All compliance programs are designed to prevent, detect and deter ethical violations. In the United States, they are also designed to bring companies into compliance with the Foreign Corrupt Practices Act (FCPA). However, as important as these programs are, it is equally important for a company to deal with any alleged FCPA violations which may arise. The disclosure to and negotiating with the appropriate US governmental agencies charged with enforcement of the FCPA is as critical task which a General Counsel or Chief Compliance Officer may face. Over the next two posting, we will discuss this topic and give some guidelines which a company may consider if such an eventuality occurs. This post will discuss the issue of whether or not a company should self-report a potential or actual FCPA violation. In our next post, we will continue this discussion by focusing the process after self-disclosure.
The question which sits at the forefront is whether to self-report to the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) thereafter. Unfortunately there is no easy answer to this question and to make this decision will require a thorough and thoughtful analysis and perhaps some deep soul searching by any company which uncovers or is made aware of a potential FCPA violation. This article will explore this issue.
The Issue
The initial question of whether or not to self-report came up in 2010 in two of the major FCPA investigations. The first was Avon, which self-reported some three months after initial notification via an internal company whistleblower, the second, in contrast, was HP, where both the DOJ and SEC announced investigations after a story appeared in the Wall Street Journal detailing the allegations and reported on an investigation by German authorities.
Moreover, many companies wonder if, at the end of the day, they will be better off in terms of potential fines and penalties by self- reporting. Lanny Breuer, Assistant Attorney General for the Criminal Division of the US Department of Justice, has made clear, in several speeches over then the past year, that the DOJ prefers a ‘call first’ approach and that such an approach will be taken into account under the US Sentencing Guidelines.
Conversely, then law student (and now graduate), Bruce Hinchey discussed this issue in an upcoming publication “Punishing the Penitent: Disproportionate Fines in Recent FCPA Enforcements and Suggested Improvements”, which analyzes differences between bribes paid and penalties levied against companies that do and do not self-disclose under the FCPA. Using a regression analysis, Hinchey concluded that those companies which did voluntarily self-disclose paid higher fines than companies which did not self-disclosure their FCPA violations to the DOJ. He concluded by noting that this evidence was contrary to the conventional wisdom that a company receives a benefit from self-disclosure and such evidence would ”raise questions about whether current FCPA enforcement is fundamentally fair”.
To Disclose or Not to Disclose
While initially noting that there is no legal requirement or obligation to self-report, a company has to answer several questions in making this initial decision. Lanny Breuer has articulated the DOJ’s ‘call first’ policy. The DOJ (and SEC) consistently tout the benefits to self-disclosure, even if Mr. Hinchey’s research does not bear this out. Further there may be tangible benefits such as credit available under the US Sentencing Guidelines. Other factors for consideration may be a company’s reporting obligations as a public company or obligations to other third parties such as disclosure during M&A due diligence, and lastly, and one which may become increasing problematic, is the risk of disclosure by a third party. Leaving the Wikileaks phenomena aside, the Dodd-Frank Act provides a financial incentive for persons who report securities violations to the SEC. Violations under the FCPA would fall within this provision so there may be a real risk that a company could be ‘outted’ by someone inside or outside the company.
As a part of a company’s decision making calculus on disclosure, there may be quite good reasons for not disclosing a potential FCPA violation to the DOJ or SEC. The initial threshold is that it may be unclear if the conduct violates the FCPA. Further, based upon the Hinchey article, or simply anecdotal information, some may feel that a company may be in the same position whether or not it discloses. Here they may cite to the Siemens example, where the company did not self-disclose but fully cooperated with the Government after its corruption and bribery issue became known. This also may be the situation with HP as noted above. Additional concerns include the possibility that self-disclosure may lengthen the investigation process; make it very costly and that the company may well lose control of the process.
From a legal perspective is the potential waiver of the attorney client privilege. Jim McGrath has written that if a company self-discloses and involves the government in the investigation process from the outset, its hand is tipped and there can be no assertion of attorney-client privilege and the work-product doctrine protection in subsequent reviews or in litigation. In addition, and once DOJ is involved, its knowledge of Company X’s alleged problem becomes part of the public domain and subject to disclosure to the investing public on a schedule of the government’s own making. This could also increase the possibility of civil litigation as was demonstrated in the SciClone matter from the summer of 2010. Along these same lines, some believe that even if the DOJ or SEC provides more lenient treatment, other investigating agencies, whether federal or state, may not.
Lastly and perhaps most sadly, is what I will call the Bunker mentality. It is more than just putting your head in the sand and engaging in conscious avoidance by hoping that the conduct at issue is never discovered. It is making a business decision that the cost of an investigation is so high and the risk of doing nothing is so much less costly, that some company’s believe they should ‘Bunker Down’ until they are caught to sort it all out then.
More tomorrow…
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.
© Thomas R. Fox, 2011
FCPA Compliance and Ethics Blog 