Mitigating FCPA Risk And Issues To Consider In Conducting Investigations

Monday, May 2, 2011 - 01:00

The Editor interviews Thomas J. Engelhart, Global Due Diligence Specialist, The Kreller Group, Inc., an international due diligence investigation firm, and Professor Mike Koehler, author of the blog FCPA Professor .

Editor: Please describe your activity and the services you provide to global companies.

Engelhart: The Kreller Group, Inc. specializes in providing due diligence and background investigations worldwide on corporations and individuals. We also conduct international credit queries and assist companies with collection efforts. Specifically, my current responsibilities include proactive consulting with existing clients to address due diligence objectives, customizing due diligence programs for new customers, analyzing current trends regarding regulatory compliance, and working closely with domestic and international investigators to keep current on security issues. Kreller's staff comprises a team of licensed investigators and analysts with experience in federal, state and local law enforcement and case managers who interact with clients to determine due diligence objectives. In addition, we utilize an exceptional network of global contacts and resources to assist with international groundwork.

Koehler: I run FCPA Professor , a forum devoted to the FCPA and related topics. Since July 2009, it has been my mission to explore the more analytical "why" questions - increasingly present in this current era of aggressive FCPA enforcement. For a variety of reasons, the FCPA and other anti-bribery law has traditionally not attracted much academic attention and analysis. Given my decade-long FCPA private practice experience, I bring an informed perspective to the FCPA and related issues and am not constrained by client concerns on what is often a sensitive, controversial topic. I actively write and speak (including testimony at the November 2010 Senate FCPA hearing) on FCPA topics, and I hope that all interested in the FCPA - in-house counsel, FCPA practitioners, compliance officers, government enforcement agencies, policy makers or others - find value in my perspectives, whether or not they ultimately agree with my substantive opinions.

Editor: What are the key components of an effective third-party investigation program?

Engelhart: I will address two levels of investigation. The first, the basic level , would include a comprehensive check of all available sanctions, embargo and watch lists, and PEP (politically exposed persons) databases, as well as a survey and analysis of business journals, websites, industry publications, and mainstream and local media. I would also include verification of corporate registration.

The next level, enhanced due diligence, would include the above findings as well as a field investigation, starting with a verification of corporate records, including any history of corporate misconduct, litigation, or other controversial behavior, such as significant political contributions or unreported government control. Special emphasis should be placed on identifying any relationship with governmental or political figures/families.

Next, the field investigation would include a clear understanding of the network of business partnerships or affiliations, including the reputation of the company and its principals; an on-site visit to validate the legitimacy of the company's business operations; criminal history checks with appropriate agencies and publicly available records; an interview of associates in political, business and social circles to uncover reputation; a review of corporate, civil and criminal documents and validation of financial records - where and when available; and research on principals with stakes of five percent or more.

Enhanced due diligence would also include a press review - searches of both native-language and English-language press, including local business reports and professional journals and industry and mainstream media - to determine the company's business reputation, any known controversy, major business activities and other social and business relationships of interest. Finally, we would conduct a review of regulatory concerns to ensure the company is compliant with local laws and regulations.

Together, these two levels of investigation control for "red flag" indicators of vulnerability to corruption, such as questionable history, politically exposed persons, criminal allegations, civil entanglements and other issues that might suggest a third party is at risk for corrupt practices.

Editor: What are some strategies to mitigate risk of enforcement and other litigation actions?

Koehler: Mitigating FCPA risk and collateral consequences is not a one-size-fits-all type of exercise. "Risk assessment" has become a buzzword, but it remains an important exercise for any company as it provides non-FCPA compliance benefits as well. For companies in certain industries operating in FCPA high-risk jurisdictions, a gold-plated FCPA compliance policy and program is often necessary to best manage and contain risk. For companies with a lower FCPA risk profile (perhaps because of where or how the company does business), a best-in-class FCPA compliance policy and program is often not necessary, despite marketing pitches to the contrary. That does not mean that this latter company should lack FCPA policies and procedures. I am not suggesting compliance complacency. What I am suggesting is a rational approach to FCPA risk management uniquely tailored to the company needs and risk profile.

Even so, the unfortunate reality for many companies is that they can spend (in good faith) hundreds of thousands, if not millions of dollars, on FCPA compliance per year. However, if a violation occurs, for instance, because a single employee or a small group of employees acted contrary to the company's policies, the enforcement agencies are likely to take the view that the company's FCPA compliance program was ineffective. This enforcement agency position is overly simplistic and is in need of rethinking. One of the great ironies of this new era of FCPA enforcement is that enforcement is increasing as FCPA compliance is increasing.

Editor: How should in-house counsel select an outside investigative firm? How can costs be contained?

Engelhart: The first step is to identify the situation in which outside agencies would be utilized and find firms that can assist with your particular research. Professional associations, colleagues and associates may provide a recommendation or referral. Second, verify the company is licensed, with no instance of improper or unethical investigation in the past. Third, obtain references and speak directly with current clients. Finally, have the firm sign a non-disclosure agreement and discuss price, turn time, contractual obligations and expectations of investigations.

As for costs, I can only speak for our system of pricing: investigative firms handle this differently. Before an investigator is hired to assist with research, they should be given a clear understanding of the objectives of the work to be performed. How many subject companies are there and what are their locations? Are individuals involved? If so, how many? Do the companies have affiliates or subsidiaries? If so, what are their locations? After the breadth of the investigation is understood, we prefer to give a cost and delivery time estimate. Based on our understanding of the time required and the parameters of the investigation, we may uncover additional areas of research that may be of use to the client. We then discuss those areas with the client and determine how best to proceed.

Koehler: Very carefully. Like engaging any third-party agent, do your due diligence on FCPA investigative counsel. Determine if the primary lawyers being considered are proponents of voluntarily disclosure; if so, make the firm defend this decision - it is often the key decision, including from a cost standpoint, in FCPA matters. Recognize that there may be regional differences in how FCPA matters are staffed and worked on. I do not believe it is necessary for investigative counsel to have prior DOJ or SEC enforcement experience to be an effective FCPA lawyer.

From a cost-containment standpoint, realize that an effective and thorough internal investigation can be completed without imaging every hard drive, without translating every document from the local language, and without interviewing every employee within the affected business unit or branch office. From experience, I can tell you that there is often a diminishing returns aspect to FCPA internal investigations.

Think long and hard about the voluntary disclosure decision, because it is likely that the enforcement agencies will not agree to resolve the enforcement action before asking "where else?" (i.e., if X conduct occurred in country A, convince us that X conduct also did not occur in countries B, C, D, and E). This "where else" question is sure to significantly increase the time and expense of resolving a disclosed matter but, in many cases, it is nothing more than a billing bonanza for all involved.

Editor: Have DOJ corporate leniency policies been successful in creating incentives for self-reporting and broader internal investigations initiatives?

Koehler: To the extent there are any leniency policies, they are ad hoc and generally not transparent. That is part of the problem. FCPA enforcement suffers from a lack of transparency like no other area of law. Most FCPA enforcement actions are resolved via non-prosecution agreements (NPAs) or deferred prosecution agreements (DPAs); thus, the enforcement theories and resolution decisions are not subjected to any judicial scrutiny (in the case of NPAs) or any meaningful judicial scrutiny (in the case of DPAs). Furthermore, there is little actual FCPA case law of precedential value guiding the enforcement theories.

The DOJ is in favor of self-reporting and encourages it because it makes their jobs easier and is very cost-effective from a budgetary standpoint. In the words of a former DOJ FCPA prosecutor "the government sees a profitable program, and it's going to ride that horse until it can't ride it anymore;" indeed, last year the DOJ's FCPA enforcement program accounted for approximately 50 percent of the Criminal Division's revenue.

The DOJ's policy of encouraging self-reporting has been good for many participants in FCPA Inc., which is a term I use to describe various interests within the FCPA realm - enforcement, internal investigations and compliance - that have become big business and an industry in and of itself over the past 3-5 years. However, let's take a step back and ask the basic question of why, in an adversarial legal system, self-reporting has become the norm.

Recognizing that there are relevant "carrots" and "sticks" to consider in the decision (as in most business decisions), I have never heard a convincing or persuasive argument on this issue. Thus, the apparent pushback on self-reporting is past due. Companies need to realize that thoroughly investigating an issue, promptly implementing remedial measures, and effectively revising and enhancing compliance policies and procedures - all internally - is a perfectly acceptable, legitimate and legal response to FCPA issues in all but the rarest of circumstances.

The enforcement agencies will tell you that they give credit for voluntary disclosures. However, from a strict dollars-and-cents perspective, realize this - if a company receives X percent credit because of its self-disclosure, it is likely that the company will have spent X plus ten percent more on legal fees and related expenses to obtain that X percent credit.

Please email the interviewees at or with questions about this interview.