• United States



Christopher Burgess
Contributing Writer

US DOJ applies carrot-and-stick approach to Foreign Corrupt Practices Act policy

Feb 01, 20235 mins

Corporations (and their CISOs) that discover wrongdoing or corruption within their own business are well-advised to self-report such activities and cooperate with prosecutors. The stakes are high for those who don’t.

The US Department of Justice (DOJ) has taken a carrot-and-stick approach to its corporate enforcement policy in regard to the Foreign Corrupt Practices Act (FCPA) in an effort to entice companies to self-report when in violation of the FCPA. Assistant Attorney General Kenneth A. Polite, Jr., shared the 2022 success of the Criminal Division of the DOJ in its pursuit of corrupt and criminal activities within corporations that “threaten the public safety and national security, [and] wrongfully divert money into the pockets of criminal actors” at a mid-January event at Georgetown University’s Law Center.

Polite described how in 2022 the division’s fraud section secured convictions of more than 250 individuals, of which 50 were convicted via trial. In addition, seven corporations entered “criminal resolutions” with the DOJ and there were two declinations (decisions by prosecutors not to prosecute). While the Money Laundering and Asset Recovery Section convicted more than 24 individuals and had two corporations enter guilty pleas, including a “financial institution” which agreed to forfeit $2 billion (Danske Bank A/S pleaded guilty in December 2022).

CISOs and CSOs are well-positioned to spot anomalies

This is of import to CISOs and CSOs, as their teams are often in a position to observe signs of anomalous behavior within their own infrastructure and the changes within the Enforcement Policy clearly reward those who self-report and cooperate. Indeed, Polite emphasized that the DOJ’s job is not just the prosecution of crime, but also to deter and prevent crime. The DOJ needs “corporations to be our allies in the fight against crime,” Polite said.

Two examples were shared of companies whose cooperation resulted in a declination of prosecution or a deferred prosecution agreement. The first example involved French aerospace company Safran, which uncovered FCPA violations post-acquisition due diligence. Safran uncovered years of bribes having been paid to a Chinese consultant which had occurred from 1999 to 2015. Safran made a full disclosure, put in place remediation steps, and “agreed to disgorge the ill-gotten gains of its US subsidiary.”

The second example involved Swiss tech company ABB. Polite notes that ABB, who had prior FCPA resolutions from 2004 and 2010, had discovered corrupt business practices in South Africa. ABB scheduled a meeting with the DOJ to self-disclose. Though the media broke a story that highlighted the fraud occurring within ABB. Polite emphasized that the company helped itself when it could “demonstrate intent and efforts to self-disclose prior to and without any knowledge of the media report” and the DOJ entered into a deferred prosecution agreement, with two subsidiaries pleading guilty and paying a fine of more than $315 million.

Incentives to cooperate with the DOJ

The CEP program adjustments announced by Polite noted, “prosecutors may nonetheless determine that a declination is the appropriate outcome if the company can demonstrate that it has met each of the following three factors:

  • The voluntary self-disclosure was made immediately upon the company becoming aware of the allegation of misconduct;
  • At the time of the misconduct and the disclosure, the company had an effective compliance program and system of internal accounting controls that enabled the identification of the misconduct and led to the company’s voluntary self-disclosure; and
  • The company provided extraordinary cooperation with the Department’s investigation and undertook extraordinary remediation.”

When companies don’t cooperate with the DOJ

The emphasis on the outcome corporations and individuals may expect when they decline to self-disclose or cooperate fully with a DOJ investigation was clear. Polite shared the case of the Belfour Beatty Communities military housing fraud plea, noting that there was no voluntary self-disclosure, cooperation was “lackluster,” and their efforts were at the bare minimum, so they did not earn any reduction in fines.

He then shared another instance where the Toronto-based Bank of Nova Scotia received little reduction as the “company’s compliance function contributed to the misconduct.“ The bank was fined more than $127 million in 2020. His third and final example was that of Swiss mining firm Glencore, which in fact did receive a slight reduction as they failed to fully cooperate, take timely actions with respect to the individuals involved, and were fully aware of the criminal activity, “which was pervasive.” Glencore pleaded guilty and was fined more than $1.1 billion in May 2022.

The bottom line: self-reporting misconduct under FCPA is key

The bottom line, directly from Polite: “When a company has uncovered criminal misconduct in its operations, the clearest path to avoiding a guilty plea or indictment is voluntary self-disclosure. It is also the clearest path to the greatest incentives that we offer, such as declination with disgorgement of profits.” He continued that the DOJ is forthright about the potential incentives to self-report and cooperate to hammer home the point that corporations that fall short of the department’s expectations do so at their own risk. “Make no mistake—failing to self-report, failing to fully cooperate, failing to remediate, can lead to dire consequences.”

Christopher Burgess
Contributing Writer

Christopher Burgess is a writer, speaker and commentator on security issues. He is a former senior security advisor to Cisco, and has also been a CEO/COO with various startups in the data and security spaces. He served 30+ years within the CIA which awarded him the Distinguished Career Intelligence Medal upon his retirement. Cisco gave him a stetson and a bottle of single-barrel Jack upon his retirement. Christopher co-authored the book, “Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century”. He also founded the non-profit, Senior Online Safety.

More from this author