News 08th Dec 2017

DOJ FCPA Corporate Enforcement Policy misses a trick on driving the culture of businesses forward

Kathryn Higgs

Director, Business Integrity Programme

Kathryn joined Transparency International from the private sector, where she was an award winning global business ethics and compliance lawyer, recognised in particular for her expertise in transformational compliance – helping businesses design and embed world class programmes which achieve meaningful corporate cultural change. Kathryn has acted as both a chief compliance officer and external counsel advising a wide variety of industries on all aspects of business ethics, compliance and investigations.

Press Office
[email protected]
+ 44 (0)20 3096 7695 
Out of hours:
Weekends; Weekdays (17.30-21.30):
+44 (0)79 6456 0340

Related Publication

Kathryn Higgs, Director of our Business Integrity Programme, analyses a shift in direction from the US Department of Justice, explaining how it could incentivise the wrong behaviour in companies and offering three suggestions for how it could be improved.

What’s new?

Last week, the US Department of Justice introduced a new FCPA Corporate Enforcement Policy. The policy is intended to increase self-reporting of misconduct by companies and so enhance the DOJ’s ability to identify and punish wrongdoing. It does so by introducing a presumption that companies which self-report will avoid criminal liability.

Not so bad - but not so good?

Some have expressed concern that this is indicative of a watering down of FCPA enforcement in response to troubling public comments from President Trump before he was elected that the FCPA is a “horrible law” that it puts US business at “a huge disadvantage. It’s too early to make that criticism. However, where the policy is a disappointment is that it fails to adequately consider the impact of culture on how business operates. In particular:

  • In seeking to draw a distinction between its treatment of companies and individuals, the DOJ has taken an overly legalistic view of companies – this risks allowing companies to shelter behind their legal status, leaving employees to carry the can.
  • The global dialogue on anti-corruption has moved passed remediation and now focusses extensively on building a culture and programmes that prevent wrongdoing. The new Policy does not keep up with times, failing to expressly require preventative measures.
  • In seeking to alleviate the burden on companies, the DOJ doesn’t appear to be alive to the realities of achieving meaningful cultural change in business. In reducing penalties and the likelihood of appointment of independent monitors – there is a risk that corporate change will not be lasting.

Who’s responsible - companies or individuals?

When announcing the new policy, Deputy Attorney General Rosenstein said “it makes sense to treat corporations differently than individuals”. This is technically true but it’s a stance that risks forgetting that companies are made up of individuals.

Companies are not machines, they are a collection of people. Their decisions are made by people. Their actions are performed by people. As pack animals, people follow the pack – that is, they will fit in with the company’s culture and norms. The best leaders in business recognise this and invest in embedding the right culture.

Historically, companies finding themselves in hot water over FCPA violations have been quick to cooperate with authorities and 'hang their exposed employees out to dry'. By taking a stance that corporations should be treated differently to individuals, the DOJ risks exacerbating this situation. Leaders of companies could establish inappropriate corporate cultures – ‘split personalities’ so to speak – incentivising employees to behave badly all the while knowing that if those employees are caught the company can simply settle for a predictable amount.  Bribe-paying then operates as a calculable risk-reward for the company and senior executives, with employees perhaps pressurised into taking a huge personal risk.

Companies must not be allowed to publicly state their commitment to doing business ethically but internally drive results at any cost and place employees in high-pressure environments leading to inappropriate behaviour.  It is not right for companies to be able to do this only to abandon those employees in the event of an investigation and claim that their behaviour was outside the scope of their employment.

Deputy Attorney General Rosenstein said "effective deterrence of corporate corruption requires prosecution of culpable individuals. We should not just announce large corporate fines and celebrate penalizing shareholders." He is correct. But culpable individuals are not just those who pay or authorise the payment of bribes. Culpable individuals are also those who create an environment which promotes such behaviour. As such the executive leadership of a company should always come under scrutiny.  Additionally regulators should not shy away from penalties which impact shareholders. Shareholders own the company, they are the ultimate decision makers and have the ability to dictate the standards by which they expect their company to operate.

Bolting the stable door after the horse has bolted?

Corruption has been recognised as unpalatable in business for decades. In fact, next week the OECD will mark the 20th anniversary of the anti-bribery convention. Standards in businesses have come leaps and bounds in that time. With the introduction of legislation requiring proactive steps to prevent bribery, such as the UK Bribery Act, long gone are the days in which the need to have a compliance programme was news to companies operating in high corruption risk jurisdictions. But the new DOJ policy only expects companies to take steps to implement remedial measures after discovering an issue. It does not expressly expect corporations to develop a culture and programme to prevent bribery in the first place.

Who’s on guard duty?

As a final point, the new policy implements a presumption that companies will not require an independent monitor to be appointed if they appear to have implemented an effective compliance programme by the time of the resolution. This is a risky play. Companies can have short memories and they tend to remember their lessons better if they are painful or last longer.

In order to effectively prevent recidivism, it is vital to ensure that a compliance programme and a new culture of doing business ethically has been embedded in a business. Reduced penalties paired with limited independent oversight of ongoing cultural regeneration means the lesson is less likely to be memorable and may allow that company to slip too easily back into old habits. Corporate cultures do not change overnight.

Where next?

Overall, the DOJ’s new policy languishes in a world of technicalities and legal compliance.  In so doing, it has missed a vital opportunity to help encourage the importance of ethical cultures in business. Prevention is the best cure for any illness and companies should be aspiring to prevent corruption occurring in the first place rather than preparing themselves to defend the inevitable.

So here are three things the DOJ should consider when they next update their guidance:

  • Build in sufficient unpredictability that companies can’t treat it as a cost of doing business.
  • Make it clear that senior executives will be held to account if they have been complicit in or enabled in any way bribe-paying by employees.
  • Incentivise companies to create the right culture, aligning incentives with ethical performance, and remembering that even the companies most committed to mending their ways will perform better if someone is watching over them.