Now the Only Path to an SEC DPA or NPA: Self-Reporting
Lauren Connell, Managing Associate at The Volkov Law Group, joins us again for a posting about self-reporting FCPA violations. Lauren’s profile is here, and she can be reached at firstname.lastname@example.org.
One of the critical questions when evaluating a potential FCPA violation is to decide whether to disclose the matter to the Justice Department and the SEC.
The SEC recently announced a requirement for companies to voluntarily disclose such conduct in order to qualify for a deferred prosecution agreement (“DPA”) or a non-prosecution agreement (“NPA”). By explicitly naming self-reporting as the only path to obtain a DPA or NPA, the SEC is adding one more item in the “pro self reporting” column.
The decision to self-report is complex. There are numerous factors, including: the pervasiveness of the conduct, any related investigations, the likelihood of a whistleblower reporting the activity, individual liability for self disclosure, impact of negative publicity, and role of the organization’s compliance program in relation to the potential violation’s discovery. The new policy will not make the decision easy.
Andrew Ceresney, the SEC Director, Division of Enforcement, gave a speech on November 17, 2015 in which he makes clear that the SEC is wielding both a “carrot” and a “stick” to encourage self-reporting. In the five years since the SEC launched its formal cooperation program we have seen the program provide some definition to the previously existing informal policy of providing credit for voluntary disclosure of a potential FCPA violation.
The advantages of a DPA or NPA are clear. As Mr. Ceresney said, “there are significant benefits available to companies who self-report violations and cooperate fully with our investigations.” Penalties are reduced by up to 90% and reduced charges lessen all negative ramifications of an enforcement action. This includes reducing costs, reputational harm, and collateral consequences for an organization. As an example: at the beginning of this year PBSJ self-reported and fully cooperated, which led to a 90% reduction in the disgorgement level.
Organizations should think long and hard before giving up these potential benefits that now accompany a decision to self-report, especially when compared to the severe consequences of not self-reporting. The Marubeni enforcement action of March 2014 is another good example, in which the DOJ specifically cited the company’s decision “not to cooperate with the department’s investigation when given the opportunity to do so, its lack of an effective compliance and ethics program at the time of the offense, its failure to properly remediate and its lack of voluntary disclosure of the conduct.” This led to an unusually harsh penalty of an $88 million fine and 8 count guilty plea.
What remains is the question of “when.” An organization faces a difficult decision, but faces it under the pressure of knowing that making the decision too late or too early can result in its own negative consequences. Self-reporting too late risks the DOJ and/ or SEC discovering the circumstances on its own, thus eliminating the option to self-report. On the other hand, making the decision to self-report too early could be done without having all necessary background information. Internal investigations can take a long time, and even longer to be done thoroughly. Often executives find themselves facing a decision about self-reporting with incomplete information as a result of the volume of information to be examined.
I anticipate that Mr. Ceresney’s speech will result in a slow shift away from looking at the question in terms of “should we self-report”, instead moving towards the question of “when should we self report.” The good news is that if all companies begin to openly discuss potential FCPA-related violations discovered within their own ranks we might ultimately see a more insightful pool of knowledge on what FCPA risks are. By recognizing common trends and patterns, we may ultimately empower organizations to address bribery and corruption scheme’s before they begin, and within the organization’s own ranks through targeted training and internal control policies. In such an environment everyone wins except those seeking to profit from bribery.