Here’s an intriguing question about compliance officers certifying the effectiveness of their compliance programs: Could we trace this idea, at least partly, back to an FCPA opinion release the Justice Department published in 2020?
This notion came to me from a sharp-eyed compliance officer who was reading the opinion release the other day. It involved a U.S. investment fund that wanted to purchase a collection of assets from an overseas investment bank majority owned by a foreign government. As part of its research, the U.S. fund sought and received assistance from a different foreign subsidiary of the same foreign bank in connection with the purchase. Ultimately, that second subsidiary billed the U.S. bank $237,000 for its services.
So, the U.S. investment fund asked, would paying that $237,000 bill trigger any FCPA liability?
Not likely, the Justice Department replied. First, the payment went to a company (the second foreign subsidiary) rather than to a specific person. Second, there was no indication that the payment might later be diverted to a specific person.
Third, the U.S. investment fund received specific, legitimate services from that foreign bank, “and the chief compliance officer of the [the second foreign bank] has certified that the intended payment … is commensurate with the services provided and is commercially reasonable.”
Hmmm. That’s interesting.
To be clear, I do not believe this Opinion Release, issued in August 2020, is a direct ancestor to the CCO certification policy the Justice Department has today. The release came during the Trump Administration, which had quite different ideas about corporate and personal accountability than the Biden Administration does. I doubt that assistant attorney general Kenneth Polite or anyone else at the department today looked at that opinion release and thought, “Compliance officers certifying the propriety of transactions, great idea, let’s scale that up!”
On the other hand, the release isn’t that far removed from the idea of compliance program certifications. It’s an early instance of the compliance officer certifying the integrity of something and the Justice Department using that fact to render a decision. The compliance officer who brought the release to my attention (and who is no stranger to FCPA enforcement, rest assured) called it a “foreshadowing” of CCO program certification requirements; perhaps that’s the better word here.
I did sift through the archive of FCPA Opinion Releases, going back 10 years. None mention the words “certify” or “certification” anywhere else. Some do talk about “opinions” or “statements,” but we’re textualists here at Radical Compliance. Neither an opinion or a statement has the same sense of formality as a certification.
We should also remember that the Justice Department’s FCPA Resource Guide does mention FCPA compliance certifications many times — but only in the context of, say, third parties certifying to your company that they have an anti-corruption compliance program of their own, or that they follow your FCPA training. That’s not the same as a compliance professional personally certifying, “Yes, this transaction is legitimate.”
True, the compliance officer mentioned in the opinion release was only at a third party to the U.S. company, rather than the U.S. company itself; but the person was still a compliance officer, personally certifying to the legitimacy of something. Three years later, here we are.