In his keynote address at the ACI 32nd International Conference on the Foreign Corrupt Practices Act in Washington, DC on November 17, 2015, SEC Enforcement Director Andrew Ceresney announced to the in-house compliance officials and corporate defense attorneys in attendance that, going forward, any public company that fails to self-report a potential FCPA violation to the SEC will be ineligible for a deferred prosecution agreement (“DPA”) or a non-prosecution (“NPA”). While the Commission’s Seaboard report in 2001 included self-reporting as one of the four broad factors considered in evaluating a company’s cooperation when determining appropriate charges and remedies (the others being self-policing, remediation, and cooperation), this marks the first time Enforcement policy has been clarified to require self-reporting as a prerequisite to DPA or NPA eligibility.
Ceresney’s announcement did not offer clarity as to how the self-reporting policy is envisioned to play out in cases falling into the “grayer” areas where, for example, (1) a company was not made aware of an allegation until the SEC brought the matter (perhaps through a whistleblower tip) to the company’s attention, or (2) a company was in the process of actively investigating an allegation but had not yet substantiated it. If Ceresney’s remarks are to be interpreted as a brightline rule without exception, then in both the above two cases, the company would not be eligible for a DPA or an NPA, despite all other efforts to cooperate, self-police and remediate.
In some ways, the policy announced by Ceresney is at odds with other commentary made by both DOJ and SEC officials during other panel presentations at the same conference. For example, Assistant Attorney General Leslie Caldwell stated that while companies desiring cooperation credit must self-report all relevant facts within a “reasonably relevant time” after discovering the violation, she also clarified that it is not expected that companies immediate notify DOJ the first moment a “a hotline call comes in.” Caldwell also acknowledged that DOJ has subpoena power that companies lack, and that DOJ “won’t hold it against a company” if DOJ obtains evidence that the company does not have. Caldwell emphasized the importance of self-reporting but reiterated that companies do not have “an obligation” to self-report. Still, Caldwell warned companies that the risk of “getting caught” in the absence of self-reporting has gone up, as the DOJ and SEC are now privy to more and more sources of information, such as whistleblowers, foreign law enforcement, disgruntled employees, former employees and the foreign media.
The policy shift announced by Ceresney appears to be the regulator’s response to continued skepticism from the corporate community as to whether there is any measurable value to self-reporting an FCPA violation. Although the SEC and DOJ have long offered assurances to companies that self-reporting offers “substantial benefits” to the resolution of such cases, there have also been a significant number of cases in which misconduct was self-reported but the resulting resolution was not easily differentiated from cases in which the company did not self-report—including the imposition of an independent compliance monitor.
Although the other speakers from DOJ and SEC did not go so far as Ceresney in announcing a new policy position, the overwhelming theme emerging from the Government on FCPA enforcement was the promise of more transparency in case resolutions. Although DOJ fell short of articulating specifically how that transparency might be reached, Caldwell acknowledged the perception of disparity of outcomes with respect to similarly situated companies, and also acknowledged that a continued lack of transparency will result in companies being less likely to come in and self-report.