Demonstrating “Systemic Success” in FCPA Compliance: Identifying and Maintaining Evidence to Respond to Government Investigations . . . Before They Begin
By William C. Athanas
The proliferation of FCPA enforcement actions against corporate entities in recent years is well documented. Although these actions have imposed a variety of sanctions against companies operating in a broad range of countries and industries, they frequently share a common property: systemic failures of compliance to prevent, detect and remedy violations of law. Because of the lack of judicial guidance illuminating the contours of the FCPA, those engaged in international commerce have understandably relied heavily on these enforcement actions in an effort to enhance their ability to avoid a similar fate. To be sure, studying the context and substance of FCPA actions against other entities serves a helpful purpose. However, narrowly confining the information-gathering process to those situations necessarily leads to underinformed decision making. Of equal, if not greater, value are the lessons learned from those companies that have attracted the attention of government regulators, but that ultimately avoided criminal and civil sanctions altogether.
By expanding the focus in that fashion, those who struggle to ensure compliance with the FCPA can properly transform the goal from “trying to avoid what corporations do wrong” to “emulating what they do right.” Once identified, those corporations stand to benefit greatly by specifically modifying their FCPA compliance programs to identify and retain evidence that demonstrates this commitment. Armed with the knowledge gained from adopting this approach, those companies not only equip themselves with powerful evidence to respond to government inquiries, but also create readily identifiable benchmarks to measure the ongoing effectiveness of their compliance programs.
The Rationale Underlying FCPA Enforcement Actions Against Corporations
There can be little doubt that the inability to imprison a corporation means that the government lacks its most effective weapon of deterrence. That said, the Department of Justice nevertheless recognizes that “[v]igorous enforcement of the criminal laws against corporate wrongdoers, where appropriate, results in great benefits for law enforcement and the public, particularly in the area of white collar crime.”
In the FCPA context, the government has the ability to employ different methods to enforce the statute against corporations, including through the use of indictments, deferred prosecution agreements, and non-prosecution agreements. Moreover, the government enjoys the ability – and the leverage – to impose sanctions that correspond to the severity of the violation though remedies such as imposing fines, installing monitors, and mandating the creation and maintenance of compliance measures. Implicit in all of these approaches is the notion that the government’s response should reflect the degree to which intervention is necessary because the corporation has not, cannot, and will not act to prevent, detect, and remedy FCPA violations on its own.
The decision to initiate an FCPA enforcement action against a corporation results from the application of a multi-variable calculus. In that equation, the most compelling factor is often the degree to which the violations represent systemic failures, either because: (1) the entity has made a conscious choice to elevate profitability over compliance, essentially making foreign bribery an unwritten part of its strategic plan (Siemens AG, Wilbros); or (2) the entity has effectively disregarded any obligation to ensure that it conducts its activities within the boundaries of the law, opting instead to avoid putting any safeguards in place to prevent FCPA violations (Wabtec, Faro Technologies).
Attacking the Presumptions Which Motivate FCPA Enforcement Actions
When government regulators learn of alleged FCPA violations, they might well presume that one of these two conditions exists, even when that is not the case. As a result, corporations that find themselves the target of a government inquiry face a real, immediate challenge to marshal and present evidence in an effort to alter the government’s presumption.
Where the government assumes – or expects to find – the worst in a company, such as rampant corruption or reckless disregard for the law, corporations must step forward with solid contrary evidence calculated to dislodge the government from its view. Simply demonstrating that the corporation did not have a widespread business model built on bribe payments will not carry the day, however. Rather, corporations under scrutiny must offer tangible proof that they have acted with genuine commitment to conducting themselves within the parameters of the law, even when doing so resulted in significant financial harm or verifiable lost opportunities.
As a practical matter, this means that companies must be able to provide evidence of those instances where it was solicited for bribe payments, stood to realize substantial financial gain by making them, and nevertheless refused to do so. Such “litigation prep” binders, of course, are not unique in the business world. In house counsel, for example, routinely maintain records of disciplining or even terminating employees who violated company anti-harassment or trade secret policies. Such records demonstrate a policy’s “teeth,” and lend credence to a company’s assertion that its compliance measures are robust and real – not just paper tigers. An effort to catalogue FCPA compliance would serve the same purpose.
The Various Manifestations of “Systemic Success” in FCPA Compliance
Demonstrating “systemic success” is not simply limited to identifying occasions where the corporation has rejected bribe solicitations. Other examples in this category include instances where the corporation, acting on its own initiative:
- detected potential FCPA violations before they occurred, and took remedial measures, including imposing disciplinary action against those who sanctioned or attempted to carry out such conduct;
- obtained periodic certifications of FCPA compliance from intermediaries and joint venture partners, and took action to terminate relationships with those individuals or entities when certifications were refused or revealed violations;
- exercised audit rights secured in agreements with intermediaries and joint venture partners, and took appropriate action when those audits uncovered red flags;
- enhanced the structure and operation of its compliance program after voluntary testing revealed that such modifications would improve effectiveness;
- identified irregularities in its books and records through its own review processes and took appropriate measures to rectify inaccuracies;
- recognized red flags in the process of conducting due diligence on prospective intermediaries, joint venture partners or M&A targets, investigated and confirmed the apparent violation or elevated risk, and then voluntarily terminated the proposed transaction; and
- followed up on information received through its confidential reporting mechanisms and took swift action to remedy alleged misconduct.
The most compelling examples of this conduct are those where the company elevated its commitment to FCPA compliance over its financial interests. Those instances where the corporation terminated an existing relationship or walked away from a prospective one, sacrificing substantial pecuniary gain in the process, provide the clearest proof of a company’s sincerity to operating within the law. As part of this equation, corporations should undertake not only to quantify and document anticipated financial gains forgone, but also maintain evidence of the costs incurred (including legal, accounting, and investigative fees) in "doing the right thing."
Using Evidence of “Systemic Success” to Minimize Sanctions When Enforcement Actions Cannot be Avoided
Depending on the nature and extent of the FCPA violations detected, corporations may be required, or find it advantageous, to disclose the "external" unlawful conduct to authorities. For example, SEC regulations implemented under Sarbanes Oxley require companies to disclose “material weaknesses” in internal controls. Whether or not such disclosures take place, installing methods to catalogue examples of the types of actions listed above nevertheless serve to provide the corporation with compelling evidence to defend itself if, and when, its actions face government scrutiny. Evidence of this nature demonstrates a genuine—and effective—commitment to FCPA compliance. In such environments, the perceived need for government intervention is greatly reduced, if not eliminated.
Obviously, the value of this evidence may be diminished in those situations where violations occur undetected (or worse, unaddressed) by the corporation. But that context does not strip away all significance. The evidence remains a vital part of calibrating the nature and magnitude of sanctions, and the method of government enforcement from among the government’s options.
The existence of a compliance program that is robust in both theory and practice supports the notion that violations represent isolated and unsanctioned actions of rogue employees, rather than the manifestation of an unwritten company policy or the existence of a culture of corruption. That, in turn, allows the corporation to make a far more forceful argument that the sanctions exacted should be at the lower end of the spectrum.
Using “Systemic Success” to Measure Compliance Program Effectiveness
Recording “systemic success” has a value beyond preparing to defend investigations that may never come. In addition to loading arrows in the quiver, the evidence serves as a lagging indicator to gauge the effectiveness of the corporation’s compliance program. This approach creates a quantifiable means for comparison on a geographic and historical basis, and facilitates the identification of outliers in need of closer scrutiny. This, in turn, helps to identify outliers in need of closer attention.
For example, entities operating in multiple countries can and should use such aggregated data to determine whether anomalies exist among its various locations. If violations are discovered, say, at a certain level in 90% of sites, but not at all in the remaining 10%, that may be evidence that bribes are occurring undetected (or worse, knowingly sanctioned) by those with authority over such locations. In addition, collecting evidence of “systemic success” allows for year-over-year comparisons of individual business units, further enhancing the overall evaluation of the program.
To paraphrase a well-worn cliché, FCPA compliance must be treated as a journey, rather than a destination. Those who endeavor to navigate this voyage in a heightened era of enforcement risk would do well to view the process from an alternative perspective. By making the relative minimal effort to identify and collect the manifestations of the “systemic success” in their compliance efforts, companies doing business internationally can better prepare to defend themselves in the future while maximizing their efficiency in the present.
William C. Athanas is Of Counsel to Waller Lansden Dortch & Davis, LLP, and practices in the firm’s Birmingham, Alabama office. Prior to joining that firm, he served as a federal prosecutor in U.S. Attorney’s Office in the Northern District of Alabama and the Department of Justice, Criminal Division, Fraud Section in Washington. His practice extends to all facets of the Foreign Corrupt Practices Act, including compliance program counseling, internal reviews, and responding to government investigations.
http://www.wallerlaw.com/attorneys/2009/10/08/athanas-william-c.106342
