Today, I am thrilled to announce my first podcast series based on a book I have written. The book and the podcast series are titled FCPA Survival Guide and Ethico sponsors. The book is available in the Kindle format, and you can purchase it on Amazon.com here. You can listen to the podcast here. In the podcast, I am joined by Nick Gallo, Captain Culture and co-CEO at Ethico, throughout this special 10-part podcast series.
Over the past 18 months, the Department of Justice (DOJ) has clearly and consistently communicated its expectations for any company that finds itself in an FCPA enforcement action. The book and podcast are designed for the compliance professional and business executive who finds themselves in an investigation. It details your steps to obtain the most favorable resolutions possible. Since the advent of the FCPA Corporate Enforcement Policy in 2017 (now Corporate Enforcement Policy), the presumption for any company that self-discloses a potential FCPA violation to the DOJ is declination. Yet even if a company does not self-disclose or there are aggravating factors, a company can take advantage of significant discounts from the DOJ. In the DOJ’s own words, this book and podcast outline what a company can do and its actions to reduce fines and penalties.
The enforcement actions that formed the basis of the book and podcast series involve the following entities: ABB, Albemarle, SAP, and Gunvor. The book includes complete discussions of these enforcement actions and the lessons every compliance professional should take from them. Navigating the complex world of corporate compliance, especially when dealing with the DOJ and Foreign Corrupt Practices Act (FCPA), requires a clear strategy and decisive action. The book and podcast series details the top ten things you should prioritize to ensure your company stays on the right side of the law and minimizes the risks of costly enforcement actions.
1. Self-Disclosure
The DOJ places the highest value on self-disclosure. Companies that voluntarily come forward to report potential violations of the FCPA are more likely to receive favorable treatment. For instance, in the ABB enforcement action, despite the company being unable to disclose its misconduct before the media publicly revealed it, the DOJ still considered ABB’s intent to self-disclose positively. Similarly, in the Albemarle enforcement action, even though the disclosure was delayed by 16 months, the DOJ acknowledged the company’s effort, though it stressed the importance of timely self-disclosure. Kenneth Polite, then Assistant Attorney General, emphasized the importance of self-disclosure by stating that companies that uncover criminal misconduct should voluntarily self-disclose to avoid more severe penalties. The DOJ’s Corporate Enforcement Policy provides significant incentives, such as a presumption against prosecution and reduced penalties, for companies that self-disclose, fully cooperate, and timely remediate.
2. Speed in Reporting
Timely disclosure is critical, but it continues beyond there. The DOJ expects companies to share information with regulators as quickly as they uncover facts, even if they are unsure how this might affect their case. In 2023, Assistant Attorney General Kenneth Polite highlighted the transition from ‘full’ to ‘extraordinary’ cooperation, stressing the importance of immediate and consistent truth-telling and evidence-sharing. The DOJ values collaboration, allowing them to obtain evidence they otherwise could not, such as quickly providing electronic devices or recorded conversations. Companies must be prepared to share information in real time, as seen in the SEC Order against ABB, where the company’s rapid information sharing was crucial.
3. Extensive Remediation
Effective remediation is essential and must be well-documented with data analytics. Companies must invest significantly in compliance personnel, training, and monitoring. ABB, Albemarle, Gunvor, and SAP all demonstrated extensive remediation efforts, including hiring experienced compliance personnel, conducting root cause analyses, and restructuring their compliance programs. Albemarle, for example, strengthened its anti-corruption compliance program by investing in resources, expanding its compliance function, and eliminating the use of sales agents. SAP enhanced its compliance monitoring and audit programs, while ABB continuously tested and monitored.
4. Root Cause, Risk Assessment, and Gap Analysis
Remediation should begin with a root cause analysis, risk assessment, and gap analysis. This approach helps identify the underlying issues and address them effectively. SAP’s Deferred Prosecution Agreement (DPA) emphasized the importance of root cause analysis. The company conducted a thorough analysis, remediated the root causes, performed a gap analysis of internal controls, and conducted a comprehensive risk assessment focusing on high-risk areas and controls around payment processes.
5. Data Analytics
Implementing a data analytics program is now a best compliance practice. It allows for continuous monitoring and measuring of the compliance program’s effectiveness. Albemarle and SAP used data analytics to monitor compliance program effectiveness and identify high-risk transactions. This capability helped them avoid the need for a corporate monitor by demonstrating effective control implementation and testing.
6. Clawbacks and Holdbacks
The DOJ expects companies to include and enforce clawback and holdback provisions in their compensation agreements. These measures ensure that those involved in misconduct do not benefit from their actions. Albemarle and SAP implemented holdbacks, withholding bonuses from employees involved in wrongdoing. This approach penalized the individuals and qualified the companies for additional fine reductions under the DOJ’s Compensation Incentives and Clawbacks Pilot Program.
7. Change in Sales Models
Companies using third-party agents for sales should consider moving to a direct sales model to reduce corruption risks. This change helps ensure better control and compliance oversight. Albemarle eliminated third-party sales agents and switched to a direct sales model. SAP prohibited all sales commissions for public sector contracts in high-risk markets and enhanced its compliance monitoring and audit programs.
8. Enhancement of Compliance Programs
It is crucial to significantly enhance the compliance program, including increasing budget, headcount, and expertise. This enhancement should cover reporting, investigations, and consequence management processes. Albemarle and SAP significantly invested in their compliance programs, restructuring their Offices of Ethics and Compliance, enhancing policies and procedures, and increasing resources devoted to compliance. ABB also invested in compliance testing and monitoring throughout its organization.
9. Internal Controls
Companies must use their internal controls to continuously test, monitor, and improve all aspects of their compliance programs. This approach ensures ongoing effectiveness and adaptability. SAP conducted a gap analysis of its internal controls and enhanced its compliance risk assessment process. ABB invested in controls testing and monitoring, restructuring internal reporting to ensure compliance oversight. Albemarle’s SEC Order highlighted the need for adequate internal controls to prevent and detect improper payments.
10. Investigation Protocol
Having a robust investigation protocol that can quickly triage any claim and escalate decisions. This protocol should facilitate timely self-disclosure and determine the best course of action. A culture of “speak up” encourages employees to report wrongdoing. Effective triage helps prioritize and allocate resources for investigations. Detailed written procedures ensure transparency and responsibility in managing allegations.
These top ten actions provide a roadmap for companies to navigate compliance challenges effectively. These steps, from self-disclosure and rapid information sharing to extensive remediation and robust internal controls, help build a strong compliance program that meets DOJ expectations. Companies can mitigate risks by integrating data analytics, enforcing clawbacks, enhancing compliance efforts, and demonstrating their commitment to ethical conduct.
This is my first pairing of a book and limited podcast series. I hope that however you consume information via written word or audio, I can provide it to you.