Earlier this month, Assistant US Attorney Leslie Caldwell announced that the US Department of Justice’s Criminal Division Fraud Section will try to entice companies to self-report potential FCPA issues.
The DOJ included a “carrot” in announcing its one-year pilot program: If companies self-report ahead of a DOJ investigation, FCPA penalties could be significantly reduced.
What’s in it For You?
In April 2017, the Fraud Section will determine whether to extend or modify the program. Until then, participation could result in:
- A 50% reduction in fines, compared with 25% reduction for cooperative companies who don’t self-disclose
- Elimination of the potential for the appointment of a compliance monitor
- Declination of prosecution
So What’s the Catch?
Andrew Weissmann, Chief of the Criminal Division’s Fraud Section, outlined the pilot offer in a memo to members of the Fraud Section. It was then also released with a reminder from Caldwell that the DOJ was stepping up enforcement activity:
Accordingly, in recent months we have announced significant enhancements to the Department’s ability to investigate and prosecute FCPA cases. For example, the Criminal Division’s Fraud Section is adding 10 additional prosecutors to its FCPA Unit, increasing the size of that unit by more than 50 percent.
At the same time, the FBI has established three new squads of special agents devoted to FCPA investigations and prosecutions. This should send a powerful message that FCPA violations that might have gone uncovered in the past are now more likely to come to light.
And simultaneously, we are strengthening our coordination with foreign counterparts—sharing leads, making available essential documents and witnesses, and more generally working together to reduce criminals’ ability to hide behind international borders.
This may seem like an idle threat, considering that the number of FCPA prosecutions fell last year to low double digits. But these new DOJ resources, international cooperation and the backlog of 80 to 90 matters at the start of 2016, show that the DOJ is serious.
Getting Real About Your FCPA Risks
Because these investigations take years to complete, new investigations can begin at any time. The DOJ seems to strongly suggest that organizations shouldn’t operate on the hope that they won’t get caught—and that they shouldn’t view cooperation after the fact as a sound strategy.
Many organizations are already taking risks in the FCPA arena, particularly with respect to third parties acting on the organizations’ behalf who, in many cases, trigger the bribes or corruption that lead to FCPA prosecutions.
NAVEX Global recently published our Third Party Risk Management Benchmark Report, which found that some organizations are deciding to roll the dice—for example, 44 percent of respondents said they conduct due diligence on less than half of third parties.
The new FCPA Guidance makes it clear that:
Nothing in the Guidance is intended to suggest that the government can require business organizations to voluntarily self-disclose, cooperate, or remediate. Companies remain free to reject these options and forego the credit available under the pilot program.
The DOJ clearly wants to make it worthwhile for organizations to identify and self-report FCPA violations and wants organizations to firm up controls and compliance programs to prevent future violations.
Requirements for credit under the pilot program include:
- Voluntary self-disclosure and full cooperation
- Timely and appropriate remediation
- Compliance with the September 9, 2015, “Yates Memo,” regarding investigations and culpability of individuals within the organization
Do You Feel Lucky?
With the one-two punch of the Yates Memo and this pilot program, organizations with FCPA failures—or particularly high probability of bribery and corruption—must ask themselves if they can take the chance that the DOJ will not investigate them.
They then need to weigh that risk against the reward of beating the DOJ to the punch and self-disclosing after conducting a full-blown investigation.
Keep in mind that this decision involves many variables. Regardless, an organization should always work to know its compliance risks if, for no other reason, than to address issues internally and mitigate any unexpected failures or controls.
Not knowing because of ignorance is the greatest risk of all.
Talk to a solutions expert today to get help understanding and addressing FCPA risks in your organization.