It can be extremely difficult in any situation to admit that you’ve done something wrong. And admitting fault can be even harder when millions of dollars are on the line.
There are many reasons why some companies do not self-report when they discover corruption or other compliance violations within their organisations. Usually it is because companies fear receiving a fine, sometimes it is the risk of reputational damage (which can potentially cause more long-term financial damage than a fine), and sometimes it is that individuals may also face criminal charges and prison sentences. The idea of self-reporting may sound intimidating, but the United States Department of Justice (DOJ) is hoping to make self-reporting the norm when it comes to corruption.
During the 31st International Conference on the Foreign Corrupt Practices Act (FCPA) in November 2014, current and former senior officials of the DOJ and the Securities and Exchange Commission (SEC) repeated the mantra that they believe all companies should follow when it comes to compliance: there must be an effective compliance programme, timely disclosures when violations are identified, and cooperation during the investigation process.
Companies should be prompt and thorough when it comes to self-reporting compliance failures. Those that self-report as soon as they are aware of a breach could potentially see more benefits in regards to decisions on charges and penalties.
Ralph Lauren Corporation is one example of a company that chose to self-disclose. In 2010, the designer apparel company discovered that bribes were being paid by its Argentine subsidiary to government officials in Argentina. The bribes were paid through customs brokers in order to import Ralph Lauren products into the country without the necessary paperwork or inspections. In addition, a Ralph Lauren general manager in Argentina also provided gifts to at least three different government officials to secure the importation of Ralph Lauren products.
As companies often do, Ralph Lauren learned about the bribes while exercising efforts to tighten its internal controls globally. On learning of the violation, the company promptly reported it to the DOJ and SEC and cooperated throughout the investigation. Because of its self-reporting, Ralph Lauren was able to secure a non-prosecution agreement (NPA), part of which involved paying US$882,000 in penalties to the DOJ and US$700,000 in disgorgement and interest to the SEC.
Ralph Lauren aided the investigation in many ways. It reported the findings of its internal investigation to the SEC within two weeks of discovery, provided updates and presentations to law enforcement, and voluntarily produced required documents (and translated them into English). The company also summarised witness interviews conducted by Ralph Lauren investigators overseas and made the witnesses available for SEC interviews, even bringing them to the United States.
Another critical factor was that Ralph Lauren made an effort to improve its compliance programme after learning of the breach. The company updated its anti-corruption policy and provided translated versions in eight different languages. It also improved its third party due diligence process, provided face-to-face anti-corruption training for key employees, worked on an enhanced commission policy, and amended the gift policy.
In addition, the company undertook a worldwide review of its operations to check for other FCPA violations. This review identified an instance in which a bribe solicitation had been rejected by employees, which occurred after Ralph Lauren revised its FCPA policy in 2010.
Finally, Ralph Lauren ceased its Argentina operations and completely pulled out of doing business in the country.
In the SEC’s press release, Acting Director of the SEC’s Division of Enforcement George S Canellos said, ‘The NPA in this matter makes clear that we will confer substantial and tangible benefits on companies that respond appropriately to violations and cooperate fully with the SEC.’
In contrast, in December 2014 French conglomerate Alstom SA was ordered to pay a record-breaking US$772 million fine following the discovery and investigation of a bribery and corruption scandal that ‘spanned many years’. According to the DOJ website, Alstom and its subsidiaries, ‘through various executives and employees, paid bribes to government officials and falsified books and records in connection with power, grid and transportation projects for state-owned entities around the world, including in Indonesia, Egypt, Saudi Arabia, the Bahamas and Taiwan’.
Initially Alstom failed to voluntarily disclose its misconduct, even after it became aware of issues at a United States–based subsidiary that had previously had corruption charges brought against it. Alstom also failed to cooperate with the investigation for many years.
Another recent example of a company that chose not to cooperate during an investigation is the Japanese trading company Marubeni Corporation. Marubeni’s choice to not assist led to an extensive investigation involving ‘recordings, interviews, subpoenas, mutual legal assistance treaty requests, the use of cooperating witnesses, and more’, according to Principal Deputy Assistant Attorney General for the Criminal Division of the United States Attorney’s Office for the Eastern District of New York Marshall L Miller.
‘Marubeni decided to roll the dice. I’m guessing they may have had some gambler’s remorse when the dice came to rest,’ said Miller.
Marubeni has recently faced two fines from the DOJ. It was fined US$54.6 million in 2012 for conspiring to violate the FCPA by acting as an agent during a joint venture in Nigeria. The other fine, totalling US$88 million, came in March 2014, after Marubeni pled guilty to eight FCPA charges and admitted to bribing Indonesian officials to win an electricity contract with its partner, the previously-mentioned Alstom SA.
There is no doubt that companies that self-report are given more lenient treatment by the DOJ or SEC.
If a company ultimately decides to self-report after discovering a compliance issue, the report needs to be made swiftly. A company should also cooperate with any investigations by making relevant documents available or offering interviews with persons involved.
In the past, regulators have positively viewed companies that make prompt remediation efforts to enhance their compliance programmes. Companies must make sure they have good, thorough compliance programmes that are actually carried out, rather than just written on paper.
To establish a truly effective programme, there are many things a company needs to consider including:
- the extent to which it does business in high-risk areas
- determining what dealings or contracts it may have that involve government officials
- the role of third parties
- how often it should review its programme as it grows.