Companies with international operations face a delicate balancing act following the executive order pausing FCPA enforcement. Kirk Foster of HII Mission Technologies and Michael DeBernardis and David Tannenbaum of Hughes, Hubbard & Reed provide practical guidance for compliance officers striving to maintain program integrity when employees may perceive reduced consequences for misconduct.
While the executive order by President Donald Trump to pause DOJ enforcement of the FCPA does not explicitly define the contours of any potential updated guidance, it does make clear that the Trump Administration believes that prior FCPA enforcement was “stretched beyond proper bounds” and that “overexpansive and unpredictable FCPA enforcement” harmed American economic competitiveness. During this policy review period, FCPA enforcement will be paused absent an individual exception.
As has now been well-covered, this “enforcement pause” does not mean that bribing foreign officials is now legal or that companies or individuals can expect to engage in conduct that violates the FCPA with impunity. However, the public nature of the decision to pause FCPA enforcement may make it even harder for corporate compliance officers and their teams to communicate the continued importance of compliance to employees on the frontlines of the business around the world. If these employees have not heard of the enforcement pause directly, they may soon hear about it from government officials or third parties seeking corrupt arrangements. Messages about the importance of FCPA compliance may fall on deaf ears without the perceived threat of DOJ investigation along with jail time and significant fines.
What’s more, any relaxing of standards of conduct may create an environment whereby employees feel emboldened to ignore compliance directives in other areas not subject to an enforcement pause, leading to the potential of cutting corners and creating additional business and compliance risks.
Companies that have always been committed to doing business the right way may also face increasing pressure from competitors willing to take advantage of the lull in FCPA enforcement. While such competitors may be taking a short-sighted approach given the uncertainty surrounding the DOJ’s next steps and the continued relevance of other domestic and international regulators, it will nevertheless place increasing pressure on otherwise well-intentioned businesses and their employees. Such business pressure is a common driver of employee misconduct.
What should compliance professionals do in the face of these challenges? While situations differ by business sector and geography, here are several tangible steps to potentially implement during this 180-day period.
Make your own message clear
If compliance practitioners and experts are unsure about what comes next in terms of FCPA compliance, then you can bet business-line employees are uncertain as well. Even worse, employees may view FCPA compliance as less important given the announced pause. While the short-term future of FCPA enforcement remains foggy, corporate leaders and compliance officers would be wise to continue to stress to their employees that corruption is unacceptable — and to do so clearly and repeatedly. A message from senior leaders that, despite any pause in enforcement, your company maintains a zero-tolerance policy toward corruption can have a meaningful impact. Many companies have spent decades establishing ethical cultures dedicated to doing business the right way, and now is the time to demonstrate both the effectiveness and benefits of this effort.
Mind your hotlines
Compliance departments must ensure that communication channels remain open for workers to ask questions and seek guidance. Take the time to ensure that employees know where they can raise questions and that they are receiving consistent messaging in response to those questions.
Monitor your third parties
It is hard enough to ensure that employees stay the course in these confusing times, let alone external actors. Over 90% of FCPA enforcement resolutions over the past decade involved a corrupt third-party representative or consultant. Careful and diligent monitoring of third parties remains paramount. Some third parties may feel emboldened to take more risks in a less active enforcement environment, whether perceived or actual. Not only must third parties be reminded not to do so, but companies should continue to monitor especially high-risk third parties through audits, training and spot checks to ensure that they continue to operate consistent with the FCPA and other anti-corruption laws.
Revisit your plan of action
While we must await the revised guidelines to be sure, the old playbook for investigating potential FCPA violations, which was driven by guidance that placed increasing pressure on companies to self-disclose (and self-disclose quickly), may soon be outdated. For nearly eight years — since the announcement of the FCPA pilot program in April 2016 — investigations into potential FCPA violations have been conducted amid the backdrop of this self-disclosure decision. It is possible that a pause in enforcement, even if it does not mean open season for corruption, will allow companies to approach internal investigations in a different manner: thoroughly, thoughtfully and deliberately but without the time and voluntary disclosure pressures arising from DOJ policy priorities.
Detecting, investigating and stopping corrupt schemes and mitigating errant behavior is still critical, but companies may now be able to accomplish those goals without the immediate risk of an eight- to nine-figure criminal fine and reputational damage hanging over the effort. Companies should consider their investigation protocols and discuss whether any changes are appropriate for FCPA-related investigations and plans of action, both during the pause and following the new guidance.
Consider the opportunity (no, not the opportunity to bribe foreign officials)
The next 12 months may be the best window for a company to identify and halt a potential violation of the FCPA since the modern era of FCPA enforcement began. The FCPA remains the law, and its statute of limitations periods — five years for substantive violations of the anti-bribery provisions and six years for violations of the accounting provisions — begin ticking only once the reported unlawful conduct ceases. In addition to the general imperative to address misconduct, companies could benefit down the road by taking swift remedial action now and starting the proverbial clock. If DOJ enforcement of the FCPA never restarts in full under the Trump Administration, conduct that is properly investigated and stopped may be beyond the statute of limitations by the time the next FCPA enforcement wave comes. This may present companies with an opportunity to get ahead of any alleged misconduct before DOJ or other external regulators get involved.
While the executive order pausing FCPA enforcement may offer temporary relief for some businesses, it is crucial for companies to maintain robust compliance programs and uphold ethical standards. Companies should neither bemoan this order nor view it as a green light to engage in corrupt and/or unethical conduct. Rather, they should take stock of the evolving risk landscape to confront the rough seas ahead.
Companies should review their anti-corruption programs and remain vigilant in their efforts to avoid future potential legal repercussions. Compliance professionals should reinforce the importance of ethical conduct — of doing business the right way, ensuring open communication channels and closely monitoring third-party activities. With a strong hand at the compliance helm, businesses can navigate the uncertain regulatory landscape and continue to operate with integrity and accountability.
Kirk Foster
Michael DeBernardis
David Tannenbaum
