{"id":4104,"date":"2016-04-02T12:15:08","date_gmt":"2016-04-02T16:15:08","guid":{"rendered":"http:\/\/journals.law.harvard.edu\/hblr\/?p=4104"},"modified":"2016-07-10T22:30:12","modified_gmt":"2016-07-11T02:30:12","slug":"memorandum-to-the-compliance-counsel-united-states-department-of-justice","status":"publish","type":"post","link":"https:\/\/journals.law.harvard.edu\/hblr\/memorandum-to-the-compliance-counsel-united-states-department-of-justice\/","title":{"rendered":"Memorandum to the Compliance Counsel, United States Department of Justice"},"content":{"rendered":"

Download PDF<\/a><\/p>\n

Jonathan J. Rusch\u2020<\/a><\/sup><\/p>\n

Introductory Note<\/strong><\/p>\n

Since 1977, with the enactment of the Foreign Corrupt Practices Act, the United States Department of Justice has played a leading role with the Securities and Exchange Commission in applying the Act\u2019s anti-bribery, books and records, and internal controls provisions in enforcement proceedings against numerous companies and individuals worldwide. In November 2015, the Department of Justice took the unprecedented step of hiring a Compliance Counsel with experience in both federal prosecution and corporate compliance. Her role is to guide its prosecutors in decision-making in corporate prosecutions, including the existence and effectiveness of a company\u2019s compliance program, and in benchmarking corporate compliance. This Memorandum is composed as an open letter to the Compliance Counsel, focusing on how she and the Department of Justice should go about that critical benchmarking function.<\/em><\/p>\n

* * *<\/p>\n

Dear Compliance Counsel Chen,<\/p>\n

Congratulations on your appointment as the Department of Justice\u2019s Compliance Counsel.[1]<\/sup><\/sup><\/a> As you know, the Department of Justice (the Department) has earned a global reputation for aggressively pursuing corporate misconduct through the Foreign Corrupt Practices Act (FCPA) and other major corporate investigations such as the London Interbank Offered Rate (LIBOR) and foreign exchange market (FX) investigations.[2]<\/sup><\/sup><\/a> Its track record in FCPA cases includes successful criminal prosecutions of individuals and companies, record criminal penalties, and substantial civil sanctions by the Securities and Exchange Commission (SEC).[3]<\/sup><\/sup><\/a> Contrary to claims \u201cthat foreign bribery is committed by salespeople in the field, breaking the law despite strong compliance policies and robust supervision,\u201d[4]<\/sup><\/sup><\/a> the Department\u2019s prosecution record includes many examples of corruption schemes that senior corporate leadership authorized, and in some cases even directed, including bribery of foreign officials over extended periods.[5]<\/sup><\/sup><\/a><\/p>\n

You are charged with two primary duties: (1) providing expert guidance to the Fraud Section prosecutors regarding the prosecution of business entities, including those entities\u2019 current compliance programs; and (2) assisting prosecutors in establishing appropriate benchmarks for corporate compliance.[6]<\/sup><\/sup><\/a> Both of these functions are important for effective anti-corruption enforcement. As an ex post<\/em> function, the former is of substantial interest to individuals and companies under criminal investigation. As an ex ante<\/em> function, the latter should be of even greater interest to a vast spectrum of companies, here and abroad. As your Section Chief indicated, you are expected to be \u201cbenchmarking with various companies in a variety of different industries to make sure we have realistic expectations . . . and tough-but-fair ones in various industries.\u201d[7]<\/sup><\/sup><\/a><\/p>\n

This Memorandum will not offer guidance to the Department on how to exercise prosecutorial discretion in FCPA investigations\u2014not least because the Yates Memorandum[8]<\/sup><\/sup><\/a> has made clear how substantially the Department has changed its approach to conducting corporate investigations.[9]<\/sup><\/sup><\/a> Rather, it will provide an outline of how you and the Department could perform the ex ante<\/em> function of benchmarking and guidance. If some of the steps outlined here seem obvious, please consider that elaborating the obvious, along with the subtle, would be beneficial for both the Department and companies in setting clear expectations for corporate compliance programs.<\/p>\n

I. \u00a0 \u00a0 \u00a0 \u00a0 \u00a0Define What the Department Means by \u201cBenchmarking\u201d<\/strong><\/p>\n

Although the term \u201cbenchmarking\u201d is commonly used in corporate compliance discussions,[10]<\/sup><\/sup><\/a> it can mean several different types of comparisons, and the choice of benchmarking type can have significantly different effects on the expectations that it creates in the mind of the organization doing the benchmarking.<\/p>\n

Department policy states that one of the fundamental questions a prosecutor should ask about a corporation’s compliance program is whether it is \u201cwell designed.\u201d[11]<\/sup><\/sup><\/a> To make that determination, the policy refers prosecutors to five factors:<\/p>\n

[T]he comprehensiveness of the compliance program; the extent and pervasiveness of the criminal misconduct; the number and level of the corporate employees involved; the seriousness, duration, and frequency of the misconduct; and any remedial actions taken by the corporation, including, for example, disciplinary action against past violators uncovered by the prior compliance program, and revisions to corporate compliance programs in light of lessons learned.[12]<\/sup><\/sup><\/a><\/p><\/blockquote>\n

These factors clearly are intended as ex post<\/em> factors to be applied in deciding whether a company\u2019s compliance program is so deficient that criminal prosecution may be appropriate. Compliance professionals also need the Department to issue clearly articulated ex ante<\/em> guidance and standards on which companies can rely as examples of responsible corporate conduct. As a 2015 KPMG global survey of corporate risk leaders found, there has been \u201ca sharp increase in the proportion of respondents who say they are highly challenged by the issue of [Anti-Bribery and Corruption]\u201d compared with a survey four years earlier.[13]<\/sup><\/sup><\/a><\/p>\n

Here are some of the principal categories of business benchmarking that the Department should consider:<\/p>\n

External Benchmarking<\/em>. This involves analyzing \u201cbest in class outside organisations, providing the opportunity to learn from those at the leading edge.\u201d[14]<\/sup><\/sup><\/a> This is the type that probably comes most readily to mind, and seems the most intuitively appealing\u2014\u201cWhy not learn from the best?,\u201d so to speak. But three caveats are in order. First, this type of benchmarking can involve implicit decisions about what makes certain organizations \u201cbest in class\u201d for certain corporate compliance functions. Second, the Department\u2019s own experiences with corporate investigations show that companies with a general \u201cbest in class\u201d reputation (in terms of size or profitability) can still have significant deficiencies in their compliance programs. Third, solutions that work effectively for very large companies may not be practicable for smaller companies that cannot afford the necessary resources or technology to implement them. What is \u201cbest in class,\u201d then, may not be intuitively obvious.<\/p>\n

Internal Benchmarking<\/em>. This \u201cinvolves benchmarking businesses or operations from within the same organisation (e.g. business units in different countries).\u201d[15]<\/sup><\/sup><\/a> On first reading, this type of benchmarking may not seem worthwhile to pursue. If a compliance program is found deficient in one business unit within a company, examining how that program works in other business units of that company might seem pointless. Intra-corporate benchmarking, however, could be useful to the Department. If, in examining a particular company\u2019s compliance program, the Department finds significant variations between units or product lines, those variations could be instructive in identifying flaws the company should fix or enhancements the company should adopt, and in determining whether ongoing monitoring is necessary. The Department may also find that, within the same company, one type of compliance program has \u201cbest in class\u201d features that could be transplanted into other compliance programs\u2014say, anti-money laundering or Bank Secrecy Act program features that could work in the anti-corruption context.<\/p>\n

Performance Benchmarking<\/em>. This \u201clooks at performance characteristics in relation to key products and services in the same sector.\u201d[16]<\/sup><\/sup><\/a> Although the Department does not set production performance standards\u2014for example, how many units per hour should be produced\u2014it could use performance benchmarking to identify features of compliance programs that yield quantitatively measurable results, such as above-average detection of instances of potential misconduct or numbers of corruption-related Suspicious Activity Reports (SARs).<\/p>\n

Strategic Benchmarking<\/em>. This \u201cinvolves examining long-term strategies, for example regarding core competencies, new product and service development or improving capabilities for dealing with change.\u201d[17]<\/sup><\/sup><\/a> Standard components of corporate compliance programs, such as risk assessment processes and internal controls, may come to mind first here. But the Department\u2019s methodology could also include strategic approaches recommendable to companies developing or improving compliance programs. This concept is already reflected, to a limited degree, in the Department\u2019s Principles for Prosecution of Business Organizations, which states that prosecutors should determine \u201cwhether the corporation’s employees are adequately informed about the compliance program and are convinced of the corporation’s commitment to it.\u201d[18]<\/sup><\/sup><\/a><\/p>\n

II. \u00a0 \u00a0 \u00a0 \u00a0 \u00a0Decide How The Department Will Benchmark with Companies<\/strong><\/p>\n

If you are to benchmark with various companies in different industries in order to set \u201crealistic\u201d and \u201ctough-but-fair\u201d expectations,[19]<\/sup><\/sup><\/a> the Department might want to consider actual in-person meetings with companies to elicit information. In-person meetings are likely to yield far more information than just open-source research into compliance programs. And detailed information about compliance programs is unlikely to be available in open-source materials. That may be because companies see competitive advantages in keeping their competitors guessing about what makes their compliance programs successful, or simply are cautious about disclosing potentially sensitive information.<\/p>\n

If the Department wants in-person meetings with companies that move beyond superficial pleasantries, it should inform companies of the ground rules it sets for such meetings. Companies need solid assurances that if they are to be candid and specific about their programs, the Department will not publicly share that specific data.[20]<\/sup><\/sup><\/a> If you need to tell companies that their statements are not \u201coff the record\u201d\u2014that is, that there is no immunity for any statements that they make during these benchmarking sessions\u2014you need to be clear about that, too. Such clear ground rules may deter some companies from participating, but encourage many other companies to benchmark.<\/p>\n

One approach that may appeal to some companies is to offer benchmarking discussions in group meetings. Of course, if asked to meet with the Department when their competitors are present, companies in the same industry may become concerned about disclosure of confidential or sensitive information and therefore provide only generic statements. On the other hand, some companies may find comfort in knowing that they are receiving the same information from the Department as their competitors. The Department should therefore consider holding exploratory discussions with representatives of industry associations, and see whether individual companies would prefer individual or group benchmarking sessions.<\/p>\n

If the Department decides to consider group benchmarking, you should also consider opening some of those meetings to organizations other than the Department and industry representatives. Unlike the traditional notice-and-comment process in federal agencies\u2014where advance notice and opportunity for public comment on proposed rules are routine[21]<\/sup><\/sup><\/a>\u2014the Department does not make it a practice to provide the public with an opportunity for advance comment on its key enforcement policy statements and compliance guidance.[22]<\/sup><\/sup><\/a> In this case, however, an additional infusion of transparency into your process could enhance the Department\u2019s private sector credibility.<\/p>\n

III. \u00a0 \u00a0 \u00a0 \u00a0 \u00a0Set Priorities for Your Benchmarking<\/strong><\/p>\n

In its process, the Department has to set limits on how many industries, and how many companies within those industries, it can benchmark. With tens of thousands of companies listed on major exchanges throughout the world,[23]<\/sup><\/sup><\/a> it realistically cannot obtain a representative sample across all leading industries. Nor should it try to do so. As a starting point, you might consider drawing on external sources, such as the OECD Foreign Bribery Report[24]<\/sup><\/sup><\/a> and related records of corporate prosecutions, to select an initial list of industries. The Department could then decide where to concentrate, based in part on its experience with industries that face the greatest bribery and corruption risks\u2014for example, those industries encountering regulatory barriers to entry created by foreign agencies with vast and unconstrained discretion.<\/p>\n

Whichever industries you select, if the Department expects you to provide more specific guidance on what level of compliance program is appropriate for a business\u2019s risk level, you also need to set realistic expectations on how specific your guidance can be, absent a vast increase in your staffing. As the Department\u2019s and the SEC\u2019s FCPA Resource Guide<\/em> properly notes, \u201ceach compliance program should be tailored to an organization\u2019s specific needs, risks, and challenges\u201d:[25]<\/sup><\/sup><\/a><\/p>\n

Individual companies may have different compliance needs depending on their size and the particular risks associated with their businesses, among other factors. When it comes to compliance, there is no one-size-fits-all program. . . . [S]mall- and medium-size enterprises likely will have different compliance programs from large multi-national corporations, a fact DOJ and SEC take into account when evaluating companies\u2019 compliance programs.[26]<\/sup><\/sup><\/a><\/p>\n

For that reason, your best approach may be to urge the Department to take key concepts of corporate compliance that it has previously issued\u2014such as the FCPA Resource Guide<\/em>\u2019s often-cited \u201cHallmarks of Effective Compliance Programs\u201d[27]<\/sup><\/sup><\/a>\u2014and explore those to see what additional guidance may be most useful to businesses. Here are some of those concepts:<\/p>\n

A. \u00a0 \u00a0 \u00a0 \u00a0 \u00a0Commitment from Senior Management and a Clearly Articulated Policy Against Corruption<\/strong>[28]<\/sup><\/sup><\/a><\/p>\n

The FCPA Resource Guide<\/em> and public remarks by Department officials stress the importance of corporate commitment to a \u201cculture of compliance.\u201d[29]<\/sup><\/sup><\/a> These statements typically fall into one of three categories.<\/p>\n

1. \u00a0 \u00a0 \u00a0 \u00a0 \u00a0<\/strong>Statements About Organizational Process<\/em>. These are generic admonitions stating that senior management must make a commitment to a \u201cculture of compliance\u201d and see that their commitment is reinforced and implemented at all levels of their business with process steps such as the following: \u201cclearly articulate company standards, communicate them in unambiguous terms, adhere to them scrupulously, and disseminate them throughout the organization.\u201d [30]<\/sup><\/a><\/sup><\/p>\n

2. \u00a0 \u00a0 \u00a0 \u00a0 \u00a0<\/strong>Statements About the Benefits of a Culture of Compliance<\/em>. These are comments of a predictive and aspirational nature, such as: \u201cA strong ethical culture directly supports a strong ethical compliance program. By adhering to ethical standards, senior managers will inspire middle managers to reinforce those standards. Compliant middle managers, in turn, will encourage employees to strive to attain those standards throughout the organizational structure.\u201d[31]<\/sup><\/sup><\/a><\/p>\n

3. \u00a0 \u00a0 \u00a0 \u00a0 \u00a0<\/strong>Statements About the Causes of Process Failure<\/em>. These are more admonitory statements, intended to distinguish well-designed and executed compliance programs from programs where corporate behavior fails to measure up. For example, according to the FCPA Resource Guide<\/em>, failure of effective implementation \u201cmay be the result of aggressive sales staff preventing compliance personnel from doing their jobs effectively and of senior management, more concerned with securing a valuable business opportunity than enforcing a culture of compliance, siding with the sales team.\u201d[32]<\/sup><\/sup><\/a><\/p>\n

However, each of these categories lacks a definition<\/em> of \u201cculture of compliance.\u201d In this regard, the Criminal Division is not alone. Other Department components and agencies have talked around the concept, without coming any closer to the heart of the idea.[33]<\/sup><\/sup><\/a> Perhaps these representatives have in mind a functional definition of \u201cculture of compliance;\u201d that is, if an organization adopts and implements a detailed compliance program, and vigorously and consistently enforces that program, that constitutes a \u201cculture of compliance.\u201d The Department, however, should aspire to more than that, if it means those words to be more than a casual buzz phrase.<\/p>\n

Your challenge, then, is to decide how the Department could meaningfully define \u201cculture of compliance.\u201d One starting point is a classic definition of \u201cculture\u201d: \u201cthat complex whole which includes knowledge, belief, art, morals, law, custom, and any other capabilities and habits acquired by man as a member of society.\u201d[34]<\/sup><\/sup><\/a> Each of the elements of this definition stacks up nicely in relation to the basic requirements of corporate compliance. Knowledge of relevant laws and corporate policies are essential for effective compliance programs. But so is the belief that such laws and policies must be followed not only because of the penalties for noncompliance, but also because the company\u2019s values and principles align with that law and policy, and are grounded in basic moral principles (such as, \u201cWe don\u2019t need to lie to customers or the public, or bribe people, to do business.\u201d). And company values, if thoroughly communicated and reinforced by senior executives and middle managers in intra-company communications, can become custom over time, and become so much a part of everyday behavior inside the company that law-abiding actions become habitual. As one financial services company puts it, culture is<\/p>\n

understanding our vision and values so well that you instinctively know what you need to do when you come to work each day.<\/p>\n

Culture is the attitude we bring to work every day\u2014the pattern of thinking and acting with the customer in mind. It\u2019s the habit of doing the right things, and doing things right. It\u2019s a thousand behaviors inherited from team members who came before us, behaviors that we model today and then pass on as our legacy for team members who come after us. It\u2019s behaviors and attitudes that are core to who we are . . . .[35]<\/sup><\/sup><\/a><\/p><\/blockquote>\n

If this approach rings true with you, consider also that the Department will need to proceed carefully in defining \u201cculture of compliance.\u201d Enforcement officials and compliance experts often refer to \u201cbuilding a culture of compliance.\u201d[36]<\/sup><\/sup><\/a> With respect, no organization can \u201cbuild\u201d an internal and sustainable culture like assembling a set of Lego\u00ae<\/sup> blocks. Like a garden, an organizational culture requires cultivation\u2014preparation of the ground, seeding, fertilization, regular supplying of nutrition, and constant scrutiny to weed out unwanted hosts and to control invasive species.[37]<\/sup><\/sup><\/a> The best approach for the Department, then, would be to see what it can learn from benchmarking from various companies\u2014seeing how they define their key organizational values and translate those into elements of their compliance programs\u2014and then identify examples of how companies, regardless of size, can articulate and implement their own \u201ccultures of compliance.\u201d<\/p>\n

B. \u00a0 \u00a0 \u00a0 \u00a0 \u00a0Code of Conduct and Compliance Policies and Procedures<\/strong>[38]<\/sup><\/sup><\/a><\/p>\n

The next hallmark in the FCPA Resource Guide<\/em> that warrants discussion stresses the importance of a corporate code of conduct and compliance policies and procedures.[39]<\/sup><\/sup><\/a> The FCPA Resource Guide<\/em> states: \u201cAs DOJ has repeatedly noted in its charging documents, the most effective codes are clear, concise, and accessible to all employees and to those conducting business on the company\u2019s behalf.\u201d[40]<\/sup><\/sup><\/a> Clarity, of course, is always important, but concision may not be achievable in every case. Depending, among other things, on a company\u2019s size, geographic dispersion, and complexity of its operations, a company may need to be relatively more prescriptive and terse in stating its requirements for law-abiding conduct. Further guidance on how to strike a suitable balance between clarity and concision\u2014again, drawn in part from your benchmarking sessions\u2014would therefore be useful.<\/p>\n

The FCPA Resource Guide<\/em>\u2019s paragraph on compliance policies and procedures is more instructive because it concisely identifies key components of such policies and key risks that such policies should address. Because the FCPA Resource Guide<\/em> notes that \u201c[t]hese types of policies and procedures will depend on the size and nature of the business and the risks associated with the business,\u201d[41]<\/sup><\/sup><\/a> your benchmarking efforts should seek to identify factors that would justify differences in the length and detail of such policies and procedures.<\/p>\n

C. \u00a0 \u00a0 \u00a0 \u00a0 \u00a0Oversight, Autonomy, and Resources<\/strong>[42]<\/sup><\/sup><\/a><\/p>\n

The next FCPA Resource Guide<\/em> hallmark states the need for one or more senior executives, with appropriate autonomy and resources, to oversee a corporate compliance program.[43]<\/sup><\/sup><\/a> Because what constitutes \u201cappropriate autonomy and resources\u201d may vary widely for smaller and larger companies, the language in this section is too general and laden with contingency\u2014for example, a single paragraph in this section indicates three times that it will \u201cdepend\u201d on circumstances.[44]<\/sup><\/sup><\/a> Benchmarking on this hallmark would be more useful if it concentrates on identifying examples of suitable practices to ensure sufficient oversight, autonomy, and resources in companies of different sizes. For example, while a number of large companies have now separated their risk and compliance functions from their legal departments, smaller companies may need to decide whether and how they can leverage their legal departments to be effective overseers of risk and compliance.<\/p>\n

In conducting its benchmarking on this hallmark, the Department should assume that many companies may be willing to discuss who is overseeing and implementing compliance programs, but skittish about sharing data on how many dollars they put into their compliance resources. If you can look into the latter topic, you may be able to identify percentage data that could be useful for companies of various sizes. For example, \u201cWe found that for companies with annual revenues of less than $50 million, those companies that appeared to have effective compliance programs typically devoted between A and B percent of their annual budgets, while for companies with annual revenues of $500 million or more, those companies that appeared to have effective compliance programs typically devoted between C and D percent of their annual budgets.\u201d Guidance that suggests a range of acceptable resource commitments, with appropriate caveats, could be particularly meaningful.<\/p>\n

D. \u00a0 \u00a0 \u00a0 \u00a0 \u00a0Risk Assessment<\/strong>[45]<\/sup><\/sup><\/a><\/p>\n

The next hallmark, on assessment of risk, may be both the most valuable and the most frustrating guidance in the entire FCPA<\/em> Resource<\/em> Guide<\/em>. This section contains a number of helpful comments that emphasize the need for a risk-based approach to risk assessment: underscoring the importance of avoiding \u201ctoo much focus on low-risk markets and transactions to the detriment of high-risk areas\u201d; warning that \u201cperforming identical due diligence on all third-party agents, irrespective of risk factors, is often counterproductive, diverting attention and resources away from those third parties that pose the most significant risks\u201d; and noting that \u201c[w]hen assessing a company\u2019s compliance program, DOJ and SEC take into account whether and to what degree a company analyzes and addresses the particular risks it faces.\u201d[46]<\/sup><\/sup><\/a><\/p>\n

What makes this section frustrating is the fact that it offers no guidance on how to construct and conduct the risk assessment process, which it emphasizes \u201cis fundamental to developing a strong compliance program.\u201d[47]<\/sup><\/sup><\/a> This is a noteworthy deficiency, as the 2015 KPMG Survey reported that \u201cexecutives admit that an [Anti-Bribery and Corruption] risk assessment is one of their companies\u2019 top challenges.\u201d[48]<\/sup><\/sup><\/a><\/p>\n

On this issue, the Department could benchmark with various companies, and consult outside experts on risk assessment, to better understand how companies are creating risk assessment processes and methodologies.<\/p>\n

That benchmarking should also address how companies should decide what types of data and analysis are appropriate in determining what constitutes a high-, moderate-, or low-risk market for their companies. Many companies appear to rely exclusively on Transparency International\u2019s Corruption Perceptions Index (CPI),[49]<\/sup><\/sup><\/a> perhaps the longest-running measure of corruption risk country-by-country. While the CPI methodology is sound and well-defined for its stated purpose of presenting perceptions of corruption based on expert opinion,[50]<\/sup><\/sup><\/a> the Department should consider offering guidance on the appropriateness of using the CPI as the sole basis to identify high-risk markets, given the FCPA Resource Guide<\/em>\u2019s emphasis on a company\u2019s addressing \u201cthe particular risks it<\/em> faces.\u201d[51]<\/sup><\/sup><\/a> Other types of bribery and corruption-related risk data may deserve serious consideration, as companies seek to refine their risk assessment processes to identify their particular risks with greater clarity.[52]<\/sup><\/sup><\/a><\/p>\n

E. \u00a0 \u00a0 \u00a0 \u00a0 \u00a0Training and Continuing Advice<\/strong>[53]<\/sup><\/sup><\/a><\/p>\n

This hallmark discusses the importance of training and certification \u201cfor all directors, officers, relevant employees, and, where appropriate, agents and business partners.\u201d[54]<\/sup><\/sup><\/a> It notes the approach of \u201cmany larger companies\u201d in implementing a \u201cmix of web-based and in-person training conducted at varying intervals,\u201d and offers broad comments on the content of such training.[55]<\/sup><\/sup><\/a> What this does not clearly address is the extent to which companies should be adopting a risk-based approach in deciding what quantity, depth, and formats of training should be provided to various officers and employees. U.S.-based finance and human resources employees, for example, likely do not need the same depth of third-party risk training that managers and executives operating in foreign markets need. Nor do executives in low-risk business lines need the same depth and frequency of training as executives in high-risk business lines. Your benchmarking efforts should therefore explore how the Department can provide more specific guidance on this point.<\/p>\n

F. \u00a0 \u00a0 \u00a0 \u00a0 \u00a0Incentives and Disciplinary Measures<\/strong>[56]<\/sup><\/sup><\/a><\/p>\n

This hallmark heavily emphasizes companies\u2019 effective enforcement of their compliance program. It notes that \u201cDOJ and SEC will . . . consider whether, when enforcing a compliance program, a company has appropriate and clear disciplinary procedures, whether those procedures are applied reliably and promptly, and whether they are commensurate with the violation.\u201d[57]<\/sup><\/sup><\/a> Here, your benchmarking activities could focus on identifying examples of what the Department considers \u201cappropriate and clear disciplinary procedures,\u201d \u201creliabl[e]\u201d and \u201cpromp[t]\u201d application of such procedures, disciplinary measures that would be \u201ccommensurate with the violation,\u201d and fair and consistent application of disciplining and incentivizing across the organization.[58]<\/sup><\/sup><\/a> The easy case, from an enforcement perspective, would be a situation in which a company fires or otherwise sanctions lower-level employees for wrongdoing, while leaving untouched high-level executives who authorized a course of wrongdoing. Responsible senior management, however, would want no part of such a situation, and therefore would welcome some more specific examples of best practices for disciplining misconduct and incentivizing exemplary conduct.<\/p>\n

G. \u00a0 \u00a0 \u00a0 \u00a0 \u00a0Third-Party Due Diligence and Payments<\/strong>[59]<\/sup><\/sup><\/a><\/p>\n

This hallmark properly notes the frequency with which third parties are used as conduits, cutouts, or \u201cbagmen\u201d to conceal the transmission of bribes to foreign officials, and specifically refers to the need for \u201c[r]isk-based due diligence\u201d with third parties.[60]<\/sup><\/sup><\/a> Even though this section contains an extended discussion of guiding principles for conducting risk-based due diligence,[61]<\/sup><\/sup><\/a> you should consider conducting extensive benchmarking on this topic, including identifying specific best practices that address those principles. The 2015 KPMG Survey reported that, according to its respondents, \u201cmanagement of third parties poses the greatest challenge in executing [Anti-Bribery and Corruption] programs,\u201d[62]<\/sup><\/sup><\/a> and that \u201cmore than one[-]third of the respondents do not formally identify high-risk third parties.\u201d[63]<\/sup><\/sup><\/a><\/p>\n

Moreover, guidance on what constitutes appropriate due diligence with regard to third parties needs to acknowledge that third parties vary widely in their size and complexity. For example, companies whose operations depend on third parties with multiple tiers, such as distribution channels, would appreciate clear guidance on law enforcement agencies\u2019 expectations about how far due diligence should go through those levels.[64]<\/sup><\/sup><\/a><\/p>\n

H. \u00a0 \u00a0 \u00a0 \u00a0 \u00a0Confidential Reporting and Internal Investigation[65]<\/sup><\/strong><\/sup><\/a><\/strong><\/p>\n

This hallmark briefly discusses the need for a mechanism for employees to report suspected or actual misconduct confidentially and without fear of retribution, and a suitable process for investigating such allegations and documenting the company\u2019s response.[66]<\/sup><\/sup><\/a> Even if this discussion seems to raise points requiring no further explanation, your benchmarking could be useful in identifying examples of effective confidential-reporting approaches and of organizational designs that ensure prompt and effective investigations of reported misconduct.<\/p>\n

I. \u00a0 \u00a0 \u00a0 \u00a0 \u00a0Periodic Testing and Review<\/strong>[67]<\/sup><\/sup><\/a><\/p>\n

This hallmark correctly states that \u201ca good compliance program should constantly evolve.\u201d[68]<\/sup><\/sup><\/a> Senior executives need to recognize that systematic misconduct within a company does not spring up spontaneously, but is the outcome of an evolving process that can owe as much to gradual erosion of business ethics as to individual decisions by corporate executives.[69]<\/sup><\/sup><\/a> Sound compliance programs should be continuing processes that change as business lines expand, and risks and risk appetites change.<\/p>\n

Here, your benchmarking on this subject could include a search for examples of sound internal controls that companies of different sizes could effectively implement, including a detailed examination of data analytics as a key component of internal controls. The 2015 KPMG Survey found that even though \u201cdata analytics is an increasingly important and cost-effective tool to assess [Anti-Bribery and Corruption] controls,\u201d \u201conly a quarter of respondents use data analysis to identify violations and, of those that do so, less than half continuously monitor data to spot potential violations.\u201d[70]<\/sup><\/sup><\/a> The Department should therefore underscore its interest in data analytics and provide guidance to companies on that topic.<\/p>\n

J. \u00a0 \u00a0 \u00a0 \u00a0 \u00a0Mergers and Acquisitions, Pre-and Post-Acquisition<\/strong>[71]<\/sup><\/sup><\/a><\/p>\n

The final hallmark in the FCPA Resource Guide<\/em> has two key elements. First, it broadly identifies the risks that a company creates when it conducts inadequate pre-transaction due diligence in mergers and acquisitions. Second, it highlights the Department\u2019s and the SEC\u2019s interest in prompt post-acquisition integration of the merged or acquired entity into the remaining entity\u2019s internal controls, including its corporate compliance program.[72]<\/sup><\/sup><\/a><\/p>\n

Considering how substantial the risks may be to acquirers, including the prospect of imposition of successor liability, the guidance in this section is overly thin. Your benchmarking here should seek to identify the types of constraints under which law-abiding companies must operate in a pre-transaction environment, where corporate executives overseeing the negotiations may be operating under intense time pressures, and highlight compliance practices and approaches that are likely to be effective in identifying or discouraging potential misconduct despite those constraints.<\/p>\n

This section also does not address whether the Department considers this guidance to reflect a risk-based approach. The Department should clarify its views on that issue after benchmarking, as the logic of its insistence on a risk-based approach to compliance in other areas should apply to the M&A context as well.<\/p>\n

IV. \u00a0 \u00a0 \u00a0 \u00a0 \u00a0Publish the Results of Your Benchmarking and Compliance Guidance in a Single Document<\/strong><\/p>\n

This is the final step, on which the credibility and value of the other steps in your process will largely depend. Improving the Department\u2019s knowledge base is always a useful exercise, but the Department needs to share the fruits of its labors\u2014more precisely, the specific conclusions and expectations that it develops from the benchmarking process\u2014with the public, by publishing it in a single document.<\/p>\n

Last year, a senior Department official stated that \u201c[w]henever possible, we try to communicate clear guidance to the corporate community through our criminal resolutions, our interactions with companies and their counsel during an investigation or prosecution and other channels such as [public] conferences . . . .\u201d[73]<\/sup><\/sup><\/a> With due respect, that approach does not result in clear ex ante<\/em> guidance to companies. In individual cases, documentation of a corporate criminal resolution can be illuminating about certain actions that led to, or constituted, criminal conduct. But it tells interested readers only what went wrong\u2014not why things went wrong, or how law-abiding companies should improve their compliance efforts to avoid the same fate.<\/p>\n

As for interactions with companies during investigations and prosecutions, whatever guidance Department prosecutors convey to corporations in nonpublic negotiations stays behind closed doors for most of the corporate world. That guidance may be useful to an individual company under investigation\u2014though it will likely oppose disclosing any details of its alleged wrongdoing or the remedial steps it is required to take, other than what the resolution of that investigation requires it to disclose. And it will certainly be useful to the outside counsel representing the company, who can use the knowledge gained behind closed doors to represent other companies in future Department investigations. But if the guidance does not find its way into public documents, other companies not involved in the proceeding will not benefit from it.<\/p>\n

Finally, the Department\u2019s willingness to allow its prosecutors to speak and write publicly about corporate compliance issues is commendable. The problem here is not the quality or good intentions of the speakers, but the randomness of the creation of additional fragments of guidance, especially when different officials make different points about compliance at different times. As a result, companies and lawyers must pore over a farrago of data sources, like Roman haruspices poring over the entrails of sacrificial animals, to divine what the Department means to say about corporate compliance. And such divination is no easy matter. Public remarks by Departmental officials of various ranks must be scrutinized and compared with numerous press releases and supporting documents for criminal prosecutions, while exploring the Department\u2019s more general public guidance, ranging from the Fraud Section\u2019s FCPA published opinions[74]<\/sup><\/sup><\/a> to the Antitrust Division\u2019s Business Review Letter process.[75]<\/sup><\/sup><\/a><\/p>\n

None of this implies that Department officials should stop announcing corporate criminal resolutions, providing closed-door feedback to companies under investigation, or writing and speaking about corporate compliance. But the Department and the SEC should also collect their cumulative experience and guidance on corporate compliance into as few places as possible, and periodically update that collection. For foreign bribery and corruption matters, the FCPA Resource Guide<\/em> has been a substantial step in that direction, but has proved to be too brief in presenting its much-touted hallmarks of compliance. Whether incorporated into a revised FCPA Resource Guide<\/em> or maintained as a separate public document, your benchmarking efforts should seek to make the information costs for companies as low as possible.<\/p>\n

In conclusion, the best of luck to you in your work. Although some have been dubious about the concept of a Compliance Counsel, you can make a significant contribution by helping the Department to develop clarified, refined, and clearly communicated expectations about compliance practices.
\nSincerely,<\/p>\n

Jonathan J. Rusch<\/p>\n

 <\/p>\n

\u2020<\/a> Senior Vice President and Head of Anti-Bribery & Corruption Governance, Wells Fargo, Washington, D.C.; Adjunct Professor, Georgetown University Law Center; Lecturer in Law, University of Virginia Law School. Formerly Deputy Chief for Strategy and Policy, Fraud Section, Criminal Division, U.S. Department of Justice. The views in this paper\u2014which stem from an October 2, 2015 presentation at the American Society of International Law Anti-Corruption Interest Group Workshop\u2014are solely those of the Author, and do not necessarily represent those of Wells Fargo or the U.S. Department of Justice.<\/p>\n

[1]<\/a> On November 3, 2015, the Department retained Hui Chen, a former federal prosecutor and global head of anti-bribery and corruption at Standard Chartered Bank, as compliance counsel in the Fraud Section of the Department\u2019s Criminal Division. In addition to her service as a Department of Justice Trial Attorney and an Assistant United States Attorney, Chen also served as an Assistant General Counsel of Pfizer and a senior attorney at Microsoft. See<\/em> Press Release, U.S. Dep\u2019t of Justice, New Compliance Counsel Expert Retained by the DOJ Fraud Section (November 3, 2015), https:\/\/www.justice.gov\/criminal-fraud\/file\/790236\/download.<\/p>\n

[2]<\/a> See<\/em> LIBOR and FX<\/em>, U.S. Dep\u2019t of Justice, http:\/\/www.justice.gov\/criminal-fraud\/libor-and-fx (last updated June 12, 2015).<\/p>\n

[3]<\/a> See, e.g.<\/em>, Press Release, U.S. Dep\u2019t of Justice, VimpelCom Limited and Unitel LLC Enter into Global Foreign Bribery Resolution of More Than $795 Million; United States Seeks $850 Million Forfeiture in Corrupt Proceeds of Bribery Scheme (February 18, 2016), https:\/\/www.justice.gov\/opa\/pr\/vimpelcom-limited-and-unitel-llc-enter-global-foreign-bribery-resolution-more-795-million; Press Release, U.S. Dep\u2019t of Justice, Alstom Sentenced to Pay $772 Million Criminal Fine to Resolve Foreign Bribery Charges (November 13, 2015), https:\/\/www.justice.gov\/opa\/pr\/alstom-sentenced-pay-772-million-criminal-fine-resolve-foreign-bribery-charges; Press Release, U.S. Dep\u2019t of Justice, Hewlett Packard Russia Agrees to Plead Guilty to Foreign Bribery (April 9, 2014), http:\/\/www.justice.gov\/opa\/pr\/hewlett-packard-russia-agrees-plead-guilty-foreign-bribery.<\/p>\n

[4]<\/a> Joel Schectman, Compliance Counsel to Help DOJ Decide Whom to Prosecute<\/em>, Wall St. J.: Risk & Compliance J., (July 30, 2015), http:\/\/blogs.wsj.com\/riskandcompliance\/2015\/07\/30\/compliance-counsel-to-help-doj-decide-whom-to-prosecute\/.<\/p>\n

[5]<\/a> See, e.g.<\/em>, Press Release, U.S. Dep\u2019t of Justice, Louis Berger International Resolves Foreign Bribery Charges (July 17, 2015), http:\/\/www.justice.gov\/opa\/pr\/louis-berger-international-resolves-foreign-bribery-charges; Press Release, U.S. Dep\u2019t of Justice, IAP Worldwide Services Inc. Resolves Foreign Corrupt Practices Act Investigation (June 16, 2015), http:\/\/www.justice.gov\/opa\/pr\/iap-worldwide-services-inc-resolves-foreign-corrupt-practices-act-investigation; Press Release, U.S. Dep\u2019t of Justice, Managing Director of US Broker-Dealer Sentenced for International Bribery Scheme (Mar. 27, 2015), https:\/\/www.justice.gov\/opa\/pr\/ceo-and-managing-director-us-broker-dealer-sentenced-international-bribery-scheme.<\/p>\n

[6]<\/a> U.S. Dep\u2019t of Justice, supra<\/em> note 1 (explaining that the two primary duties of the Department\u2019s Compliance Counsel are (1) \u201cprovid[ing] expert guidance to Fraud Section prosecutors as they consider the enumerated factors in the United States Attorneys\u2019 Manual concerning the prosecution of business entities, including the existence and effectiveness of any compliance program that a company had in place at the time of the conduct giving rise to the prospect of criminal charges, and whether the corporation has taken meaningful remedial action, such as the implementation of new compliance measures to detect and prevent future wrongdoing\u201d and (2) \u201chelp[ing] prosecutors develop appropriate benchmarks for evaluating corporate compliance and remediation measures and communicating with stakeholders in setting those benchmarks.\u201d); see also<\/em> Leslie R. Caldwell, Assistant Att\u2019y Gen., U.S. Dep\u2019t of Justice, Remarks at the SIFMA Compliance and Legal Society New York Regional Seminar (Nov. 2, 2015), http:\/\/www.justice.gov\/opa\/speech\/assistant-attorney-general-leslie-r-caldwell-speaks-sifma-compliance-and-legal-society.<\/p>\n

[7]<\/a> Schectman, supra<\/em> note 4.<\/p>\n

[8]<\/a> See<\/em> Memorandum from Sally Quillian Yates to the Assistant Attorney General, Antitrust Division et al<\/em>. on Individual Accountability for Corporate Wrongdoing (Sept. 9, 2015), http:\/\/www.justice.gov\/dag\/file\/769036\/download.<\/p>\n

[9]<\/a> See<\/em> Sally Quillian Yates, Deputy Att\u2019y Gen., Dep\u2019t of Justice, Remarks at New York University Law School (Sept. 10, 2015) (stating new requirements that, inter alia<\/em>, (1) \u201cif a company wants any credit for cooperation, any credit at all, it must identify all individuals involved in the wrongdoing, regardless of their position, status or seniority in the company and provide all relevant facts about their misconduct\u201d; and (2) Department attorneys \u201care to focus on individuals from the start of an investigation, regardless of whether the investigation begins civilly or criminally\u201d and \u201conce a case is underway, the inquiry into individual misconduct can and should proceed in tandem with the broader corporate investigation\u201d), http:\/\/www.justice.gov\/opa\/speech\/deputy-attorney-general-sally-quillian-yates-delivers-remarks-new-york-university-school.<\/p>\n

[10]<\/a> See, e.g.<\/em>, Kaiser Associates, Beating the Competition: A Practical Guide to Benchmarking (1988).<\/p>\n

[11]<\/a> U.S. Dep\u2019t of Justice, U.S. Att\u2019y\u2019s Manual \u00a7 9-28.800 (1997 ed., rev. Nov. 2015), http:\/\/www.justice.gov\/usam\/usam-9-28000-principles-federal-prosecution-business-organizations.<\/p>\n

[12]<\/a> Id<\/em>.<\/p>\n

[13]<\/a> See<\/em> Jimmy Helm et al., KPMG, Anti-Bribery and Corruption: Rising to the challenge in the age of globalization 1, 3 (2015) [hereinafter KPMG Survey], https:\/\/www.kpmg.com\/NL\/nl\/IssuesAndInsights\/ArticlesPublications\/Documents\/PDF\/Forensic\/Anti-Bribery-and-Corruption.pdf.<\/p>\n

[14]<\/a> Types of Benchmarking<\/em>, British Quality Foundation, http:\/\/dev.bqf.org.uk\/sustainable-excellence\/benchmarking-types (last visited March 2, 2016).<\/p>\n

[15]<\/a> Id<\/em>.<\/p>\n

[16]<\/a> British Quality Foundation, supra<\/em> note 14.<\/p>\n

[17]<\/a> Id<\/em>.<\/p>\n

[18]<\/a> U.S. Dep\u2019t of Justice, supra<\/em> note 11.<\/p>\n

[19]<\/a> Schectman, supra <\/em>note 4.<\/p>\n

[20]<\/a> Such assurances, of course, may be more challenging to provide if companies provide written information to the Department in good faith and then find that other entities seek to obtain copies of that information under the Freedom of Information Act.<\/p>\n

[21]<\/a> See, e.g.<\/em>, Office of the Fed. Register, A Guide to the Rulemaking Process, https:\/\/www.federalregister.gov\/uploads\/sites\/18\/2011\/01\/the_rulemaking_process.pdf (last visited March 28, 2016).<\/p>\n

[22]<\/a> See, e.g.<\/em>, U.S. Dep\u2019t of Justice, U.S. Att\u2019y\u2019s Manual \u00a7 1-1.100 (1997 ed., rev. May 2009), https:\/\/www.justice.gov\/usam\/united-states-attorneys-manual.<\/p>\n

[23]<\/a> See<\/em> Monthly Reports \u2013 Latest Statistics (January 2016 data)<\/em>, World Federation of Exchanges, http:\/\/www.world-exchanges.org\/home\/index.php\/statistics\/monthly-reports (last visited March 28, 2016).<\/p>\n

[24]<\/a> Organisation for Economic Co-operation and Development, OECD Foreign Bribery Report (2014), http:\/\/www.oecd-ilibrary.org\/docserver\/download\/2814011e.pdf?expires=1458940182&id=id&accname=guest&checksum=0B60F084099B54ABA23EAE8512B65786.<\/p>\n

[25]<\/a> Criminal Div., U.S. Dep\u2019t of Justice & Enf\u2019t Div., Sec. and Exch. Comm\u2019n, A Resource Guide to the U.S. Foreign Corrupt Practices Act 57 (2012) [hereinafter FCPA Resource Guide], https:\/\/www.justice.gov\/sites\/default\/files\/criminal-fraud\/legacy\/2015\/01\/16\/guide.pdf.<\/p>\n

[26]<\/a> Id<\/em>.<\/p>\n

[27]<\/a> Id<\/em>. at 57\u201362.<\/p>\n

[28]<\/a> Id<\/em>. at 57.<\/p>\n

[29]<\/a> See, e.g<\/em>., id.<\/em>; Marshall L. Miller, Principal Deputy Att\u2019y Gen., Remarks at the Advanced Compliance and Ethics Workshop (October 7, 2014), http:\/\/www.justice.gov\/opa\/speech\/remarks-principal-deputy-assistant-attorney-general-criminal-division-marshall-l-miller-0; Stuart F. Delery, Assistant Att\u2019y Gen., Keynote Address at CBI Pharmaceutical Compliance Congress (January 29, 2014), http:\/\/www.justice.gov\/iso\/opa\/civil\/speeches\/2014\/civ-speech-140129.html; Brent Snyder, Deputy Assistant Att\u2019y Gen., Remarks at the International Chamber of Commerce\/ United States Council of International Business Joint Antitrust Compliance Workshop: Compliance is a Culture, Not Just a Policy (September 9, 2014), http:\/\/www.justice.gov\/atr\/file\/517796\/download.<\/p>\n

[30]<\/a> FCPA Resource Guide, supra<\/em> note 25, at 57.<\/p>\n

[31]<\/a> Id<\/em>.<\/p>\n

[32]<\/a> Id<\/em>.<\/p>\n

[33]<\/a> See<\/em> Snyder, supra<\/em> note 29; U.S. Dep\u2019t of the Treasury, Financial Crimes Enf\u2019t Network, No. FIN-2014-A007, Advisory to U.S. Financial Institutions on Promoting a Culture of Compliance (August 11, 2014), http:\/\/www.fincen.gov\/statutes_regs\/guidance\/pdf\/FIN-2014-A007.pdf.<\/p>\n

[34]<\/a> 1 Edward B. Tylor, Primitive Culture: Researches Into the Development of Mythology, Philosophy, Religion, Art, and Custom (6th ed. 1871).<\/p>\n

[35]<\/a> Our Culture<\/em>, Wells Fargo, https:\/\/www.wellsfargo.com\/invest_relations\/vision_values\/5 (last visited March 25, 2016).<\/p>\n

[36]<\/a> See, e.g.<\/em>, Snyder, supra<\/em> note 29, at 5; Charles H. LeGrand, Building a Culture of Compliance (2005), http:\/\/www.qualitymag.com\/ext\/resources\/QUAL\/Home\/Files\/PDFs\/Building%20a%20Culture%20of%20Compliance.PDF.<\/p>\n

[37]<\/a> See generally<\/em> U.S. Dep\u2019t of Agric., Nat\u2019l Invasive Species Info. Center, http:\/\/www.invasivespeciesinfo.gov\/index.shtml (last modified March 16, 2016).<\/p>\n

[38]<\/a> FCPA Resource Guide , supra<\/em> note 25, at 57.<\/p>\n

[39]<\/a> Id.<\/em> at 57\u201358<\/p>\n

[40]<\/a> Id<\/em>. at 57.<\/p>\n

[41]<\/a> Id<\/em>. at 58.<\/p>\n

[42]<\/a> Id<\/em>.<\/p>\n

[43]<\/a> Id.<\/em><\/p>\n

[44]<\/a> Id.<\/em><\/p>\n

[45]<\/a> Id. <\/em>at 58\u201359.<\/p>\n

[46]<\/a> Id<\/em>. at 59.<\/p>\n

[47]<\/a> Id<\/em>. at 58. It should be noted that individual FCPA corporate resolutions routinely include detailed provisions on the elements of a required corporate compliance program\u2014sometimes known to FCPA practitioners as \u201cAttachment C\u201d\u2014that include some limited language on the basic elements of a risk assessment process.<\/p>\n

[48]<\/a> KPMG Survey, supra<\/em> note 13, at 3.<\/p>\n

[49]<\/a> See<\/em> Corruption Perceptions Index 2015<\/em>, Transparency International, http:\/\/www.transparency.org\/cpi2015 (last visited March 25, 2016).<\/p>\n

[50]<\/a> See, e.g.<\/em>, Corruption Perceptions Index 2014: In Detail<\/em>, Transparency International,<\/p>\n

http:\/\/www.transparency.org\/cpi2014\/in_detail#myAnchor2 (last visited March 25, 2016).<\/p>\n

[51]<\/a> FCPA Resource Guide, supra<\/em> note 25, at 59 (emphasis added).<\/p>\n

[52]<\/a> See, e.g.<\/em>, Richard Rose & Caryn Peiffer, Paying Bribes for Public Services (2015); Karlyn D. Stanley, Elvira N. Loredo, Nicholas Burger, Jeremy N. V. Miles, & Clinton W. Saloga, Business Bribery Risk Assessment (2014), http:\/\/www.rand.org\/content\/dam\/rand\/pubs\/research_reports\/RR800\/RR839\/RAND_RR839.pdf.<\/p>\n

[53]<\/a> FCPA Resource Guide, supra<\/em> note 25, at 59.<\/p>\n

[54]<\/a> Id.<\/em><\/p>\n

[55]<\/a> Id.<\/em><\/p>\n

[56]<\/a> Id.<\/em><\/p>\n

[57]<\/a> Id.<\/em><\/p>\n

[58]<\/a> Id.<\/em><\/p>\n

[59]<\/a> Id<\/em>. at 60.<\/p>\n

[60]<\/a> Id.<\/em><\/p>\n

[61]<\/a> See id<\/em>. at 60\u201361.<\/p>\n

[62]<\/a> KPMG Survey, supra<\/em> note 13, at 3.<\/p>\n

[63]<\/a> Id<\/em>.<\/p>\n

[64]<\/a> Id<\/em>. at 7\u20139.<\/p>\n

[65]<\/a> FCPA Resource Guide, supra<\/em> note 25, at 61.<\/p>\n

[66]<\/a> Id.<\/em><\/p>\n

[67]<\/a> Id<\/em>. at 61.<\/p>\n

[68]<\/a> Id<\/em>.<\/p>\n

[69]<\/a> See id.<\/em> at 61\u201362.<\/p>\n

[70]<\/a> KPMG Survey, supra<\/em> note 13, at 3.<\/p>\n

[71]<\/a> See<\/em> FCPA Resource Guide, supra<\/em> note 25, at 62.<\/p>\n

[72]<\/a> See id<\/em>.<\/p>\n

[73]<\/a> Leslie R. Caldwell, Assistant Att\u2019y Gen., U.S. Dep\u2019t of Justice, Remarks at New York University Law School\u2019s Program on Corporate Governance and Enforcement (April 17, 2015), http:\/\/www.justice.gov\/opa\/speech\/assistant-attorney-general-leslie-r-caldwell-delivers-remarks-new-york-university-law.<\/p>\n

[74]<\/a> See<\/em> FCPA Opinions<\/em>, U.S. Dep\u2019t of Justice, http:\/\/www.justice.gov\/criminal-fraud\/fcpa-opinions (last updated June 17, 2015).<\/p>\n

[75]<\/a> See<\/em> Business Review Letters and Request Letters<\/em>, U.S. Dep\u2019t of Justice, http:\/\/www.justice.gov\/atr\/business-review-letters-and-request-letters (last updated March 25, 2016).<\/p>\n","protected":false},"excerpt":{"rendered":"

Jonathan J. Rusch:\u00a0Since 1977, with the enactment of the Foreign Corrupt Practices Act, the United States Department of Justice has played a leading role in applying the Act\u2019s anti-bribery, books and records, and internal controls provisions in enforcement proceedings against numerous companies and individuals worldwide. In November 2015, the Department of Justice took the unprecedented step of hiring a Compliance Counsel to guide its prosecutors in decision-making in corporate prosecutions and in benchmarking corporate compliance. This Memorandum is composed as an open letter to the Compliance Counsel, focusing on how she and the Department of Justice should go about that critical benchmarking function.<\/p>\n","protected":false},"author":6,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[272,324,22,208,316],"tags":[],"ppma_author":[374],"class_list":["post-4104","post","type-post","status-publish","format-standard","hentry","category-corporate-governance","category-financial-regulation","category-home","category-us-business-law","category-volume-6"],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/pgKEUK-14c","jetpack-related-posts":[{"id":5014,"url":"https:\/\/journals.law.harvard.edu\/hblr\/sink-or-swim-bringing-corporate-legal-department-governance-into-the-modern-era\/","url_meta":{"origin":4104,"position":0},"title":"Sink or Swim: Bringing Corporate Legal Department Governance into the Modern Era","author":"cmajocha","date":"November 28, 2022","format":false,"excerpt":"Technology has changed the way that we conduct business domestically and internationally, and legal departments have had to stretch to meet those repercussive demands. These demands are expansive but include automation and AI developments; corporate online presence and reputation; even larger-scale corporate transactions; and with the aftershocks of the COVID-19\u2026","rel":"","context":"In "Home"","block_context":{"text":"Home","link":"https:\/\/journals.law.harvard.edu\/hblr\/category\/home\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":3756,"url":"https:\/\/journals.law.harvard.edu\/hblr\/hblr-presents-benefit-corporations\/","url_meta":{"origin":4104,"position":1},"title":"HBLR Presents: Benefit Corporations Conference","author":"Dayme Sanchez","date":"March 30, 2014","format":false,"excerpt":"Thursday, April 3, 10am-4pm at Milstein West, Harvard Law School Interested in social entrepreneurship? Looking to make connections in law and business? Please join the Harvard Business Law Review (HBLR) for our Benefit Corporations conference, as we explore an exciting new area of corporate law. The topic of discussion will\u2026","rel":"","context":"In "Featured"","block_context":{"text":"Featured","link":"https:\/\/journals.law.harvard.edu\/hblr\/category\/featured\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1828,"url":"https:\/\/journals.law.harvard.edu\/hblr\/de-default-rules\/","url_meta":{"origin":4104,"position":2},"title":"What is the Practical Importance of Default Rules under Delaware LLC and LP Law?","author":"wpengine","date":"January 23, 2012","format":false,"excerpt":"Mohsen Manesh: Despite much academic debate, it is now well settled that in Delaware at least, corporate law differs from unincorporated alternative entity law in one fundamental respect...","rel":"","context":"In "Home"","block_context":{"text":"Home","link":"https:\/\/journals.law.harvard.edu\/hblr\/category\/home\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/journals.law.harvard.edu\/hblr\/wp-content\/uploads\/sites\/87\/2012\/01\/myron-steele.jpeg?fit=400%2C253&ssl=1&resize=350%2C200","width":350,"height":200},"classes":[]},{"id":3676,"url":"https:\/\/journals.law.harvard.edu\/hblr\/the-cftcs-cross-border-guidance-for-swaps-and-substituted-compliance-regime\/","url_meta":{"origin":4104,"position":3},"title":"The CFTC’s Cross-Border Guidance for Swaps and Substituted Compliance Regime","author":"wpengine","date":"December 4, 2013","format":false,"excerpt":"James Schwartz: The regulation of the swaps market, in which transactions between counterparties in wide-ranging jurisdictions have long been routine, requires international coordination and cooperation. If this were lacking, the consequences could include regulatory arbitrage, outsized compliance costs for, or incomplete compliance by, market participants, the fracturing of liquidity among\u2026","rel":"","context":"In "Derivatives Regulation"","block_context":{"text":"Derivatives Regulation","link":"https:\/\/journals.law.harvard.edu\/hblr\/category\/us-business-law\/derivatives-regulation\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":813,"url":"https:\/\/journals.law.harvard.edu\/hblr\/citizens-united-and-the-nexus-of-contracts-presumption\/","url_meta":{"origin":4104,"position":4},"title":"Citizens United and the Nexus-Of-Contracts Presumption","author":"wpengine","date":"January 18, 2011","format":false,"excerpt":"Stefan J. Padfield Citizens United v. Federal Election Commission has been described as \u201cone of the most important business decisions in a generation.\u201d In Citizens United, the Supreme Court of the United States invalidated section 441(b) of the Federal Election Campaign Act of 1971 as unconstitutional. That section prohibited corporations\u2026","rel":"","context":"In "Home"","block_context":{"text":"Home","link":"https:\/\/journals.law.harvard.edu\/hblr\/category\/home\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/journals.law.harvard.edu\/hblr\/wp-content\/uploads\/sites\/87\/2011\/01\/network2.jpg?fit=300%2C200&ssl=1&resize=350%2C200","width":350,"height":200},"classes":[]},{"id":4091,"url":"https:\/\/journals.law.harvard.edu\/hblr\/king-henry-ii-and-the-global-financial-crisis\/","url_meta":{"origin":4104,"position":5},"title":"King Henry II and the Global Financial Crisis","author":"ehansen","date":"March 1, 2016","format":false,"excerpt":"James W. Giddens: A significant portion of the failure that fueled the 2008 financial crisis has been attributed to a systemic lapse in senior executive oversight at the major financial institutions. Notwithstanding this failure, these executives have not been held personal liable for their \u201cKing Henry moments,\u201d instances where senior\u2026","rel":"","context":"In "Corporate Governance"","block_context":{"text":"Corporate Governance","link":"https:\/\/journals.law.harvard.edu\/hblr\/category\/us-business-law\/corporate-governance\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_sharing_enabled":true,"authors":[{"term_id":374,"user_id":6,"is_guest":0,"slug":"hlsjrnldev","display_name":"ehansen","avatar_url":"https:\/\/secure.gravatar.com\/avatar\/e63e48e4d49784084ed809c915627ab9f38ce23b8f0aa540749aa9e907f6a18c?s=96&d=blank&r=g","0":null,"1":"","2":"","3":"","4":"","5":"","6":"","7":"","8":""}],"_links":{"self":[{"href":"https:\/\/journals.law.harvard.edu\/hblr\/wp-json\/wp\/v2\/posts\/4104","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/journals.law.harvard.edu\/hblr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/journals.law.harvard.edu\/hblr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/journals.law.harvard.edu\/hblr\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/journals.law.harvard.edu\/hblr\/wp-json\/wp\/v2\/comments?post=4104"}],"version-history":[{"count":0,"href":"https:\/\/journals.law.harvard.edu\/hblr\/wp-json\/wp\/v2\/posts\/4104\/revisions"}],"wp:attachment":[{"href":"https:\/\/journals.law.harvard.edu\/hblr\/wp-json\/wp\/v2\/media?parent=4104"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/journals.law.harvard.edu\/hblr\/wp-json\/wp\/v2\/categories?post=4104"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/journals.law.harvard.edu\/hblr\/wp-json\/wp\/v2\/tags?post=4104"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/journals.law.harvard.edu\/hblr\/wp-json\/wp\/v2\/ppma_author?post=4104"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}