As the United States prepared to take a long holiday over the July 4th weekend, the Department of Justice set off some fireworks of its own: the department published a new edition of the FCPA Resource Guide, a one-volume compendium of all things related to the Foreign Corrupt Practices Act (FCPA).
What does the Foreign Corrupt Practices Act cover, exactly? Check the Resource Guide. How might a company run afoul of the criminal anti-bribery provisions or the civil accounting provisions? Check the Resource Guide.
What are the hallmarks of an effective compliance program? How do whistleblower protections intersect with the FCPA? What other U.S. laws often overlap with FCPA enforcement? Check the Resource Guide.
You get the idea. Compliance professionals have been doing exactly that since the first edition was published in 2012. Now the second edition includes new policies, court cases, and settlements that happened during the intervening eight years, and provides a wealth of fresh perspective on FCPA issues.
In the fullness of time, members of the compliance community will dissect every sentence in the booklet’s 133 pages. For now, however, we can draw a few broad conclusions about what the new edition of the FCPA Resource Guide brings to the compliance community, and how compliance officers can best use it.
Staying True to Roots of First Edition
The first point we should clarify is that this is an update, not a sequel. That is, all the major features and fundamentals stressed in the first edition are still here in the second edition. For example:
- Tone at the top is paramount. “Compliance begins with the board of directors and senior executives setting the proper tone for the rest of the company” (page 56).
- Risk assessment and internal control matter. “The design of a company’s internal controls must take into account the operational realities and risks attendant to the company’s business” (page 40.)
- Whistleblowers are important to FCPA compliance. “The Sarbanes-Oxley Act and the Dodd-Frank Act of 2010 both contain provisions affecting whistleblowers who report FCPA violations” (page 82).
Those are not new ideas for compliance officers. Nor should any of the other major themes in the second edition. This new version asks a corporate compliance program to do nothing it should not have already been doing for years.
Why It Was Time to Update
Second, this update was necessary. The landscape for FCPA enforcement has changed enormously since the first edition was published in 2012. Corporate technology has changed, case law has evolved, expectations from regulators have expanded, and compliance program capabilities have matured. Altogether, those changes mean a second edition was warranted.
For example, the single biggest FCPA policy change within the Justice Department happened in 2017, when prosecutors formally adopted the FCPA Corporate Enforcement Policy. The theory of the enforcement policy is simple: if a company voluntarily discloses its FCPA trouble, and cooperates in any investigation, and remediates the weaknesses that allowed the FCPA trouble in the first place, prosecutors will be predisposed not to prosecute a case.
This new edition of the Resource Guide is peppered with examples of how the Corporate Enforcement Policy has worked in practice. It offers three actual cases that resulted in declination and explained why the facts of each one led prosecutors to give such favorable treatment.
That’s a valuable material for a compliance officer. You can use it with your own senior executives and board when deciding how to handle a matter, pointing directly to relevant examples and Justice Department commentary.
My favorite example is on Page 68 of the FCPA Resource Guide. It walks the reader through a short case study of a financial firm that tried its best to achieve strong FCPA compliance in China—but still failed to uncover a Chinese official who lied about his ownership stake in a joint venture. The case study explains what the company did right, and how that effort still warranted a decision not to prosecute.
For years compliance professionals have wanted more examples like that: actual companies that made a sincere effort at compliance but still came up short, simply because perfect compliance is impossible to achieve. Now we have such material, and the Justice Department is showing us that it understands no organization is perfect.
Broader Context of the FCPA Resource Guide
It's also important to keep this update in its broader context. Compliance officers should remember that just one month ago, we were all buzzing about new guidelines from the Justice Department on effective corporate compliance programs. That raises a question: which piece of guidance is more important for compliance officers to absorb and understand?
My reckoning would be the guidelines for evaluating corporate compliance programs.
The Resource Guide is a primer on the Foreign Corrupt Practices Act. It provides an overall sense of what the law requires, and how regulators interpret those requirements on a practical basis. And yes, one chapter of the Resource Guide includes the hallmarks of an effective compliance program.
The guidelines for effective compliance programs, on the other hand, are far more specific and relevant to what compliance officers do. The guidelines talk about the expectations of what your compliance program should do and offer scores of questions that prosecutors might ask when you’re sitting across from each other at a conference table (or, these days, a Zoom call).
Put another way, the Resource Guide paints a picture of the whole FCPA world. The guidelines explain the compliance officer’s role in that world: the program you should build and maintain for your organization.
So the second edition of the FCPA Resource Guide is a welcome, needed update to a foundational piece of FCPA literature—but it only lays the foundation. FCPA compliance is a constantly evolving subject, and compliance officers will need to work as diligently as ever to be sure their programs are keeping pace.