The Debate Over A Corporate Compliance Defense
I have been reluctant to join the debate over a corporate compliance defense to FCPA violations. I would like to count Tom Fox, Mike Koehler and Howard Sklar among my friends. I also have a lot of respect for them. They each have weighed in on the issue of a corporate compliance defense to an FCPA violation.
At the risk of stirring the pot, I thought I would add my perspective to the issue. At the heart of the debate, in my view, is one question – how do you maximize corporate anti-corruption compliance?
Enforcement has had a dramatic impact on compliance. No one can question the impact of the Justice Department and SEC’s aggressive enforcement program. More companies have improved their compliance programs – adopting enhanced compliance procedures, increasing training, devoting more resources to due diligence, and implementing state-of-the-art assessment tools.
Is there another tool to increase corporate compliance beyond what has already occurred in response to enforcement? This is where Tom Fox, Mike Koehler and Howard Sklar diverge. Tom Fox and Howard Sklar contend that a defense is not needed to increase compliance – an aggressive enforcement program gives companies plenty of reasons to improve compliance.
Mike Koehler argues for a corporate compliance defense, suggesting that corporations will increase compliance if they know that they can assert such a defense to an FCPA charge. Mike has a very good point – so long as a corporation can be held criminally liable under the doctrine of respondeat superior for the conduct of a single employee, notwithstanding the company’s overall compliance efforts, a compliance defense will give company’s an incentive to increase compliance programs.
Mark Mendelsohn, the former head of the Justice Department’s FCPA section, argues that companies will not increase compliance if they can claim the defense. Specifically, he claims that companies cannot afford to be indicted and go to trial at which they would assert the corporate compliance defense. In other words, there is no marginal benefit to companies because they can never afford to be indicted and then raise the defense. But this argument ignores the practical impact of the defense – it gives companies additional leverage in negotiations with the Justice Department and the SEC in resolving FCPA violations. As a result, companies will have an incentive to increase compliance as insurance against an enforcement action.
My friend and mentor, Judge Stanley Sporkin, the (Grand)Father of the FCPA, goes one step further, arguing for an “inoculation” procedure for companies. Specifically, Judge Sporkin contends that compliance will increase if you offer companies immunity for a defined period (say 3 years) and require them to disclose any violations and implement remediation measures in response to any compliance deficiencies. In other words, companies have a specified time in which to get their houses in order, disclose the violations to the government, and then get a clean bill of health. After the immunity period expires, companies would be subject to enforcement, just like today. In Judge Sporkin’s model, he claims that companies would have even greater incentive to comply than a corporate compliance defense.
It is hard to predict exactly how companies will respond if a compliance defense is created. It is also hard to decide what additional incentives, if any, are needed to increase compliance. Tom Fox and Howard Sklar would say none. Mike Koehler and Judge Sporkin would say more incentives are needed.
Reasonable people can disagree. Even smart ones like Tom Fox, Howard Sklar, Mike Koehler and Judge Sporkin.
Mike,
Interesting viewpoint. I agree it’s an area where reasonable people can disagree.
My only question: from when would the 3-year immunity period start? Would we just suspend all FCPA enforcement for three years? Would we not be at risk for decreased compliance spend? Maybe I’m just too cynical: I think companies would spend zero for as long as they could, then say their current program is sufficient. All the money would be spent on audits to find existing issues rather than trying to control for new ones.
Wow: that did come out cynical. But still too true.