Today we have a few suggestions for how to resolve FCPA cases with the Securities and Exchange Commission, courtesy of a securities enforcement virtual forum that took place Thursday. One point that compliance officers will appreciate hearing: you, rather than defense counsel, should be the ones in the room with the SEC to explain why your company’s compliance program is trustworthy.
This might typically happen at “Remediation Day,” where the company under investigation goes before the SEC to explain what steps it has taken to address whatever misconduct got the company into FCPA trouble in the first place.
On such occasions, according to Charles Cain, head of FCPA enforcement at the SEC, the chief compliance officer should be the one leading the company’s tap dance.
“The absolute worst thing for a compliance or remediation presentation is for it to come from defense counsel,” Cain said, while speaking at the 2021 Securities Enforcement Forum. “We want to hear from the people who are actually in the business, in those positions. If it’s a compliance presentation, I want to hear from the chief compliance officer, or people with regional compliance responsibility.”
Why? Because the SEC wants to hear from “people who can answer questions in real time” to explain what compliance reforms the company has implemented, why it chose those particular steps, and how the reforms are working in practice. Those are questions defense counsel “can’t possibly respond to, because they’re not doing it,” he said.
The presence of the compliance officer can be particularly important in cases where the company is “on the cusp” of receiving a compliance monitor, Cain said, so the CCO can convince the SEC that, yes, the compliance program is strong enough that it doesn’t need a monitor nosing around to confirm that fact.
“If you want to persuasively inform the government of what you’re doing… it’s critical that you have [compliance officers] there, so we can assess their credibility, knowledge, and commitment” to the program over the long-term, Cain said.
Even defense lawyers on the panel with Cain agreed with his point that defense counsel should butt out and let compliance officers do the talking.
The SEC “needs to understand that the people who are running the compliance program are invested, and understand what the root cause of the problem was,” said Tarek Halou, a partner at law firm Wilson Sonsini. A compliance officer should be able to explain the root of the problem in a few sentences, Halou said, “to make sure that [the company] gets it, and is going to fix it, and to make sure it doesn’t pop up again.”
Cain also warned that even when compliance officers do make an appearance, “The absolutely least effective thing is to come in and read me a PowerPoint.” But then, that’s true of any situation in life, isn’t it?
Coordinated FCPA Enforcement
Cain also said the SEC wants to keep coordinating its FCPA enforcement actions with other regulators around the world. We’ve seen numerous instances of that in the last several years, including recent enforcement actions against Amec Foster Wheeler in July and against Credit Suisse just last month.
“It’s something that, for many years, companies have asked for,” Cain said; presumably so global corporations can put specific misconduct incidents behind them in one (potentially painful) swoop.
Cain’s remarks then led to a detour into best practices for dealing with the SEC and the Justice Department when they’re both investigating your company for the same FCPA offense. In that circumstance, panelists said, engage with both agencies as openly as possible.
For example, when one agency asks for a certain pile of documents, provide it to both. When you plan to conduct a witness interview with one agency, alert the other and ask if it has any additional questions for the witness. What you don’t want is one agency to be more familiar with the case and its facts than the other agency, since that will delay any hope of a coordinated resolution.
Of course, it’s still possible that the Justice Department and the SEC might move at different speeds for their respective investigations, and compliance officers can’t tell one or the other to hurry up. In that case, Halou said, simply keep both agencies informed about your progress and key events with the other agency. (That can be especially useful in witness interviews, where you alert the other agency that a meeting is happening and it might send a functionary even just to hang out and take notes.)
One other excellent point about global FCPA investigations, raised by Bill White of law firm Allen & Overy: there’s a difference between cooperation, where multiple jurisdictions might share data, documentation, witness statements, and so forth; and coordination, where multiple jurisdictions agree to one global FCPA settlement. Compliance officers should appreciate the distinction.
Cooperation might be on the rise as more and more companies take anti-corruption enforcement more seriously; coordinated settlements might be more elusive, especially if the countries involved have larger political tensions. We haven’t seen much of that yet, since so far most countries enforcing anti-corruption have been U.S. allies — but that might change in the future, especially as China and Russia step up their supposed concerns about corruption.
Prepping for Remediation Day
White also had words of advice for compliance officers preparing for that fateful Remediation Day in front of the SEC and other regulators. Foremost: start preparing early. Like, potentially months ahead, because that day of reckoning will come eventually.
Compliance officers should approach Remediation Day with the mindset that “we’re going to have this day coming at some point,” White said. “Let’s make sure we’ve actually built something that’s effective, and see where the holes and the gaps are.” Otherwise, the SEC enforcement staff will find those gaps for you, and then the conversation takes an awkward turn.
Indeed, one logical point to start thinking about Remediation Day might be when you conclude the internal FCPA investigation and know all the facts (and the root cause). That’s when a compliance officer can start to envision what SEC or Justice Department staffers might ask about. The answers you’d want to give to those questions — the “here’s why we know this won’t happen to us again” stuff — will probably bear a close resemblance to the compliance program improvements you’ll need to make.
Then you just go forth and implement those reforms. And remind defense counsel to sit in the back when you arrive at the SEC.