In August 2025, the Department of Justice announced its first FCPA declination of the year, closing its investigation into Liberty Mutual Insurance Company. The facts, while concise, are significant: between 2017 and 2022, employees of Liberty General Insurance, Liberty Mutual’s Indian subsidiary, funneled approximately $1.47 million in bribes to officials at six state-owned banks in exchange for customer referrals. These illicit payments, concealed as marketing expenses and routed through third-party intermediaries, generated $9.2 million in revenue and $4.7 million in profits.
Despite this misconduct, DOJ declined prosecution, citing Liberty Mutual’s early self-disclosure in March 2024 while its internal investigation was still underway; its full and proactive cooperation, including naming individuals involved; and its timely remediation efforts, which included a full acceptance of responsibility, a systematic root cause analysis, and enhanced compliance controls. Notably, the company agreed to disgorge nearly $4.7 million in profits and adopted strengthened policies on third-party oversight, social media use, and ephemeral messaging apps.
Far from a routine declination, Liberty Mutual’s case is a blueprint for how DOJ expects companies to handle potential FCPA violations in 2025 and beyond. For compliance officers, it provides an opportunity to benchmark their programs against the department’s revised Corporate Enforcement Policy and assess whether their own organizations could withstand the scrutiny that Liberty Mutual faced.
What lessons should the compliance community draw from this “plain Jane” declination that is anything but ordinary? Today, we break it down.
Lesson 1: The Risks and Rewards of Early Self-Disclosure
Liberty Mutual’s decision to self-disclose in March 2024, before its internal investigation was complete, reflects the central tension in DOJ’s revised Corporate Enforcement Policy: disclose early or risk losing credit. Under the old guidance, companies were expected to report “immediately upon becoming aware” of potential misconduct, often before facts were clear. The 2025 revision softened the language slightly, but the expectation remains to step forward as soon as you have a clear understanding of the conduct, even if the picture is incomplete.
For compliance officers, this means preparing leadership and boards for tough judgment calls. Waiting for every fact to crystallize risks forfeiting the benefits of voluntary disclosure. Disclosing too early risks exposing the company to liability before it fully understands the problem. Building governance frameworks that allow rapid escalation, provisional risk assessment, and timely board engagement is no longer optional; it is a survival mechanism.
Lesson 2: “Full and Proactive” Cooperation
The declination letter praised Liberty Mutual for its “full and proactive cooperation.” This is a notable evolution in the DOJ’s vocabulary. We know what “full” means: produce documents, facilitate interviews, and respond to requests quickly. Note how this differs from the prior formulation by former Assistant Attorney General Kenneth Polite when discussing the DOJ’s Corporate Enforcement Policy. He defined cooperation as going “above and beyond the criteria for full cooperation” to provide ‘extraordinary’ assistance in demonstrating immediacy, consistency, degree, and impact of the disclosures and support of the investigation. Polite’s use of the term ‘extraordinary’ went well beyond the framing of “full and proactive cooperation.” An extraordinary commitment is required to demonstrate exceptional dedication to the investigation and actively assist the DOJ in achieving its goals.
Liberty Mutual provided relevant facts about individuals, prepared materials the DOJ hadn’t specifically requested, and worked through foreign data privacy challenges to expedite production. That’s proactive.
For compliance professionals, the message is unmistakable: cooperation credit does not just come from answering questions; instead, it comes from anticipating them. Proactive means preparing translations before DOJ asks, synthesizing investigative findings into clear presentations, and offering additional documentation that regulators might find helpful. Companies that want declinations need to train investigative teams to think two steps ahead.
Lesson 3: Navigating Deconfliction and Investigative Boundaries
The Liberty Mutual matter also reminds us of the delicate dance of deconfliction. The DOJ’s practice of asking companies to delay interviewing certain employees so that prosecutors can conduct their interviews first. But cooperation doesn’t end there. The DOJ may also encourage companies to expand their investigations into new geographies or business units.
The 2025 CEP revisions signaled an intent to keep investigations more focused for companies, which provides leverage to push back on overreach while still demonstrating cooperation.
Compliance officers must strike a balance: honor deconfliction requests that allow prosecutors to proceed without interference, but defend investigative boundaries when asked to wander into areas where no evidence exists. A disciplined scope protects both resources and credibility with regulators.
Lesson 4: Fulsome Acceptance of Responsibility
One of the more striking phrases in the declination letter was DOJ’s recognition of Liberty Mutual’s “fulsome acceptance of responsibility.” This signals a shift from perfunctory acknowledgments of wrongdoing to meaningful ownership.
It is the difference between saying, “Yes, our subsidiary made mistakes,” versus declaring, “We, as the parent company, failed to prevent this misconduct, and we own the failure.” Liberty Mutual didn’t stop at distancing itself from bad actors; it accepted enterprise-level responsibility.
For boards and executives, this is a powerful compliance lesson. DOJ expects companies to shoulder responsibility broadly, not hide behind “rogue employees.” The tone set at the top must reflect ownership, contrition, and commitment to preventing recurrence.
Lesson 5: Root Cause Analysis as Compliance Bedrock
The declination also highlighted Liberty Mutual’s systematic root cause analysis. This is not a new concept in compliance circles, but it is increasingly central to the DOJ’s calculus. Simply removing the wrongdoer isn’t enough. The question is: what systemic weaknesses allowed the misconduct to occur?
Liberty Mutual conducted a thorough RCA that examined its control environment, third-party oversight, and cultural gaps. This analysis guided remediation efforts, including structural reorganization, increased compliance resources, and enhanced third-party monitoring.
For compliance officers, the takeaway is straightforward: build RCA into every investigative playbook. Document how each failure occurred, identify the control breakdowns, and map remediation directly back to those findings. DOJ does not just want to see discipline; it wants to see learning.
Lesson 6: Messaging, Social Media, and the New Compliance Frontier
Finally, the Liberty Mutual declination highlighted an issue that has been simmering beneath the surface: the use of ephemeral messaging and social media in business communications. DOJ specifically noted Liberty Mutual’s remediation in this area, a rarity in declinations.
This signals that DOJ expects compliance programs to account for modern communication risks, not just email and enterprise systems, but WhatsApp, Signal, Teams auto-delete, and even Facebook Messenger or Instagram DMs. These channels are increasingly central to both legitimate business and corrupt schemes.
For compliance officers, the challenge is twofold:
- Develop clear policies governing employee use of messaging and social media for business.
- Deploy monitoring and recordkeeping mechanisms that ensure compliance with legal and regulatory expectations.
This is the new frontier, and companies that fail to adapt may find themselves unable to demonstrate control credibly.
Declinations as Roadmaps
The Liberty Mutual case may have looked routine at first glance, but it is anything but. For the compliance community, it serves as a roadmap for navigating the DOJ’s revised Corporate Enforcement Policy.
The lessons are clear: prepare for early self-disclosure, embrace proactive cooperation, defend investigative boundaries, accept responsibility broadly, conduct rigorous root cause analysis, and modernize oversight of communication.
Declinations are not just quiet exits; they are public teaching tools. Liberty Mutual’s experience demonstrates how a company can turn a damaging bribery scandal into a compliance success by owning the problem, learning from it, and showing a genuine commitment to reform. For today’s CCO, the real question is: if DOJ knocked on your door tomorrow, could you meet the Liberty Mutual standard?
