There is nothing like an internal whistleblower report about a FCPA violation, the finding of such an issue or (even worse) a subpoena from the DOJ to trigger the Board of Directors and senior management attention to the compliance function and the company’s compliance program. Such an event can trigger much gnashing of teeth and expressions of outrage followed immediately by proclamations “We are an ethical company.” However, it may well be the time for a very serious reality check.
In addition to robust investigation, a company must engage in remediation of the offending conduct. The 2020 Update to the Evaluation of Corporate Compliance Programs mandated the additional significance of this by providing that this process must be considered “both at the time of the offense and at the time of the charging decision and resolution”. When you consider the strictures around continuous monitoring and continuous improvement in compliance programs it is clear why this analysis is so important. Obviously, a key test of any compliance program is when a deficiency is found and a violation occurs. The question then becomes, what did you do about it.
But from the DOJ (and Securities and Exchange Commission) perspective, the key is to use the information to both fix the problem so that it does not occur again but also improve your compliance regime.
Three key takeaways:
- How does your investigation inform your remediation plan?
- A compliance program failure offers a way to upgrade your regime.
- Your investigative team must inform your remediation team.