The aggressive US enforcement landscape has encouraged an
increasing focus on corporate compliance programmes. Companies
under US jurisdiction can face significant consequences in
white-collar matters, from long and intrusive government probes and
reputational damage to headline-catching penalties. US authorities
have been effective both in messaging the importance of compliance
programmes and in providing concrete incentives for companies to
invest in compliance, to self-police and – in the event an
issue arises – to consider disclosing the misconduct and
cooperating with authorities.2 In this chapter, we
explain how compliance factors into US white-collar enforcement and
describe key considerations in that regard for companies facing
potential enforcement actions and embarking on the reporting and
settlement process with the US authorities.
US compliance enforcement landscape
The US Department of Justice (DOJ) and the US Securities and
Exchange Commission (SEC) have each set clear expectations with
respect to compliance programmes through their enforcement actions,
enforcement policies and public statements from their leadership.
Generally, the DOJ has criminal and civil enforcement authority
over misconduct with US touchpoints, whether through jurisdiction
over US nationals, residents and businesses, including their
agents, or over entities and individuals who engaged in misconduct
while in the territory of the United States. The SEC, in turn, has
civil jurisdiction over US issuers, including with regard to
violations of statutory provisions that require maintenance of
adequate internal controls and accurate books and records.
Companies subject to SEC jurisdiction, in particular, tend to
invest in more robust compliance programmes.
Both agencies expect pre-incident, proactive efforts by
companies to implement tailored compliance programmes that address
key operational risks and prevent the types of misconduct most
likely to occur in a company’s line of business. The agencies
view compliance programmes as the front line in combatting
corporate misconduct by preventing it in the first place and expect
that companies will not only maintain effective compliance
programmes but also empower their compliance functions with the
support of senior management and the company’s board of
directors. Without sufficient investment in compliance, the
government warns, companies face the risk of significant penalties
down the line.3
Both agencies also closely evaluate the maturity of a compliance
programme as they consider their charging decisions and structure
of settlements. For instance, as is addressed in more detail below
in ‘Compliance considerations in government reporting and
settlement discussions’, assessment of a compliance programme
can affect the type and duration of a non-trial resolution
agreement and whether there is a need to impose an external
compliance monitor.4
Companies and their compliance personnel are not in the dark
with respect to the DOJ’s and the SEC’s expectations. As
explained in Chapter 3, although there are ‘no formulaic
requirements’,5 the guidelines set forth in the
DOJ’s ‘Evaluation of Corporate Compliance Programs’
(ECCP) in particular set the stage for the assessment of corporate
compliance efforts.6 The ECCP, which was issued in
February 2017 and most recently updated in June 2020, contains the
most comprehensive discussion of the government’s expectations
with respect to compliance and is intended to assist prosecutors in
evaluating compliance programmes as part of their enforcement
decisions. The ECCP is structured around three fundamental
questions: whether a compliance programme (1) is ‘well
designed’, (2) ‘adequately resourced and empowered to
function effectively’ and (3) works in practice.7 In
short, the government is looking for more than a ‘paper
programme’. This position was well illustrated in a recent
statement by Assistant Attorney General (AAG) Kenneth A Polite Jr,
who noted that the government wants ‘to know more than dollars,
headcount, and reporting lines’; will review the
‘qualifications and expertise of key compliance personnel and
other gatekeeper roles’; and wants to see that ‘compliance
officers have adequate access to and engagement with the business,
management, and the board of directors’.8
Enforcement actions arising from compliance deficiencies
Lack of robust policies and internal controls, inadequate
enforcement of adequate policies or controls, or other compliance
failures can give rise to civil and criminal liability for
companies. In the anti-corruption space in particular, enforcement
actions often arise from companies’ inability to design and
implement anti-corruption compliance measures to adequately address
their operational risks. The DOJ’s and the SEC’s
‘Resource Guide to the Foreign Corrupt Practices Act’ (the
FCPA Resource Guide) highlights that an ‘assessment of a
company’s compliance program, including its design and good
faith implementation and enforcement, is an important part of the
government’s assessment of whether a violation occurred, and if
so, what action should be taken’.9
The examples below from recent FCPA enforcement actions
highlight some key considerations for companies looking to better
implement and scale their compliance programmes. These enforcement
actions serve as a helpful illustration of the DOJ’s and the
SEC’s standards with respect to compliance, as well as a
warning of the severity of consequences that can follow when the
government’s expectations are not met.
The need to fully implement compliance policies
From an enforcement perspective, establishing a compliance
programme is a necessary step, but certainly not a sufficient one.
Although companies can place a lot of emphasis on designing robust
policies, it is essential to implement and test equally robust
processes to support those policies, because companies may face
exposure for failing to follow their own compliance policies. In
2018, the SEC charged medical devices company Stryker with
violations of the FCPA’s books and records and internal
accounting controls provisions in connection with its business in
India, China and Kuwait. This was the second time in five years
that the company had been charged with FCPA
violations.10 Although Stryker had anti-corruption
policies and internal controls in place, the SEC found that the
company ‘failed to sufficiently implement its
policies’.11 Of particular note, the SEC found that
Stryker failed to follow its own policies that required due
diligence and training of sub-distributors in China, and, in
Kuwait, failed to test whether its distributor would allow the
company to exercise its audit rights or otherwise assure that it
was complying with Stryker’s anti-bribery policy. Stryker
agreed as part of the resolution to retain a compliance consultant
to review and evaluate its internal controls, policies and
procedures.12
The importance of adequate accounting controls
Internal accounting controls are an important consideration for
US issuers in particular. In 2022, Korean telecommunications
company KT Corporation paid US$6.3 million to settle charges that
it used slush funds to give gifts and illegal political
contributions in Korea, as well as using an intermediary to
generate funds to pay bribes to government officials in
Vietnam.13 The SEC highlighted deficiencies in KT
Corporation’s internal accounting controls, noting that the
company ‘lacked sufficient internal accounting controls over
charitable donations, third-party payments, executive bonuses, and
gift card purchases’.14
Ensure senior support
Both the DOJ and the SEC have repeatedly noted the importance of
ensuring that a company’s compliance function has the strong
support of senior executives and the board of directors. This
includes ‘tone at the top’. In 2020, US-based consumer loan
company WAC resolved FCPA charges relating to its Mexican
subsidiary. The SEC called out WAC’s management for having a
tone at the top that ‘did not support robust internal audit and
compliance functions, and undermined the effectiveness of those
functions’.15 In fact, WAC terminated the internal
audit vice president after he raised compliance concerns, combined
internal audit and compliance functions and imposed staffing
pressure, and allowed a general counsel with no prior audit or
accounting experience to be in charge of the combined
function.16 The company paid US$21.7 million to resolve
the SEC’s charges.
Ensure sufficient compliance resources
Successful implementation of compliance policies and procedures
is contingent on sufficient resource allocation into compliance.
Companies that have established policies without adequate resources
can still run into trouble. In 2019, the SEC charged the global oil
and gas services company TechnipFMC plc with violations of the
FCPA’s provisions on anti-bribery, books and records, and
internal accounting controls in connection with payments made to a
consultant who in turn paid bribes to Iraqi government
officials.17 The company agreed to pay US$5 million to
settle with the SEC. Notably, the SEC’s order highlighted that
TechnipFMC ‘devoted insufficient resources to compliance
concerning its Iraq business’.18
Proper scaling of compliance programmes in international
expansion
Aggressive international expansion, including through
acquisition of foreign entities, can significantly heighten
companies’ compliance risks. Several large FCPA actions in
recent years arose from situations in which companies did not
adequately scale their compliance programmes as they expanded their
foreign operations into high-risk jurisdictions. For instance, in
2019, US-based Walmart Inc settled the DOJ’s and the SEC’s
FCPA investigations that alleged the company was ‘valu[ing]
international growth and cost-cutting over
compliance’.19 Walmart paid US$282 million to settle
charges that it violated the FCPA’s provisions on books and
records and internal controls relating to its subsidiaries in
Mexico, Brazil, India and China.20
Similarly, in 2021, London-based WPP plc, the world’s
largest advertising company, settled FCPA charges regarding the
advertising agency’s subsidiaries in India, China, Brazil and
Peru.21 WPP had aggressively grown to employ
approximately 100,000 people at more than 3,000 locations in 112
countries,22 but despite the ‘known corruption and
fraud risks inherent’ in its acquisitions (where founders and
chief executive officers (CEOs) of the acquired entities retained
significant control over local operations), WPP did not have a
compliance department or proper coordination between its legal,
internal audit and other units responsible for managing local
subsidiaries.23
Finally, in 2022, the waste management company Stericycle
settled parallel civil and criminal charges brought by US and
Brazilian authorities in respect of bribery of foreign officials in
Argentina, Brazil and Mexico.24 According to
Stericycle’s settlement papers, while expanding through
acquisitions of local and regional businesses in Latin America, the
company maintained a mostly decentralised compliance department and
accounting processes.25 The SEC announced its settlement
order with a warning for rapidly expanding companies:
‘Companies in pursuit of global expansion cannot disregard the
need for appropriate controls.’26
Compliance considerations in government reporting and
settlement discussions
In active enforcement actions, compliance programmes are
evaluated at several stages of a company’s dialogue with the
government, and are an important factor in the government’s
decisions about the scale and structure of resolutions for
companies seeking a settlement. First, compliance considerations
are specifically cited among the factors that prosecutors must
consider when making charging decisions (i.e., The Principles of
Federal Prosecution of Business Organizations,27 known
as the Filip Factors). Second, the strength of a compliance
programme and a company’s remediation and enhancements are
considered when awarding discounts on penalties. And third,
compliance is, of course, the key consideration when authorities
decide whether to impose an external monitor.
In light of this approach, companies engaged in a reporting
relationship with the US authorities tend to place significant
emphasis on proactively approaching compliance enhancements during
the course of an investigation and in anticipation of settlement
discussions, including to maximise available discounts and to
mitigate the burden and costs of a monitorship. As the DOJ’s
and the SEC’s expectations have become clearer through
enforcement actions and formal policies, companies have become more
sophisticated in their approach to remediation. In the past,
compliance presentations to the authorities may have focused almost
entirely on the contents of the company’s code of conduct and
other policies; nowadays, companies are advised to provide more
practical information to the government on their compliance
programmes and explain exactly how they are implemented, tested and
monitored over time.
Filip Factors
The maturity of a compliance programme is one of the factors
that prosecutors consider in determining whether and what charges
to bring in the first place. The DOJ’s Filip Factors list 11
considerations that companies should expect to discuss when seeking
to convince the government not to bring charges or when negotiating
a settlement, including two that specifically relate to a
company’s compliance programme.28 With respect to
compliance, prosecutors are instructed to consider (1) the adequacy
and effectiveness of the compliance programme at the time of the
alleged misconduct and at the time of a charging decision, and (2)
remedial actions, including any efforts to implement an adequate
and effective corporate compliance programme or to improve an
existing one.29
Of course, compliance programmes, even those that specifically
prohibit the misconduct at issue, are not themselves sufficient to
justify not charging a corporation,30 but the existence
of a robustly enforced and risk-tailored programme ‘may be
considered in determining whether the employee in fact acted to
benefit the corporation’, which then enables a prosecutor to
determine ‘whether the corporation has adopted and implemented
a truly effective compliance program that, when consistent with
other federal law enforcement policies, may result in a decision to
charge only the corporation’s employees and agents or to
mitigate charges or sanctions against the
corporation’.31
Enforcement authorities consider ‘reform’ as a factor in
evaluating a corporation’s remedial efforts. Accordingly, the
government recognises that although the inadequacy of a compliance
programme may be to the corporation’s disadvantage, ‘quick
recognition of the flaws in the program and [the corporation’s]
efforts to improve the program are also factors to consider as to
the appropriate disposition of a case’.32 The Filip
Factors demonstrate that compliance efforts do not have to be
perfect to earn credit in a resolution, but there has to be
proactive participation by the corporation at every stage.
The Filip Factors’ expectations for compliance programmes
are very similar to the ECCP factors discussed above. Consistent
with this practical approach, in applying the Filip Factors, the
government will consider, among other elements:
-
- the company’s culture of compliance;
-
- resources dedicated to compliance;
-
- the quality, experience, compensation, promotion and reporting
structure of personnel involved in compliance;
- the quality, experience, compensation, promotion and reporting
-
- the compliance function’s level of authority and
independence and the availability of compliance expertise to the
board;
- the compliance function’s level of authority and
-
- the effectiveness of risk assessments and their use in
tailoring the programme; and
- the effectiveness of risk assessments and their use in
-
- auditing of the compliance programme.33
The key takeaway is that an effective compliance programme is
not derived through a one-size-fits-all approach, but rather
adapted to the company’s specific circumstances and evaluated,
in part, based on a company’s size and
resources.34
The government’s standards are again reflected in
enforcement actions that cite to compliance enhancements. For
instance, in 2020, the DOJ announced the landmark US$3.9 billion
global settlement with Airbus, involving FCPA charges, which was
coordinated with enforcement authorities in France and the United
Kingdom. The DOJ’s deferred prosecution agreement (DPA) with
Airbus referenced a number of compliance enhancements undertaken by
Airbus.35 The company was recognised for, among other
initiatives, its hiring of new legal and compliance leadership,
application of enhanced due diligence procedures, provision of
additional compliance training to employees, enhancements relating
to management of third-party relationships, and ongoing reviews of
its compliance programme36 Partly because of its
remediation efforts and the state of its compliance programme at
the time of the resolution, Airbus was not required to retain an
independent compliance monitor.
Similarly, in announcing Stericycle’s resolution in 2022,
the SEC explained that the company did not have sufficient controls
or a compliance department in place at the time of alleged
misconduct to ‘prevent or even detect the
misconduct’.37 The DOJ and the SEC noted the
company’s remediation in that regard:
-
- divestment of problematic subsidiaries in Argentina and
Mexico;
- divestment of problematic subsidiaries in Argentina and
-
- termination of relationships with problematic employees and
third parties;
- termination of relationships with problematic employees and
-
- strengthening of its corporate governance by appointing new
senior management and directors;
- strengthening of its corporate governance by appointing new
-
- enhancement of its compliance infrastructure by hiring more
local compliance personnel and an experienced chief ethics and
compliance officer (who reports directly to the CEO and chair of
the board’s audit committee);
- enhancement of its compliance infrastructure by hiring more
-
- updates to relevant policies and procedures; and
-
- enhancement of internal reporting and risk assessment processes
and anti-corruption compliance training.38
- enhancement of internal reporting and risk assessment processes
Remediation incentives
The best illustration of monetary incentives the authorities
provide to incentivise compliance enhancements is the DOJ’s
‘Corporate Enforcement Policy’, which provides –
initially in the FCPA space but now also more broadly – that
voluntary self-disclosure, full cooperation, and timely and
appropriate remediation can yield a 50 per cent reduction off the
low end of the US Sentencing Guidelines39 fine range (or
25 per cent absent self-disclosure).40
In practice, the remediation prong is satisfied by companies
taking disciplinary action against wrongdoers, terminating
problematic third-party relationships and payment streams, and
enhancing their compliance programmes to better discourage, detect
and prevent future violations. The DOJ has made it clear that
‘[i]mplementation of an effective compliance and ethics
program’ is required to receive full remediation
credit.41
By way of example, in June 2021, Amec Foster Wheeler Energy
Limited, a subsidiary of a UK-based global engineering company,
concluded a DPA with the DOJ to settle charges in respect of a
bribery scheme in Brazil.42 The company received the
full 25 per cent cooperation and remediation discount because,
among other factors, it engaged in significant remedial measures,
such as ‘implementation of enhanced policies, procedures and
internal controls relating to . . . anti-corruption compliance,
including retention and management of commercial agents’, as
well as enhancements to its training and internal reporting
programmes, and dismissal of certain employees.43
Similarly, when Deutsche Bank AG settled FCPA and market
manipulation charges with the DOJ in January 2021, it received a 25
per cent discount off the middle of the Sentencing Guidelines
range.44 Its DPA noted that Deutsche Bank engaged in
remedial measures, including ‘significantly’ enhancing its
internal controls and anti-corruption programme, and its
third-party intermediary programme on a global basis.45
The Deutsche Bank DPA imposed requirements that all third-party
arrangements be approved and be reviewed annually by the
company’s anti-corruption function, and enhanced due diligence
procedures and practices in respect of
intermediaries.46
Compliance monitors
One of the most tangible incentives for compliance enhancements
is the potential avoidance of an external monitor. The government
views monitors as ‘effective tools for strengthening corporate
compliance programs’47 and as ‘allies’ to
compliance personnel in creating ‘lasting, sustainable change
in corporate culture’.48 From a company’s
perspective, however, the imposition of a multi-year monitorship is
not only costly, but burdensome and potentially even disruptive to
its operations.
The DOJ Office of the Deputy Attorney General’s memorandum
of October 2021 (the Monaco Memorandum) outlines the
government’s updated considerations regarding the imposition of
monitors in corporate resolutions. The Monaco Memorandum recognises
that independent corporate monitors can be an ‘effective
resource in assessing a corporation’s compliance’ with the
terms of a resolution and an ‘effective means of reducing the
risk of repeat misconduct and compliance lapses identified during a
corporate criminal investigation’.49 Prosecutors are
instructed to consider when determining whether an external monitor
is appropriate: ‘(1) the potential benefits that employing a
monitor may have for the corporation and the public, and (2) the
cost of a monitor and its impact on the operations of a
corporation.’80 In civil cases, the government can
also require that a company retain an independent compliance
consultant or monitor to ‘provide an independent, third-party
review of the company’s internal
controls’.51
Although the DOJ and the SEC each can impose corporate monitors,
their approach to monitorships has varied over the years. For
instance, between 2015 and 2019, the government imposed monitors in
approximately 20 per cent of FCPA resolutions, but then no monitors
in 2020 and 2021. In 2021, the DOJ reversed Trump-era guidance that
corporate monitors should be imposed as the exception rather than
the rule, noting that prosecutors will consider a monitor where a
compliance programme is ‘untested, ineffective, inadequately
resourced, or not fully implemented at the time of a
resolution’.52 The DOJ invoked that language when
imposing monitors on Stericycle and Glencore in 2022. Stericycle
received a two-year monitorship as the company had ‘enhanced
and has committed to continuing to enhance its compliance
program’,53 while Glencore received a three-year
monitorship (the standard term) because the DOJ found that its
compliance enhancements were new and ‘have not been fully
implemented or tested to demonstrate that they would prevent and
detect similar misconduct in the future’.54 These
recent decisions indicate that partial but incomplete remediation
may nevertheless result in an undesirable monitorship.
Reporting on compliance to enforcement authorities
In light of the above-mentioned incentives for compliance
remediation, companies often consider a more proactive approach to
compliance enhancements in preparation and during a dialogue with
enforcement authorities. For instance, a company dealing with an
issue that arose from third-party relationships may not only
terminate problematic relationships but also undertake a broader
audit or risk-based review of third-party relationships. Similarly,
issues relating to interÂnational operations may prompt a
company to undertake broader risk-based assessments in any
high-risk jurisdictions in which they operate. These strategies are
all intended to better position a company to maximise the
cooperation and remediation credit and stave off the imposition of
a monitor.
In a typical reporting relationship, companies will deliver a
presentation to the government on their compliance programme and
related enhancements and then respond to any enquiries and requests
from the government for further information relating to their
compliance efforts. The presentation can be a standalone
remediation presentation or, especially in DOJ actions, included in
the Filip Factors presentation, where company representatives meet
with enforcement officials to present the company’s position on
factors the agencies are known to consider in their charging and
settlement decisions.
Importantly, during those presentations, companies will often
face experienced compliance specialists at the other side of the
table because the agencies have continued to invest in their
internal compliance expertise. For instance, in 2015, the DOJ
retained a full-time compliance expert, Hui Chen, to assist
prosecutors when evaluating corporate compliance programmes as part
of enforcement actions. Chen was highly regarded in her role but
left the post in 2017, citing differences with the Trump
administration.55 After several years without clear
direction about the role, the DOJ hired Lauren Kootman in March
2021 as a trial attorney and compliance specialist.56
Kootman’s appointment coincided with the DOJ’s move towards
building a team of dedicated compliance specialists. In March 2022,
AAG Polite announced that the DOJ had ‘revamped’ the
Criminal Division Fraud Section’s former Strategy, Policy, and
Training Unit into the Corporate Enforcement, Compliance, and
Policy Unit (CECP) with new management comprised of
‘prosecutors and former compliance and defense lawyers with
deep experience in compliance, monitorships, and corporate
enforcement matters’ and plans to continue building up the
group.57 CECP attorneys assess reports submitted by
companies and evaluate progress by reviewing and testing compliance
programmes and making enhancements, where necessary, to ensure that
companies have ‘effective and sustainable’ compliance
programmes.58
With this additional expertise on the government side, companies
would be well advised to make their compliance presentations
concrete and practical and ensure they are supported by metrics and
data. Enforcement officials pay particular attention to answers
provided by companies during Filip Factors presentations, which can
be a real sign of the effectiveness of compliance
programmes.59 According to recent guidance provided by
AAG Polite,60 companies preparing for compliance
presentations should keep in mind some important points:
-
- Companies making presentations ‘will face tough and
probing’ questions. The government expects companies to
‘demonstrate how a compliance program has been upgraded to
address the root cause of the misconduct, and how it is being
tested and updated to ensure that it is sustainable and adaptable
to changing risk’.61
- Companies making presentations ‘will face tough and
-
- The government expects active and meaningful participation from
the company’s chief compliance officer (CCO) (or equivalent
position), who should be ‘leading the compliance presentation
and demonstrating knowledge and ownership of the compliance
program’.62 In fact, Polite noted that the general
counsel’s answering of a question that the DOJ posed to the CCO
during a recent Filip Factors presentation demonstrated to Polite
‘literally and figuratively’ that the CCO had ‘no voice
in that organization’.63
- The government expects active and meaningful participation from
-
- In addition to the CCO, other senior management is encouraged
to participate in discussions, take ownership of their role in
compliance, and demonstrate ‘commitment to
compliance’.64
- In addition to the CCO, other senior management is encouraged
In summary, enforcement authorities focus on evaluating
compliance programmes throughout the enforcement life cycle. The
government takes into consideration a company’s compliance
structure and efforts in (1) assessing any potential remediation
credits, (2) making charging decisions, and (3) determining
continuing reporting obligations or the need for an external
monitor. Companies and their key personnel are expected to
demonstrate thoughtful and active engagement throughout the entire
process.
Post-settlement compliance enforcement
US authorities’ compliance enforcement does not stop with a
negotiated resolution. A standard negotiated agreement, whether a
DPA or a non-prosecution agreement (NPA), even in the absence of an
external monitor, sets out continuing obligations with respect to
maintenance of an effective compliance programme.65
There are two recent trends that point to the government’s
increasing focus on enforcement of those commitments.
First, the DOJ now requires a certification from
corporations’ CEOs and CCOs at the end of a DPA or NPA that the
company’s compliance programme is ‘reasonably designed and
implemented to detect and prevent violations of the law . . . and
is functioning effectively’.66 When this new
certification requirement was announced by AAG Polite in March
2022, he insisted that this step, rather than punitive, is intended
to ’empower’ CCOs by ensuring that they have data and
access to ‘all relevant compliance-related information and can
voice any concerns they may have prior to
certification’.67 It remains to be seen whether the
DOJ will require this certification in every case or just in those
that it views as egregious.
Second, the DOJ’s recently increased scrutiny of non-trial
resolutions, and allegations of DPA breaches, further emphasise the
importance of maintaining robust compliance programmes even after a
settlement is reached. In October 2021, and again in March 2022,
Ericsson announced that the DOJ had determined that the company had
breached its 2019 DPA arising from FCPA violations.68
Ericsson’s DPA, as is standard in FCPA settlements, included an
ongoing commitment to cooperate with continued investigations and
to truthfully disclose information in response to DOJ enquiries, as
well as to proactively report any newly uncovered evidence or
allegations of FCPA violations during the DPA’s three-year
term.69 The agreement provided that if the DOJ
determined that Ericsson had breached the agreement by failing to
uphold its obligations, the company could be subject to prosecution
if its explanation was not satisfactory. The first breach involved
the DOJ’s determination that Ericsson had failed to provide
certain disclosures of relevant documents and factual
information.70 The second breach concerned insufficient
disclosures made by Ericsson to the DOJ about its internal
investigation into misconduct in Iraq.71
The first Ericsson breach announcement came at a time when US
enforcement authorities had emphasised their commitment to holding
companies accountable to their agreements with the government. In
an October 2021 speech, the DOJ’s principal Associate Deputy
Attorney General John Carlin warned companies with DPAs and other
negotiated agreements that the agency would ‘make sure that
those who get the benefit of such an arrangement comply with their
responsibility[] [a]nd if not, [companies] should expect to see
serious repercussions’. Carlin specified that violations of
DPAs ‘may result in punishment greater than the original
sentence’.72
Following Ericsson’s second breach, DOJ prosecutors found in
March 2022 that Deutsche Bank had also violated its 2021 DPA
arising from FCPA and market manipulation charges.73 DOJ
prosecutors determined that Deutsche Bank had violated its DPA by
failing to timely disclose a whistleblower complaint regarding the
bank’s investments in environmental, social and governance
initiatives, which was discovered by the DOJ from media
reports.74 As a result of the breach, Deutsche
Bank’s monitorship was extended for another year (i.e., until
February 2023).75
Overall, these examples demonstrate unequivocally that
successful compliance and remedial efforts must continue past the
point of a resolution of a white-collar matter. As Deputy Attorney
General Lisa Monaco announced in October 2021, DPAs and NPAs are
not a ‘free pass’, and violation of their obligations carry
significant risk of harsher enforcement.76
Conclusion
Enforcement history, government guidance and recent trends all
point in the same direction: compliance is a critical aspect of
corporate enforcement in the United States. Companies subject to US
jurisdiction are advised to make a concerted and continuous effort
towards building and maintaining an effective compliance programme
to prevent wrongdoing or, should an issue arise, position
themselves favourably during interactions with enforcement
authorities and maximise the prospect of securing a successful
resolution. The government is clear in expecting a carefully
planned, well-resourced and flexible compliance programme that can
be adapted to changes in the circumstances and size of a
business.
As described above, compliance programmes affect every part of a
company’s interactions with US enforcement authorities.
Authorities expect proactive efforts by companies to implement
tailored compliance programmes to address their main risks and
prevent the types of misconduct most likely to occur in their
businesses. For companies that find themselves subject to
government inquiries, authorities closely evaluate compliance
programme maturity during the course of their investigations and
account for compliance enhancements when considering charging
decisions, and – if deciding to proceed – the nature
and structure of resolutions, the amount of penalties and the need
for an external monitor. And because resolutions impose continuing
obligations regarding maintenance and enhancement of compliance
programmes, the emphasis on compliance does not stop with a
negotiated resolution. In short, as the government continues to
warn, it pays to invest in compliance early.
Footnotes
1. Kara Brockmeyer is a partner, Ivona Josipovic is a
counsel and Andreas A Glimenakis and Berk Guler are associates at
Debevoise & Plimpton LLP.
2. See, e.g., Justice Manual (JM) § 9-28.800, at https://www.justice.gov/jm/jm-9-28000
-principles-federal-prosecution-business-organizations (last
accessed 6 July 2022) (‘The Department encourages such
corporate self-policing, including voluntary disclosures to the
government of any problems that a corporation discovers on its
own.’).
3. U.S. Dep’t of Justice (DOJ), ‘Assistant
Attorney General Kenneth A. Polite Jr. Delivers Remarks at NYU
Law’s Program on Corporate Compliance and Enforcement
(PCCE)’ (25 March 2022) (Polite Speech), https://www.justice.gov/opa/speech/assistant-attorney
-general-kenneth-polite-jr-delivers-remarks-nyu-law-s-program-corporate
(last accessed 6 July 2022).
4. See DOJ, Criminal Division, ‘Evaluation of
Corporate Compliance Programs’ (updated June 2020) (ECCP), https://www.justice.gov/criminal-fraud/page/file/937501/download
(last accessed 6 July 2022); DOJ, Criminal Division and U.S. Sec.
& Exch. Comm’n (SEC), Enforcement Division, ‘A Resource
Guide to the U.S. Foreign Corrupt Practices Act’, Second
Edition (July 2020) (FCPA Resource Guide), https://www.justice.gov/criminal-fraud/file/1292051/download
(last accessed 6 July 2022) (noting that ‘DOJ and SEC also
consider the adequacy of a company’s compliance program at the
time of the misconduct and at the time of the resolution when
deciding what, if any action, to take’).
5. JM, § 9-28.800, cmt.
6. See ECCP (op. cit. note 4).
7. ibid., at 2. See Chapter 3 for additional
discussion.
8. Polite Speech (op. cit. note 3, above).
9. FCPA Resource Guide (op. cit. note 4), at
56–57.
10. SEC, Press Release No. 2018-222, ‘SEC Charges
Stryker a Second Time for FCPA Violations’ (28 September 2018),
https://www.sec.gov/news/press-release/2018-222
(last accessed 6 July 2022).
11. In re Stryker Corporation, Securities
Exchange Act of 1934 Rel. No. 84308, Accounting and Auditing
Enforcement Rel. No. 3990, Admin. Proc. File No. 3-18853,
¶¶ 5–7 (28 September 2018), https://www.sec.gov/litigation/admin/2018/34-84308.pdf
(last accessed 6 July 2022).
12. ibid., at ¶ V(D)(6).
13. In re KT Corporation, Securities Exchange
Act of 1934 Rel. No. 94279, Admin. Proc. File No. 3-20780 (17
February 2022), https://www.sec.gov/litigation/admin/2022/34-94279.pdf
(last accessed 6 July 2022).
14. SEC, Press Release No. 2022-30, ‘Largest South
Korean Telecommunications Co. Agrees to Pay the SEC to Settle FCPA
Charges’ (17 February 2022), https://www.sec.gov/news/
press-release/2022-30 (last accessed 6 July 2022).
15. In re World Acceptance Corporation,
Securities Exchange Act of 1934 Rel. No. 89489, Accounting and
Auditing Enforcement Rel. No. 4158, Admin. Proc. File No. 3-19905
(6 August 2020), https://www.sec.gov/litigation/admin/2020/34-89489.pdf
(last accessed 6 July 2022).
16. ibid., at ¶ 14.
17. In re TechnipFMC plc., Securities Exchange
Act of 1934 Rel. No. 87055, Accounting and Auditing Enforcement
Rel. No. 4087, Admin. Proc. File No. 3-19493 (23 September 2019),
https://www.sec.gov/litigation/admin/2019/34-87055.pdf
(last accessed 6 July 2022). TechnipFMC also entered into a
parallel resolution with the DOJ in relation to bribery schemes in
Brazil and Iraq. See DOJ, Press Release No. 19-714, ‘TechnipFMC
Plc and U.S.-Based Subsidiary Agree to Pay Over $296 Million in
Global Penalties to Resolve Foreign Bribery Case’ (25 June
2019), https://www.justice.gov/opa/pr/technipfmc-plc
-and-us-based-subsidiary-agree-pay-over-296-million-global-penalties-resolve
(last accessed 6 July 2022).
18. ibid., at ¶ 8.
19. SEC, Press Release No. 2019-102, ‘Walmart Charged
With FCPA Violations’ (20 June 2019), https://www.sec.gov/news/press-release/2019-102
(last accessed 6 July 2022).
20. In re Walmart Inc., Securities Exchange Act
of 1934 Rel. No. 86159, Accounting and Auditing Enforcement Rel.
No. 4054, Admin. Proc. File No. 3-19207 (20 June 2019), https://www.sec.gov/litigation/admin/2019/34-86159.pdf
(last accessed 6 July 2022).
21. In re WPP plc, Securities Exchange Act of
1934 Rel. No. 93117, Accounting and Auditing Enforcement Rel. No.
4257, Admin. Proc. File No. 3-20595 (24 September 2021), https://www.sec.gov/litigation/admin/2021/34-93117.pdf
(last accessed 6 July 2022).
22. ibid., at ¶ 6.
23.ibid., at ¶ 7.
24. See Deferred Prosecution Agreement, United States
of America v. Stericycle, Inc., Case No. 22-cr-20156-KMM (S.D.
Fla. 18 April 2022) (Stericycle DPA), https://www.justice.gov/opa/press-release/file/1496416/download
(last accessed 6 July 2022); In re Stericycle, Inc.,
Securities Exchange Act Release No. 94760 (20 April 2022)
(Stericycle Order), https://www.sec.gov/litigation/admin/2022/34-94760.pdf
(last accessed 6 July 2022).
25. Stericycle Order (op. cit. note 24), at ¶¶
4–7.
26. SEC, Press Release No. 2022-65, ‘SEC Charges
Stericycle with Bribery Schemes in Latin America’ (20 April
2022) (Stericycle Press Release), https://www.sec.gov/news/ press-release/2022-65
(last accessed 6 July 2022).
27. JM § 9-28.300 (Filip Factors).
28. Filip Factors (op. cit. note 27).
29. The DOJ clarifies that the Filip Factors do not
constitute an exhaustive list, and some factors may not apply to
individual cases. ibid., at cmt.
30. JM § 9-28.800 at cmt. (‘The existence of a
corporate compliance program, even one that specifically prohibited
the very conduct in question, does not absolve the corporation from
criminal liability under the doctrine of respondeat
superior.’).
31. id. (citing United States v. Beusch, 596
F.2d 871, 878 (9th Cir. 1979)).
32. JM § 9-28.1000.
33. JM § 9-47.120(3)(c).
34. id.
35. Deferred Prosecution Agreement, United States of
America v. Airbus SE, Case No. 1:20-cr-00021-TFH (D.D.C. 31
January 2020), https://www.justice.gov/criminal-fraud/file/1242051/download
(last accessed 6 July 2022).
36. ibid., at ¶ 4, paras. (d) and (e).
37. Stericycle Press Release (op. cit. note
26).
38. Stericycle DPA (op. cit. note 24), at ¶ 4(d);
Stericycle Order (op. cit. note 24), at ¶¶
27–28.
39. United States Sentencing Commission, ‘Guidelines
Manual 2021’.
40. JM § 9-47.120.
41. JM § 9-47.120(3).
42. See Deferred Prosecution Agreement, United States
of America v. Amec Foster Wheeler Energy Limited, Case No.
21-cr-298 (KAM) (E.D.N.Y. 25 June 2021) (Amec Foster DPA), https://www.justice.gov/opa/press-release/file/1411296/download
(last accessed 6 July 2022).
43. ibid., at ¶ 4.
44. See Deferred Prosecution Agreement, United States
of America v. Deutsche Bank Aktiengesellschaft, Case No.
20-00584 (RPK) (RML) (E.D.N.Y. 8 January 2021) (Deutsche Bank DPA),
https://www.justice.gov/opa/press-release/file/1360741/download
(last accessed 6 July 2022).
45. ibid., at ¶ 4.
46. id.
47. Polite Speech (op. cit. note 3, above).
48. Id.
49. DOJ, Memorandum from the Deputy Attorney General
(Lisa O. Monaco), ‘Corporate Crime Advisory Group and Initial
Revisions to Corporate Criminal Enforcement Policies’ (28
October 2021) (Monaco Memorandum), https://www.justice.gov/dag/page/file/1445106/download
(last accessed 6 July 2022).
50. ibid., at 4.
51. FCPA Resource Guide (op. cit. note 4), at
74.
52. Monaco Memorandum (op. cit. note 49), at
4.
53. Stericycle DPA (op. cit. note 24), at ¶
4.
54. DOJ, Press Release No. 22-176, ‘Glencore Entered
Guilty Pleas To Foreign Bribery And Market Manipulation
Conspiracies’ (24 May 2022), https://www.justice.gov/usao-sdny/pr/glencore-entered-guilty-pleas-foreign-bribery-and-market-manipulation-conspiracies
(last accessed 6 July 2022).
55. Clara Hudson, ‘DOJ makes good on compliance
hiring pledge’, Global Investigations Review (2 March
2021), https://globalinvestigationsreview.com/just-anti-corruption/doj-makes
-good-compliance-hiring-pledge (last accessed 6 July 2022). It
was also recognised at the time by former AAG Brian Benczkowski
that the consolidation of compliance expertise in a single person
created ‘inherent limitations’.
56. Dylan Tokar, ‘Justice Department’s Foreign
Bribery Unit Adds Prosecutors, Compliance Expertise’, The
Wall Street Journal (8 March 2021) https://www.wsj.com/articles/justice
-departments-foreign-bribery-unit-adds-prosecutors-compliance-expertise-11615199402
(last accessed 6 July 2022).
57. Polite Speech (op. cit. note 3, above).
58. id.
59. Adam Dobrik, ‘Andrew Wiessman: A key question in
the Filip factors presentation’, Global
Investigations Review (23 May 2016), https://globalinvestigationsreview.com/
just-anti-corruption/andrew-weissmann-key-question-in-the-filip-factors-presentation
(last accessed 6 July 2022).
60. Polite Speech (op. cit. note 3, above).
61. id.
62. id.
63. Kyle Brasseur, ‘DOJ’s Kenneth Polite to CCOs:
Tell me your compliance success stories’, Compliance
Week (17 May 2022), https://www.complianceweek.com/regulatory-enforcement/dojs-kenneth-polite-to-ccos-tell-me-your-compliance-success
-stories/31692.article (last accessed 6 July 2022).
64. id.
65. See, e.g., Deferred Prosecution Agreement, United
States v. Herbalife Nutrition Ltd., Document 4-1, Letter to
Patrick F. Stokes, et al., Case 1:20-cr-00443-GHW, Attachment C (1
September 2020), https://www.justice.gov/criminal/fraud/fcpa/cases/herbalife
-nutrition-ltd (last accessed 6 July 2022). Through Attachment
C of a DPA, the company makes representations regarding its efforts
to enhance and enforce its compliance policies and procedures.
Attachment C also sets out the parameters of the required
compliance programme, and the company’s reporting obligations
to the government.
66. Polite Speech (op. cit. note 3, above). See Plea
Agreement, United States v. Glencore International A.G.,
¶ 9 (S.D.N.Y. 24 May 2022), https://www.justice.gov/usao-sdny/press-release/file/1508166/download
(last accessed 6 July 2022).
67. Polite Speech (op. cit. note 3, above).
68. Deferred Prosecution Agreeement, United States v.
Telefonaktiebolaget LM Ericsson, Letter to Cheryl J. Scarboro,
et al. (26 November 2019), https://www.justice.gov/usao-sdny/press-release/file/1224261/download
(last accessed 6 July 2022).
69. ibid., at ¶ 5.
70. Telefonaktiebolaget LM Ericsson, Press Release,
‘Update on Deferred Prosecution Agreement’ (21 October
2021), https://www.ericsson.com/en/press-releases/2021/10/update-on-deferred-prosecution-agreement
(last accessed 6 July 2022).
71. Telefonaktiebolaget LM Ericsson, Press Release,
‘Update on Deferred Prosecution Agreement’ (2 March 2022),
https://www.ericsson.com/en/press-releases/2022/3/
update-on-deferred-prosecution-agreement (last accessed 6 July
2022).
72. ‘John Carlin on stepping up DOJ corporate
enforcement’, Global Investigations Review (11 October
2021), https://globalinvestigationsreview.com/news-and-features/in-house/
2020/article/john-carlin-stepping-doj-corporate-enforcement
(last accessed 6 July 2022).
73. See Deutsche Bank DPA (op. cit. note 44).
74. Patricia Kowsmann, ‘Deutsche Bank Violates DOJ
Settlement, Agrees to Extend Outside Monitor’, The Wall
Street Journal (11 March 2022), https://www.wsj.com/articles/
deutsche-bank-violates-doj-settlement-agrees-to-extend-outside-monitor-11647016959
(last accessed 6 July 2022).
75. id.
76. DOJ, ‘Deputy Attorney General Lisa O. Monaco
Gives Keynote Address at ABA’s 36th National Institute on White
Collar Crime’ (28 October 2021), https://www.justice.gov/opa/
speech/deputy-attorney-general-lisa-o-monaco-gives-keynote-address-abas-36th
-national-institute (last accessed 6 July 2022).
Previously Published by Global Investigations
Review
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.