FCPAméricas Blog
More Wisdom from Tom Fox
12.13.2011
At last week’s World Compliance FCPA Summit 2011 in Houston, TX, U.S. FCPA compliance attorney Tom Fox offered important points of wisdom.
“Document, Document, Document.”
The bedrock components of an adequate FCPA compliance program are well known. Every deferred prosecution agreement since Panalpina has included an Attachment C outlining basic requirements (see, e.g., Attachment C of Panalpina DPA). Tom Fox instructs how, in addition, it is equally important for a company to record its steps of compliance. His three most important words for FCPA compliance are “Document,” “Document,” and “Document.” While some attorneys are inclined to retain as little documentation on file as possible believing that it will reduce potential liabilities, Mr. Fox stresses that the opposite is true under the FCPA. If an issue happens to arise, the company will want to show regulators each step of the compliance process. “If the evidence does not appear before enforcement officials’ eyes, then, to them, it does not exist,” Mr. Fox says. So, for example, when retaining third parties, the company should thoroughly document the due diligence conducted and the compliance commitments obtained from the third party. When providing entertainment, gifts, or hospitality to government officials, the company should record the approvals from management authorizing disbursements. Document each step of the way.
“Making a Comeback.”
The debate over the benefits of voluntary disclosure and cooperation is well documented. Mr. Fox weighs in by showing clear evidence of how companies committing violations can “make a comeback.” He cites the RAE Systems action to show how losses can be mitigated after discovering violations. In that case, the violations were associated with two Chinese JVs and were considerable. For one JV, RAE failed to conduct acquisition due diligence and the JV subsequently gave gifts to family members of Chinese government officials (including “jade, fur coats, kitchen appliances, business suits, and high-priced liquor”) and consulting contracts to Chinese government officials. But RAE made a comeback. The DOJ acknowledged four actions taken by the company:
- Timely, voluntary, and complete disclosure of the facts;
- Thorough, real-time cooperation with the DOJ and SEC;
- Extensive remedial efforts undertaken; and,
- A commitment to submit periodic monitoring reports to the DOJ.
As a result, the action was limited to a non-prosecution agreement, rather than a more burdensome deferred prosecution agreement. RAE received only a civil fine for failing to implement internal controls rather than a more severe criminal penalty for bribery. And it avoided a monitor.
Mr. Fox shows how enforcement officials have recently granted similar benefits, to varying degrees, in other settlements. In Alcatel-Lucent, the company made a comeback despite engaging in a worldwide bribery scheme and initially failing to cooperate. As a result, it was only held to books and records and internal controls violations rather than bribery violations, and it received reduced penalties of $92 million from DOJ and $45 million from SEC, even though the nature of the scheme was widespread. Similarly, Maxwell Technologies received reduced criminal fines and a preferential payment schedule for the fine after fully cooperating.
Emergence of Enhanced Compliance Obligations?
In the Johnson & Johnson DPA, enforcement officials for the first time introduced “enhanced compliance obligations,” a custom-made list of requirements given the specific circumstances surrounding the company’s wrongdoing. The changes to basic compliance expectations were subtle but notable. Mr. Fox instructs that, even though these requirements apply only to Johnson & Johnson, they might provide insight into the direction that enforcement is moving with respect to evolving compliance expectations. Consider these three:
Complaints and Reports. Johnson & Johnson is required to establish a “Sensitive Issue Triage Committee” to review and respond to complaints and reports of wrongdoing. This provision can guide other companies on new best practices in prioritizing hotline reports through a committee process.
Acquisition Due Diligence. Johnson & Johnson is provided a “safe harbor” for acquisition due diligence. Before this DPA, enforcement had never explicitly clarified the role of due diligence in mitigating FCPA liability in acquisitions. Now, based on this DPA, it appears that if a company performs a full audit within eighteen months, turns over its findings, and trains relevant personnel and business representatives within twelve months, it will free itself of FCPA liability for the prior acts of the acquiree.
Third Party Due Diligence. Johnson & Johnson is required not only to vet its third parties, but to also document a business rationale for their use. This suggests that best practices should include written reports by business teams justifying retention of third parties, in addition to standard due diligence efforts like gathering references, assessing the market-based rationale for rates, and reviewing the entities’ qualifications.
Our next post will consider wisdom offered at the same conference by the Bribery Act Guys.
The FCPAméricas blog is not intended to provide legal advice to its readers. The blog entries and posts include only the thoughts, ideas, and impressions of its authors and contributors, and should be considered general information only about the Americas, anti-corruption laws including the U.S. Foreign Corrupt Practices Act, issues related to anti-corruption compliance, and any other matters addressed. Nothing in this publication should be interpreted to constitute legal advice or services of any kind. Furthermore, information found on this blog should not be used as the basis for decisions or actions that may affect your business; instead, companies and businesspeople should seek legal counsel from qualified lawyers regarding anti-corruption laws or any other legal issue. The Editor and the contributors to this blog shall not be responsible for any losses incurred by a reader or a company as a result of information provided in this publication. For more information, please contact Info@MattesonEllisLaw.com.
The author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author.
© 2011 Matteson Ellis Law, PLLC
Post authored by Matteson Ellis, FCPAméricas Founder & Editor
Comments