The DOJ’s New FCPA Corporate Enforcement Policy: Dangling Presumptive Declination as an Incentive for Voluntary Disclosure

Lucinda Low, Brittany Prelogar, and Jessica Piquet Megaw
December 4, 2017

On November 29, 2017, in remarks made at the American Conference Institute’s 34th International Conference on the Foreign Corrupt Practices Act (FCPA), Deputy Attorney General Rod J. Rosenstein recognized the success of the FCPA Enforcement Plan and Guidance (commonly referred to as the FCPA “Pilot Program”), which had been in effect since April 5, 2016, and announced a revised FCPA Corporate Enforcement Policy.  The new policy, which has been formally incorporated into the US Attorneys’ Manual (USAM), and is specific to the FCPA,[1] continues and builds upon aspects of the Pilot Program.  Its goal is to “increase the volume of voluntary disclosures” by providing additional transparency and certainty concerning the benefits of voluntary disclosure, full cooperation, and full and timely remediation, thereby “enhanc[ing] the [DOJ’s] ability to identify and punish culpable individuals.”  A transcript of Mr. Rosenstein’s remarks can be found here

Most significantly, the FCPA Corporate Enforcement Policy creates a presumption that a company meeting all standards relating to “voluntary self-disclosure, full cooperation, and timely and appropriate remediation” (each of which the new policy defines) will have its case resolved through a declination “absent aggravating circumstances involving the seriousness of the offense or the nature of the offender.”  The Pilot Program, in contrast, provided that the DOJ would “consider” resolving the matter with a declination in such circumstances.  Under the new policy, however, the presumption of a declination may be overcome by “aggravating circumstances” that include (but are not limited to):

  • Executive-level involvement in the misconduct;
  • Significant profits to the company resulting from the misconduct;
  • Pervasiveness of the misconduct; and
  • Criminal recidivism.

These broadly phrased factors are substantially the same as the factors outlined in the Pilot Program as relevant to the DOJ’s consideration of whether to grant a declination, and leave significant discretion to DOJ prosecutors as to whether the presumption of declination will apply in a given case. 

Even where such aggravating factors exist, however, and the DOJ views criminal prosecution as warranted, the Fraud Section will accord (or recommend to a sentencing court) a 50% reduction off of the lower end of the US Sentencing Guidelines (USSG) fine range (except in cases involving criminal recidivism) for companies that have self-disclosed, fully cooperated, and timely and appropriately remediated, and “generally will not require appointment of a monitor” (to the extent a company has already implemented an effective compliance program at the time of resolution).  Where a company has fully cooperated but did not voluntarily disclose misconduct, it will still be eligible for up to a 25% reduction off of the lower end of the USSG fine range.

To qualify for the FCPA Corporate Enforcement Policy, companies will be required to pay “disgorgement, forfeiture, and/or restitution,” even where they have made a voluntary disclosure, fully cooperated with enforcement authorities, and fully and timely remediated.  The Pilot Program likewise required payment of disgorgement and, while it did not explicitly require the payment of forfeiture and/or restitution, in practice the DOJ required such payments.[2]  The new policy contemplates that these payment requirements may be satisfied by a parallel resolution with a relevant regulator, such as the SEC.

The FCPA Corporate Enforcement Policy also outlines the steps companies must take in order to qualify for credit for voluntary self-disclosure, as well as relevant factors in evaluating a company’s full cooperation and timely and appropriate remediation.  Consistent with the Pilot Program, a self-report must (1) be made “prior to an imminent threat of disclosure or government investigation;” (2) be made within a reasonably prompt time of the company learning of an offense (with the burden on the company to demonstrate timeliness); and (3) include a disclosure of all relevant facts, including concerning all individuals involved in the violation.  However, while companies required by law, contract, or agreement to make a disclosure were excluded from eligibility for the Pilot Program, this is no longer the case under the FCPA Corporate Enforcement Policy.

The elements of “full cooperation” outlined in the new policy (which are largely consistent with the Pilot Program) are “in addition to” those outlined in the current Principles of Federal Prosecution of Business Organizations and continue to include, among other criteria, the disclosure of overseas documents (with the burden on the company to establish any foreign law prohibition on such disclosure) and facilitation of third-party production of documents and witnesses, as well as “de-confliction” (of witness interviews and other investigative steps) between the company’s and DOJ’s investigations “where requested.”[3]  They make no policy changes with respect to the assertion of legal privilege. 

With respect to remediation, the FCPA Corporate Enforcement Policy calls for companies to demonstrate a “thorough analysis of causes of underlying conduct…and, where appropriate, remediation to address the root causes.”[4]  Not surprisingly, implementing an effective compliance and ethics program by the time of resolution continues to be a requirement for appropriate remediation.[5]  The DOJ continues to recognize that the criteria for such a program may vary based on a company’s size and resources.  Notably, while the new policy sets forth some of the criteria for such a program, it notes that such criteria “will be periodically updated.”  The criteria listed in the new policy largely mirror those set forth in the Pilot Program, including an emphasis on a culture of compliance;[6] on the compliance function and personnel (including factors such as authority, autonomy, independence, resources, reporting structure, quality, compensation and promotion); and on conducting risk assessments and audits to assure the program’s effectiveness. 

The new policy includes a few noteworthy additions, however, including the “availability of compliance expertise to the board” and the need for companies to “prohibit[] employees from using software that generates but does not appropriately retain business records or communications.”  Furthermore, in an interesting departure from language in the Pilot Program, which required companies to have “a system that provides for the possibility of disciplining others with oversight of the responsible individuals, and considers how compensation is affected by both disciplinary infractions and failure to supervise adequately,” the revised enforcement policy requires appropriate discipline for all employees responsible for misconduct, including through “failure in oversight, as well as those with supervisory authority over the area in which the criminal conduct occurred.”  This suggests that the DOJ will be looking for indications of accountability farther up the corporate chain, going beyond the direct supervisor level. 

While the prospect of a presumptive declination under the new policy is potentially significant, it is difficult to assess how much of a game-changer it may be at this juncture.  It is not a leniency program, nor does it provide a compliance defense.  The presumption may be overcome based on the same factors articulated under the Pilot Program, which leave substantial room for the exercise of prosecutorial discretion, in determining whether any of the broadly-stated aggravating circumstances may apply.  The availability of a declination under this new policy will also turn on prosecutors’ judgment whether a company has met its burden in demonstrating it made a voluntary self-disclosure, has fully cooperated, and has taken timely and appropriate steps to remediate the misconduct consistent with the new policy. 

The new policy does not address what will transpire with corporate groups, for example, when a parent and one or more subsidiaries are implicated in misconduct.  In the past, DOJ enforcement frequently differentiated between parent and subsidiaries, sometimes giving the parent a non-prosecution agreement or deferred prosecution agreement, while requiring a plea from the subsidiary.[7]  It is possible under this policy that the parent would receive a declination for its reporting, cooperation, and remediation, while the subsidiary would be subjected to a criminal resolution. 

Moreover, as under the Pilot Program, declinations under the FCPA Corporate Enforcement Policy will be made public.[8]  Thus, overall, while the new policy offers a potentially significant benefit, the decision whether to self-report an FCPA violation to US enforcement authorities will likely still be one that requires careful consideration.  In this era of increased international cooperation among enforcement authorities, companies that self-report to the DOJ are likely to be opening themselves up to investigation and potential prosecution in multiple jurisdictions, as well as the collateral consequences that may flow from a public FCPA matter, even a declination.

We will continue to keep you informed of FCPA/Anti-Corruption developments.  If you have any questions, please contact Lucinda Low at +1 202 429 8051, Brittany Prelogar at +1 202 429 5518, or Jessica Piquet Megaw at +1 202 429 8094 in our Washington, DC office, or any other member of our FCPA/Anti-Corruption practice. Further commentary is available on the Steptoe International Compliance Blog. You can also follow us on Twitter (@SteptoeIntlReg). 


[1] The new policy is incorporated in chapter 9-47 of the USAM at section 120.  Section 9-47.120 begins by stating that “[d]ue to the unique issues presented in FCPA matters, including their inherently international character and other factors, the FCPA Corporate Enforcement Policy is aimed at providing additional benefits to companies based on their corporate behavior once they learn of misconduct.”

[2] Earlier this year, for example, the DOJ issued its first public FCPA declination under the Trump administration in a case involving an entity acquired in 2006 by Linde North America Inc. and Linde Gas America LLC.  Linde agreed to disgorge profits of the acquired entity and forfeit proceeds owed to certain unrelated entities in the amount of $11 million.  See DOJ Declination Letter, In re Linde North America Inc. (June 16, 2017), https://www.justice.gov/criminal-fraud/file/974516/download.  Steptoe represented the companies in this matter.

[3] In a Comment, the FCPA Corporate Enforcement Policy notes that de-confliction “will be made for a limited period of time and will be narrowly tailored to a legitimate investigative purpose (e.g., to prevent the impeding of a specified aspect of the Department’s investigation)” and that the DOJ will notify the company when the “justification dissipates” and the DOJ is lifting its request. 

[4] This concept is included under § 1 of the DOJ’s Evaluation of Corporate Compliance Programs (Feb. 2017).

[5] Although the interaction of various provisions of the USAM and USSG is complex, having an effective pre-existing compliance and ethics program in place appears to remain a consideration for the DOJ in investigating and charging misconduct, and negotiating plea agreements under the FCPA Resource Guide, and also lowers the applicable fine range under the USSG; that fine range can be further discounted for companies that qualify for the FCPA Corporate Enforcement Policy.

[6] Separately, the head of the DOJ FCPA Unit stated at this same conference that they do not consider “tone at the top” to be satisfied by the sending of management messages, but are focused instead on the “conduct at the top.” 

[7] Some cases reflect the full range of enforcement tools, from NPA to DPA and Plea.  In 2014, for example, an investigation of Hewlett-Packard Company (HP) and three wholly-owned subsidiaries resulted in different resolutions for each of three subsidiaries involved – a DPA for HP’s Polish subsidiary, an NPA for HP’s Mexican subsidiary, and a plea for HP’s Russian subsidiary.  See Deferred Prosecution Agreement, United States v. Hewlett-Packard Polska, SP. Z O.O, No. 5:14-cr202 (N.D. Cal. Apr. 9, 2014); Plea Agreement, United States v. Zao Hewlett-Packard A.O., No 5:14-cr-201 (N.D. Cal. Apr. 9, 2014); Non-Prosecution Agreement, Hewlett-Packard Mexico, S. de R.L. de C.V. (Apr. 9, 2014); Order Instituting Cease and Desist Proceedings, In re Hewlett-Packard Co., Exchange Act Release No. 71916 (Apr. 9, 2014).

[8] The new policy justifies this by noting that these are cases that would have been criminally prosecuted but for the factors of voluntary disclosure, full cooperation, and timely remediation.  Declinations made for other reasons (e.g., concerns about jurisdiction or proof), will not be effected pursuant to this policy.