wants to achieve: the appearance of a more considerate enforcement regime; the flexibility still to punish offenders vigorously when the department wants; and plausible deniability that, no, the Administration isn’t going soft on corruption.
After all, a full retreat from the FCPA Pilot Program would force the Justice Department either to prosecute FCPA cases itself much more vigorously (it has neither budget nor the manpower to do that); or give up prosecuting the FCPA (which exposes the department to criticism that it’s rolling over for President Trump, who couldn’t care less about corruption).
The expanded program will henceforth be known as the FCPA Corporate Enforcement Policy, and folded into the U.S. Attorney’s Manual. (“One of my goals is not be remembered for writing a memo,” Rosenstein said in his speech.)
What We Don’t Know Yet
The obvious questions right now are: (1) how might the Justice Department prosecute a case where the company doesn’t meet all the FCPA Program criteria; and (2) how vigorously will prosecutors evaluate a company’s compliance program as part of its investigation?
If the answer to either question is some version of “poorly,” then compliance officers might face significant changes to their roles, duties, and positions in the future.
For example, in Rosenstein’s speech, he says: “Even if a company does not make a voluntary disclosure, benefits are still available for cooperation and remediation.” Fair enough, but exactly how much benefit might you still get? If the department still gives steep reductions in penalties when you don’t disclose—that could make the financial calculus of hushing up misconduct more attractive.
Disclosure means investigation, and investigations always cost money; keeping quiet can cost more money, if you get caught. So if Rosenstein is serious about discouraging companies from keeping quiet, he’ll need to assure that keeping quiet is a costly mistake. Let’s see how that works in practice.
We also want to see how the Justice Department continues to evaluate corporate compliance programs. Not long ago I wrote that even if the Evaluation Guidelines document itself disappears from the Justice Department website (it’s still there today), the principles behind those guidelines are sensible and timeless.
So if the department is serious about enforcing the law, what happens to those guidelines on a substantive level? Will prosecutors use them zealously to assess a compliance program, or will they treat it as a “paper compliance” exercise? If it’s the latter—again, that changes the financial calculus for companies about how they handle misconduct cases, and how much to invest in compliance programs.
One Final Point
Earlier today I wrote a fun column about my son, and the control failures that led to him losing one of his mittens. I closed by saying, “All you need to know about ethics and compliance, you can learn from raising small children.”
Think about disclosure of FCPA violations in that light. When your child does something wrong, do you only want him to cover up the mess behind your back so nothing is permanently amiss? Or do you want him to admit what he did to you, so you can help him learn to be a better person in the future? Which type would you want your child to be? Which one do you think would become a better, more respectable adult?
Remember that point the next time someone tells you it’s better not to disclose that violation and move on.