Pause in FCPA Enforcement: Crisis or Opportunity?
by Hui CHEN
“It’s time to up your game . . . Instead of selling insurance for FCPA enforcement, become leaders that help your organizations perform.”
The corporate compliance community may be in a bit of shell shock.
Last week, the new Attorney General severely limited the enforcement of FCPA to only cases involving cartels and international criminal organizations. Then, the President issued an Executive Order this week to pause FCPA enforcement altogether.
Many in the compliance world have expressed lament, concerns, and anger. Understandably so. For an industry that has been so dependent on enforcement as its raison d'être, this may feel like an existential crisis.
Yet in every crisis there is an opportunity. This is no exception.
What does the Executive Order mean?
Let’s start by understanding the Executive Order itself. First, I note its timing on the heels of the new Attorney General’s memo that already paused FCPA enforcement as we have known it (e.g., enforcement against ordinary business organizations) by limiting its use. (See my analysis of the AG’s priorities here): It almost seems to be a rebuke to the AG for not having gone far enough.
The Executive Order suggests that FCPA enforcement presents “excessive barriers to American commerce abroad” and claims that it “harms American economic competitiveness and, therefore, national security.” It then proceeds to order the Attorney General to do the following in the next 180 – 360 days:
Cease initiation of any new FCPA investigations or enforcement actions;
Review existing FCPA investigations or enforcement actions and “…to restore proper bounds on FCPA enforcement…”;
Issue updated guidelines or policies to support the President’s Article II authority and policy priorities; and
After updated guidelines and policies have been issued, determine whether “remedial measures” are necessary regarding past FCPA enforcement actions.
While the FCPA might have been placed in a coma by the Executive Order, it is not yet dead: it would require an Act of Congress to invalidate the statute. With control of both the Executive and Legislative branches, it is conceivable that the President could have gone this route, as with many of the topics of his Executive Orders.
None of this should come as surprise to anyone: The President has been very public and consistent about his opinion of the FCPA. What is surprising is that he would so quickly show that he did not think his new Attorney General went far enough in supporting his policy objectives in this area.
What will happen?
One of the first to be impacted would be law practices that have thrived on conducting global FCPA investigations. Companies have been willing to fund these expensive outside-counsel investigations for two primary reasons: preservation of attorney-client privilege and potential representation before DOJ, both premised on the likelihood of a DOJ investigation. These have driven companies to firms with global practices, often led by former DOJ prosecutors. With the threat of enforcement removed, many in-house legal and compliance decisions-makers, who have been able to justify these expenses in the face of often intense budget pressures, will likely turn to either in-house personnel or lower cost external options for future internal investigations and reviews.
And yes, we will see some companies begin to re-think their compliance resources, perhaps even with a big sigh of relief. Those compliance programs that focus only on FCPA will suffer the impact most quickly and directly. The compliance professionals who drive their message with the fear of enforcement will also have to find other ways to promote their values to their stakeholders and clients.
At the DOJ, it will be most interesting is to see to what extent prior enforcement actions will be reversed. Typically, FCPA settlements include a supervised period of either self-reporting or monitorship: it is likely these forms of supervision will cease in the very near future. Will the review and potential remediation ordered by the Executive Order go even further, resulting in refunding past fines and penalties? I am doubtful.
Where are the Opportunities?
The Executive Order claims that the FCPA “has been…stretched beyond proper bounds…” While I do not entirely agree with that characterization, I do think the compliance industry’s perception and interpretation of what it requires has often been exaggerated by a fear-mongering industry. In an earlier article I wrote in Law360 for the 40th birthday of FCPA, I wrote: “While I view the growth of corporate compliance as a positive development, I believe this fear-driven and FCPA-centric development path has also produced unfortunate consequences”:
A fear- and enforcement-driven compliance program asks “what does the DOJ expect” rather than “what actually works?”
An unfortunate reduction and limitation in the meaning of “ethics” and “integrity”: they are about so much more than foreign corruption.
An unhealthy focus on foreign corruption at the expense of other organizational risks.
Compartmentalization of compliance where employees get multiple uncoordinated compliance messages about different types of compliance.
The corruption of the anti-corruption industry with pay-to-play conferences and certification regimes.
The pause on FCPA enforcement gives us the opportunity to reverse these consequences.
We will have the opportunity to find out which companies do not believe they need to engage in bribery in order to be competitive. But we will also see companies recalibrate their risk tolerance not because the door to foreign bribery has been wedged open, but because their past fear-driven strategy resulted in a sometimes-overly-narrow view of corporate risk and responsibility in this space. Put differently, we will see which programs are really doing ethics rather than mere compliance.
We also will be compelled to advocate the value of our work in terms of measurable contributions to our organizations, and to do so in business terms with our corporate stakeholders. We will also be able to approach our corporate risks—all of them—in a much more balanced and holistic way without an outsized focus on one statute.
We will have the opportunity exercise real ethical leadership based on values rather than merely following compliance guidance out of fear.
We will be able to focus on the culture, data, and ethics of our organizations.
What should you do?
How do you–as compliance leaders and professionals–seize these opportunities?
First, realistically assess your company, your program, and your messaging. How much have your relied on FCPA enforcement in driving your compliance messages? How have your stakeholders reacted to enforcement messages? Do you believe they see the value of your compliance program beyond being some type of insurance against FCPA enforcement?
Second, if you haven’t already, it’s time to start broadening your focus and your messages. When it is done right, an effective ethics and compliance program can bring discipline to business processes, enhance employee engagement, reduce fraud and waste, elevate morale and an ethics-driven culture, and enhance companies’ reputation. How have you measured your compliance program’s contributions in these areas? How have you told the stories of your contribution in areas to your stakeholders?
Third, it’s time to up your game. Leadership in the organization requires you to be well-versed in assessing and influencing your organization’s culture to enhance performance. Leadership in business demands that you be able to communicate compelling stories of risks and performance in data-driven and audience-friendly terms. Leadership in ethics challenges you to harness collective values to guide behaviors and performance. Instead of selling insurance for FCPA enforcement, become leaders that help your organizations perform.
The pause on FCPA enforcement is not a crisis: it is an opportunity to lead with culture, data, and ethics.