Self-Reporting to the Authorities and Other Disclosure Obligations: The US Perspective

This is an Insight article, written by a selected partner as part of GIR's co-published content. Read more on Insight


There is typically no formal obligation in the United States to disclose potential wrongdoing to enforcement authorities; however, there can often be strategic advantages to doing so. Subjects of investigations may, in certain cases, avoid some of the most adverse consequences by self-reporting, including reduced penalties and more favourable settlement terms. Additionally, companies in certain regulated sectors may avoid debarment even where clear violations occurred. US regulators are incentivising companies to self-report by offering potential and meaningful co-operation credit for doing so. The Corporate Enforcement Policy of the US Department of Justice (DOJ), first announced in November 2017, updated and formalised the DOJ’s criteria for evaluating and rewarding self-disclosure and co-operation in cases relating to the Foreign Corrupt Practices Act (FCPA). Revisions in March and November 2019 broadened its application beyond the FCPA and clarified the DOJ’s expectations for securing credit.

Despite public perception to the contrary, the Trump administration appears committed to enforcing the FCPA, including a continued focus on self-reporting and multi-jurisdictional co-operation. In 2017, the DOJ brought 29 FCPA actions and the SEC brought 10, with a total of US$958 million in monetary sanctions. In 2018, the DOJ brought 20 enforcement actions and the SEC brought 17, netting a combined US$2.2 billion in fines. The DOJ is on track to match or surpass that total this year, with US$1.56 billion in monetary fines up to October 2019. The DOJ’s March 2019 settlement with Mobile Telesystems and its Uzbek subsidiary[2] was one of the largest in an FCPA case – US$850 million to resolve charges arising out of a scheme to pay bribes in Uzbekistan.

Moreover, US regulators have historically been receptive to parties reporting facts while preserving privilege during the co-operation and reporting process, and are specifically prohibited from making co-operation credit conditional on privilege waiver.

4.2Mandatory self-reporting to authorities

Before considering a voluntary disclosure, it is important for at least two reasons to determine whether the company has any potential mandatory reporting obligation. First, mandatory reporting obligations often prescribe the recipient, form, timing and content of the disclosure. Second, the evaluation will be materially different if a mandatory report is required, even if that report is in another jurisdiction, given the clear commitment to sharing information between international regulators. In other words, if a company is required to self-report in at least one jurisdiction, it should consider voluntarily disclosing in others given the likelihood that the government agencies will share information.

In May 2018, the DOJ announced a new formal policy to avoid ‘piling on’ penalties that are duplicative for the same misconduct. Under the policy, various US enforcement agencies must coordinate with each other and with foreign government agencies when reaching settlements with corporations. However, the DOJ has warned that companies looking to benefit from the new policy should self-disclose wrongdoing to the DOJ. When announcing the policy, former Deputy Attorney General Rod Rosenstein specifically remarked that the DOJ ‘will not look kindly on companies that come to [the DOJ] after making inadequate disclosures to secure lenient penalties with other agencies or foreign governments. In those instances, the Department will act without hesitation to fully vindicate the interests of the United States’.[3]

4.2.1Statutory and regulatory mandatory disclosure obligations

In the United States, most disclosure obligations originate in statute or regulations. Key examples include:

  • the Sarbanes-Oxley Act of 2002, which requires the disclosure of all information that has a material financial effect on a public company in periodic financial reports;
  • the US Bank Secrecy Act of 1970, which requires financial institutions to disclose certain suspicious transactions or currency transactions in excess of US$10,000;
  • the US Anti-Money Laundering Regulations, which require financial institutions to report actual or suspected money laundering under certain circumstances;[4]
  • state data breach regulations – 47 of 50 US states have laws requiring companies conducting business in the state to disclose data breaches involving personal information; and
  • the Anti-Kickback Enforcement Act of 1986, which requires government contractors to make a ‘timely notification’ of violations of federal criminal law or overpayments in connection with the award or performance of most federal government contracts or subcontracts, including those performed outside the United States.

4.2.2Disclosure obligations under existing agreements with the government

In addition to statutory or regulatory-based mandatory disclosure requirements, companies must also evaluate whether they have any mandatory disclosure obligations under pre-existing agreements with the government. For example, if a company is subject to a deferred prosecution agreement (DPA) (or a corporate integrity agreement (CIA) in the healthcare sector), the agreement often contains self-reporting mandates for any subsequent violations. In many cases, these agreements may require the appointment of independent monitors. While DPAs, CIAs and similar agreements have been used frequently in the United States, other countries, including the United Kingdom, are also now increasingly using similar agreements to drive self-reporting and co-operation.

4.2.3Other sources of mandatory disclosure obligations

Individuals and companies may also have mandatory disclosure obligations as a result of private contractual agreements as well as membership in professional bodies. Such disclosures between private parties may lead to a disclosure to a regulator by the receiving entity. For example, a subcontractor may be obliged by contract to report issues to the contracting party. That contracting party may subsequently determine that it is subject to its own reporting obligation or may choose to self-report to reduce any potential liability.

4.3Voluntary self-reporting to authorities

Self-reporting and co-operation are important factors for both the DOJ and the US Securities and Exchange Commission (SEC) in deciding how to proceed with and resolve investigations and enforcement actions in cases involving corporations. Companies must carry out a fact-intensive and holistic inquiry in deciding whether to voluntarily self-report to US authorities. There is no one-size-fits-all approach to this analysis, but those contemplating voluntarily disclosing misconduct to US authorities should keep certain considerations in mind.

Key Considerations in Resolving Enforcement Actions
US Department of JusticeUS Securities and Exchange Commission
  • Self-disclosure and willingness to
    co-operate in the investigation
  • Disclosure of individuals substantially involved in or responsible for misconduct
  • Pervasiveness of wrongdoing within the corporation
  • Existence and effectiveness of a compliance programme
  • Meaningful remedial actions
  • Self-reporting and investigation of misconduct
  • Effective compliance procedures and appropriate tone at the top
  • Whether the case involves a potentially widespread industry practice
  • Whether the conduct is ongoing

4.3.1Advantages of voluntarily self-reporting

The primary benefit to self-reporting is to secure potentially reduced penalties through co-operation credit and, moreover, to maintain control over the flow of information to regulators. In recent years, US regulators have become increasingly vocal about the benefits of self-disclosure and co-operation, with the DOJ even formalising those benefits, first, in its FCPA Pilot Program (Pilot Program),[5] and subsequently the Corporate Enforcement Policy. Yet, co-operation, which inevitably goes hand in hand with a voluntary disclosure, imposes significant demands on corporations and is not without meaningful risk. co-operation credit

To encourage self-reporting and co-operation, the DOJ has issued and subsequently revised guidance on the subject for many years. In June 1999, the DOJ issued the Principles of Federal Prosecution of Business Organizations, now known as the ‘Holder Memorandum’, to articulate and standardise the factors to be considered by federal prosecutors in making charging decisions against corporations.[6] The Holder Memorandum instructed DOJ prosecutors to consider as a factor in bringing charges whether a corporation has timely and voluntarily disclosed wrongdoing and whether it has been willing ‘to cooperate in the investigation of its agents’.[7] In 2008, the then-Deputy Attorney General, Mark R Filip, added language to the US Attorneys’ Manual, now titled the Justice Manual,[8] instructing prosecutors to consider ‘the corporation’s willingness to provide relevant information and evidence and identify relevant actors within and outside the corporation, including senior executives’ when assessing a corporation’s co-operation.[9] Mr Filip also outlined in his memorandum nine factors on which prosecutors base their corporate charging and resolution decisions, the so-called ‘Filip Factors’, incorporating some language from the Holder Memorandum (Filip Factor Four, a corporation’s ‘willingness to cooperate in the investigation of [its] agents’), and adding of Filip Factor Eight: ‘the adequacy of prosecution of individuals responsible for the corporation’s malfeasance’.[10]

The Yates Memorandum

Building on the Holder Memorandum, former Deputy Attorney General Sally Quillian Yates issued the Memorandum of Individual Accountability for Corporate Wrongdoing, now known as the ‘Yates Memorandum’, in September 2015.[11] The Yates Memorandum is still operative and outlines the ‘six key steps’ prosecutors should take in all investigations of corporate wrongdoing.[12] The most significant policy shift in the Yates Memorandum concerned the relationship between a company’s co-operation with respect to individual wrongdoers and the company’s eligibility for co-operation credit. Under the Yates Memorandum, the identification of responsible individuals became a ‘threshold requirement’ for receiving any co-operation credit consideration.[13] Ms Yates also emphasised that a failure to conduct a robust internal investigation is not an excuse, stating that ‘[c]ompanies may not pick and choose what facts to disclose’.[14] However, the revised Justice Manual clarifies that ‘[t]here may be circumstances where, despite its best efforts to conduct a thorough investigation, a company genuinely cannot get access to certain evidence or is actually prohibited from disclosing it to the government’.[15] Nevertheless, the Justice Manual is clear that in such cases ‘the company seeking cooperation will bear the burden of explaining the restrictions it is facing to the prosecutor’.[16] Consequently, thorough and properly scoped internal investigations are of critical importance.

On 29 November 2018, former Deputy Attorney General Rod Rosenstein delivered a speech to FCPA practitioners announcing a shift in the DOJ’s policy on co-operation credit and the scope of disclosure with respect to culpable individuals.[17] According to Rosenstein, the Yates Memorandum’s policy directing prosecutors to make co-operation credit dependent on the corporation’s disclosure of ‘every person involved in [the] alleged misconduct in any way, regardless of their role’ ‘impeded resolutions and wasted resources’. Investigations were delayed solely to collect information on low-level employees unlikely to be prosecuted. By contrast, under the new policy, a corporation is entitled to co-operation credit in criminal proceedings as long as it discloses ‘all relevant facts known to it at the time of the disclosure, including as to any individuals substantially involved in or responsible for the misconduct at issue’.[18] The DOJ will also use this standard to determine which corporations are entitled to full co-operation credit in the context of civil enforcement. In addition, corporations facing civil enforcement are now eligible for partial co-operation credit if, at the very least, they ‘identify all wrongdoing by senior officials’ and ‘meaningfully assist the government’s investigation’.[19] Finally, recognising that monetary recovery is the main objective of civil enforcement, the DOJ will once again let prosecutors ‘consider an individual’s ability to pay in deciding whether to pursue a civil judgment’ – with the hope that prosecutors will avoid targets ‘unlikely to yield any benefit’. Altogether, the new policy seeks to conserve ‘limited investigative resources’ while advancing traditional agency goals like deterrence and recovery and continuing to prioritise individual prosecution.

The Pilot Program and Corporate Enforcement Policy

In April 2016, the DOJ announced that it was launching a one-year Pilot Program to enhance its efforts to detect and prosecute individuals and companies for violations of the FCPA.[20] The Pilot Program, which incentivised voluntary self-disclosure of misconduct, was extended for an additional year on 10 March 2017. On 29 November 2017, former Deputy Attorney General Rod Rosenstein publicly applauded the Pilot Program as a ‘step forward in fighting corporate crime’ and announced that the DOJ would be incorporating a revised Corporate Enforcement Policy into the Justice Manual.[21] On 1 March 2018, the DOJ announced that it would apply the Corporate Enforcement Policy as non-binding guidance in criminal cases outside the FCPA context.[22] In light of this recent development, the Corporate Enforcement Policy provides valuable guidance to corporations as they investigate misconduct and contemplate voluntary disclosure.

The Corporate Enforcement Policy outlines factors that a company must meet to earn credit for voluntary self-disclosure. The disclosure (1) must occur prior to an imminent threat of disclosure or government investigation, (2) must be disclosed within a reasonably prompt time after the company becomes aware of the offence, and (3) must include all relevant facts known to the company at the time of disclosure, including all relevant facts about the individuals substantially involved in or responsible for the misconduct.[23] The November 2019 changes to the Corporate Enforcement Policy acknowledge the DOJ’s recognition, in a footnote, that ‘a company may not be in a position to know all relevant facts at the time of a voluntary self-disclosure.’ The Corporate Enforcement Policy also now requires the company to alert the DOJ of evidence of the misconduct when it becomes aware of it, whereas, previously, where the company was or should have been aware of opportunities for the DOJ to obtain evidence not in the company’s possession, it had to identify those opportunities to the DOJ in order to receive full co-operation credit.

The Corporate Enforcement Policy also contains specific guidance on the steps a company must take to earn full co-operation credit and to provide timely and appropriate remediation, consistent with the Yates Memorandum and the Justice Manual’s Sentencing Guidelines. The exact level of co-operation credit available to a corporation will vary based on the investigation. It is possible for a corporation to earn full credit under the US Sentencing Guidelines but not earn additional credit under the Corporate Enforcement Policy.[24] Moreover, the DOJ has shown itself willing to assign different levels of co-operation credit for different investigations into the same company. For example, in June 2019, the DOJ entered an NPA with Walmart, resolving investigations into Walmart’s alleged corrupt activity in four countries: Brazil, China, India and Mexico. Although the NPA covered conduct in all four countries, and the company received full credit for its co-operation with the DOJ in the first three investigations, with respect to the Mexico investigation, Walmart received only partial credit due to its failure to timely provide certain documents and ‘deconflict’ in response to a witness interview request.

Compared with the Pilot Program, the Corporate Enforcement Policy enhances the benefits available to a company that satisfies all the requirements for voluntary self-disclosure, co-operation and remediation. Under both programmes, companies that fully co-operate with DOJ investigations and implement appropriate remediation in FCPA matters, but that do not voluntarily self-disclose, will be eligible for limited credit, at most a 25 per cent reduction off the bottom of the Sentencing Guidelines fine range. However, when a company has voluntarily self-disclosed, fully co-operated with the DOJ, and has timely and appropriately remediated, the Corporate Enforcement Policy creates a rebuttable presumption, which may be overcome by ‘aggravated circumstances’ related to the nature and seriousness of the offence, that the DOJ will grant a declination.[25] In contrast, the Pilot Program provided that the DOJ would ‘consider’ a declination for companies that met these requirements.[26] Under the Corporate Enforcement Policy, if the presumption is overcome and a criminal resolution is warranted, the DOJ will recommend a 50 per cent reduction off the low end of the Sentencing Guidelines fine range and generally will not require the appointment of a monitor if the company has, at the time of resolution, implemented an effective compliance programme.[27]

The DOJ issued seven public declinations under the Pilot Program and continues to decline prosecution under the Corporate Enforcement Policy.[28] Six declinations have been issued under the Corporate Enforcement Policy at the time of writing, with the most recent coming in February 2019, when the DOJ declined to prosecute Cognizant Technologies due to its voluntary self-disclosure, extensive co-operation and remediation, and disgorgement of US$19.37 million;[29] and in September 2019 when it issued a declination – in part for its prompt, voluntary disclosure of the misconduct – to Quad/Graphics,[30] which a week later agreed to disgorge approximately US$6.9 million of its ill-gotten gains to the SEC.[31]

All declination letters so far issued under the Corporate Enforcement Policy and Pilot Program have been publicly released by the DOJ. By publishing its rationale for issuing declinations, the DOJ has sought to provide ‘increased transparency as to [the] evaluation process’.[32] However, in a June 2019 speech to the American Bar Association, Deputy Assistant Attorney General Matt Miner announced that the DOJ would be open to keeping declinations private where public release is ‘neither necessary nor warranted’. Miner gave the example of a corporation that discovers inconsequential bribes in the context of an M&A transaction and self-discloses immediately – in such a case, the agency would be ‘open to discussion’ regarding public release. Nonetheless, Miner maintained that this decision will always remain in the agency’s discretion.

The following table compares several recent FCPA corporate resolutions under the Corporate Enforcement Policy, and the comparative credit for self-disclosure, co-operation and remediation.

Recent Resolutions under DOJ’s Corporate Enforcement Policy
Quad/Graphics Inc (Quad/Graphics)
BackgroundQuad/Graphics is a US-based digital and print marketing provider. Between 2011 and 2016, employees of Quad/Graphics’ Peruvian subsidiary paid or promised to pay over US$1 million to third-party intermediaries, in part, to pay bribes to Peruvian officials to secure printing contracts and minimise penalty and tax payments. Additionally, between 2010 and 2015, employees of Quad/Graphics’ Chinese subsidiary paid bribes to employees of state-owned companies to secure printing business in China.
Self-ReportQuad/Graphics voluntarily and promptly self-disclosed to the DOJ.
Co-operation and RemediationQuad/Graphics conducted an internal investigation, proactively co-operated with the DOJ, took steps to enhance its compliance programme and terminated relationships with employees and third parties involved in the misconduct.
ResultIn September 2019, the DOJ issued a declination letter and the SEC issued a cease and desist order requiring Quad/Graphics to disgorge US$6.9 million in profits, plus interest and a US$2 million civil penalty.
TechnipFMC plc (TFMC)

TFMC, a global oil and gas technology and services company, was formed through a merger between Technip SA (Technip) and FMC Technologies, Inc (FMC Technologies).

TFMC admitted that its predecessor companies engaged in two separate bribery schemes. Between 2003 and 2014, executives of Technip paid bribes to Brazilian officials through an intermediary, under the guise of legitimate consulting payments. Between 2008 and 2013, FMC Technologies paid bribes to government officials in Iraq to obtain contracts to provide metering technologies for oil and gas production.

Self-ReportTFMC did not self-report.
Co-operation and RemediationTFMC received credit for substantial co-operation with the DOJ’s investigation and for taking extensive remedial measures.
ResultIn June 2019, TFMC entered into a DPA with the DOJ and agreed to pay a total criminal penalty of US$296 million to US and Brazilian authorities. The criminal fine included a 25 per cent reduction off the applicable US Sentencing Guidelines fine for co-operation and remediation.
Walmart Inc (Walmart)
BackgroundBetween 2000 and 2011, Walmart failed to implement sufficient
anti-corruption related internal accounting controls. The failure to implement sufficient controls allowed Walmart subsidiaries in Mexico, Brazil, China and India to hire third-party intermediaries who made improper payments to government officials to obtain store permits and licences.
Self-ReportWalmart did not self-disclose the misconduct in Mexico and self-reported misconduct in India, Brazil and China only after the DOJ had already begun investigating the Mexico conduct.
Co-operation and RemediationWalmart fully co-operated with the investigations in Brazil, China and India. Walmart co-operated with the investigation in Mexico, but did not timely provide documents and information to the DOJ and did not deconflict with the government’s request to interview one witness before Walmart interviewed that witness.

In June 2019, Walmart entered into a DPA with the DOJ in connection with a criminal information charging it with violations of the books and records provisions of the FCPA.

Walmart entered into a related resolution with the SEC. Walmart agreed to pay US$137 million to resolve the DOJ’s investigation, and to disgorge US$144 million in profits to the SEC. Walmart also agreed to retain an independent corporate compliance monitor for two years. Walmart received a 20 per cent reduction off the applicable US Sentencing Guidelines fine for conduct in Mexico, and a 25 per cent reduction for conduct in Brazil, China and India.

Cognizant Technology Solutions Corp (Cognizant)
BackgroundCognizant authorised its agents to pay an approximately US$2 million bribe to one or more government officials in India in exchange for securing and obtaining a statutorily required planning permit.
Self-ReportCognizant voluntarily self-disclosed to the DOJ within two weeks of the board learning of the misconduct.
Co-operation and RemediationCognizant conducted a thorough investigation, fully and proactively co-operated with the DOJ, and took steps to remediate, including termination of employees and contractors involved in the misconduct. The DOJ also noted that the company had an effective pre-existing compliance programme and had taken additional steps to enhance its compliance programme and internal accounting controls.
ResultIn February 2019, the DOJ issued a declination letter, while the SEC issued a cease and desist order requiring Cognizant to pay disgorgement of US$16.4 million, prejudgment interest of US$2.8 million and a US$6 million civil fine.

The Pilot Program and its codification as the Corporate Enforcement Policy has demonstrated the DOJ’s commitment rewarding voluntary self-disclosure in FCPA enforcement, and by many accounts has been viewed as very successful.

Benczkowski Memorandum

As part of its ongoing effort to update and clarify its corporate enforcement policies, in October 2018, the DOJ issued new guidance on imposing corporate compliance monitors now known as the ‘Benczkowski Memorandum’.[33] The new policy supplements the 2008 ‘Morford Memorandum’, which outlined the principles on selection, scope and duration of monitorships, and supersedes the guidance contained in the 2009 ‘Breuer Memorandum’ on imposing corporate monitors. Assistant Attorney General Brian Benczkowski explained that the goal of the new guidance was to ‘further refine the factors that go into the determination of whether a monitor is needed, as well as clarify and refine the monitor selection process’.

Under the Benczkowski Memorandum, the potential benefits of employing a corporate monitor should be weighed against the cost of a monitor and its impact on the operations of the corporation. In making a determination to impose a corporate monitor, the DOJ will consider a number of factors, including the type of misconduct, the pervasiveness of the conduct and whether it involved senior management, the investments and improvements a company has made to its corporate compliance programme and internal controls, and whether those improvements have been tested to demonstrate that they would prevent or detect similar misconduct in the future. Other factors include whether remedial actions were taken against individuals involved, and the industry and geography in which the company operates and the nature of the company’s clientele. The Benczkowski Memorandum provides: ‘Where a corporation’s compliance program and controls are demonstrated to be effective and appropriately resourced at the time of resolution, a monitor will not be necessary.’[34]

The guidelines are clearly intended to complement the goals articulated in the Corporate Enforcement Policy, giving companies greater incentives to self-disclose and co-operate with DOJ investigations of corporate wrongdoing. A key feature of the Benczkowski Memorandum is that companies can receive meaningful credit, namely avoiding a compliance monitor, by engaging in extensive remediation of their compliance programmes. co-operation credit

Although it can be difficult to precisely quantify the benefit of co-operation with the SEC, the Commission will consider general principles of sentencing, especially general deterrence. In both public statements and in practice, the Commission has made clear that companies can receive significant leniency for full co-operation. During a speech on 9 May 2018, SEC Enforcement Division Co-Director Steven Peikin emphasised the importance of co-operation, noting that the SEC would continue to provide ‘incentives to those who come forward and provide valuable information’ to the SEC.[35] Co-operation may influence the Commission’s decision whether to impose a civil monetary penalty.[36]

While the SEC has not entered into any non-prosecution agreements (NPAs) since 2016 and has only entered into three NPAs since their inception in 2010,[37] the SEC nevertheless signalled its continued commitment to using NPAs to reward co-operation through its proposed whistleblower rule amendments in 2018. Specifically, the proposed rule amendments would allow the SEC to make award payments to whistleblowers based on money collected as a result of DPAs and NPAs, to ‘ensure that whistleblowers are not disadvantaged because of the particular form of an action’ that the SEC or another regulator takes.[38] The SEC will, however, set a high bar before entering into an NPA in an FCPA enforcement action. With respect to NPAs entered into with Akamai Technologies, Inc and Nortek, Inc in 2016, Kara Brockmeyer, former Chief of the SEC Enforcement Division’s FCPA Unit, stated: ‘Akamai and Nortek each promptly tightened their internal controls after discovering the bribes and took swift remedial measures to eliminate the problems. They handled it the right way and got expeditious resolutions as a result.’[39]

4.4Risks in voluntarily self-reporting

While self-disclosure can reap significant monetary benefits, a company must balance the potential risks against any potential benefit. Self-reporting can give rise to lengthy co-operation obligations and increased government scrutiny. As discussed above, the multi-jurisdictional nature of many ‘white-collar’ matters means that self-reporting may lead to enquiries from global regulators, differing resolutions and ongoing obligations.

Furthermore, the DOJ is likely to impose a stringent bar when evaluating the sufficiency of compliance programmes to determine whether the requirements of the Corporate Enforcement Policy are met or to otherwise reduce liability. On 30 April 2019, the DOJ published revised guidance on Evaluation of Corporate Compliance Programs[40] (the Guidance). The Guidance is framed around three fundamental questions: (1) whether the corporation’s compliance programme is well designed, (2) whether it is being implemented effectively and (3) whether it works in practice.

Although the content of the Guidance is largely familiar to practitioners, it does give a clearer picture of the DOJ’s current approach to corporate compliance. The Guidance underscores the DOJ’s focus on the operation, rather than the appearance, of corporate compliance programmes. The Guidance suggests that companies should expect to be asked detailed and challenging questions regarding the scope and effectiveness of their compliance programmes. If a company’s compliance programme fails to withstand such scrutiny, it risks losing credit for the programme, paying higher penalties or even facing separate violations for inadequate internal controls. Taking these existing increasingly stringent co-operation standards into consideration, companies considering self-disclosure should carefully assess whether they can meet regulator expectations. If companies fall short, regulators may refuse co-operation credit and use the information obtained through the self-disclosure against the company.

4.5Risks in choosing not to self-report

US regulators have warned that the potential downside of not self-reporting any violation could be significant where the matter is otherwise brought to their attention. In a 5 July 2018 press release announcing an NPA with a Hong Kong-based subsidiary of Credit Suisse Group to resolve an investigation into ‘princeling’ hiring by the bank, the DOJ noted certain steps the firm did not take that limited the amount of co-operation credit it received. Specifically, the bank did not receive voluntary disclosure credit and did not receive full co-operation credit because its ‘cooperation was reactive and not proactive’.[41]

Consequently, companies should carefully consider the likelihood that the conduct will be discovered by other means. It is important to consider whether other industry players could affect the company’s position. Industry-wide trends may expose a company’s misconduct. If regulators undertake an industry-wide investigation into particular practices, which we have observed in recent years with pharmaceutical companies, medical device manufacturers and automobile companies, a company might be exposed by a competitor’s self-report or more passively through a third-party subpoena or any investigative demand.

Companies should also be sensitive to increasing whistleblower activity. Current or former employees are incentivised to report potential misconduct to US regulators, which has led to substantial recoveries for the government. The SEC’s whistleblower programme has been steadily active, with 67 individuals receiving approximately US$387 million between 2012 and November 2019. Whistleblowers are eligible to receive awards between 10 per cent and 30 per cent of the money recovered if their ‘high-quality original information’ leads to enforcement actions in which the SEC orders at least US$1 million.[42] The programme continues to be a priority for the Commission. In March 2018, the SEC announced its largest-ever whistleblower award, with two whistleblowers sharing nearly US$50 million and a third receiving more than US$33 million. In September 2018, the SEC awarded its second-highest whistleblower award of US$39 million to one whistleblower, with a second receiving US$15 million.[43] It is therefore important that a company consider the real possibility that its conduct could be exposed by means other than voluntary self-disclosure, and the associated, often expensive, risks associated with not being the first to come forward.

When deciding not to self-report, a company must ensure that the decision is appropriately considered and documented. If a company decides not to self-report and the government later enquires about the issue, the best defence is that the company conducted a thorough investigation, remediated the issue and had a reasonable basis for not self-reporting to the government. US regulators will look to a company’s board of directors to ensure the appropriate steps were taken.[44] The SEC has expressed that the board of directors must exercise oversight and set a strong ‘tone at the top’ emphasising the importance of compliance.


1 Amanda Raad is a partner, Sean Seelinger is counsel, and Jaime Orloff Feeney and Zaneta Wykowska are associates, at Ropes & Gray LLP.

2 See ‘Mobile Telesystems Pjsc and Its Uzbek Subsidiary Enter into Resolutions of $850 Million with the Department of Justice for Paying Bribes in Uzbekistan’, available at

3 Rod J Rosenstein, Deputy Att’y Gen., Dep’t of Justice, Remarks to the New York City Bar White Collar Crime Institute (9 May 2018), available at

4 See, e.g., 31 U.S.C. 5318(g).

5 For more details, see ‘The Fraud Section’s Foreign Corrupt Practices Act Enforcement Plan and Guidance’, available at (FCPA Enforcement Plan and Guidance).

6 Memorandum from Eric Holder, Deputy Att’y Gen., Dep’t of Justice, on Bringing Criminal Charges Against Corps. to Dep’t Component Heads and U.S. Attorneys (16 June 1999), available at

7 Id. at 3 (listing eight factors prosecutors should consider in deciding whether to bring charges against corporations that include ‘[t]he corporation’s timely and voluntary disclosure of wrongdoing and its willingness to cooperate in the investigation of its agents . . . .’).

8 US Dep’t of Justice, Justice Manual §§ 9-28.000.

9 Id. §§ 9-28.700 – Value of Cooperation.

10 Memorandum from Mark Filip, Deputy Att’y Gen. Dept’ of Justice, Principles of Federal Prosecution of Business Organizations (28 August 2008), available at, at 4.

11 Memorandum from Sally Quillian Yates, Deputy Att’y Gen., Dep’t of Justice, Individual Accountability for Corporate Wrongdoing (9 September 2015), available at, at 3. (Yates Memorandum).

12 The DOJ revised the section of the Justice Manual titled ‘Principles of Federal Prosecution of Business Organizations’ in November 2015 to reflect these steps.

13 Justice Manual § 9-28.700 (2015).

14 Yates Memorandum at 3.

15 Justice Manual § 9-28.700.

16 Id.

17 Rod J Rosenstein, Deputy Att’y Gen., Dep’t of Justice, Remarks at the American Conference Institute’s 35th International Conference on the Foreign Corrupt Practices Act (29 November 2018),

18 See FCPA Corporate Enforcement Policy, Dep’t of Justice, Justice Manual, §9-47.120, available at (Corporate Enforcement Policy) (emphasis added).

19 Supra note 17.

20 See FCPA Enforcement Plan and Guidance.

21 See Corporate Enforcement Policy.

22 See Jody Godoy, ‘DOJ Expands Leniency Beyond FCPA, Lets Barclays Off’, Law360, 1 March 2018,

23 Corporate Enforcement Policy.

24 The DOJ evaluated corporate co-operation in this manner when reaching its DPA with Mobile TeleSystems in February 2019. See

25 Corporate Enforcement Policy at § 1. ‘Aggravating circumstances that may warrant a criminal resolution include, but are not limited to, involvement by executive management of the company in the misconduct; a significant profit to the company from the misconduct; pervasiveness of the misconduct within the company; and criminal recidivism.’

26 FCPA Enforcement Plan and Guidance, at 8-9.

27 Corporate Enforcement Policy at § 1. The Enforcement Policy provides specific guidance on the criteria for evaluating a corporate compliance programme, while also noting that the criteria may vary based on the size and resources of an organisation. Factors listed in the policy include culture of compliance, compliance resources, the quality and experience of compliance resources, independence and authority of the compliance function, effective risk assessments and risk-based approach, compensation and promotion of compliance employees, compliance-related auditing, and compliance reporting structure.

32 Matt Miner, Deputy Assistant Att’y Gen., Dep’t of Justice, Remarks at The American Bar Association, Criminal Justice Section Third Global White Collar Crime Institute Conference (27 June 2019),

33 Memorandum from Brian A Benczkowski, Assistant Att’y Gen., Dep’t of Justice, (11 October 2018), Selection of Monitors in Criminal Division Matters, available at (Benczkowski Memorandum); ‘Assistant Attorney General Brian A. Benczkowski Delivers Remarks at NYU School of Law Program on Corporate Compliance and Enforcement Conference on Achieving Effective Compliance’, available at

34 Benczkowski Memorandum at 2.

35 See ‘Keynote Address at the New York City Bar Association’s 7th Annual White Collar Crime Institute’, available at

36 In its November 2018 resolution with Vantage Drilling International, the SEC cited co-operation and financial condition as its basis for not imposing a fine. See

37 The SEC announced its first NPA in an FCPA case in 2013, when it entered into an NPA with Ralph Lauren Corporation relating to bribes paid to government officials in Argentina. See ‘SEC Announces Non-Prosecution Agreement With Ralph Lauren Corporation Involving FCPA Misconduct’, available at The SEC announced its second and third NPAs on 7 June 2016. See ‘SEC Announces Two Non-Prosecution Agreements in FCPA Cases’, available at

38 See ‘SEC Proposes Whistleblower Rule Amendments’, available at

39 See ‘SEC Announces Two Non-Prosecution Agreements in FCPA Cases’, available at

41 See ‘Credit Suisse’s Investment Bank in Hong Kong Agrees to Pay $47 Million Criminal Penalty for Corrupt Hiring Scheme that Violated the FCPA’, available at

42 More information is available at the SEC’s ‘Office of the Whistleblower’ site at

43 See ‘SEC Awards More Than $54 Million to Two Whistleblowers’, available at

44 Notification of the board of directors is often required under federal securities law. Section 307 of the Sarbanes-Oxley Act of 2002 requires that an attorney report evidence of a material violation of securities laws or breach of fiduciary duty by the company or any agent ‘up-the-ladder’ (i.e., first to the chief legal officer or CEO and, thereafter, if appropriate remedial measures are not taken, to the audit committee of the board or other board committee comprised solely of non-employee directors). Wherever possible, it is best to engage the board’s disclosure counsel to assist in making this determination.

Unlock unlimited access to all Global Investigations Review content