In a recent speech at the annual ABA White Collar Crime Conference in New Orleans, Assistant Attorney General Brian Benczkowski of the Criminal Division of the Department of Justice (“DOJ”) announced certain changes to the FCPA Corporate Enforcement Policy (“the Enforcement Policy” or “Policy”) to address issues that the DOJ had identified since its implementation. These and other recent updates have since been codified in a revised Enforcement Policy in the Justice Manual.
The Enforcement Policy, first announced by the DOJ in November 2017, was initially applicable only to violations of the FCPA, but was subsequently extended to all white collar matters handled by the Criminal Division. The Policy was designed to encourage companies to voluntary self-disclose misconduct by providing more transparency as to the credit a company could receive for self-reporting and fully cooperating with the DOJ. Among other things, the Enforcement Policy provides a presumption that the DOJ will decline to prosecute companies that meet the DOJ’s requirement of “voluntary self-disclosure,” “full cooperation,” and “timely and appropriate remediation,” absent “aggravating circumstances” – i.e. relating to the seriousness or frequency of the violation. For more information on the Enforcement Policy, read our blog post explaining it.
The most significant recent changes to the Enforcement Policy include eliminating the prohibition on a company’s usage of ephemeral instant messaging applications to receive full credit for “timely and appropriate remediation.” Additionally, the modified Enforcement Policy (1) now makes clear that one requirement of cooperation, de-confliction of witness interviews, should not interfere with a company’s internal investigation; (2) confirms based on an earlier announcement, that the Policy applies in the context of a merger and acquisition (“M&A”), if an acquiring company discovers and self-discloses misconduct in a target; and (3) implements a change announced months before by the Deputy Attorney General that a company only needed to provide information about individuals “substantially involved” in the offense. These changes are discussed in greater detail below.
Instant Messaging and Communications
Previously, the Enforcement Policy stated that in order for a company to receive full credit for remediation, the company had to prohibit employees from using software that “generates but does not appropriately retain business records or communications.” This was, in essence, a ban on disappearing or short-lived instant messaging programs like WhatsApp and WeChat. Given the reality of how business is now conducted, where such messaging apps are often a necessary part of how such companies operate, this raised concerns over whether any business would be able to obtain full cooperation credit.
Under the updated Enforcement Policy, companies no longer face such a blanket prohibition. Instead, they are required to implement “appropriate guidance and controls” on the use of these ephemeral messaging platforms, to ensure that they are appropriately retaining business records. Thus, companies that allow employees to use these messaging platforms will need to establish procedures ensuring the preservation of business records, and to train employees on these procedures. At a minimum, this will include requiring employees to comply with document retention and destruction policies with respect to these applications.
De-confliction of Witness Interviews and Other Investigative Steps
The recent changes clarify the previous “de-confliction” policy. De-confliction – the requirement that a company coordinate interviews of relevant individuals with the DOJ – may have been viewed as DOJ exercising control over a company’s internal investigation. In fact, in two recent criminal prosecutions, defendants challenged the government by arguing that their Fifth Amendment rights had been violated because the company lawyers were acting as agents of federal prosecutors.
The updated Enforcement Policy clarifies that de-confliction is limited to circumstances where it is not only requested but it is appropriate – presumably given the facts and circumstances of the company’s internal investigation. Accordingly, when defining “full cooperation,” the Enforcement Policy now states: “Where requested and appropriate, de-confliction of witness interviews and other investigative steps that a company intends to take as part of its internal investigation with steps that the Department intends to take as part of its investigation.” A footnote was added stating: “Although the Department may, where appropriate, request that a company refrain from taking a specific action for a limited period of time for de-confliction purposes, the Department will not take any steps to affirmatively direct a company’s internal investigation efforts.” Hence, the Enforcement Policy now makes clear that the DOJ will not directly interfere with a company’s internal investigation.
M&A Due Diligence and Remediation
In a speech last year, Deputy Assistant Attorney General Matthew S. Miner had announced that “a successor company’s voluntary disclosure, appropriate due diligence, and implementation of an effective compliance program” can decrease the possibility of “an enforcement action regarding an acquired company’s post-acquisition conduct when pre-acquisition due diligence is not possible.” Miner also stated that the DOJ will give “meaningful credit to companies who undertake these actions” and that, if appropriate, the DOJ may decline to bring an enforcement action. For more information on Miner’s speech, read our blog post.
The updated Enforcement Policy codified last year’s announcement. For instance, an acquiring company may be eligible for a declination if it discloses the misconduct identified in a target, “even if aggravating circumstances existed as to the acquired entity.” Acquiring companies with a “robust compliance program in place” will be given particular credit. In cases where such companies self-disclose the misconduct, there will generally be a presumption of a declination.
Sharing Information on Employees
The updated Enforcement Policy formalizes another change announced last year. In a speech in November 2018, Deputy Attorney General Rod J. Rosenstein announced a revised policy concerning the requirement for companies to provide information about individual wrongdoers to satisfy the cooperation requirement under the Policy. While recognizing that pursuing individuals responsible for wrongdoing will be a top priority in every corporate investigation, Rosenstein announced that companies seeking to obtain credit would no longer be required to turn over information of all employees tied to the misconduct.
The updated Enforcement Policy now incorporates that previous announcement by providing that a company must disclose “all relevant facts known to it, including all relevant facts about all individuals substantially involved in or responsible for the violation of law.”
Declinations and Aggravating Factors
In addition to announcing further amendments to the Corporate Enforcement Policy, in his speech, Benczkowski also commented on how the DOJ will assess and weigh the existence of aggravating factors, like high-level executive involvement in the misconduct, which determines whether a company is eligible for a declination if it otherwise has satisfied the requirements of the Policy or is limited to a fifty percent discount off of the sentencing guidelines. Benczkowski stated that one or more aggravating factors will “not necessarily preclude a declination” when the company otherwise complies with the Enforcement Policy.
Last month, for example, the DOJ decided not to prosecute Cognizant Technology Solutions Corporation for FCPA violations even though high-level employees allegedly participated in the bribery scheme. The decision was based, in part, on the company’s decision to voluntarily self-disclose the conduct within two weeks of the board learning of it, as well as the thoroughness of the company’s internal investigation; its complete cooperation with the government; the effectiveness of its compliance program; and the company’s willingness to remediate and disgorge its entire cost savings from the bribery. The DOJ charged the former president and the former chief legal officer of the company for their alleged involvement.
While the changes to the Enforcement Policy are incremental rather than structural, they demonstrate that the DOJ is committed to adjusting the Policy to address practical issues in its implementation. In terms of immediate considerations for companies, it is important to consider the role of ephemeral messaging apps within their organizations – whether their use is permitted, and if so, what internal policies and procedures apply to their use, including how employees are required to retain them to comply with document retention policies. Likewise, as we previously discussed when the application of the Enforcement Policy in the context of M&A transactions was announced, companies should keep in mind in any deal the possibility of self-reporting misconduct identified in diligence or immediately after obtaining control of the company.
 The updated Enforcement Policy now includes the following requirement as part of “timely and appropriate remediation”: “Appropriate retention of business records, and prohibiting the improper destruction or deletion of business records, including implementing appropriate guidance and controls on the use of personal communications and ephemeral messaging platforms that undermine the company’s ability to appropriately retain business records or communications or otherwise comply with the company’s document retention policies or legal obligations;”
 United States v. Connolly, No. 16-cr-00370 (S.D.N.Y. April 23, 2018); United States v. Blumberg, No. 14-cr-458 (JLL).
The views, opinions and positions expressed within all posts are those of the author alone and do not represent those of the Program on Corporate Compliance and Enforcement (PCCE) or of New York University School of Law. PCCE makes no representations as to the accuracy, completeness and validity of any statements made on this site and will not be liable for any errors, omissions or representations. The copyright of this content belongs to the author and any liability with regards to infringement of intellectual property rights remains with the author.