Defending Your FCPA Compliance Program to the Agencies
Day Two of the ACI FCPA Conference featured a panel on “Defending Your FCPA Compliance Program to the Agencies,” with a former Chief of DOJ’s FCPA Unit (Chris Cestaro), former Deputy Chief of the DOJ Fraud Section (James Koukios), and former DOJ-appointed outside monitor (Kwame Manley).
The panelists all agreed—DOJ is putting more resources behind the evaluation of corporate enforcement programs than ever before. In fact, DOJ’s Fraud Section now has a Corporate Enforcement, Compliance, and Policy Unit with compliance specialists. This unit is currently led by FCPA Unit veteran Andrew Gentin, and the acting Assistant Chief is Lauren Kootman.
Here are some of the panelists’ key observations:
- From “day one” of a corporate investigation, companies should be focused on their compliance programs—and that means looking at the state of a compliance program at the time of the events in question, as well as the present state of the compliance program.
- A formal compliance presentation to the government toward the end of an investigation is a “big deal,” but it shouldn’t be the first time that the government hears about compliance. Companies that want more lenient treatment should continuously seek to demonstrate that the government can trust the company to police itself and should engage in ongoing dialogue to determine what the government expects.
- DOJ attorneys considering how to resolve a case with a company are increasingly asking for interviews with compliance personnel and data on the effectiveness of a compliance program; they are not just looking at whether a company has a strong program on paper. DOJ attorneys want to see that the compliance personnel are qualified, trusted by the company, and committed to the goals of the compliance program. These factors will go a long way in making a persuasive case that a monitor is not needed.
- Testing a compliance program is critical—regulators want to confirm that the program is working effectively in practice. These efforts may include conducting employee surveys and speaking to company personnel outside the compliance function to see how confident they are that the program is working; internal audits; and external assessments, transaction testing, and other outside forms of validation.
- Being a small company is not an excuse for a lack of compliance resources—compliance programs need to be “right sized” for the company’s risk profile. There may be legitimate reasons for why a company hasn’t put resources in a given area, but those reasons need to be explained.
- While enforcement authorities appreciate that there is no “one-size-fits-all” compliance program, companies should bear in mind that the authorities are seeing more and more examples of highly sophisticated compliance programs developed by organizations that want to present their programs in the best possible light. This raising of the bar inevitably increases authorities’ compliance program expectations.
- Recent public comments from high-level DOJ officials suggest that companies should be looking at their compliance programs broadly, in light of prior misconduct, even if unrelated to the current misconduct at issue.
In short, the days of impressing enforcement authorities with well-written compliance policies and glossy training decks are in the past. Enforcement authorities expect more and have the resources to kick the tires on a compliance program to make sure that it is actually working as intended.
Our white collar defense and investigations team at Arnold & Porter can guide a company through the process of developing and improving its compliance program to prevent misconduct in the first place, detect misconduct when it occurs, and persuade the government that the program is effective.
© Arnold & Porter Kaye Scholer LLP 2021 All Rights Reserved. This blog post is intended to be a general summary of the law and does not constitute legal advice. You should consult with counsel to determine applicable legal requirements in a specific fact situation.