When then Assistant Attorney General Sally Yates, announced the Memo that bears her name, she said the following, “we have revised our policy guidance to require that if a company wants any credit for cooperation, any credit at all, it must identify all individuals involved in the wrongdoing, regardless of their position, status or seniority in the company and provide all relevant facts about their misconduct. It’s all or nothing. No more picking and choosing what gets disclosed. No more partial credit for cooperation that doesn’t include information about individuals.” This statement ties directly into the first point of the Yates Memo, which stated, “To be eligible for any cooperation credit, corporations must provide to the Department all relevant facts about the individuals involved in corporate misconduct.”

The Yates Memo and Yates’ remarks indicated a transition to a new era of FCPA investigations and enforcement. The Yates Memo required that the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) to investigate individuals immediately at the start of investigations. She stated, “the department instructed its attorneys that, going forward, they are to focus on individuals from the start of an investigation, regardless of whether the investigation begins civilly or criminally. Moreover, once a case is underway, the inquiry into individual misconduct can and should proceed in tandem with the broader corporate investigation. Delays in the corporate case will no longer suffice as a reason to delay pursuit of the individuals involved.” Even though these remarks were directed at government lawyers, corporations are now required to initially change the focus of their investigations from attempting to perform any type of root cause analysis to obtaining evidence against individuals and turning it over to the government as soon as possible.

For the Chief Compliance Officer (CCO) or compliance practitioner, this means the entire focus of your investigative protocol has changed. Previously an investigation was to determine how conduct that might have violated the FCPA had occurred, then focus on how to remedy it. The first step a CCO or compliance practitioner would take when sufficient evidence was developed was to fix the problem so that it did not re-occur going forward. If there were compliance program or internal control weaknesses, they would be immediately fixed so that neither the original perpetrators could continue the conduct but also so others could not take advantage of any such structural weakness.

After the Yates Memo, that is no longer the case. The DOJ now expects you to bring them information about potentially culpable individuals who can be prosecuted going forward. This means employees are going to immediately stop talking to you if they were inclined to do so in the first place. It will require performing an essential root cause analysis more difficult and the attendant remedy that is a part of any best practices compliance program.

But Yates went further than simply saying the DOJ expects you to turn over your own employees. She made clear that both she and the DOJ want companies to give up senior executives involved in illegal conduct. She said “We’re not going to be accepting a company’s cooperation when they just offer up the vice president in charge of going to jail.” Here the difficulty is around the FCPA requirement for a criminal prosecution or intent. How do you determine intent in a manner where senior executives may never have been involved directly in a transaction? Does this mean insufficient tone at the top will somehow morph into intent for a FCPA prosecution? Whatever it may mean going forward, at the very least I think it means that high heads in an organization could very well start to roll.

The Yates Memo, when read in conjunction with the Frederic Bourke conviction, make clear that senior management, as well as other individuals, are now directly in the DOJ’s sights to prosecute for FCPA violations. This means that even if lower level employees are engaging in conduct which senior management did not know about or even told them not to engage in; senior management may be deemed by the DOJ to have engaged in conscious indifference by not engaging in ongoing monitoring as a part of an overall best practices compliance program. Simply expecting that employees will not violate the FCPA is no longer enough. Companies must monitor transaction to detect and prevent violations. With the Yates Memo now the effective policy of the DOJ, senior management who do not actively monitor their organizations may subject themselves to personal FCPA criminal liability.

Given the scrutiny of the Standard Bank Deferred Prosecution Agreement (DPA) in the UK, I think it may well be the time where enforcement authorities begin to look at those responsible for an activity where a violation of anti-bribery/anti-corruption laws take place in addition to those committing the legal violation. Bourke was found guilty for conscious avoidance. How much of a stretch will it be for those senior managers who allow such behavior to be seen as either the norm or indeed expected? John Kay, writing in the Financial Times (FT) in an article entitled “Ignorance is no defence for financial misconduct, wrote in the context of financial institution misconduct “If it is a criminal offence to be in charge of a den of thieves, the prosecution need only establish that you were in charge of it, not that you were yourself a thief. It is no defence that you thought the organisation was a monastery, which is broadly the argument employed by those made ‘physically ill’ by the discovery of what their subordinates had been doing.” After the Yates Memo, the same may hold true for senior management in companies which violate the FCPA.

The impact of the Yates Memo was magnified by Attorney General Jeff Sessions through his remarks at the Ethics and Compliance Initiative (ECI) in April 2017. He reiterated that the DOJ would focus on individual criminal misconduct in the context of enforcing the FCPA. This continued emphasis will mean that there is even more pressure on corporate compliance programs to get it right and get it right sooner rather than later.

Three Key Takeaways

  1. If companies want any credit, they must investigate potentially culpable individuals first and turn over the results to the DOJ.
  2. This may require companies to more thoroughly investigate conscious indifference.
  3. Never forget conscious avoidance is specifically prohibited under the FCPA.