In recent weeks the U.S. Department of Justice (DOJ) and Securities and Exchange Commission (SEC) issued new guidance applicable to corporate anti-corruption compliance programs. Unfortunately, this guidance manifests a continued use by the government of ambiguous and broad language, and serves mostly to emphasize yet again the broad discretion claimed by those in charge of enforcing the Foreign Corrupt Practices Act (FCPA) and the government’s reluctance to draw clear boundaries around its interpretations of the relevant statutory language.
Under current federal law and sentencing guidelines, a company can be held criminally liable for the misdeeds of any employee, no matter what lengths the company has gone to in order to prevent those misdeeds; however, prosecuting and sentencing are to give some consideration to the organization’s overall level of culpability in assessing penalties. Criminal liability under the FCPA per violation is as high as $25 million for a public company and $2 million for a private company, and it’s a rare circumstance when a rogue employee engages in a single bribery violation. Thus, the amount of discretion left to DOJ and SEC prosecutors is tremendous, with unelected and largely unaccountable officials making decisions worth hundreds of millions of dollars in some cases —a circumstance that has drawn considerable criticism toward those enforcing the FCPA.
The DOJ and SEC have attempted to respond to this criticism by issuing guidance as to how this extraordinary discretion is to be exercised by the relevant officials. Unfortunately, this guidance does more to preserve than to limit that exercise of discretion.
On June 1, the DOJ issued an update to its “Evaluation of Corporate Compliance Programs” guidance document, which describes what DOJ prosecutors are to consider when assessing companies’ compliance programs, issuing charging letters, and entering into case settlements. Since its original publication in 2017, the guidance document has been advertised as a resource for corporations and small businesses alike when building and revising their compliance programs. This updated guidance again stresses that all DOJ decisions are to be determined on an individualized, case-by-case basis; however, in noting that a company’s “size, industry, geographic footprint, [and] regulatory landscape” and many other factors are to be taken into account by prosecutors, the guidance does nothing to actually limit what factors are and are not relevant, and so does more to justify than to limit the discretion of DOJ prosecutors.
A key theme of the DOJ continues to be emphasized in the updated guidance, which is that a company’s commitment to compliance will not be judged simply by looking at the text of a policy statement or set of company procedures. Both the DOJ and the SEC are aware that too many companies feel they have met their compliance burden simply by adopting some lofty terms to be posted on the company’s website. Instead, the regulators continue to stress that FCPA compliance measures are to be judged by the extent to which senior company management is manifestly committed to compliance, and whether the operations of the company manifest that commitment on a day-to-day basis.
Following the DOJ’s updated compliance program guidance, on July 3, the DOJ and the SEC published the updated “Resource Guide to the U.S. Foreign Corrupt Practices Act, Second Edition” (the “Resource Guide”). This Resource Guide, the first edition of which was originally released in 2012, provides additional detail regarding these agencies’ interpretation of key requirements of the FCPA.
Revisions to the Resource Guide include updated discussions on gifts, successor liability, third party due diligence and payments, and case resolutions, and includes some new topics covering issues such as the investigating and reporting of potential violations, remediation of misconduct, and compliance best practices. The updated Resource Guide does continue to provide some helpful insight into the regulators’ expansive interpretations of the statutory standards that they are called to enforce and of their broad discretion in applying those standards. Ultimately, though, this updated Resource Guide is again replete with broad interpretations and ill-defined recommendations that seem more designed to engender discomfort rather than certainly for those companies whose operations in foreign countries raise FCPA compliance challenges.
For more information on how these could impact your business, contact: