Greetings from Venice where my wife and I are spending the next few days so this blog post is my first Travel Edition of 2016. Last week I wrote about my thoughts on some of the significant Foreign Corrupt Practices Act (FCPA) criminal and civil enforcement actions from 2015 and some of the larger corruption stories across the globe. Today I want to peer into the not-to-distant veiled future of 2016 to see where enforcement and compliance may be headed going forward.
Regarding FCPA enforcement first and foremost on everyone’s mind is Wal-Mart. There are currently two versions of the Wal-Mart FCPA investigation. The first was articulated by the Pulitzer Prize winning New York Times (NYT) and its 2012 stories about massive corruption in its Mexican subsidiary, all leading to the subsidiary contributing 20% profit to the company’s bottom line for over five years. The converse version was articulated by the Wall Street Journal (WSJ) in an article from 2015 that basically said there was little evidence of bribery by the company in Mexico, although the company’s internal investigation did turn up some instances of very small bribes being paid in India. At this point it is unclear which version, if either, is correct.
What is clear is that Wal-Mart has spent massively to upgrade its compliance function, with some reports that the costs are north of $600MM. Moreover, Wal-Mart has taken its rightful place as an industry leader in talking about not only compliance but also ethics as part of its overall business strategy going forward. For those who have claimed the Wal-Mart scandal has always been much ado about nothing, they seemingly miss this key point that it is the doing of compliance that leads to more robust compliance. It was only after the NYT broke its story that Wal-Mart brought its compliance program forward into the 21st Century through this massive spending. I somehow doubt the company would be the industry leader in compliance it is today, if the NYT had not broken its story. Whatever the final fine and penalty may be, the creation of a best in class compliance program may well be the final legacy of the Wal-Mart FCPA scandal.
The Yates Memo caused quite a stir when it was announced and in subsequent Department of Justice (DOJ) public commentary throughout the fall and winter. The parameters of its mechanics are still being worked out. However the commentaries have raised some serious questions about how it will all work out in practice. One school of thought says that companies will now rush to throw lower level employees under the bus as soon as possible to protect senior level employees. Another school says that the implication is to demean the importance of an effective compliance program because you do not even get to that issue until you have identified culpable individuals and turned over that information to the DOJ. Yet another school of thought suggests that the focus of internal investigations may change from a root cause analysis to determine what happened so that remedial actions could be brought to bear; to naming names first and foremost, with the issues of underlying cause and attendant remedy to make sure the conduct does not continue or happen again moved to the back burner.
The one thing I am confident of at this point is that the Yates Memo will put even more pressure on internal investigations. Companies which may have assigned investigations to internal functionaries, whether in-house lawyers or other investigators, may now have to go to outside counsel much sooner rather than later, if they want cooperation credit going forward. Coupled with the expansion of whistleblower protections and whistleblower complaints to Securities and Exchange Commission (SEC) and other regulators, a company must focus significant resources on putting together a robust investigation protocol and following it.
The announcement of the new DOJ Compliance Counsel was something that had been reported back in the summer. The position was filled by Hui Chen, an ex-DOJer and corporate compliance practitioner, who will evaluate compliance programs for companies under FCPA investigation. She will use articulated metrics to evaluate the state of a company’s compliance program, at the time the incident occurred. The difficulty for any company is that you are always measured at the time of disclosure and review, not the three to five years back when the incident arose so a company is held to a standard which did not exist at the time.
This means there will be even more pressure on Chief Compliance Officers (CCOs) and compliance practitioners to institute a best practices compliance program sooner rather than later. It also means that your program must evolve and you must be able to show evolution and change (i.e. Document, Document, and Document). Further one of the specific metrics is resources so any corporate claim that ‘we spent all we could’ will be very closely scrutinized and if your program does not meet minimum standards, securing any credit for having a compliance program in place will be very difficult to achieve.
I think the first British Deferred Prosecution Agreement (DPA) by the Serious Fraud Office (SFO) under the UK Bribery Act will help the SFO move forward in its enforcement of the world’s most robust anti-corruption law. Not only should the SFO be able to turn back the annual attacks on it and calls to weaken the law but companies clearly now see value in self-disclosure. It could well portend a greater and more aggressive prosecutorial stance by the SFO particularly if SFO Director David Green has his term extended in 2016.
Finally, I think the compliance function will move to become much more integrated into and a more important corporate discipline within every organization of significant size going forward into 2016 and beyond. The 30 day period beginning with the Yates Memo to the Schrems decision by the European Court of Justice invalidating the safe harbor provision for the transfer of certain data from Europe to the US, to the Volkswagen (VW) scandal all make clear the need for not only robust compliance functions but also the elevation of the CCO to the ranks of any Chief Executive Officer’s (CEO’s) key and most trusted advisor.
Donna Boehme and others led the fight make the structural move and to get the CCO function out of the shadow and realm of the General Counsel’s (GC’s) office and the legal department. This debate should be fully closed now after these portentous events. Simply put, the legal function in a corporation is designed to protect the company. The compliance function’s role, as laid out by Roy Snell, is to “prevent, find and fix problems.” Put another way, the role of legal is to tell the truth. The role of compliance is to tell the whole story. VW is never going to pull out of the spiral its is currently in by playing legal games with regulators, states attorneys general or John Q. Public by hiding behind the law. It is only through transparency that VW will regain its prominence. That is one of the reasons that I believe the Wal-Mart FCPA enforcement action is so significant. It demonstrates that as bad as the facts are, may be or were even reported, a company can make a comeback with all three groups by putting in place a robust compliance function.
It is this new importance on the compliance function, the CCO and compliance practitioners that I see as the biggest happening going forward into 2016.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at firstname.lastname@example.org.
© Thomas R. Fox, 2016