A Strategy for Non-Disclosure of FCPA Violations
We all understand that issues are not black and white, meaning there are areas of gray when analysis and cost-benefits need to be weighed. Lawyers are regularly identifying legal risks and applying such risks to specific courses of action. Depending on the countervailing considerations, lawyers can recommend moving forward in the face of a specific risk.
Much has been written (including on this blog) about the calculation to voluntarily disclose potential FCPA violations to the Justice Department and the SEC. The Justice Department’s FCPA Pilot Program is designed to encourage companies to voluntarily disclose and cooperate with the government in the hopes of earning a 50 percent reduction from the bottom of the fine range (or even a declination). We do not know yet whether the FCPA Pilot Program has had any appreciable impact on the number of companies voluntarily disclosing potential violations to the government.
In the ordinary course of business, companies may face situations where it has to determine whether to cross the DOJ threshold and disclose potential FCPA violations. One important point has to be understood – once a company chooses to disclose, it has to fully cooperate, remediate and assist the government to determine the full nature and extent of any violations. Additionally, the company has to turn over all information concerning culpable individuals. In doing so, the company effectively cedes control of its destiny over this FCPA issue to the Justice Department.
The Justice Department decides whether a fine has to be paid and how much of a fine; whether remediation has been sufficient and whether a corporate monitor is required. The company has very little power except its ability to advocate and persuade the Justice Department. It is extremely difficult, if not impossible, for a company to walk away from a possible settlement after the company has cooperated. A company will not suddenly pull out and go to trial.
In determining whether to voluntarily disclose to the government, the company has to weigh the risks of detection and the possible outcome of such a course. For example, a company may choose not to disclose, accept the risk of detection, and then decide to cooperate after it is detected. The company cannot seek the benefits of the FCPA Pilot Program. However, it can still earn credit for cooperation and remediation.
Voluntary disclosure can be the preferred strategy when faced w a multi-country or multi-region bribery violations. A relatively “minor” set of violations contained to one country and involving non-significant amounts of money may be appropriate for a non-disclosure strategy.
If the company chooses not to disclose, the company should take a number of affirmative steps.
First, the company has to investigate the potential FCPA violations to ensure that the conduct has ceased, and to define the nature and extent of the violations. If the conduct involves third parties, the company has to audit the third party so it has a complete picture of the third party’s involvement.
The company’s investigation has to be conducted under the protection of attorney-client privilege. Given the importance of the investigation, the matter has to be handled carefully and privilege maintained.
Second, the company has to discipline all managers and employees who were involved in the bribery scheme. If there are any third parties involved – agents or distributors – they should be terminated pursuant to contractual provisions.
Third, the company has to remediate its compliance program and ensure that enhancements are implemented to prevent such conduct from recurring. The enhancements should be comprehensive and specifically tailored to the root cause of the violations. The Justice Department has made clear that the compliance enhancements should be tailored to the root cause analysis of the violations. An aggressive auditing program should be tailored to review the matter and continuing activities to ensure that no FCPA violations have recurred.
These basic steps obviously are very general in nature. The specific circumstances relating to FCPA violations can require changes in the above strategy.
One final important point to follow a strategy of non-disclosure is the need to document each step in the process, the review of the actions and appropriate approvals for each step. Such a review process usually will involve the audit committee.
The goal of a non-disclosure strategy is to put the company in the exact position it would be in the absence of a voluntary disclosure. In other words, the company should complete an internal investigation, discipline responsible employees and third parties who participated in the scheme, remediate the violations, and document every step that the company takes to respond to the situation. If the Justice Department discovers the violations and seeks information about the potential violations, the company is in a positive position to respond to the inquiries.