Our Voices

FCPA Enforcement Trends: Long-Term Risks and a Growing Reach

by Robert Appleton

The past 18 months have shown that there has been little reprieve from enforcement of the Foreign Corrupt Practices Act (FCPA), and convictions from long-term cases have actually increased under the current administration. Domestically, the ability of the US law enforcement community to enforce such actions has grown considerably, while new international mechanisms have provided other countries with the ability to form parallel ways to counter government and industry-related corruption. RANE has spoken with three different experts from the network and our own internal expert to discuss how FCPA enforcement is evolving and how this law manifests itself in risk portfolios of globally-engaged companies. The common motif from these discussions — covering the legal, compliance, and investigations industries — is that the FCPA will continue to carry the same amount of regulatory strength in the United States, and that anti-corruption enforcement regimes overseas will increase in strength and in numbers.

A NEW ADMINISTRATION'S EARLY ENFORCEMENT TRENDS

In the midst of the 2016 US presidential election, then-candidate Donald Trump and many of his high-level supporters made comments that asserted anti-FCPA positions; many news sources and industry players interpreted these comments to mean that the Department of Justice (DOJ) would change its stance on enforcement of the decades-ollaw. After the presidential inauguration, however, little has changed with regard to FCPA, and long-term, multi-year investigations concluded with a higher conviction rate than in previous administrations. Attorney General Jeff Sessions and Deputy Attorney General Rod Rosenstein have both heralded the law, and multiple FCPA experts have issued guidance noting that FCPA maintains the same level of strength as it had before.

Quantifying enforcement is difficult, however, with Protiviti Managing Director (and former FBI Special Agent) Scott Moritz noting that, in response to being asked if we are in an "up or down" period for FCPA, "this is a tough thing to gauge — you cannot assess whether or not FCPA is being enforced by the number of cases, as some will be more labor intensive than others, and some cases are much larger in scope," meaning the dollar-cost of the case itself. The number, Moritz says, of FCPA actions or cases in RANE Spotlight | www.ranenetwork.com | insight@ranenetwork.com a given year is small — what matters is the level of significance the impact will be on a given organization involved in the action. It can take several years to finalize cases, through convictions, settlements, or dismissals.

A decent measure of enforcement intensity may be through gauging the corresponding intensity of punitive measures. Kevin Davis of Chess Consulting noted that fines are not the only thing that companies should be concerned about when involved in an FCPA violation; it may not even be the most taxing penalty — rather, "monitorship processes" may instead pose more of a long-term cost to companies that violate the FCPA: "The DOJ and SEC want to make sure that a company is following their own compliance programs not just to 'check the box and return to business as usual.'" Monitorship regimes are expensive, and can significantly impact a company's bottom line when it is an FCPA enforcement target. According to Moritz, "Organizations that have good compliance regimes typically only do so because they got hit by FCPA actions in the past — otherwise, compliance fatigue is a very real and common phenomenon."

Either way, international enforcement of anti-corruption is on the uptick, according to the experts. Foreign countries are trying to improve the business environment in their home countries so that investors are less apprehensive about potential risks. Davis points out that Brazilian companies, for example, have an interest in working with the government to tamp down corruption because it can improve the image of their local investment environment. Other countries' legal systems have evolved to include "deferred or non-prosecution agreements," says Moritz, that better incentivize foreign companies to cooperate in anti-corruption investigations. Evolutions in the law, coupled with the proliferation of new anti-corruption law enforcement organizations around the world, have created an environment where anti-corruption is more than just an American phenomenon; it is a global issue that covers all industries that engage in international business.

"What we have seen in practice makes sense and is consistent with DOJ policy as it has evolved under the prior and current administrations," says RANE Executive Director Serina Vash. Last November, the DAG announced that the FCPA Pilot Program would permanently become part of core DOJ policy, the FCPA Corporate Enforcement Policy, to encourage companies to self-reporting misconduct and to provide a measure of certainty in resolving cases. Several months later, the DOJ formalized its policy on cooperation, pledging to work together with foreign enforcement authorities to assure both accountability and equitable resolution of cases that are pursued by multiple agencies or in multiple jurisdictions. "Not only has little changed in terms of FCPA as a priority, but the current administration has actually enhanced enforcement policy and initiatives begun under the prior administration," Vash said.

Robert Appleton of CKR Law points out that over the past 18 months, the number of multijurisdictional FCPA cases has been "extraordinary," that through a coordinated effort by a number of national authorities- the largest cases include authorities and agencies from eight to twelve countries. "The landscape has changed, and there is more cooperation than ever in the past- national enforcement authorities cooperated at an unparalleled, never-before-seen level."

HOW DOES ENFORCEMENT START?

More than half of complaints start with whistleblowers, according to Appleton; it is an exception if the original complaint starts from the government. Perhaps there might be another government enforcement entity that may be involved, but with people having "less loyalty" to companies, whistleblower complaints have skyrocketed: "Whistleblowers can get a lot — up to 30 percent of the reward amount — I get 10 calls a week from whistleblowers," so it is generally in companies' best interest to self-report.

Davis says that it can also start when enforcers see "unique growth in foreign countries that is out of the ordinary and trends if an entity is winning a higher-than-normal number of bids." He further acknowledged that a former FCPA "pilot" program has now involved to permanent FCPA corporate enforcement policy in November 2017, whereby if "a company self-reports with respect to cooperating," it would allow for organizations to garner "points" that would reduce the enforcement action. The SEC and DOJ would then go through a deep review of the self-report, including assessing whether violating companies terminated individuals within the organization that originally committed the action: "[The enforcers] are looking for proactive, rather than reactive findings," says Davis, when a company self-reports a violation.

Appleton points out that there now exist global forums where enforcement actions might originate on a multilateral level, that the largest cases brought against Odebrecht and Petrobras came together largely because of "informal discussions" at a forum in Paris. This is also how international cooperation and informal information sharing has led to greater levels of international anti-corruption enforcement.

Moritz notes that enforcement has changed in the past three years, with the creation of special FBI FCPA enforcement teams with their own separate funding mechanisms that do not straight the 58 field offices that typically focus on their own geographic priorities only. There are now different "squads" in Washington, Los Angeles, and New York that are uniquely able to investigate and enforce FCPA actions. Just over three years since their creation, Moritz asserts that they are beginning to "hit their stride." They now have the right "partnerships, informants, and familiarity with the relevant industries—and this has become a significant force multiplier of their investigative focus."

Once there is an "understanding of relationships between all parties," by the FBI and SEC, Davis says that there is then an examination of "internal controls and policies that a company has in place to make sure that FCPA violations do not occur normally," focusing on how well these measures have been followed. All this data is synthesized to determine if there is an FCPA violation.

TARGETS OF ENFORCEMENT ACTIONS

Davis forecasts that “it will be interesting to see enforcement actions not just going against companies but against individuals who are at the core of alleged acts.” He believes that while companies used to be the primary target of FCPA enforcement investigations and actions, that individuals might begin to be punished as well. However, there are some industries that might get more attention for being potential FCPA violators, including “construction, energy, or anything dealing with infrastructure or development in a foreign country,” says Davis. Moritz breaks this down even further, noting that “anybody who manufactures a product and brings it across international borders needs to be careful of FCPA enforcement—anyone that builds anything abroad—and even sports” can potentially be impacted by these actions. He explained that FIFA and the International Olympic Committee are implementing their own anti-corruption and compliance measures.

That said, Appleton asserts that authorities do not "just sit around and say that a particular industry will be targeted." Authorities tend to take notice of any transaction when large amounts of money are transferring hands; this is why the oil and gas sector, global commercial transactions, and other high-value interactions become more vulnerable; SEC involvement with companies just makes this more likely.

In addition to the oil and gas industry, other industries that continue to see the greatest number of FCPA enforcement actions include the healthcare and pharmaceutical industries, the telecommunications industry and the banking industry, Vash added.

INTERNATIONAL APPLICATIONS OF ANTI-CORRUPTION

Deferred and non-prosecution agreements have been taken for granted in the US for a long time, but it is a fairly new concept in other countries, says Moritz: "Other legal systems never used to have this mechanism; so in other countries, companies that have been terrified of cooperating with authorities." Only recently have countries begun instituting DPAs, with France's first example occurring only in November 2017, and the UK first having authority in 2014 and actually employing DPAs in 2015, Vash added. In France, the anti-corruption agency that intends to curb these issues has only been in existence for a couple years. He mentioned Singapore, Australia, the United Kingdom, India, Malaysia, and Hong Kong as places where these sorts of laws are beginning to evolve in order to make companies feel more comfortable about reporting potential violations of anti-corruption. What this means, therefore, is that companies should not feel immune from anti-corruption laws when outside of the United States and Western Europe. Appleton said that the World Bank gives grants to countries in Africa to develop investigators and anti-corruptions regimes, that Nigeria is particularly capable in the region.

Davis agreed, emphasizing that "In England, policies have stepped up and been out in front" of other countries when it comes to anti-corruption regimes. In recent years, he claims that England has had even "more enforcement than in the United States."Anti-corruption regimes in foreign countries are becoming stronger and more robust, whereas enforcement of FCPA abroad can still be difficult (though not as difficult as it once was), since investigators "have to get so much information from abroad." Davis points out that cases can be lengthy because enforcement bodies must "identify the issue, obtain all possible documents, identify custodians and people involved in the matter, interview them, review the financial information to identify expenditures or payments, and look for patterns of payments." Internal bureaucracy can make this difficult enough—adding a foreign element can make it very daunting.

Appleton remembers, though, that in 2006, it would take two years before a country like Switzerland would produce documents to American enforcers. The high rate of document production now, however, is "unprecedented." Part of the reason this has changed is because in the past, the United States would take the fines from an enforcement action. Now, the United States shares in the rewards, fines, and other penalties; distributions are public, and other countries will diligently enforce in coordination with American authorities because of the "financial benefit."

PREACHING COMPLIANCE

All the experts would agree that avoiding FCPA action is not the most difficult thing, and Appleton even says that the level of awareness is "astounding." However, he cautions that many companies do not have a full understanding of how the law works, how broad it is, and the level of extraterritoriality that it has: "Companies commonly say 'we have no business in the US' but do not understand how multijurisdictional processes work." While foreign entities think they may not have to fully be cognizant of FCPA rules because they do not "think" they have business in the United States, they may not realize that something as simple as a dollar transfer coming through New York means that they are subject to the rule. The level of awareness is high, but the lack of understanding of how expansive the FCPA can be leads to ignorance of proper compliance and self-reporting regimes.

Moritz echoes this point, hoping that companies understand that compliance is "more than an obligation or necessary evil—it is of critical importance, with a connection between operating ethnically and how that cascades down through the organization." Efficacy in this regard can be measured by how compliance weaves into the day-to-day business operations of a firm.

Appleton believes that there are several questions companies can address within a compliance regime to substantially minimize fines: "Does the compliance program have real authority? What is the company's priority when it comes to compliance? Will a company voluntarily disclose?"

Davis further notes that compliance has to be inclusive: "some people lose sight of this—and they focus a lot on employees and making sure they are trained," but forget about contractors. "Companies need to make sure they are trained as well; don't just make sure that people under payroll are covered, but contractors need to be looked at too- particularly to folks that are 'new' to the international game." He theorizes that the importance of this extends to individuals themselves, because he believes that the trend in enforcement may be against individual "bad actors" within companies, rather than just at a higher, corporate level.

Vash added that it is absolutely critical for companies to understand what it means to send their people to foreign jurisdictions and how business processes work abroad. "You can train your people on anti-bribery and FCPA. But, if you don't have a solid understanding of what your employees are facing and how issues can present themselves in your industry and in a particular part of the world, they won't be able to translate classroom training into real-world decision making and good judgment. Our knowledge of the law is vastly different than making sure safeguards are in place to help employees navigate FCPA issues on the ground."

ABOUT THE EXPERTS

Robert Appleton, Global Chair, Government Enforcement & White Collar Practice Group, CKR Law

Robert Appleton is one of the world's leading international anti-corruption and antifraud compliance and investigations experts, having served in many lead enforcement, chief compliance, and international legal roles for more than 25 years. In the US Attorney's Office, Appleton led the DOJ's export controls, OFAC, National Security and trade prosecutions; served as lead counsel in one of the largest international money laundering cases; lead counsel in the first major prosecution of a terrorist financier; and lead counsel in one of the largest accounting fraud cases brought by DOJ, as well as several public corruption, international arms, and national racketeering cases. Upon leaving the Department in 2005, Appleton has served in a number of leading roles in anti-corruption compliance as well as leading complex internal investigations. Between 2010 and 2014 Robert served as Chief Compliance Counsel and Director of Investigations in the Inspector General's Office at the Global Fund to Fight AIDS, TB and Malaria; and then as Chief Compliance Officer at the International Rescue Committee. Appleton now leads CKR's Government Enforcement and White Collar Investigations Practice Group and focuses on helping companies minimize risks, conducting internal investigations, and pursuing civil remedies in corruption cases.

Kevin Davis, Director, Chess Consulting

Kevin Davis is a Director with Chess Consulting with more than 30 years of accounting, auditing, and consulting experience serving clients across a wide range of industries. Kevin works with companies and their legal counsel on complex investigations and litigation matters involving accounting and financial reporting irregularities, misappropriation of assets, circumvention of internal controls, and whistleblower allegations. He also advises companies and their audit committees on issues related to accounting principles, auditing standards, and financial reporting matters. Davis's experience includes white-collar criminal cases, accounting and SEC investigations, and corporate governance matters. Prior to joining Chess, Davis served as a director in the disputes and investigations practice of an international consulting firm. He was also an audit and business advisory partner at Arthur Andersen and an audit principal at EY.

Scott Moritz, Managing Director, Protiviti

As the global leader of Protiviti Forensic, Scott Moritz assists clients in managing their response to "bet the company" event-driven financial crime, misconduct and bribery investigations that entail working with company leadership, the audit committee, outside auditors, legal counsel and the law enforcement and regulatory agencies with whom the results of the investigation will eventually be shared. He has extensive experience in assisting companies to pursue avenues of recovery through asset searches and the preparation of D&O and Fidelity insurance claims. Moritz also has extensive anti-money laundering, anti-corruption and fraud risk management advisory and auditing expertise and has worked with some of the world's largest companies to strengthen their ethics and compliance, anti-corruption compliance, fraud risk management and AML programs. Moritz was previously a managing director in the Global Investigations & Compliance practice at Navigant Consulting, was among the four founding executive directors of Daylight Forensic & Advisory before its sale to Navigant, held leadership positions in the forensic practices at KPMG and PwC and served as an FBI Special Agent for nearly 10 years where he focused on white collar crime, domestic and international corruption and racketeering matters including numerous investigations of organized crime's control over private sanitation.

Serina Vash, Executive Director, Governance, Risk + Compliance; General Counsel, RANE

Serina Vash is the Executive Director of GRC and the firm's General Counsel. In her role as Executive Director of GRC, Vash assists clients in understanding and prioritizing emerging GRC risks, with a focus on public and private sector cooperation, understanding enforcement policy, and promoting ethical compliance and good governance. Prior to joining RANE, Vash was the first Executive Director of NYU Law School's Program on Corporate Compliance and Enforcement. At NYU, Vash developed the fledgling program into a leading law and policy program, dedicated to developing a richer and deeper understanding of the causes of corporate misconduct and the nature of effective enforcement and compliance. Before joining NYU, Vash served for 12 years in the US Attorney's Office for the District of New Jersey, including as Chief of the General Crimes Unit and Acting Deputy Chief of the Criminal Division. Her academic research and writing focused on enforcement policy and behavioral ethics. She speaks regularly on behavioral ethics, compliance, law enforcement policy, risk management, cybersecurity and corporate criminal investigations.

This content originally appeared on: https://application-production.cdn.ranenetwork.com/blog/wp-content/uploads/2018/11/01125644/RANE-Spotlight-FCPA-enforcement-trends.pdf