With the DOJ's renewal of the FCPA’s self-disclosure pilot program in March comes many questions, the most common being: what does the indefinite extension mean for the FCPA enforcement overall? McGuireWoods partner Alex Brackett, whose practice focuses primarily on advising and supporting corporate and individual clients in the areas of white collar criminal defense and internal investigations, shares his thoughts on how the integration of anticorruption compliance programs often aid companies in solving for more than one compliance issue, whether or not the FCPA has created an uneven playing field for U.S. companies, and what types of actions - or inactions - are most likely to result in FCPA enforcement matters. The interview has been edited for length and style.
President Trump has openly criticized the FCPA. What signals, if any, have we seen so far from the White House about its intentions toward the FCPA?
Brackett: Obviously, some of the president’s prior comments about the FCPA received a good deal of attention, both in the run-up to and after the election. Having looked at those and at comments that others in the administration have made subsequently, I think it’s fair to say that his statements are a little bit dated. Attorney General (Jeff) Sessions’ statements during the confirmation process and statements by other key officials since clearly indicate that FCPA enforcement is not something that they plan to de-prioritize. I fully expect that it’s here to stay.
The administration has been critical of the SEC, which has obviously been an important and fairly aggressive FCPA enforcer. Within the SEC there has been enforcement of the FCPA that, in some respects, has pushed some boundaries in terms of theories of liability and conduct that some people have been critical of as going beyond the scope of what the FCPA is really intended to pursue. I would not be surprised to see a decline in some of the more regulatory-focused aspects of the SEC’s enforcement of the FCPA, but I don’t see it going away, particularly in cases where there are real indicators of individuals having acted with real criminal intent.
Many of us have been wondering what this DOJ is going to mean for white collar enforcement in general. I suspect that we’re probably going to see some retrenching around crimes where you cannot show that there was true criminal intent versus some of the enforcement in areas like the FCPA, where that clear intent has not necessarily been evident.
One key indicator that everyone was looking at earlier in the spring was whether the FCPA pilot program that DOJ announced last year was going to be renewed, which it was in late March for an indefinite period. Had the administration come in and allowed that program to expire in April, that might have been a bellwether that FCPA enforcement could be on the wane. The fact that they extended, even if only to examine the program and see whether it merited having continuing life, is an indicator that we’re maybe in a wait-and-see moment.
How is the DOJ’s recently extended pilot program working out in real life and how are you advising clients about taking advantage of it?
Brackett: There have been a number of matters resolved under it. Interestingly, the first matters were all coming out of China, which has obviously been a significant focus for FCPA investigations. There are clearly indicators that companies are taking advantage of it and DOJ does appear to be providing them some real material benefit for participation. In terms of how clients weigh their approach to making a disclosure, the best I can say is that the pilot program is another one of the many elements that we would weigh with a client when they’re making a decision on whether to disclose or not. Naturally, it will depend on the facts and the circumstances, but I don’t know that it’s become a huge overriding factor so much as one of the many factors that you’re going to look at. In part, that’s because, while DOJ has outlined some very clear benefits that you can receive, the pilot program does not provide certainty. There’s still a tremendous amount of discretion in DOJ, so that dilutes some of the value that clients might get out of it. They’re taking a leap of faith that they’re going to get a significant material benefit from their disclosure.
How do you separate the interests of individuals within a company versus your representation of the company in these matters?
Brackett: Well, in any significant white collar matter, whether it’s an FCPA matter or something else, you’ve always got to be looking at, and being clear about, who the client is. A great way to get yourself into trouble is to launch into an investigation and lose sight of that, and lose sight of the fact that there could well be individuals who need their own counsel and who you need to be a little bit more thoughtful about how you engage with as an investigation starts.
It becomes important substantively, in terms of making sure that if there are potentially culpable individuals or people who might need counsel, that they’re getting an opportunity to retain counsel and that you’re not doing things in the investigation that could be problematic, for the company or for the individuals. Also, because DOJ has been so out front in recent years about the fact that they want to aggressively pursue individual prosecutions in order to send a message to potential wrongdoers, you’ve got a lot more awareness at the C-suite level and beyond about the potential exposure that individuals have when their company is under investigation.
Is there a way to address criticisms that the FCPA creates an uneven playing field for U.S. firms, which go to considerable lengths to comply, and foreign competitors, who have little exposure to DOJ prosecutions, without making the act unworkable?
Brackett: If you look at the track record of FCPA enforcement and what companies have been in the top 10 over the years, you will understand that not only is the reach of the FCPA incredibly extensive, but also that DOJ and SEC have done a pretty exceptional job of reaching out and being able to enforce it against non-U.S. companies. So I’m not sure that the track record of enforcement has demonstrated that it’s creating some kind of unfair burden on U.S. companies, in terms of how they compete internationally. I do think that U.S. companies have been forced to focus on compliance investments, possibly earlier than some of their non-U.S. competitors, but we really are seeing that this has become an increasingly global norm. We are no longer alone in having anti-bribery and anticorruption laws like the FCPA.
There’s no other country out there that’s enforcing their anti-bribery and anticorruption laws with the same vigor that we are, but when you look at the UK Bribery Act, the Brazil Clean Companies Act, changes Canada has made to the Corruption of Foreign Public Officials Act, and even changes that are occurring in anticorruption laws and enforcement in countries like China, India and throughout Europe, you really see that, over the last decade and over the last couple years to an even greater extent, this is very clearly a focus area for countries other than the U.S. And we’re starting to see enforcement in those other countries. It appears that this is simply becoming a built-in factor for any company in any country, particularly if they’re going to operate across borders, that having robust anticorruption compliance programs is just a baseline expectation.
On that front, one thing that we have found with any number of our clients, in terms of how they look at the investment in compliance in that space, when you’re building the control and when you’re building the policies and procedures that go into a robust anticorruption compliance program, you’re not just solving for the anticorruption problem. You tend to end up solving for a lot of compliance issues at the same time because there are a lot of different legal and regulatory issues that come into play with international business that have significant commonalities and get addressed by very similar tools. In addition, when we deploy those tools, we try and be really mindful of the business needs so as not to impede the business unnecessarily. We typically find ways where we can provide them value, in terms of transparency and visibility that, while it’s solving for a legal or regulatory issue is also giving them valuable information and insight from a business perspective. Companies are increasingly viewing these investments in compliance as things that pay dividends broadly across the company and not just in solving for a legal risk.
Awareness of FCPA compliance as a necessary focus area for corporate compliance programs seems to have matured and become a given. Are there particular areas where companies continue to under-invest from a compliance perspective?
Brackett: If you went back a decade, you could likely have found lots of companies with an international business risk profile that may not even have had a policy in place or may not even have addressed bribery or corruption in their code of conduct, if they even had a code of conduct in place. Now it’s fairly difficult to find a business of any real sophistication that operates across borders that doesn’t have a code of conduct and doesn’t have policies and procedures that address these issues. In most cases, they are also taking other steps to control for those risks through things like personnel training and making sure that they’ve got robust financial controls. The baseline has improved significantly in terms of some of those core aspects of what you would expect to see in a compliance program.
At the same time, as companies are maturing in their awareness levels and are maturing in their commitment to and investment in compliance, the expectations placed upon them by law enforcement and regulators will mature and evolve as well. They have the lucky prerogative for them of being able to keep moving the goalposts, which they do in order to continue to push that evolution towards where the baseline should be and what companies need to invest in. A couple of things that we are consistently recommending to clients and that, at times, can be challenging to get clients to commit to or make the necessary investment in, are things like having a true third-party due diligence program that’s functional and robust, and is designed well, adequately resourced and is something that gets paid attention to and periodically revisited and revised.
Third-party risk is really at the heart of most FCPA enforcement matters. It’s at the heart of FCPA compliance efforts. If you’re engaging with lots of third parties and are failing to do true due diligence on them, then the rest of your program is really imperiled because you’re just inviting a tremendous amount of risk into your operations.
The other area that we often see as a fairly significant blind spot or weak point for clients in their compliance programs is building anticorruption and other compliance focuses into their post-acquisition due diligence and compliance integration processes when they enter into new acquisitions, whether it is buying certain assets or business lines from a company, or buying an entire company. Clients are increasingly good at pre-acquisition due diligence and there’s a good awareness of the need to include a compliance focus in that. What they don’t always do as good a job of is following up on the things that they learned about in pre-acquisition due diligence.
There can be a bit of exhaustion once you hit the closing date and they won’t always invest in that next step, which is to take a really close post-closing look at what it is you’ve bought, the red flags that came up in the pre-acquisition due diligence and then being willing to invest in a true integration process. Often that new acquisition is integrated into the business from an operational perspective, but it also needs integrating from a compliance perspective. The new operations that you’ve acquired, and the resources and personnel within them, need to understand the compliance expectations placed on them and the policies and procedures that apply to them. They need to have received training, be subject to an adequate level of oversight, and understand things like hotline reporting obligations and mechanisms. It is critical to ensure that the things that you’re pushing down to them fit for that new organization. They may have previously operated under a different type of code or different policies or different oversight. Their operations might be different or their locations might be different. There might be cultural challenges that are different. It’s not always simple to just send over a copy of the policies and procedures and code and say this now applies to you and you’re going to do annual training and leave it at that. You really need to make sure that it fits, that the message has been received, and that the controls are in place and are working.
At the end of the day, when you look at FCPA enforcement matters, there is always a significant number of them where the problems that resulted in the enforcement action were either a failure to adequately vet, understand and oversee the third parties that you were inviting into your house, or a similar failure to adequately vet and integrate a new acquisition into your business. Those are where problems often arise, fester and turn into enforcement matters.
Is there anything else that we should be bringing to the forefront related to FCPA for our readers?
Brackett: One thing I might add is, just in terms of anticipating where FCPA enforcement is heading, I think it’s important to keep in mind the long tail on these matters. Like many white collar matters, these are not cases that develop quickly. They tend to be multi-year investigations and sometimes can stretch on beyond five years or more. This new administration is coming into a situation where they’ve got a fairly extensive pipeline of cases at different levels of development and I don’t think it’s realistic to expect that many of those cases are going to go away. Because of that long tail, we’re going to continue to see cases that started years ago mature and result in enforcement actions. Time will really tell if there’s going to be a significant impact or curtailment in this area. We’re really not going to know for some fairly significant period of time in all likelihood. I just don’t see this curtailing in any significant fashion anytime soon. I could obviously be proven wrong, but that’s just my prediction.
Alex Brackett is a partner in the Richmond, Virginia, office of McGuireWoods. He represents individual and corporate clients facing regulatory and criminal investigations and co-leads the firm’s Strategic Risk and Compliance team.
Published July 17, 2017.