The U.S. Department of Justice and the Securities and Exchange Commission have investigated violations of the Foreign Corrupt Practices Act (FCPA) with increased vigor in recent years. In an effort to prevent FCPA violations and DOJ/SEC scrutiny, many companies have attempted to create comprehensive anticorruption compliance programs. However, no compliance program, regardless of how thorough, can avoid all potential FCPA violations, and DOJ has recently expressed an understanding that even the most comprehensive of compliance programs may not halt rogue employees from violating the FCPA. It is equally clear that simply instituting a compliance program, without occasional review of the program, is not a strategy that will be well-received by regulators should an FCPA violation occur.
This article examines the joint FCPA guidance memorandum recently released by the Justice Department and the SEC, and recent decisions by DOJ not to prosecute FCPA violations to demonstrate that maintaining risk-specific and evolving anticorruption compliance programs helps companies avoid punishment for FCPA violations, should such violations occur.
Risk-Specific and Evolving Compliance Programs Increase the Likelihood of Avoiding FCPA Prosecution
In a 2012 jointly drafted FCPA guidance memorandum, DOJ and the SEC made clear that simply having a “check-the-box” compliance program, regardless of how comprehensive, is not sufficient to avoid penalties for anticorruption violations. A review of the available information regarding FCPA declinations—instances of FCPA scrutiny by regulators that did not result in enforcement actions—makes clear that risk-specific and evolving compliance programs played a critical role in regulators’ decision not to prosecute companies in both publicly reported and anonymized declinations.
