Guidance on FCPA Compliance, Due Diligence, and Enforcement Practices

industry. In addition, compliance programs that do not just exist on paper but are followed in practice will inevitably uncover compliance weaknesses and require enhancements. Consequently, DOJ and SEC evaluate whether companies regularly review and improve their compliance programs and not allow them to become stale. According to one survey, 64% of general counsel whose companies are subject to the FCPA say there is room for improvement in their FCPA training and compliance pro- grams.>* An organization should take the time to review and test its controls, and it should think critically about its poten- tial weaknesses and risk areas. For example, some companies have undertaken employee surveys to measure their compli- ance culture and strength of internal controls, identify best practices, and detect new risk areas. Other companies period- ically test their internal controls with targeted audits to make certain that controls on paper are working in practice. DOJ and SEC will give meaningful credit to thoughtful efforts to create a sustainable compliance program if a problem is later discovered. Similarly, undertaking proactive evaluations before a problem strikes can lower the applicable penalty range under the US. Sentencing Guidelines.” Although the nature and the frequency of proactive evaluations may vary depending on the size and complexity ofan organization, the idea behind such efforts is the same: continuous improve- ment and sustainability” Mergers and Acquisitions: Pre-Acquisition Due Diligence and Post-Acquisition Integration In the context of the FCPA, mergers and acquisi- tions present both risks and opportunities. A company that does not perform adequate FCPA due diligence prior to a merger or acquisition may face both legal and business risks.” Perhaps most commonly, inadequate due diligence can allow a course of bribery to continue—with all the attendant harms to a business’s profitability and reputation, as well as potential civil and criminal liability. In contrast, companies that conduct effective FCPA due diligence on their acquisition targets are able to evalu- ate more accurately each target’s value and negotiate for the costs of the bribery to be borne by the target. In addition, Guiding Principles of Enforcement such actions demonstrate to DOJ and SEC a company’s commitment to compliance and are taken into account when evaluating any potential enforcement action. For example, DOJ and SEC declined to take enforcement action against an acquiring issuer when the issuer, among other things, uncovered the corruption at the company being acquired as part of due diligence, ensured that the corruption was voluntarily disclosed to the government, cooperated with the investigation, and incorporated the acquired company into its compliance program and inter- nal controls. On the other hand, SEC took action against the acquired company, and DOJ took action against a sub- sidiary of the acquired company.**® When pre-acquisition due diligence is not possible, DOJ has described proce- dures, contained in Opinion Procedure Release No. 08-02, pursuant to which companies can nevertheless be rewarded if they choose to conduct thorough post-acquisition FCPA due diligence” FCPA due diligence, however, is normally only a portion of the compliance process for mergers and acquisi- tions. DOJ and SEC evaluate whether the acquiring com- pany promptly incorporated the acquired company into all of its internal controls, including its compliance program. Companies should consider training new employees, reeval- uating third parties under company standards, and, where appropriate, conducting audits on new business units. For example, as a result of due diligence conducted by a California-based issuer before acquiring the majority interest in a joint venture, the issuer learned of corrupt pay- ments to obtain business. However, the issuer only imple- mented its internal controls “halfway” so as not to “choke the sales engine and cause a distraction for the sales guys.” As a result, the improper payments continued, and the issuer was held liable for violating the FCPA’s internal con- trols and books and records provisions.>*° HOUSE_OVERSIGHT_022564