As Forbes magazine reported, the Biden administration is likely to focus on a new direction for regulators and “organizations across multiple sectors are preparing for a more aggressive regulatory approach. However, no sector is bracing more than the banking and financial arenas, where compliance changes could come more swiftly.”
To prepare for how regulators will evaluate compliance programs and respond to infractions, companies can take some key cues from recent court decisions, along with the most recent Evaluation of Corporate Compliance Programs Guidance published by the Department of Justice (DOJ) and the Resource Guide to the US Foreign Corrupt Practices Act published by the DOJ and Securities and Exchange Commission (SEC):
- use data to perform testing and monitoring around compliance-sensitive activities, and to continuously identify opportunities for improving a corporation’s compliance program.
- assess the risk associated with third parties periodically – not just during onboarding. Companies should update their risk assessment processes by tracking and incorporating lessons learned from their own prior infractions or those committed by other companies in the same industry.
- update policies and procedures continuously to reflect regulatory changes, monitoring results and compliance infractions, both internal and in the industry. Make sure policies are easily accessible by relevant employees and searchable for easy navigation.
- offer compliance training during employee onboarding, on a periodic basis and also on an as-needed basis. The as-needed training can help address time-sensitive topics such as policy updates and compliance infractions. Companies should also have an avenue for employees to ask questions arising from compliance training and provide feedback on the effectiveness of the training.
- invest more training and development in personnel who work in compliance or a control function.
- prepare for DOJ and SEC regulators to consider how promptly parent companies integrate acquired companies into their compliance program and consider the timeliness of robust due diligence. Predecessor companies (rather than acquiring companies) are usually the entities subject to enforcement actions, particularly when the AC uncovered and remediated the violations quickly. ACs that voluntarily disclose misconduct post-acquisition may be eligible for a declination.
- review the company’s definition of “Foreign Official & Instrumentality.” This is now defined as, “Any officer or employee of a foreign government or any department agency, or instrumentality thereof…” A court ruling has stated that this instrumentality means, “an entity controlled by the government of a foreign county that performs a function the controlling government treats as its own” and the FCPA accepts this definition.
- review the company’s definition of “Agent.” United States vs Hoskins ruled that individuals not directly covered under the FCPA anti-bribery provisions could not be found guilty of conspiring to violate the FCPA unless the DOJ could prove that the individual acted unlawfully as an agent of a domestic concern. A separate court rejected this reasoning; thus, the view of the DOJ is that the matter is “unsettled”, and they reiterated that the accounting provisions of the FCPA are not subject to the ruling in United States vs Hoskins.
- review the company’s disgorgement remedy. Kokesh vs SEC ruled that the disgorgement remedy constitutes a penalty and is therefore subject to a 5-year statute of limitations. Corporations can no longer seek relief after this 5-year window. If a corporation is found to have committed a compliance infraction and must make disgorgement payment, failure to do so lowers the chances of receiving a declination.
- disclose misconduct voluntarily, cooperate with proceedings and remediate in a timely fashion as encouraged in the FCPA Corporate Enforcement Policy from the DOJ. If this is done, there might be a presumption that the DOJ will decline prosecution. The DOJ Selection of Monitors in Criminal Division Matters (The Benczkowski Memo) was issued in response to the sentiment that compliance monitors were being overused and are burdensome. This memo establishes that a monitor is likely not necessary if a company’s compliance program and controls are demonstrably effective.
As companies prepare for stricter regulatory examinations and enforcement, it is important for them to review the latest guidance and precedents while ensuring that they have the knowledge they need to take effective action.
Grant Thornton library articles: 10 tips for facing tougher regulators