This LawFlash summarizes key takeaways from the American Conference Institute’s (ACI’s) 38th International Conference on the Foreign Corrupt Practices Act (FCPA), where top government officials offered insight and clarification on recent policy announcements and other trends in FCPA enforcement. On the heels of the conference, the Biden-Harris administration issued a broad-based set of strategic initiatives for combatting corruption that reiterated themes from the conference and introduced new objectives and plans.
Officials at the conference included speakers from the US Department of Justice (DOJ), Securities and Exchange Commission (SEC), Serious Fraud Office, and other regulatory agencies. The DOJ officials, joined by representatives from the SEC and Federal Bureau of Investigation (FBI), spoke at length about major changes to corporate criminal enforcement policies outlined by Deputy Attorney General (AG) Lisa Monaco during her keynote address at the American Bar Association’s National Institute on White Collar Crime.
Following the ACI conference, on December 6, the Biden-Harris administration issued the first-ever US Strategy on Countering Corruption, an ambitious strategic plan premised on five “mutually reinforcing pillars” for fighting corruption. The administration’s strategy underscored major themes from the conference, including enhanced use of data and analytics, increased coordination with, and assistance to, foreign law enforcement partners, targeted anti-money laundering enforcement, and aggressive prosecution of gatekeepers and others involved in corrupt schemes.
Deputy AG Monaco’s October 2021 announcement that DOJ would consider “all prior misconduct” in making decisions about corporate resolutions sparked questions and debate. DOJ and SEC officials at the FCPA conference did little to narrow or better define the scope and instead answered a number of those questions by stating that taking a “broader view of companies’ historical misconduct” means DOJ will look at everything, regardless of jurisdiction, recency, or relation to the conduct at issue. Assistant AG Kenneth Polite, who leads the DOJ’s Criminal Division, compared the evaluation of prior misconduct to an individual defendant’s pre-sentence report. Acting Chief of the Fraud Section Joseph Beemsterboer likewise reiterated that the “entirety” of a company’s prior record is relevant but noted that prosecutors have the discretion to holistically evaluate and determine the weight of each instance of a company’s prior misconduct. In other words, everything—regulatory or criminal, foreign or domestic—is on the table, but prosecutors will not weigh it all equally.
DOJ also emphasized that the newly formed Corporate Crime Advisory Group would consider issues relating to prior misconduct and is likely to offer guidance on issues such as no-fault resolutions. DOJ officials downplayed concerns that the recent policy changes announced by Deputy AG Monaco will inhibit companies from making self-disclosures and reiterated the benefits of self-reporting, including the ability to have some measure of influence and control over the resolution process, reduced penalties, and avoiding a situation where a company “is constantly looking over its shoulder,” hoping the misconduct won’t be reported by a whistleblower or otherwise discovered by the government.
DOJ, SEC, and FBI officials consistently reiterated and emphasized Deputy AG Monaco’s message concerning individual accountability. In October, Monaco announced that DOJ was restoring prior guidance issued by former Deputy AG Sally Yates that eligibility for cooperation credit hinges on companies providing the DOJ with all non-privileged information about all individuals involved in, or responsible for, the misconduct at issue. Companies cannot only identify employees who were “substantially involved”—FCPA Chief David Last was emphatic that DOJ would make that determination based on the evidence. Both Last and Assistant AG Polite emphasized that companies looking for cooperation credit cannot limit the information they’re providing—a prerequisite is disclosure of everything, and DOJ will assess the relevance and culpability of individuals. The FBI, SEC, and DOJ also stressed that the focus on individual accountability is a major theme and that individual prosecutions, which were at a high in 2021, will continue into 2022.
The Biden-Harris administration’s five-pillar strategic plan underscores DOJ’s attention to individual prosecutions, highlighting a focus on money-laundering and kleptocracy offenses, which have historically involved individual defendants. Pillar three deals entirely with holding corrupt actors accountable.
DOJ and SEC representatives also provided helpful clarification of Deputy AG Monaco’s announcement on corporate monitors. FCPA Chief Last and Assistant AG Polite stressed that companies can expect a monitorship if the company has a deficient, improperly resourced, or simply untested compliance program. Polite also stated that prosecutors will consider the state of a company’s compliance program at the time of the conduct at issue as well as at the time of resolution, suggesting that remedial improvements may obviate the need for a monitor. He cautioned, however, that an improved but untested compliance program is likely to warrant a monitor. Officials were quick to note that this approach to monitorships is not a break with past practice, and monitorships should be tailored to the individual circumstances of each investigation and designed to be beneficial to the company’s compliance program going forward from a resolution.
DOJ FCPA Unit Assistant Chief Lorinda Laryea discussed the pervasive use of ephemeral messages through applications like SnapChat, WeChat, and WhatsApp. Laryea acknowledged that ephemeral messaging use is widespread and difficult (if not impossible) to prevent; however, often the most relevant communications in FCPA investigations are found in ephemeral messages, rather than text messages or emails. Accordingly, in the age of widespread Bring Your Own Device (BYOD) practices, it is critical for companies to implement policies surrounding ephemeral messaging relating to business communications. While Laryea emphasized that DOJ is not in the business of telling companies how they should operate, the agency will ask questions about a company’s policies, methodology, and approach to preserving, accessing, and collecting this content. Moreover, she added that DOJ will probe as to whether a company exercises its rights where possible to understand whether its employees are adhering to policies concerning the use of prohibited applications for business communications. Further, companies should be prepared to address jurisdictional data privacy laws and what steps they took to obtain the data from different sources, if possible. Companies should work with counsel to fully understand the privacy landscape in the relevant jurisdiction and be prepared to explain it to DOJ.
Officials also discussed the increasing number of cross-border investigations and coordination with foreign law enforcement agencies, including those in the most significant FCPA investigations. The Biden-Harris administration’s five-pillar plan extensively discusses cross-border coordination, including a “Democracies Against Safe Havens Initiative,” led by the State Department, that will engage partner countries to coordinate actions on law enforcement and sanctions, as well as a kleptocracy initiative, which offers a tangible financial incentive—similar to those offered to whistleblowers by the SEC—for reporting information leading to the recovery of stolen assets. Pillar five—and much of pillar four—are dedicated to various “diplomatic engagement and foreign assistance” programs, though the deployment of resources to the relevant agencies, including DOJ, will be critical to seeing any one of these strategic objectives succeed.
Compliance officers from two global companies and external counsel from Morgan Lewis and two other firms participated in a panel discussion focused on ways to measure the effectiveness of ABAC compliance programs. The panel addressed the importance of risk assessments in developing effective compliance programs to address ABAC concerns as well as the need to continually evaluate and adjust the risk assessment over time and as experience warrants. The panel also focused on the importance of auditing and monitoring, including a robust internal auditing function, and noted that the June 2020 DOJ Guidance Document “Evaluation of Corporate Compliance Programs” expressly focused on internal auditing by instructing prosecutors to ask questions such as:
What is the process for determining where and how frequently internal audit will undertake an audit, and what is the rationale behind that process? How are audits carried out? What types of audits would have identified issues relevant to the misconduct? Did those audits occur and what were the findings? What types of relevant audit findings and remediation progress have been reported to management and the board on a regular basis? How have management and the board followed up? How often does internal audit conduct assessments in high-risk areas?
Some companies have developed within the internal audit function a special team of auditors who specialize in auditing and testing the compliance program policies and processes related to ABAC risk, while others include ABAC testing procedures as part of standard internal audits of business operations outside of the United States. In either case, auditors should be properly trained on how to identify potential FCPA risks in conducting their procedures and to be aware of the importance of seeking legal counsel in the event there is evidence of bribery discovered during the course of the audit.
If you have any questions or would like more information on the issues discussed in this LawFlash, please contact any of the following Morgan Lewis lawyers: