Self-Reporting to the Authorities and Other Disclosure Obligations: The US Perspective

This is an Insight article, written by a selected partner as part of GIR's co-published content. Read more on Insight

4.1 Introduction

There is typically no formal obligation in the United States to disclose potential wrongdoing to enforcement authorities; however, there can often be strategic advantages to doing so. Subjects of investigations may, in certain cases, avoid some of the most adverse consequences by self-reporting, including reduced penalties and more favourable settlement terms. Additionally, companies in certain regulated sectors may avoid debarment even where clear violations occurred. US regulators are incentivising companies to self-report by offering potential and meaningful co-operation credit for doing so. The Corporate Enforcement Policy of the US Department of Justice (DOJ), first announced in November 2017, updated and formalised the DOJ’s criteria for evaluating and rewarding self-disclosure and co-operation in cases relating to the Foreign Corrupt Practices Act (FCPA). Revisions in March and November 2019 broadened its application beyond the FCPA and clarified the DOJ’s expectations for securing credit. More recently, the Corporate Enforcement Policy has been incorporated into the second edition of ‘A Resource Guide to the US Foreign Corrupt Practices Act’, released by the DOJ and the US Securities and Exchange Commission (SEC) in July 2020.²

The Biden administration is expected to continue pursuing FCPA enforcement settlements, consistent with a recently issued Memorandum on Combating Corruption, which calls for an interagency review to develop a strategy to combat corruption and strengthen enforcement mechanisms.³ In the first corporate FCPA resolution under the Biden administration, UK-based Amec Foster Wheeler Energy Limited resolved charges that it bribed Brazilian officials in exchange for contracts with the state-owned energy company, Petrobras, including through acts by employees located in New York and Texas.⁴

Although the number of FCPA enforcement cases was down in the beginning of 2020 owing to the covid-19 pandemic, the year closed out with 32 combined FCPA enforcement actions and US$2.78 billion in corporate fines and penalties, compared with 54 FCPA enforcement actions and a combined US$2.6 billion in monetary sanctions in 2019. In November 2020, the DOJ and SEC entered into the largest corporate FCPA resolution to date with Goldman Sachs, which agreed to pay US$2.9 billion in fines as part of a coordinated resolution with authorities in the United States, the United Kingdom, Singapore and elsewhere. In December 2020, the US Commodity Futures Trading Commission (CFTC) also entered into its first foreign corruption-related resolution with Vitol, Inc while Vitol also entered into a parallel resolution with the DOJ.⁵ Moreover, US regulators have historically been receptive to parties reporting facts while preserving privilege during the co-operation and reporting process, and are specifically prohibited from making co-operation credit conditional on privilege waiver.

4.2 Mandatory self-reporting to authorities

Before considering a voluntary disclosure, it is important for at least two reasons to determine whether the company has any potential mandatory reporting obligation. First, mandatory reporting obligations often prescribe the recipient, form, timing and content of the disclosure. Second, the evaluation will be materially different if a mandatory report is required, even if that report is in another jurisdiction, given the clear commitment to sharing information between international regulators. In other words, if a company is required to self-report in at least one jurisdiction, it should consider voluntarily disclosing in others given the likelihood that the government agencies will share information.

Despite this, the DOJ has adopted a formal policy to avoid ‘piling on’ penalties that are duplicative for the same misconduct. Under the policy, various US enforcement agencies must coordinate with each other and with foreign government agencies when reaching settlements with corporations. The 2020 FCPA Resource Guide underscores this anti-piling on policy as part of the growing international effort to combat corruption. It includes, as an example, a declination awarded to a UK seismic event detection equipment company, which was subject to a parallel investigation by the Serious Fraud Office (SFO) for the same conduct and committed to accepting responsibility with the SFO.⁶ However, the DOJ has warned that companies looking to benefit from the policy should self-disclose wrongdoing directly to the DOJ.⁷

4.2.1 Statutory and regulatory mandatory disclosure obligations

In the United States, most disclosure obligations originate in statute or regulations. Key examples include:

the Sarbanes-Oxley Act of 2002, which requires the disclosure of all information that has a material financial effect on a public company in periodic financial reports;
the US Bank Secrecy Act of 1970, which requires financial institutions to disclose certain suspicious transactions or currency transactions in excess of US$10,000;
the US Anti-Money Laundering Regulations, which require financial institutions to report actual or suspected money laundering under certain circumstances;⁸
the Anti-Kickback Enforcement Act of 1986, which requires government contractors to make a ‘timely notification’ of violations of federal criminal law or overpayments in connection with the award or performance of most federal government contracts or subcontracts, including those performed outside the United States; and
state data breach regulations – all 50 US states have laws requiring companies conducting business in the state to disclose data breaches involving personal information.⁹

4.2.2 Disclosure obligations under agreements with the government

In addition to statutory or regulatory-based mandatory disclosure requirements, companies must also evaluate whether they have any mandatory disclosure obligations under pre-existing agreements with the government. For example, if a company is subject to a deferred prosecution agreement (DPA) (or a corporate integrity agreement (CIA) in the healthcare sector), the agreement often contains self-reporting mandates for any subsequent violations. In many cases, these agreements may require the appointment of independent monitors. While DPAs, CIAs and similar agreements have been used frequently in the United States, other countries, including the United Kingdom, are also now increasingly using similar agreements to drive self-reporting and co-operation.

4.2.3 Other sources of mandatory disclosure obligations

Individuals and companies may also have mandatory disclosure obligations as a result of private contractual agreements as well as membership in professional bodies. Such disclosures between private parties may lead to a disclosure to a regulator by the receiving entity. For example, a subcontractor may be obliged by contract to report issues to the contracting party. That contracting party may subsequently determine that it is subject to its own reporting obligation or may choose to self-report to reduce any potential liability.

4.3 Voluntary self-reporting to authorities

Self-reporting and co-operation are important factors for both the DOJ and the SEC in deciding how to proceed with, and resolve investigations and enforcement actions in, cases involving corporations. Companies must carry out a fact-intensive and holistic inquiry in deciding whether to voluntarily self-report to US authorities. There is no one-size-fits-all approach to this analysis, but those contemplating voluntarily disclosing misconduct to US authorities should keep certain considerations in mind.

Key Considerations in Resolving Enforcement Actions
US Department of Justice¹⁰	US Securities and Exchange Commission¹¹
Self-disclosure and willingness to co-operate in the investigation Disclosure of individuals substantially involved in or responsible for misconduct Pervasiveness of wrongdoing within the corporation Existence and effectiveness of a compliance programme Meaningful remedial actions	Self-reporting and investigation of misconduct Effective compliance procedures and appropriate tone at the top Whether the case involves a potentially widespread industry practice Whether the conduct is ongoing Remediation, including dismissing or disciplining wrongdoers

4.3.1 Advantages of voluntarily self-reporting

The primary benefit to self-reporting is to secure potentially reduced penalties through co-operation credit and, moreover, to maintain control over the flow of information to regulators. In recent years, US regulators have become increasingly vocal about the benefits of self-disclosure and co-operation, with the DOJ even formalising those benefits, first, in its FCPA Pilot Program (Pilot Program)¹² and subsequently the Corporate Enforcement Policy. Yet, co-operation, which inevitably goes hand in hand with a voluntary disclosure, imposes significant demands on corporations and is not without meaningful risk.

4.3.1.1 DOJ co-operation credit

To encourage self-reporting and co-operation, the DOJ has issued and subsequently revised guidance on the subject for many years. In June 1999, the then Deputy Attorney General Eric Holder issued the Principles of Federal Prosecution of Business Organizations, now known as the ‘Holder Memorandum’, to articulate and standardise the factors to be considered by federal prosecutors in making charging decisions against corporations.¹³ The Holder Memorandum instructed DOJ prosecutors to consider as a factor in bringing charges whether a corporation has timely and voluntarily disclosed wrongdoing and whether it has been willing ‘to cooperate in the investigation of its agents’.¹⁴ In 2008, then-Deputy Attorney General Mark R Filip added language to the US Attorneys’ Manual, now titled the Justice Manual,¹⁵ instructing prosecutors to consider ‘the corporation’s willingness to provide relevant information and evidence and identify relevant actors within and outside the corporation, including senior executives’ when assessing a corporation’s co-operation.¹⁶ Mr Filip also outlined in his memorandum nine factors on which prosecutors should base their corporate charging and resolution decisions, the so-called ‘Filip Factors’, incorporating some language from the Holder Memorandum (Filip Factor Four, a corporation’s ‘willingness to cooperate in the investigation of [its] agents’), and adding Filip Factor Eight: ‘the adequacy of prosecution of individuals responsible for the corporation’s malfeasance’.

The Yates Memorandum

Building on the Holder Memorandum, then-Deputy Attorney General Sally Quillian Yates issued the Memorandum of Individual Accountability for Corporate Wrongdoing, now known as the ‘Yates Memorandum’, in September 2015. The Yates Memorandum outlines the ‘six key steps’ prosecutors should take in all investigations of corporate wrongdoing. The most significant policy shift in the Yates Memorandum concerned the relationship between a company’s co-operation with respect to individual wrongdoers and the company’s eligibility for co-operation credit. Under the Yates Memorandum, the identification of responsible individuals became a ‘threshold requirement’ for receiving any co-operation credit consideration. Ms Yates also emphasised that a failure to conduct a robust internal investigation is not an excuse, stating that ‘[c]ompanies may not pick and choose what facts to disclose’.

Former Deputy Attorney General Rod Rosenstein announced a shift in the DOJ’s policy in 2018. Under the revised policy, a corporation was entitled to co-operation credit in criminal proceedings as long as it disclosed ‘all relevant facts known to it at the time of the disclosure, including as to any individuals substantially involved in or responsible for the misconduct at issue’.¹⁷ On 28 October 2021, however, Deputy Attorney General Lisa Monaco announced that the DOJ is reinstating the requirements outlined in the Yates Memorandum. Monaco stated that in order to receive co-operation credit, ‘companies must provide the department with all non-privileged information about individuals involved in or responsible for the misconduct at issue’, regardless of position, status or seniority.¹⁸

However, the Justice Manual, which was revised in 2018, continues to specify that ‘[t]here may be circumstances where, despite its best efforts to conduct a thorough investigation, a company genuinely cannot get access to certain evidence or is actually prohibited from disclosing it to the government’.¹⁹ Nevertheless, the Justice Manual is clear that in such cases ‘the company seeking cooperation will bear the burden of explaining the restrictions it is facing to the prosecutor’.²⁰ Consequently, thorough and properly scoped internal investigations are of critical importance.

The Corporate Enforcement Policy

In November 2017, the DOJ announced that it would be incorporating its Corporate Enforcement Policy to incentivise voluntary self-disclosure of misconduct into the Justice Manual, following on from a successful Pilot Program in 2016.²¹ On 1 March 2018, the DOJ announced that it would apply the Corporate Enforcement Policy as non-binding guidance in criminal cases outside the FCPA context.²² Moreover, the most substantial addition to the 2020 FCPA Resource Guide is a section incorporating the Corporate Enforcement Policy, underscoring the DOJ’s and SEC’s emphasis on voluntary self-disclosure, co-operation and remediation. In light of these developments, the Corporate Enforcement Policy provides valuable guidance to corporations as they investigate misconduct and contemplate voluntary disclosure.

The Corporate Enforcement Policy outlines the requirements for a company to earn credit for voluntary self-disclosure. The disclosure must (1) occur prior to an imminent threat of disclosure or government investigation, (2) be disclosed within a reasonably prompt time after the company becomes aware of the offence and (3) include all relevant facts known to the company at the time of disclosure, including all relevant facts about the individuals substantially involved in or responsible for the misconduct.²³ The November 2019 changes to the Corporate Enforcement Policy acknowledge the DOJ’s recognition, in a footnote, that ‘a company may not be in a position to know all relevant facts at the time of a voluntary self-disclosure’. The Corporate Enforcement Policy also now requires the company to alert the DOJ of evidence of the misconduct when it becomes aware of it, whereas, previously, where the company was or should have been aware of opportunities for the DOJ to obtain evidence not in the company’s possession, it had to identify those opportunities to the DOJ to receive full co-operation credit.

In addition, the Corporate Enforcement Policy contains specific guidance on the steps a company must take to earn full co-operation credit and to provide timely and appropriate remediation, consistent with the Yates Memorandum and the Justice Manual’s Sentencing Guidelines. The exact level of co-operation credit available to a corporation will vary based on the investigation. It is possible for a corporation to earn full credit under the US Sentencing Guidelines but not earn additional credit under the Corporate Enforcement Policy.²⁴ Moreover, the DOJ has shown itself willing to assign different levels of co-operation credit for different investigations into the same company. For example, in June 2019, the DOJ entered a non-prosecution agreement (NPA) with Walmart, resolving investigations into Walmart’s alleged corrupt activity in four countries: Brazil, China, India and Mexico. Although the NPA covered conduct in all four countries, and the company received full credit for its co-operation with the DOJ in the first three investigations, with respect to the Mexico investigation, Walmart received only partial credit due to its failure to timely provide certain documents and ‘deconflict’ in response to a witness interview request.

The Corporate Enforcement Policy provides benefits to a company that satisfies all the requirements for voluntary self-disclosure, co-operation and remediation. Companies that fully co-operate with DOJ investigations and implement appropriate remediation in FCPA matters, but that do not voluntarily self-disclose, will be eligible for limited credit, at most a 25 per cent reduction off the bottom of the Sentencing Guidelines fine range. However, when a company has voluntarily self-disclosed, fully co-operated with the DOJ, and has timely and appropriately remediated, the Corporate Enforcement Policy creates a rebuttable presumption, which may be overcome by ‘aggravated circumstances’ related to the nature and seriousness of the offence, that the DOJ will grant a declination.²⁵ Under the Corporate Enforcement Policy, if the presumption is overcome and a criminal resolution is warranted, the DOJ will recommend a 50 per cent reduction off the low end of the Sentencing Guidelines fine range and generally will not require the appointment of a monitor if the company has, at the time of resolution, implemented an effective compliance programme.²⁶

The DOJ has issued 14 public declinations under the Corporate Enforcement Policy and the earlier Pilot Program.²⁷ The DOJ last issued a declination in August 2020, when the DOJ declined to prosecute World Acceptance Corporation due to its voluntary self-disclosure, extensive co-operation and remediation, and disgorgement of US$17.8 million.²⁸

By publishing its rationale for issuing declinations, the DOJ has sought to provide ‘increased transparency as to [the] evaluation process’.²⁹ However, in a June 2019 speech to the American Bar Association, former Deputy Assistant Attorney General Matt Miner announced that the DOJ would be open to keeping declinations private where public release is ‘neither necessary nor warranted’. Miner gave the example of a corporation that discovers inconsequential bribes in an M&A transaction and self-discloses immediately – in such a case, the agency would be ‘open to discussion’ regarding public release. Nonetheless, Miner maintained that this decision will always remain in the agency’s discretion.

The following table outlines several recent FCPA corporate resolutions under the Corporate Enforcement Policy, and the comparative credit for self-disclosure, co-operation and remediation.

Recent Resolutions under DOJ’s Corporate Enforcement Policy
Amec Foster Wheeler Energy Limited (AFWEL)
Background	AFWEL, a subsidiary of UK-based Wood Group, is a British multinational consultancy, engineering and project management company. Between 2011 and 2014, AFWEL bribed Brazilian officials in return for a US$190 million contract to design a gas-to-chemicals facility. AFWEL admitted conspiring with a Monaco-based intermediary, an Italian sales agent and a store manager in New York City to pay bribes to Petrobas officials to secure the project. AFWEL’s compliance process identified red flags in the transaction, but the agent was allowed to continue the transactions unofficially
Self-Report	AFWEL did not voluntarily self-report
Co-operation and Remediation	AFWEL received full credit for its cooperation with the investigation as it made factual presentations, voluntarily facilitated the interview in the United States of former foreign-based employees and produced extensive documentation
Result	In June 2021, AFWEL entered into a DPA with the DOJ and a related resolution with the SEC. AFWEL agreed to pay a criminal penalty of US$18.375 million. The criminal penalty was reduced by 25 per cent from the applicable US Sentencing Guidelines range as AFWEL committed to full co-operation and remediation, which involved terminating an individual involved in the misconduct and adopting heightened controls and anti-corruption procedures
World Acceptance Corporation (WAC)
Background	WAC’s Mexican subsidiary paid approximately US$4.1 million in bribes between 2010 and 2017 to obtain and retain business relating to its Préstamos Viva business line, which offered small loans to state and federal government employees
Self-Report	WAC voluntarily self-disclosed to the DOJ on learning of the misconduct
Co-operation and Remediation	WAC proactively co-operated with the DOJ, including provision of known relevant facts about the misconduct, and took steps to remediate, including by providing additional FCPA training as part of its compliance programme. WAC also separated from executives under whom the misconduct took place and discontinued its relationships with third parties involved in the misconduct
Result	In August 2020, the DOJ issued a declination letter, while the SEC issued a cease and desist order requiring WAC to disgorge US$17.8 million, prejudgment interest of US$1.9 million and a US$2 million civil fine
Quad/Graphics Inc (Quad/Graphics)
Background	Quad/Graphics is a US-based digital and print marketing provider. Between 2011 and 2016, employees of Quad/Graphics’ Peruvian subsidiary paid or promised to pay over US$1 million to intermediaries, in part, to pay bribes to Peruvian officials to secure printing contracts and minimise penalty and tax payments. Additionally, between 2010 and 2015, employees of Quad/Graphics’ Chinese subsidiary paid bribes to employees of state-owned companies to secure printing business in China
Self-Report	Quad/Graphics voluntarily and promptly self-disclosed to the DOJ
Co-operation and Remediation	Quad/Graphics conducted an internal investigation, proactively co-operated with the DOJ, took steps to enhance its compliance programme and terminated relationships with employees and third parties involved in the misconduct
Result	In September 2019, the DOJ issued a declination letter and the SEC issued a cease and desist order requiring Quad/Graphics to disgorge US$6.9 million in profits, plus interest and pay a US$2 million civil penalty
Telefonaktiebolaget LM Ericsson (Ericsson)
Background	Ericsson is a multinational telecommunications company headquartered in Sweden. Ericsson admitted that between 2000 and 2016, it used third parties to make bribe payments to government officials or to manage off-the-books slush funds in Djibouti, China, Vietnam, Indonesia and Kuwait
Self-Report	Ericsson did not voluntarily self-report
Co-operation and Remediation	Ericsson did not receive full credit for co-operation and remediation because it did not disclose allegations of corruption with respect to two relevant matters, produced certain materials in an untimely manner and did not fully remediate, including by failing to take adequate disciplinary measures with respect to certain employees involved in the misconduct
Result	In December 2019, Ericsson entered into a DPA with the DOJ and a related resolution with the SEC. Ericsson agreed to pay a criminal penalty of US$520.7 million and US$539.9 million in disgorgement of profits under its civil resolution with the SEC. The criminal penalty was reduced by 15 per cent off the applicable US Sentencing Guidelines range because Ericsson committed to further enhance its compliance programme and internal accounting controls. Ericsson’s Egyptian subsidiary pleaded guilty to conspiracy to violate the anti-bribery provisions of the FCPA. Ericsson also agreed to the imposition of an independent compliance monitor

The Corporate Enforcement Policy and the Pilot Program before it have demonstrated the DOJ’s commitment to rewarding voluntary self-disclosure in FCPA enforcement, and by many accounts has been viewed as very successful.

Benczkowski Memorandum

As part of the DOJ’s ongoing effort to update and clarify its corporate enforcement policies, in October 2018, the then Assistant Attorney General Brian Benczkowski issued new guidance on imposing corporate compliance monitors, which is now known as the ‘Benczkowski Memorandum’.³⁰ The policy supplemented the 2008 ‘Morford Memorandum’, which outlined the principles on selection, scope and duration of monitorships, and supersedes the guidance contained in the 2009 ‘Breuer Memorandum’ on imposing corporate monitors. Former Assistant Attorney General Brian Benczkowski explained that the goal of the new guidance was to ‘further refine the factors that go into the determination of whether a monitor is needed, as well as clarify and refine the monitor selection process’.

Under the Benczkowski Memorandum, the potential benefits of employing a corporate monitor should be weighed against the cost of a monitor and its impact on the operations of the corporation. In making a determination to impose a corporate monitor, the DOJ will consider a number of factors, including the type of misconduct, the pervasiveness of the conduct and whether it involved senior management, the investments and improvements a company has made to its corporate compliance programme and internal controls, and whether those improvements have been tested to demonstrate that they would prevent or detect similar misconduct in the future. Other factors include whether remedial actions were taken against individuals involved, and the industry and geography in which the company operates and the nature of the company’s clientele. The Benczkowski Memorandum provides: ‘Where a corporation’s compliance program and controls are demonstrated to be effective and appropriately resourced at the time of resolution, a monitor will not be necessary.’³¹

A key feature of the Benczkowski Memorandum is that companies can receive meaningful credit, namely avoiding a compliance monitor, by engaging in extensive remediation of their compliance programmes. The DOJ did not impose a monitor in connection with any enforcement actions in 2020, compared to three in 2019. However, Deputy Attorney General Monaco’s remarks on 28 October 2021 signalled that the DOJ may make more use of monitors going forward. Monaco made clear that the DOJ ‘is free to require the imposition of independent monitors whenever it is appropriate to do so in order to satisfy our prosecutors that a company is living up to its compliance and disclosure obligations’ and to the extent that prior guidance suggested ‘that monitorships are disfavored or are the exception’, that guidance is rescinded.³²

4.3.1.2 SEC co-operation credit

Although it can be difficult to precisely quantify the benefit of co-operation with the SEC, the Commission will consider general principles of sentencing, especially general deterrence. In both public statements and in practice, the Commission has made clear that companies can receive significant leniency for full co-operation. During a speech on 9 May 2018, former SEC Enforcement Division Co-Director Steven Peikin emphasised the importance of co-operation, noting that the SEC would continue to provide ‘incentives to those who come forward and provide valuable information’ to the SEC.³³ Co-operation may influence the Commission’s decision whether to impose a civil monetary penalty.³⁴

While the SEC has not entered into any NPAs since 2016 and has only entered into three since their inception in 2010,³⁵ the SEC nevertheless signalled its continued commitment to using NPAs to reward co-operation through amendments, passed in September 2020 to the rules governing monetary awards to whistleblowers. Specifically, the amendments clarify the SEC’s ability to make award payments to whistleblowers based on money collected as a result of DPAs and NPAs entered into by the DOJ and SEC, to ‘ensure that whistleblowers are not disadvantaged because of the particular form of an action’ that the applicable authority takes.³⁶ The SEC will, however, set a high bar before entering into an NPA in an FCPA enforcement action. With respect to NPAs entered into with Akamai Technologies, Inc and Nortek, Inc in 2016, Kara Brockmeyer, then-Chief of the SEC Enforcement Division’s FCPA Unit, stated: ‘Akamai and Nortek each promptly tightened their internal controls after discovering the bribes and took swift remedial measures to eliminate the problems. They handled it the right way and got expeditious resolutions as a result.’³⁷

4.4 Risks in voluntarily self-reporting

While self-disclosure can reap significant monetary benefits, a company must balance the potential risks against any potential benefit. Self-reporting can give rise to lengthy co-operation obligations and increased government scrutiny. As discussed above, the multi-jurisdictional nature of many ‘white-collar’ matters means that self-reporting may lead to enquiries from global regulators, differing resolutions and ongoing obligations.

Furthermore, the DOJ is likely to impose a stringent bar when evaluating the sufficiency of compliance programmes to determine whether the requirements of the Corporate Enforcement Policy are met or to otherwise reduce liability. On 1 June 2020, the DOJ published revised guidance on Evaluation of Corporate Compliance Programs³⁸ (the Guidance), first released in February 2017 and updated in April 2019. The Guidance is framed around three fundamental questions as to whether (1) the corporation’s compliance programme is well designed, (2) it is being applied earnestly and in good faith (i.e., whether it is adequately resourced and empowered to function effectively), and (3) it works in practice. The Guidance has since also been incorporated into the 2020 FCPA Resource Guide, which notes the DOJ’s position that ‘the truest measure of an effective compliance program is how it responds to misconduct’.

Although the content of the Guidance is largely familiar to practitioners, it does give a clearer picture of the DOJ’s current approach to corporate compliance. The Guidance underscores the DOJ’s focus on the operation, rather than the appearance, of corporate compliance programmes. The Guidance suggests that companies should expect to be asked detailed and challenging questions regarding the scope and effectiveness of their compliance programmes, both at the time of the offence and at the time of the charging decision and resolution. The Guidance emphasises the DOJ’s expectation that compliance programmes should be risk-based and tailored to the specific commercial realities of the company’s business, and that companies should continually reassess their risk profiles and the efficacy of their compliance programmes to ensure their programmes are fit to address evolving risks and trends. Moreover, the Guidance makes clear that the DOJ will enquire about the company’s culture of compliance at all levels of the business, including middle management as well as senior management, and whether the company’s compliance function has sufficient access to data across the business and makes use of data analytics to monitor and test policies, controls, and transactions. In the mergers and acquisitions context, the Guidance emphasises the need for pre-acquisition compliance due diligence as well as post-closing integration.

If a company’s compliance programme fails to withstand such scrutiny, it risks losing credit for the programme, paying higher penalties or even facing separate violations for inadequate internal controls. Taking these existing increasingly stringent co-operation standards into consideration, companies considering self-disclosure should carefully assess whether they can meet regulator expectations. If companies fall short, regulators may refuse co-operation credit and use the information obtained through the self-disclosure against the company.

4.5 Risks in choosing not to self-report

US regulators have warned that the potential downside of not self-reporting any violation could be significant where the matter is otherwise brought to their attention. In an October 2020 press release announcing a DPA and US$19.6 million settlement with Chicago-based Beam Suntory, Inc to resolve an investigation into bribery of Indian officials for approval of a licence to bottle a line of products in India, the DOJ noted that Beam did not timely disclose the conduct that triggered the investigation, took positions that were not consistent with co-operation and caused significant delays in reaching a resolution by refusing to accept responsibility for several years.³⁹

Consequently, companies should carefully consider the likelihood that the conduct will be discovered by other means. It is important to consider whether other industry players could affect the company’s position. Industry-wide trends may expose a company’s misconduct. If regulators undertake an industry-wide investigation into particular practices, which we have observed in recent years with pharmaceutical companies, medical device manufacturers and automobile companies, a company might be exposed by a competitor’s self-report or more passively through a third-party subpoena or any investigative demand.

Companies should also be sensitive to increasing whistleblower activity. Current or former employees are incentivised to report potential misconduct to US regulators, which has led to substantial recoveries for the government. The SEC’s whistleblower programme has been steadily active, with 233 individuals receiving approximately US$1.2 billion between 2012 and November 2021.⁴⁰ Whistleblowers are eligible to receive awards between 10 per cent and 30 per cent of the money recovered if their ‘high-quality original information’ leads to enforcement actions in which the SEC orders at least US$1 million.⁴¹ Moreover, the SEC’s 2020 amendments to the rules governing the whistleblower award programme provide that for awards where the statutory maximum amount is US$5 million or less, there is a presumption that the SEC will pay the claimaint the 30 per cent maximum statutory award unless there are negative award criteria present, subject to certain limitations.⁴² The programme continues to be a priority for the Commission. In October 2020, the SEC announced its largest whistleblower award to date, with a single whistleblower receiving over US$114 million.⁴³ It is therefore important that a company consider the real possibility that its conduct could be exposed by means other than voluntary self-disclosure, and the associated, often expensive, risks associated with not being the first to come forward. When deciding not to self-report, a company must ensure that the decision is appropriately considered and documented. If a company decides not to self-report and the government later enquires about the issue, the best defence is that the company conducted a thorough investigation, remediated the issue and had a reasonable basis for not self-reporting to the government. US regulators will look to a company’s board of directors to ensure the appropriate steps were taken.⁴⁴ The SEC has expressed that the board of directors must exercise oversight and set a strong ‘tone at the top’ emphasising the importance of compliance.

Footnotes

¹ Amanda Raad and Sean Seelinger are partners, Jaime Orloff Feeney is counsel and Zaneta Wykowska is an associate at Ropes & Gray LLP.

² US Dep’t of Justice (DOJ) and US Sec. & Exch. Comm’n (SEC), ‘A Resource Guide to the U.S. Foreign Corrupt Practices Act’ (2d ed. 2020), https://www.justice.gov/criminal-fraud/file/1292051/download.

³ Memorandum on Establishing the Fight Against Corruption as a Core United States National Security Interest (3 June 2021), https://www.whitehouse.gov/briefing-room/presidential-actions/2021/06/03/memorandum-on-establishing-the-fight-against-corruption-as-a-core-united-states-national-security-interest/.

⁴ See ‘Amec Foster Wheeler Energy Limited Agrees to Pay Over $18 Million to Resolve Charges Related to Bribery Scheme in Brazil,’ available at https://www.justice.gov/opa/pr/amec-foster-wheeler-energy-limited-agrees-pay-over-18-million-resolve-charges-related-bribery.

⁵ See ‘CFTC Orders Vitol Inc. to Pay $95.7 Million for Corruption-Based Fraud and Attempted Manipulation: First CFTC Enforcement Action Involving Foreign Corruption,’ available at https://www.cftc.gov/PressRoom/PressReleases/8326-20.

⁶ 2020 FCPA Resource Guide, 52–53.

⁷ When announcing the policy, former Deputy Attorney General Rod Rosenstein specifically remarked that ‘[c]ooperating with a different agency or a foreign government is not a substitute for cooperating with the Department of Justice’. Rod J Rosenstein, Deputy Att’y Gen., Dep’t of Justice, Remarks to the New York City Bar White Collar Crime Institute (9 May 2018), available at https://www.justice.gov/opa/speech/deputy-attorney-general-rod-rosenstein-delivers-remarks-new-york-city-bar-white-collar.

⁸ See, e.g., 31 U.S.C. 5318(g).

⁹ See Security Breach Notification Laws, National Conference of State Legislatures, https://www.ncsl.org/research/telecommunications-and-information-technology/security-breach-notification-laws.aspx (14 April 2021).

¹⁰ See FCPA Corporate Enforcement Policy, DOJ, Justice Manual, § 9-47.120, available at https://www.justice.gov/jm/jm-9-47000-foreign-corrupt-practices-act-1977#9-47.120 (Corporate Enforcement Policy).

¹¹ See Enforcement Manual, SEC Division of Enforcement (28 November 2017), available at https://www.sec.gov/divisions/enforce/enforcementmanual.pdf.

¹² For more details, see ‘The Fraud Section’s Foreign Corrupt Practices Act Enforcement Plan and Guidance’, available at https://www.justice.gov/opa/file/838386/download (FCPA Enforcement Plan and Guidance).

¹³ Memorandum from Eric Holder, Deputy Att’y Gen., Dep’t of Justice, on Bringing Criminal Charges Against Corps. to Dep’t Component Heads and U.S. Attorneys (16 June 1999), available at https://www.justice.gov/sites/default/files/criminal-fraud/legacy/2010/04/11/charging-corps.PDF.

¹⁴ Id. at 3 (listing eight factors prosecutors should consider in deciding whether to bring charges against corporations that include ‘[t]he corporation’s timely and voluntary disclosure of wrongdoing and its willingness to cooperate in the investigation of its agents’).

¹⁵ US Dep’t of Justice, Justice Manual §§ 9-28.000.

¹⁶ Id. §§ 9-28.700 – Value of Cooperation.

¹⁷ Rod J Rosenstein, Deputy Att’y Gen., DOJ, Remarks at the American Conference Institute’s 35th International Conference on the Foreign Corrupt Practices Act (29 November 2018), https://www.justice.gov/opa/speech/deputy-attorney-general-rod-j-rosenstein-delivers-remarks-american-conference-institute-0 (emphasis added).

¹⁸ Lisa O Monaco, Deputy Atty Gen., DOJ, Keynote Address at ABA’s 36th National Institute on White Collar Crime (28 October 2021), https://www.justice.gov/opa/speech/deputy-attorney-general-lisa-o-monaco-gives-keynote-address-abas-36th-national-institute.

¹⁹ Justice Manual § 9-28.700.

²⁰ Id.

²¹ See Corporate Enforcement Policy.

²² See Jody Godoy, ‘DOJ Expands Leniency Beyond FCPA, Lets Barclays Off’, Law360, 1 March 2018, https://www.law360.com/articles/1017798/doj-expands-leniency-beyond-fcpa-lets-barclays-off.

²³ Corporate Enforcement Policy.

²⁴ The DOJ evaluated corporate co-operation in this manner when reaching its DPA with Mobile TeleSystems in February 2019. See https://www.justice.gov/opa/press-release/file/1141631/download.

²⁵ Corporate Enforcement Policy at § 1. ‘Aggravating circumstances that may warrant a criminal resolution include, but are not limited to, involvement by executive management of the company in the misconduct; a significant profit to the company from the misconduct; pervasiveness of the misconduct within the company; and criminal recidivism.’

²⁶ Corporate Enforcement Policy at § 1. The Enforcement Policy provides specific guidance on the criteria for evaluating a corporate compliance programme, while also noting that the criteria may vary based on the size and resources of an organisation. Factors listed in the policy include culture of compliance, compliance resources, the quality and experience of compliance resources, independence and authority of the compliance function, effective risk assessments and risk-based approach, compensation and promotion of compliance employees, compliance-related auditing, and compliance reporting structure.

²⁷ See https://www.justice.gov/criminal-fraud/corporate-enforcement-policy/declinations.

²⁸ See https://www.justice.gov/criminal-fraud/file/1301826/download.

²⁹ Matt Miner, Deputy Assistant Att’y Gen., Dep’t of Justice, Remarks at The American Bar Association, Criminal Justice Section Third Global White Collar Crime Institute Conference (27 June 2019), https://www.justice.gov/opa/speech/deputy-assistant-attorney-general-matt-miner-delivers-remarks-american-bar-association.

³⁰ Memorandum from Brian A. Benczkowski, Assistant Att’y Gen., Dep’t of Justice, (11 October 2018), Selection of Monitors in Criminal Division Matters, available at https://www.justice.gov/opa/speech/file/1100531/download (Benczkowski Memorandum); ‘Assistant Attorney General Brian A. Benczkowski Delivers Remarks at NYU School of Law Program on Corporate Compliance and Enforcement Conference on Achieving Effective Compliance’, available at https://www.justice.gov/opa/speech/assistant-attorney-general-brian-benczkowski-delivers-remarks-nyu-school-law-program.

³¹ Benczkowski Memorandum at 2.

³² Lisa O Monaco, Deputy Atty Gen., DOJ, Keynote Address at ABA’s 36th National Institute on White Collar Crime (see supra note 18)

³³ See ‘Keynote Address at the New York City Bar Association’s 7th Annual White Collar Crime Institute’, available at https://www.sec.gov/news/speech/speech-peikin-050918.

³⁴ In its November 2018 resolution with Vantage Drilling International, the SEC cited co-operation and financial condition as its basis for not imposing a fine. See https://www.sec.gov/litigation/admin/2018/34-84617.pdf.

³⁵ The SEC announced its first NPA in an FCPA case in 2013, when it entered into an NPA with Ralph Lauren Corporation relating to bribes paid to government officials in Argentina. See ‘SEC Announces Non-Prosecution Agreement With Ralph Lauren Corporation Involving FCPA Misconduct’, available at https://www.sec.gov/news/press-release/2013-2013-65htm. The SEC announced its second and third NPAs on 7 June 2016. See ‘SEC Announces Two Non-Prosecution Agreements in FCPA Cases’, available at https://www.sec.gov/news/pressrelease/2016-109.html.

³⁶ See ‘SEC Adds Clarity, Efficiency and Transparency to Its Successful Whistleblower Award Program,’ available at https://www.sec.gov/news/press-release/2020-219.

³⁷ See ‘SEC Announces Two Non-Prosecution Agreements in FCPA Cases’, available at https://www.sec.gov/news/pressrelease/2016-109.html.

³⁸ US Dep’t of Justice, Criminal Division, Evaluation of Corporate Compliance Programs (updated June 2020), available at https://www.justice.gov/criminal-fraud/page/file/937501/download.

³⁹ See ‘Beam Suntory Inc. Agrees to Pay Over $19 Million to Resolve Criminal Foreign Bribery Case’, available at https://www.justice.gov/opa/pr/beam-suntory-inc-agrees-pay-over-19-million-resolve-criminal-foreign-bribery-case.

⁴⁰ See ‘SEC Issues Whistleblower Awards Totaling Approximately $10.4 Million,’ available at https://www.sec.gov/news/pressrelease/2021-243.

⁴¹ More information is available at the SEC’s ‘Office of the Whistleblower’ site at https://www.sec.gov/whistleblower.

⁴² See ‘SEC Adds Clarity, Efficiency and Transparency to Its Successful Whistleblower Award Program’, available at https://www.sec.gov/news/press-release/2020-219.

⁴³ See ‘SEC Issues Record $114 Million Whistleblower Award’, available at https://www.sec.gov/news/press-release/2020-266.

⁴⁴ Notification of the board of directors is often required under federal securities law. s.307 Sarbanes-Oxley Act of 2002 requires that an attorney report evidence of a material violation of securities laws or breach of fiduciary duty by the company or any agent ‘up-the-ladder’ (i.e., first to the chief legal officer or CEO and, thereafter, if appropriate remedial measures are not taken, to the audit committee of the board or other board committee comprised solely of non-employee directors). Wherever possible, it is best to engage the board’s disclosure counsel to assist in making this determination.