When In Doubt – Remediate Your Compliance Program
The 2012 settlements with Pfizer, Data Systems and Solutions and NORDAM all underscore an important point – when a company discovers potential violations, the company should consider implementing appropriate remediation while completing its internal investigation in order to improve its compliance program.
The Justice Department has cited this factor in determining the “discount” for cooperation and acceptance of responsibility. In past years, early remediation has been cited by the Justice Department in larger cases such as Siemens, Daimler, and other blockbuster settlements. In the Daimler case, the eventual monitor started working with Daimler half-way through the internal investigation to implement remediation.
The earlier a company addresses identified deficiencies, the more it can cite such steps to the Justice Department and the SEC as evidence of its commitment to compliance and fixing the problems identified by the company.
Even in situations where a company decides not to voluntarily disclose to the government, remediation can provide importance insurance if the government learns about the company’s violations. If a company learns of an FCPA violation and the government is not aware of the violation, the company should conduct an internal investigation to define the nature and scope of the violation. As part of this process, the company should consider what remediation, if any, is warranted to address any deficiencies.
The company should evaluate steps to fix compliance or systematic problems, even if they decide not to disclose the matter to the Justice Department. In fact, the more they address the problem, the better they protect themselves in the future.
If a whistleblower or disgruntled employee eventually discloses the issue to the Justice Department and/or the SEC, the company is in a good position to respond to a government subpoena or letter requesting information. The company can “hold its head up high” and report to the Justice Department and/or the SEC that it identified the problem, and fixed the problem by implementing appropriate steps to remediate the violation(s).
When considering appropriate remediation steps, the company needs to consider the following questions and take steps to address these issues:
1. What was the specific nature of the conduct? How pervasive was the conduct?
2. Who was involved? Was there any primary actor? Was there a primary supervisor who knew or should have known of the conduct?
3. Why was the conduct not detected or reported?
4. What specific improvements to the compliance program should be made to prevent such conduct in the future?
By focusing on these questions, a company can come up with appropriate remediation steps. The company has to be committed to remediation and to spending the money needed to design and implement remediation. As in all cases relating to compliance, a dollar spent on this issue will inevitably save dollars down the road. This is not a time for companies to skimp or ignore the need for remediation.