By now, most corporate compliance and ethics officers are aware of the Trump administration's shift in priorities. Specifically, the shifts in Foreign Corrupt Practices Act (FCPA) enforcement.
The department announced the news on June 9 in a policy memo from deputy attorney general Todd Blanche. Enforcement under the Foreign Corrupt Practices Act won't go away entirely, but the policy memo redefines how prosecutors will assess foreign bribery cases, signaling a major pivot in DOJ priorities. Combine that new stance with the Justice Department's other recent policy announcement that it will take a more forgiving approach to corporate misconduct generally, and corporate compliance officers find themselves in an unfamiliar place.
Are you still supposed to report FCPA violations? Does anticorruption compliance matter anymore? What does all this mean for your ethics and compliance program?
Those are all valid questions, especially since your board and senior management team could well ask any of them to you. So, let's consider the answers.
Is FCPA enforcement 'back'?
We can start with what Blanche said in his enforcement memo. He listed four main factors prosecutors will consider when deciding whether to bring an FCPA enforcement action:
- Does the misconduct involve drug cartels or other transnational criminal organizations?
- Does the misconduct prevent specific, identifiable U.S. organizations from fair access to compete for business overseas?
- Does the misconduct threaten U.S. national security interests, especially in industries such as defense, critical infrastructure, or intelligence?
- Does the misconduct involve serious misconduct, such as large-dollar bribes or extensive concealment efforts; or relate to more "routine business practices" at lower dollar amounts?
There's still a lot of ambiguity in those four factors. For example, when Blanche talks about violations that prevent "specific, identifiable U.S. organizations from fair access to compete for business overseas" – does that mean the department will prioritize foreign companies whose corruption thwarts U.S. companies from competing? Or will the department also pursue U.S. businesses whose bribery thwarts other U.S. businesses from those same opportunities?
Blanche's memo says prosecutors will work "not by focusing on particular individuals or companies on the basis of their nationality, but by identifying and prioritizing the investigation and prosecution of conduct that most undermines these principles." Compliance officers won't truly know what that means until we see it in practice.
Moreover, we also need to consider these new FCPA enforcement priorities in the larger context of all the other enforcement priorities the Justice Department has. That is, just because the department says it might bring FCPA cases according to certain new criteria, that doesn't mean the department will bring many cases.
The corporate misconduct the Justice Department really wants to pursue, as listed in another memo published in May, is healthcare fraud, tariff evasion, collaboration with drug cartels or terrorist groups, and money laundering. Indeed, when the department listed its top 10 corporate misconduct enforcement priorities, FCPA bribery and corruption placed ninth.
So no, FCPA enforcement isn't going away. That doesn't mean it's going to be a high priority for federal prosecutors any time soon.
Why strong FCPA compliance still matters despite executive action
It's reasonable, and perhaps even normal, for management teams to wonder right now whether they should keep taking FCPA compliance seriously. Why invest so much time and energy on FCPA compliance programs when the risk of enforcement and punishment is going to be so low?
Fair question, but this is where we need to disentangle the corporate legal, compliance, and ethics functions into separate threads.
Let's assume your company does have an FCPA violation. First, the company will need to decide whether you self-disclose that violation to the Justice Department. If you do, then under the department's new policies, you're almost guaranteed to receive a declination – but you will need to disgorge any ill-gotten proceeds from the scheme and remediate your compliance program.
If you don't disclose, you can keep the ill-gotten proceeds, fix the underlying control problems, and perhaps might never get caught anyway – but if a whistleblower reports you to the Justice Department, you could be in for a much rougher ride.
Ultimately this will be a question for senior management and the legal team (including outside counsel) to decide. You, the compliance officer, can argue for voluntary self-disclosure, but in most cases that will be all you can do.
That's the legal question. Meanwhile, there's still a separate corporate compliance question: Does the company really want to let its anti-bribery program wither since the risk of FCPA enforcement is lower?
That would be short-sighted. As we've said before in this blog, the statute of limitations for FCPA violations remains lengthy, and future administrations could easily reverse Trump's enforcement pause with new executive orders. But more than that, large companies have all sorts of compliance and enforcement risks, such as contracting fraud, money laundering, and sanctions violations – and all those issues are still high priorities for the Trump Administration.
A company that lets its compliance capabilities diminish because its FCPA enforcement risk is lower is being penny-wise and pound-foolish. Strong compliance capabilities help companies in all sorts of tangible, practical ways.
Lastly is the ethics question. Does your company want to be one that tolerates corruption?
Corporate corruption might be easier or more lucrative in the moment, but it's not sustainable over the long term. Customers will start expecting more bribes, employees will start offering more bribes, and a culture of corruption and short-cutting will take root.
Corruption eats away at innovation, growth, capital allocation, employee morale, and other fundamentals for business success. Any management team that looks at those consequences and says, "Sign us up!" will not last long.
So no, in light of the Justice Department's new FCPA enforcement priorities, FCPA compliance won't be the top priority it once was.
But it shouldn't change your company's calculus for maintaining a robust compliance program. If it does, you might not be following the right math.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
