Kathryn Higgs, Director of our Business Integrity Programme, analyses a shift in direction from the US Department of Justice, explaining how it could incentivise the wrong behaviour in companies and offering three suggestions for how it could be improved.
Last week, the US Department of Justice introduced a new FCPA Corporate Enforcement Policy. The policy is intended to increase self-reporting of misconduct by companies and so enhance the DOJ’s ability to identify and punish wrongdoing. It does so by introducing a presumption that companies which self-report will avoid criminal liability.
Some have expressed concern that this is indicative of a watering down of FCPA enforcement in response to troubling public comments from President Trump before he was elected that the FCPA is a “horrible law” that it puts US business at “a huge disadvantage”. It’s too early to make that criticism. However, where the policy is a disappointment is that it fails to adequately consider the impact of culture on how business operates. In particular:
When announcing the new policy, Deputy Attorney General Rosenstein said “it makes sense to treat corporations differently than individuals”. This is technically true but it’s a stance that risks forgetting that companies are made up of individuals.
Companies are not machines, they are a collection of people. Their decisions are made by people. Their actions are performed by people. As pack animals, people follow the pack – that is, they will fit in with the company’s culture and norms. The best leaders in business recognise this and invest in embedding the right culture.
Historically, companies finding themselves in hot water over FCPA violations have been quick to cooperate with authorities and 'hang their exposed employees out to dry'. By taking a stance that corporations should be treated differently to individuals, the DOJ risks exacerbating this situation. Leaders of companies could establish inappropriate corporate cultures – ‘split personalities’ so to speak – incentivising employees to behave badly all the while knowing that if those employees are caught the company can simply settle for a predictable amount. Bribe-paying then operates as a calculable risk-reward for the company and senior executives, with employees perhaps pressurised into taking a huge personal risk.
Companies must not be allowed to publicly state their commitment to doing business ethically but internally drive results at any cost and place employees in high-pressure environments leading to inappropriate behaviour. It is not right for companies to be able to do this only to abandon those employees in the event of an investigation and claim that their behaviour was outside the scope of their employment.
Deputy Attorney General Rosenstein said "effective deterrence of corporate corruption requires prosecution of culpable individuals. We should not just announce large corporate fines and celebrate penalizing shareholders." He is correct. But culpable individuals are not just those who pay or authorise the payment of bribes. Culpable individuals are also those who create an environment which promotes such behaviour. As such the executive leadership of a company should always come under scrutiny. Additionally regulators should not shy away from penalties which impact shareholders. Shareholders own the company, they are the ultimate decision makers and have the ability to dictate the standards by which they expect their company to operate.
Corruption has been recognised as unpalatable in business for decades. In fact, next week the OECD will mark the 20th anniversary of the anti-bribery convention. Standards in businesses have come leaps and bounds in that time. With the introduction of legislation requiring proactive steps to prevent bribery, such as the UK Bribery Act, long gone are the days in which the need to have a compliance programme was news to companies operating in high corruption risk jurisdictions. But the new DOJ policy only expects companies to take steps to implement remedial measures after discovering an issue. It does not expressly expect corporations to develop a culture and programme to prevent bribery in the first place.
As a final point, the new policy implements a presumption that companies will not require an independent monitor to be appointed if they appear to have implemented an effective compliance programme by the time of the resolution. This is a risky play. Companies can have short memories and they tend to remember their lessons better if they are painful or last longer.
In order to effectively prevent recidivism, it is vital to ensure that a compliance programme and a new culture of doing business ethically has been embedded in a business. Reduced penalties paired with limited independent oversight of ongoing cultural regeneration means the lesson is less likely to be memorable and may allow that company to slip too easily back into old habits. Corporate cultures do not change overnight.
Overall, the DOJ’s new policy languishes in a world of technicalities and legal compliance. In so doing, it has missed a vital opportunity to help encourage the importance of ethical cultures in business. Prevention is the best cure for any illness and companies should be aspiring to prevent corruption occurring in the first place rather than preparing themselves to defend the inevitable.
So here are three things the DOJ should consider when they next update their guidance: