MCC: Companies faced record-high penalties in 2014 as a result of FCPA enforcement actions. What are companies being penalized for, and why have penalties skyrocketed?
Walther: You’re correct that 2014 FCPA penalties were particularly large. Last year, FCPA penalties and disgorgement totaled just under $1.6 billion, a huge leap from the prior year. The DOJ and the SEC have had other years with large FCPA penalties, but those were largely driven by blockbuster resolutions like the 2008 Siemens bribery case, which netted $1.6 billion for DOJ, the SEC and the German public prosecutors.
What stands out about 2014 is the fact that, while you had four resolutions that all topped $100 million, there was no one, single blockbuster case. Instead, the 2014 windfall for the U.S. government involves numerous cases that have been percolating for the last several years. As a result of the large backlog of FCPA investigations, and the comparatively small number of prosecutors working on these cases, pending cases are taking longer to get through the resolution process. Judging by the increasing cost of resolving FCPA cases and the backlog of FCPA investigations, the government’s enforcement efforts are unlikely to recede anytime soon.
While there is no single reason that the cost of resolving FCPA cases has been going up, the mammoth JP Morgan Chase resolution from 2013 is probably one of several reasons. In late 2013, JPMC paid $13 billion to resolve a civil case related to mortgage lending practices – it had nothing to do with the FCPA. But in that instant, DOJ broke new ground for what constitutes a “blockbuster resolution.” Prior to JPMC, a $1 billion resolution was a big deal. Now, in the eyes of some at DOJ, a $1 or $2 billion resolution is no longer eye popping. Therefore, prosecutors seeking to “send a message” to companies trying to resolve cases – whether FCPA, healthcare, or securities fraud – start looking at larger and larger dollar figures.
MCC: What guidance is available to companies seeking to understand and comply with the FCPA?
Walther: Historically, the primary resource for companies seeking DOJ’s interpretation of the FCPA was the DOJ opinion release process. A company would submit a fact pattern to DOJ and ask if the Department would initiate an enforcement action based on the fact pattern. DOJ would then review the fact pattern, draft a letter responding to the submitting company, and publish the letter for the world to see. There were two problems with this process. First, many entities simply don't want to identify themselves as engaging in possibly illegal activity. Even if they sought an opinion anonymously, there was a concern that someone somewhere would figure out who is asking the question. Second, it’s a slow process that can take several months to complete. So if you have an urgent question requiring an answer within a week or two, you won’t have time to put together a letter and the required supplementary documentation, and then wait for an indeterminate period as DOJ thinks about the question, writes an answer, has several people in the organization review the answer, then publishes the answer. This process can take many months.
That said, there are certainly some benefits from this process. While the DOJ opinions are limited to the fact pattern presented, they provide some insight into how DOJ would view certain issues that companies often grapple with.
Also, a few years ago, DOJ and SEC issued an FCPA Resource Guide that largely collected information that was already in the public domain – statements made by agency officials, opinion releases, and so forth – and put that guidance into one document. The manual crystallized the agencies’ interpretations of some key issues and was a step in the right direction, though it still leaves some significant questions about what certain FCPA provisions mean and how the agencies would interpret them.
One of the most challenging FCPA issues that companies grapple with relates to pre-acquisition due diligence. Specifically, companies regularly have questions about whether an acquiring company is responsible for potentially improper acts of an acquired company that occur within the days and weeks after the consummation of an acquisition, but before the acquiring company has a chance to implement its own compliance procedures and identify potential irregular conduct.
In the run-up to an acquisition, an acquiring company often cannot access information that would be helpful in identifying FCPA red flags. So a company typically closes a transaction with imperfect information and must determine how to assess compliance post-closing. What haunts the acquiring company is the uncertainty about whether the conduct of the acquired company during those first days, weeks and perhaps months could trigger an enforcement action.
MCC: Has there been talk about instituting some kind of a grace period? How are companies coping with this issue?
Walther: The best guidance on the subject is a DOJ opinion released back in 2008 in response to a company that submitted questions about a similar pre-acquisition due diligence fact pattern and then asked the question: what are you going to do if we buy this company and then learn that we bought a problem? The opinion identified what DOJ viewed to be a reasonable period for discovering and mitigating any issues identified post-acquisition. However, DOJ added – as it always does – that the opinion only applies to the entity asking for guidance, essentially because every set of facts is different. So while that guidance is a helpful starting point in considering the questions about pre-acquisition due diligence and post-acquisition remediation, it’s not something you can bank on. Meanwhile, companies keep doing the best they can.
MCC: Regarding independent monitors, you mention in your study that of the four major FCPA enforcement actions last year, two of the targets were allowed to self-monitor. What are the issues here, and how can companies increase their chances of getting this special treatment?
Walther: Those cases show that the government has taken notice of the practical problems that can arise when DOJ forces an independent compliance monitor on a company. The original idea behind using independent monitors was to make sure a company was fixing the compliance problems that led to the enforcement action. However, experience has shown that monitors can be incredibly costly and burdensome, particularly when there is no clear guidance from DOJ about what the monitor is authorized or instructed to review, and that an independent monitor may not be necessary or appropriate in many cases.
Due to these concerns, companies have increasingly been pushing for the right to self-monitor. But a self-monitorship alone, without some reporting mechanism, is often unacceptable to DOJ because it does not give the Department insight into how a company is fixing its historic compliance issues and assurances that those fixes are working. What has evolved is the type of self-monitorship we have now seen in a handful of FCPA resolutions, where companies that self-monitor agree to submit reports to the DOJ in the same way an independent compliance monitor would. This allows the company to reduce its monitorship costs and have greater control over the monitoring process, but also gives DOJ a window into the company’s remediation efforts.
For companies resolving an FCPA case, there is no surefire way to ensure that DOJ will agree to a self-monitorship. The decision typically rests with the line prosecutor handling the investigation. However, a company that has cooperated with DOJ and shown a willingness to admit to its historic misconduct is more likely to be trusted to self-monitor. If DOJ does not trust a company, or its counsel, during the underlying investigation, it’s unlikely that the company will be trusted to self-monitor.
MCC: Accountants, attorneys and compliance professionals also found themselves contending with enforcement actions, both civil and criminal, directed against them as individuals in 2014. What’s driving this?
Walther: The thinking here is that companies act through individuals, so if DOJ finds corporate misconduct, making the company pay a fine alone may not deter future misconduct. DOJ and law enforcement agencies have long believed that they have to prosecute individuals who are driving those corporate activities to deter future misconduct, but building cases against individuals takes time, and individuals are more likely than companies to force DOJ to prove its case at trial. These principles apply to any kind of criminal matter, including but not limited to FCPA cases.
Many individuals prosecuted for FCPA violations are not located in the United States, which makes sense given the nature of the offense. As a result, it remains unclear whether those individuals will ever see a trial in the U.S. When DOJ charges individuals who live outside the U.S., it typically seeks extradition, which can be a long and complicated process, depending on what country the individual is located in. Preparing cases against individuals, indicting those cases, and walking through the steps necessary to extradite the individuals takes a lot of time and resources. So DOJ always needs to balance the time it takes to build and prosecute these cases against individuals with its desire to prosecute corporate cases.
Notwithstanding all of the press dedicated to DOJ’s FCPA enforcement, DOJ has limited – though growing – resources devoted exclusively to FCPA and a large backlog of cases.
MCC: There is evidence of the SEC's increasing reliance on administrative proceedings. What are your thoughts on the implications of taking FCPA matters out of the courts?
Walther: This has been a hot topic over the past several months. I think there is a fair argument that the SEC’s shift in bringing cases in federal district court to an in-house SEC administrative law judge is unfair, not just because the SEC has home-field advantage in these administrative proceedings, but also because there are no due-process rights in administrative proceedings and because any appeals of administrative rulings are heard by the Commission itself. The SEC’s increasing use of administrative proceedings happened at the same time that it was being criticized for some recent high-profile losses in federal district court, which contributed to public skepticism about the SEC bringing more cases administratively.
MCC: Let's talk about whistleblowers and the SEC's bounty program in terms of FCPA and international anticorruption enforcement.
Walther: The SEC’s whistleblower program is definitely changing the landscape of how the government identifies FCPA cases for investigation and how those cases are then investigated. In a 2014 report, the SEC stated that it received more than 10,000 whistleblower reports since August 2011 and had passed 600 of those reports onto the Enforcement staff for investigation. This could be an incredible source of information for the SEC, which the Commission will likely leverage in a similar fashion to what DOJ has done in healthcare fraud and procurement fraud matters.
If you look at Justice Department’s enforcement in the healthcare arena, the percentage of investigations and settlement dollars attributable to whistleblowers is astronomical. DOJ’s civil healthcare enforcement regime has become largely dependent on whistleblowers for its success. It looks like the SEC is trying to recreate what DOJ has done with its whistleblower program. It will take years before we can tell whether the SEC will succeed or not, but at least we know where it is heading.
What we haven't seen from the SEC’s whistleblower program yet is a lot of payouts. The Wall Street Journal reported this past May that of the 297 whistleblowers who have applied for awards since 2011, 83 percent haven’t received a decision from the SEC. Of course, time will tell, but if SEC addresses its backlog and we start seeing more – and higher-dollar – payouts, I expect that the plaintiff's bar will become more active in this arena, as it has been in healthcare. What we do know is that the potential for whistleblowers to generate new cases is huge.
MCC: What current developments or issues on the horizon should our readers be aware of?
Walther: One of the most significant developments so far in 2015 didn't get a lot of publicity: the FBI’s announcement earlier this year that it was going to triple the number of agents focused on foreign bribery cases. Prior to this year, the FBI had one squad of agents based in the Washington Field Office that worked almost exclusively on FCPA cases. In March 2015, the Bureau announced that it was tripling the number of agents who will be investigating FCPA cases and locating those agents in Washington, D.C., New York City and Los Angeles.
If you look back over time, when the FBI hires agents to investigate a particular type of crime, prosecutions in that area generally increase. Over the last several years, the increasing FCPA enforcement regime has largely been driven by the DOJ and SEC. The DOJ’s Fraud Section has increased the number of prosecutors handling FCPA cases, and the SEC created a dedicated FCPA Unit and staffed that unit with Enforcement attorneys who specialized in the FCPA. During this time, the FBI only had somewhere between 10 and 15 dedicated agents investigating FCPA cases.
The FBI’s decision to triple the number of agents investigating FCPA cases shows that, like the DOJ and SEC, it is similarly committed to foreign corruption matters and willing to spend more money to see the program grow. The Bureau will now expect to see results from its investment.
MCC: If a company has already implemented an effective FCPA compliance program, is there anything else it should be doing to avoid an enforcement action?
Walther: Definitely. An effective compliance program is the first step to avoiding an enforcement action. But because businesses are always evolving, they need to continually assess their greatest risks and make sure that their compliance program addresses those risks. Companies also need to make sure that their well-designed program is working properly and not just collecting dust on the shelf.
MCC: Prior to joining Jones Day, you served in a variety of roles at the Department of Justice, including as a supervisor in the FCPA unit where you worked with foreign governments in connection with anti-bribery and anticorruption enforcement. What factors led to your decision to join the firm?
Walther: I was really attracted by Jones Day’s global reach. The firm has offices in all financial hubs around the world, so we are located in the places where our multinational clients need legal services. So when I get a call from a general counsel of a U.S. company who has an immediate problem in London, Hong Kong, Sao Paulo, Shanghai or almost anywhere else in the world, I can pick up the phone and have access to a phenomenal lawyer in that jurisdiction. Along with our global reach and global talent, Jones Day also has the ability to handle multiple investigations in multiple countries simultaneously. In the anticorruption space, it is becoming more common for multinational companies to face investigations in multiple countries by multiple agencies. Jones Day has been handling investigations and defending cases like this for years, and we’re doing more of it today.
Given the increasing focus on anticorruption issues by regulators and enforcement regimes around the world, clients need a law firm that can solve their problems without regard to borders. At Jones Day, we solve those problems.
Published July 17, 2015.