In July this year, the United States Department of Justice (DOJ) hired its first dedicated compliance specialist. The position sits in the DOJ’s Criminal Division, which prosecutes healthcare, securities and violations of the Foreign Corrupt Practices Act (FCPA), and will help to decide whether to charge companies that have not been able to prevent employee misconduct.
The development is another step towards acknowledging the value of a company’s compliance programme and crediting it in any charging decision or enforcement action. The extent to which this might happen will of course depend on the effectiveness of a target’s programme, but the initiative is consistent with the DOJ’s stated approach to increase transparency and collaboration in corporate investigations.
Driving this new approach is the growing concern over increasing costs and delays associated with corporate investigations. The average time to conclude an FCPA case is now more than seven years and can cost target companies many millions of dollars, due in part to demands for international evidence.
Earlier this year, DOJ Criminal Division Assistant Attorney General Leslie Caldwell announced that DOJ prosecutors were being encouraged to assist cooperating companies with their investigations by revealing information about government investigations. ‘Although we expect internal investigations to be thorough, we do not expect companies to aimlessly boil the ocean,’ said Caldwell.
The attraction of DPAs
When compliance programmes fail – which, on occasion, they inevitably do – the standard practice for companies in the United States has been to instruct an external law firm, engage in a far-reaching internal investigation, and then self-report the violation to the DOJ. But with this process becoming increasingly expensive for companies, many have chosen to embrace the option of securing terms with the DOJ for a deferred prosecution agreement (DPA).
DPAs are essentially a vehicle by which companies can effectively settle any criminal liability and avoid prosecution. In return, they need to agree to a number of conditions, such as paying a financial penalty or compensation, or agreeing to cooperate with any future individual prosecutions.
DPAs are perceived to be an important tool for tackling economic crime and have been available to companies and regulators for a number of years in the United States, and since February 2014 in the United Kingdom.
In the United States, however, DPAs are facing escalating criticism for a perceived lack of judicial oversight of the process. Critics argue that the country’s judges are too quick to approve DPAs, which empowers regulators to dictate the terms of any settlement.
In the United Kingdom, meanwhile, there have been concerns that the Serious Fraud Office (SFO) might follow the approaches adopted by the DOJ and the Securities and Exchange Commission (SEC) in utilising DPAs. This seemed to be confirmed by SFO Director David Green earlier this year, when he said that the anti-corruption watchdog should secure DPAs via both the threat of prosecution and the rewards for self-disclosure.
Although the SFO is yet to set a DPA, the United Kingdom regulator recently sent letters to several companies offering them the chance to engage in negotiations.
SFO Joint Head of Bribery and Corruption Ben Morgan said, ‘[F]or those who do engage with us properly, there is an opportunity to deal with a problem in something other than a traditionally adversarial way. And while we don’t start from this point, it seems to me this option has the potential to be, by some distance, the most effective commercial outcome for a responsible company wanting to resume honest business quickly.’
Four High Court judges have been appointed to specifically deal with DPAs in the United Kingdom, leading some to believe that the country will have the judicial oversight needed to avoid the difficulties experienced by companies in the United States.
However, this did not prevent three anti-corruption groups from recently writing to David Green, urging him and the SFO not to rely on DPAs in preference to criminal charges. Arguing that companies that are granted DPAs should also be given fines ‘of significant deterrent value’, the authors said that DPAs should only be used if it is clearly in the public interest.
With the first DPAs expected to be issued by the SFO before the end of this year, only time will tell whether the tool will avoid the more controversial aspects of the settlement process. How successful DPAs are in the United Kingdom will depend, in part, on the willingness of companies to self-report. But even with anti-corruption groups pushing for settling companies to fully admit their wrongdoings, and foreign countries whose officials may have overpaid for contracts to be able to reclaim damages, it is by no means guaranteed that companies will self-report.
Former SFO head Richard Alderman once described DPAs as a way to resolve cases on a shrinking budget. Regulators like such agreements because investigations are very expensive and the settlements force the target companies to carry the cost.
Companies are equally in favour of DPAs because they provide the only motivation to come clean about any previous misconduct, and could ultimately save them a great deal of money. (The Alstom case is still fresh in the minds of many, where the company refused to cooperate but ultimately pleaded guilty and paid a US$772 million penalty – the largest in FCPA history.)
But both regulators and companies find themselves under pressure from the wider public, which does not understand such agreements and remains convinced that misbehaving companies are getting off lightly – something that is particularly galling in this age of austerity.
Commentators in the United States have argued that, in an effort to reduce the costly delays associated with investigations, the government needs to better focus on training its prosecutors and agents to effectively manage investigations in ‘real time’, and better communicate to target companies the nature of its concerns and the breadth of any required company ‘look back’.
Meanwhile, for those companies with FCPA problems, Caldwell recently gave her views on the hallmarks of a good internal investigation.
‘If a company wants cooperation credit, we expect that company to conduct a thorough internal investigation and to turn over evidence of wrongdoing to our prosecutors in a timely and complete way,’ Caldwell said. ‘We expect cooperating companies to identify culpable individuals – including senior executives if they were involved – and provide the facts about their wrongdoing.’
In her remarks, Caldwell emphasised that there is no ‘off-the-rack’ internal investigation that can be applied to every situation at every company. Companies seeking cooperation credit must determine how best to conduct their own internal investigations, she said.
But while an effective investigation must be tailored to the unique misconduct and circumstances of each company, the mere voluntary disclosure of corporate misconduct was not enough, added Caldwell. Internal investigations had to be independent, and designed to uncover the facts.
Given that companies are not incentivised to incur substantial costs when conducting internal enquiries, many legal commentators in the United States are now advocating a more focused approach to cooperating with regulators.
Caldwell agrees with those commentators. ‘[I]f a company discovers an FCPA violation in one country, and has no basis to suspect that violations are occurring elsewhere, we would not necessarily expect it to extend its investigation beyond the conduct in that country,’ she said. ‘On the other hand, if the same people involved in the violation also operated in other countries, we likely would expect the investigation to be broader.’
While the current approach of regulator cooperation may work for Fortune 500 companies regulated by the SEC, there are a host of companies out there that cannot afford the traditional ‘internal investigation’ and self-reporting to the DOJ.
Washington DC–based Fox Rothschild partner Dennis Boyle says, ‘It is likely that they are either not conducting internal investigations or, if they are, they are being conducted by personnel – or attorneys – who lack the sophistication to assist the company.’
In the next edition of Compliance Insider®, Boyle will contribute an article that focuses on a more limited investigation aimed only at the violation. Rather than self-reporting, except where required by law, Boyle argues that companies should mitigate any damage caused by a violation and develop a defensive strategy in the event that the DOJ or some other agency initiates an investigation. This, says Boyle, will safeguard companies’ rights in a way that is vastly more economical than the current approach recommended by most law firms.