By Steven G. Blum, CPA, CFE

U.S. Deputy Attorney General Rod Rosenstein announced a revised FCPA Corporate Enforcement Policy during his Nov. 29 remarks at the 34th International Conference on the Foreign Corrupt Practices Act (FCPA). The U.S. government has always taken the view that companies should be provided with incentives to engage in ethical corporate behavior. The classic carrot and stick approach has been applied to the enforcement of the FCPA. In fact, the FCPA pilot program motivated and rewarded companies wanting to do the right thing and voluntarily disclose misconduct. During the year and a half the pilot program was in effect, the FCPA unit of the Department of Justice (DOJ) received 30 voluntary disclosures. This is compared with 18 during the previous 18-month-long period. However, there was often uncertainty over how the program was applied and what benefits a company would receive for self-reporting.

Rosenstein announced changes that are intended to further incentivize companies to self-report. The focus of the revised policy is to provide self-reporters with some economic incentives, but, more importantly, it provides greater certainty in the outcomes that self-reporters could expect. It gives self-reporters a clearer view into the DOJ’s decision making process, while still maintaining a degree of prosecutorial discretion. Self-reporting still comes down to three legs of support: voluntary disclosure, full cooperation, and timely and appropriate remediation (including the existence of an effective compliance program). The revised policy also provides enhanced guidance as to what companies must do to receive credit for each of these three legs.

The revised policy creates a presumption that if a company satisfies the standards of voluntary disclosure, full cooperation, and timely remediation, the DOJ will resolve the company’s case through a declination. But – and it’s a big “but” – the presumption may be overcome if there are aggravating circumstances related to the nature and seriousness of the offense, or if the offender is a repeat criminal. If aggravating circumstances compel an enforcement action, the DOJ will recommend a 50 percent reduction off the low end of the sentencing guidelines’ fine range. Repeat offenders may not be eligible for the reduction. Rosenstein describes this as “providing an incentive for good conduct and scrutiny of repeat visitors.”

Finally, the policy provides details about how the DOJ evaluates an appropriate compliance program. The policy discusses some of the hallmarks of an effective compliance program, such as fostering a culture of compliance, dedicating sufficient resources to compliance activities, and ensuring that appropriate compliance personnel have appropriate access to management and the board.

The extent to which the revised policy incentivizes more companies to self-report remains to be seen. Clearly, expansion of the pilot program creates renewed incentives for companies to self-report violations. In the end, it will largely depend on very specific circumstances that will drive a decision. However, the revised policy does reinforce the old proverb, “An ounce of prevention is worth a pound of cure.” Companies should be focusing on developing and maintaining effective compliance programs – including effective risk assessment, third-party vetting, and business record retention. Absent an effective compliance program, a company will not get full credit for timely and appropriate remediation of an FCPA violation. In fact, an ineffective compliance program could make it more difficult for a company to identify violations in order to have an opportunity to self-report; thereby taking the decision outside of a company’s control. The lesson is that companies should continue to proactively protect themselves with effective compliance programs.

Steven G. Blum, CPA, CFE, is a partner with Control Risks Group in Washington, D.C. He is a member of the Pennsylvania CPA Journal Editorial Board, and can be reached at steven.blum@controlrisks.com.