This week, in a podcast series sponsored by Affiliated Monitors, Inc. (AMI), I visit with Vincent DiCianni, founder and President of AMI, and Eric Feldman, Senior Vice President of AMI. We look at the Department of Justice (DOJ) announcements over the past year and back to the FCPA Corporate Enforcement Policy, announced in November 2017, to consider what strategies companies can use based upon these documents. DiCianni and I have considered how companies can use this information internally to bolster their compliance programs and today we consider this same issue from the external perspective.

There are several areas from the DOJ guidance which make the use of external resources more impactful for a corporate compliance program. We began by considering what a company might do if it is required to self-report a violation of a law such as the Foreign Corrupt Practices Act (FCPA). It might begin by bringing in a crisis management team to look at the Board, to look at Board governance, to look at management functions and to look at very specific programs. Another area which is ripe for an external review is around a company’s sales cycle, particularly if it uses third parties. Third parties are still recognized as one of the highest risks under the FCPA and in 2018 93% of all enforcement actions involved third parties.

Such an external investigation can include some of the basics like adequate due diligence and fulfilling internal requirements by using an external resource who is a subject matter expert, a company can really drill down into a program to look at sub-contractors and other 2nd, 3rdand 4thlevel contractors. Using an external resource in these areas can help a company based upon the road map laid out in the Memo.

Another area where an external resource in compliance can be most helpful is in establishing credibility with regulators. An external resource may deal with the regulators on a variety of matters and may have a well of credibility. There can be a level of rapport that a company which is never or seldom in front of the DOJ may not have going into the process. Further, regulators may also see the external resource as bringing another set of eyes to a matter for review. Additionally, DiCianni noted, “once you start coordinating with a government agency and you voluntarily decide to report something, you may be waving the attorney client privilege? Under this new guidance, you may have to cooperate fully and identify names and individuals within the company.”

Moreover, your organization will more than likely have to produce documents. Not only is document security a key issue with regulators but the same can be said for the current situation that many companies now find themselves in with multi-jurisdictional investigations. This can also hold true if there are multiple agencies involved, each of which might have their own legal or regulatory focus. An external recourse can be invaluable in getting an organization through these issues. All of these situations might well lead to multiple settlements with multiple regulators. Navigating through all of this may be beyond the ability of many US companies.

Another area we explored that was certainly emphasized by the DOJ in 2018 was the mergers and acquisitions (M&A) front, particularly in the pre-acquisition phase. In July 2018, the DOJ formalized the Safe Harbor provision first articulated in 2012 FCPA Guidance around companies which performed an appropriate level of pre-acquisition due diligence and then engaged in post-acquisition integration, a forensic FCPA review and then self-disclosure and remediation if required. This informal Safe Harbor is now written into the FCPA Corporate Enforcement Policy.

DiCianni said that the DOJ wants you to show you not only knew what you were acquiring from the commercial perspective but what he called “There’s the softer side of a M&A transaction. The compliance side. You need to look at whether or not the company has a variety of compliance program indicia. Does it have a compliance program? Does it have a hotline program? Are there complaints to the hotline? Are there things that are percolating below the surface that you are not going to see in just looking at dollars? Does it have good compliance controls?” Beyond this, the DOJ will be looking at your integration plan based upon your pre-acquisition due diligence. Finally, have you fully implemented the acquired entity into your company?

Join us tomorrow when we explore how companies can use their compliance programs as both a sword and shield.

For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors, Inc.  at