Enforcement activity under the Obama administration often made headlines for the eye-popping level of fines, with the Foreign Corrupt Practices Act (FCPA), Anti-Money Laundering (AML) regulations, and economic sanctions maintained by the Office of Foreign Assets Control (OFAC) leading the way. The U.S. Department of Justice (DOJ), the Federal Bureau of Investigation (FBI), and the U.S. Securities and Exchange Commission (SEC) devoted substantial resources to criminal enforcement of these regulations, including through their application to non-U.S. companies operating outside the United States.
To avoid becoming enmeshed in this vigorous enforcement environment, most multinational companies have implemented enhanced regulatory risk management and compliance programs. Under a new Clinton administration, the continuation of the enforcement environment likely would have been a given, but that assumption ended when President Trump secured the 270th electoral vote. So with a new administration coming to town, a number of questions arise in the white collar world, including:
Will the aggressive enforcement activity under the Obama administration continue or even grow?
Will the U.S. government continue to emphasize enforcement of activities abroad, including against non-U.S. companies and for conduct occurring outside the United States?
Or will the new administration mark a change in the enforcement priorities of the U.S. government?
To help deal with the open questions regarding enforcement activity in the Trump Administration, this client alert presents the “top ten” questions every company potentially subject to U.S. jurisdiction should be thinking about. Previously issued client alerts discussed the future of national security (CFIUS) reviews,1 NAFTA,2 U.S. Customs,3 and international trade litigation4 (antidumping and countervailing duty measures and so forth) under the Trump administration; future client alerts will deal comprehensively with all international trade and regulatory areas where significant change could occur under the new administration.
Although President Trump has generally assailed government activity that stands in the way of the operation of business (including with regard to the FCPA, as discussed below), there is little to indicate President Trump’s views on white collar law enforcement. Nonetheless, there are numerous reasons to believe the Trump administration will continue to aggressively enforce what are commonly known as white collar crimes. The trend has been to enforce these crimes more aggressively under both Republican (George W. Bush) and Democratic (Obama) administrations. There is now an institutional apparatus to handle white collar enforcement, including dedicated FBI investigation resources, the creation of avenues to share information with foreign governments on white collar matters, established procedures to handle the large amount of data often generated by these cases, and increased hiring to support white collar enforcement (both through the addition of attorneys and the assignment of additional FBI agents) at the DOJ and dedicated personnel at other agencies (such as the SEC) that investigate these matters. And the regulatory agencies have established conduits to share information and coordinate potentially criminal matters.
The results show up in the numbers: enforcement of the FCPA has resulted in the collection of $4 billion in penalties over the course of the Obama administration, and OFAC/AML enforcement is well over $10 billion. This vast apparatus to handle white collar matters is not going away.
The DOJ is much more than a top-down organization that precisely mirrors changes in administration and the views of the current attorney general. Only a few persons are politically appointed; most of the DOJ consists of career prosecutors and agents. Thus, there is a certain institutional inertia that transcends changes at the political level. The long-term trend of increasing enforcement activity has been fostered and implemented as much at the lower level as it has been a top-down initiative, and it has institutional reasons to continue.
Nonetheless, the attorney general exercises a great deal of discretion regarding what cases are brought, where the DOJ focuses its enforcement attention, how the laws are interpreted, and how they are settled. With Senator Sessions surviving a hard-fought confirmation process to become Attorney General, the high degree of attention currently being paid to white collar matters likely will continue. Senator Sessions has nearly two decades of experience as a prosecutor in Alabama, both on the federal level (as an assistant U.S. attorney and then the U.S attorney for the Southern District of Alabama for 14 years) and state level (Alabama attorney general for two years). In his role as a federal prosecutor, Senator Sessions prosecuted savings and loan fraud, which was a major enforcement area during Mr. Sessions’ time as a federal prosecutor. In a 2002 Judiciary Committee hearing, Senator Sessions stated his view that vigorous enforcement of the savings and loan fraud cases during his time as a prosecutor led to “a lot better behavior in banking today” because, in his view, “[h]arsh sentencing does deter.”
These statements show an appreciation for the deterrent value of prosecuting white collar crime and a willingness to use prosecutions to send a message of compliance. Companies and corporate executives should not expect any lessening of the enforcement attention applied by the U.S. government under a prospective Attorney General Sessions.
Additional support for the continuation of the aggressive enforcement of white collar crimes is provided by the nomination of U.S. attorney Rod Rosenstein as the deputy attorney general (the second-highest position in the DOJ). Mr. Rosenstein is the longest-serving U.S. attorney. Appointing the only holdover U.S. attorney from the George W. Bush administration. As the person responsible for the day-to-day operation of the 113,000 employee DOJ shows support for continuity at the DOJ, both in terms of its operations and its enforcement priorities, especially since the FBI and the Bureau of Alcohol, Tobacco, Firearms and Explosives will report directly to him.
Predicting enforcement activity can be difficult, because events can have a large say in how the DOJ operates. When Attorney General Ashcroft was appointed in the George W. Bush administration, he came into an administration that was believed to have a pro-business tilt. There was little expectation that white collar enforcement activity would become a priority. But financial scandals and revelations of bribery led to a large ramp-up of government enforcement activity, culminating in the investigation of Siemens and the assessment of a record FCPA penalty. FCPA enforcement has been strong ever since.
Against this backdrop, we predict the following areas will see significant enforcement activity over the next four years:
Anti-Money Laundering. AML enforcement is likely to remain a priority, as it also is viewed as having terrorism and national security implications. Senator Sessions co-sponsored the Combating Money Laundering and Terrorist Financing Act of 2004, which would have combated money laundering by expanding RICO to cover funds related to illegal activities (embezzlement and fraud in the purchase of securities, illegal money transmission businesses, and so forth). Although the statute was not enacted, it indicates an approval of the aggressive use of the AML laws, a mindset favoring strong AML enforcement.
Cybersecurity. President Trump’s transition website states a plan for the Trump administration to “order an immediate review of all U.S. cyber defenses and vulnerabilities, including critical infrastructure, by a cyber review team of individuals from the military, law enforcement, and the private sector.”10 President Trump also has indicated he will instruct the DOJ to “create Joint Task Forces throughout the U.S. to coordinate Federal, State, and local law enforcement response to cyber threats.”11 Senator Sessions, in turn, supported the Cybersecurity Information Sharing Act of 2015, which would have enabled enhanced sharing of cyber threat information between government and private companies. Based on these positions, increased enforcement attention regarding cybersecurity breaches, and prosecution of same, appears likely. (Further information regarding cybersecurity under the new administration will be covered in a separate “top ten” questions article.)
Financial Fraud. Senator Sessions co-sponsored the SAFE Markets Act in 2009, which authorized the FBI to hire an additional 500 agents to investigate criminal misconduct that relates to U.S. financial markets, as well as an additional 50 assistant United States attorneys.12 Although the legislation was not enacted, it does indicate support for the aggressive use of enforcement resources in this area.
Health Care Fraud. Beyond stating that repealing the Affordable Care Act (Obamacare) would be a priority,13 and stating his general view that the federal government has a lot of “waste,” President Trump did not specifically focus on the issue of health care fraud. Nonetheless, the health care fraud provisions of the Affordable Care Act have a strong chance of being preserved, as it is unlikely that the Trump administration or Congress will want to be perceived as being soft on fraud. While the prioritization of other enforcement areas, such as national security, might divert resources from the issue of health care fraud, we expect that significant resources will continue to be devoted to this area.
Ever since the indictment of Arthur Anderson resulted in the demise of the firm, the perception has been that the DOJ weighs the “collateral consequences” of any indictment. In a 2012 speech, the head of the DOJ’s criminal division, Lanny Breuer, stated that the “collateral consequences of an indictment,” such as potential losses for corporate shareholders, jobs, and the potential to destroy a company factor into decisions by the DOJ in the Obama administration to bring charges.14
This view could well change under a Senator Sessions-led DOJ. In 2010, Senator Sessions questioned whether the DOJ should consider the collateral consequences of a criminal conviction for a corporation, stating that “I was taught if they violated a law, you charge them. If they didn’t violate the law, you don’t charge them.”15 Also, with regard to the DOJ’s investigation into BP over the Deepwater Horizon oil spill, he stated that BP “should be held liable for their responsibilities to the extent of their existence.”16 Both of these statements indicate that Senator Sessions might bring a more law-and-order view of enforcement to the DOJ, with enforcement activity being based solely upon consideration of whether a legal violation has occurred.
With regard to the way in which cases are prosecuted once the DOJ determines to go forward, Senator Sessions supports the aggressive use of electronic surveillance methods in criminal investigations, which could lead to a rolling back of certain electronic surveillance restrictions put in place by the Obama administration, such as the limitations on the bulk gathering of telephone records.
Another change could be to the contentious issue of when the DOJ can pressure companies and people to waive the attorney-client privilege and the attorney work product doctrines. The current approach is that the DOJ can request a waiver, and can consider whether the privileges were waived as an affirmative factor, but cannot punish a company or individual for not waiving privilege. But during a 2015 Senate Judiciary Committee hearing, Senator Sessions argued against this approach, noting that prosecutors regularly pressure street criminals to waive constitutional rights using threats of tougher penalties. Senator Sessions argued that the Justice Department should be able to use similar leverage against corporations, seeking to have them waive privilege in return for more lenient treatment.
Potentially yes. The use of Deferred Prosecution Agreements (DPAs) and Non-Prosecution Agreements (NPAs) has sharply increased under the Obama administration. DPAs and NPAs are agreements not to prosecute, with the DOJ (and other agencies, such as the SEC) agreeing to settle the cases based upon a recitation of the facts and enumerated conditions of settlement, generally including the payment of a penalty. Although the DOJ seldom used NPAs and DPAs as recently as 2003, the Obama administration has used them to settle a large proportion of its investigation. This is based upon the view, summarized by Assistant Attorney General Lanny Breuer, that DPAs and NPAs are a “powerful tool” because, “in many ways, a DPA has the same punitive, deterrent, and rehabilitative effect as a guilty plea.”17
Senator Sessions has raised concerns about resolving investigations in this fashion. Senator Sessions once stated that the use of NPAs and DPAs “undermine the rule of law by depriving the [DOJ’s] legal arguments of meaningful testing in a judicial forum.”18 While this statement does indicate a skepticism regarding the use of DPAs and NPAs, it remains to be seen whether a different view would prevail if Senator Sessions transitions to attorney general. Our view is that any attorney general overseeing a criminal enforcement division with a large case load and limited resources will always be looking for expeditious ways to bring investigations to a close, including through the use of NPAs and DPAs.
We expect the FCA will continue to be an important area of DOJ attention. The FCA provides a mechanism whereby individuals can file lawsuits regarding claims that persons and companies have defrauded governmental programs. Since the law includes a qui tam provision that allows persons who are not affiliated with the government (relators) to bring cases on behalf of the U.S. government, and to receive a portion of any recovered damages, activity under the FCA largely is driven by private actors bringing cases, with the DOJ becoming involved thereafter. The financial incentives for relators to file such cases are not going away.
One development that could have an impact is the manner in which the Affordable Care Act is amended/repealed, as that act contained amendments to the FCA that enhanced the ability of certain individuals to qualify as relators. The Supreme Court also has shown interest in this area, making the appointment of a new Supreme Court justice to replace Justice Scalia potentially important.
The Yates Memorandum (formally known as the Individual Accountability for Corporate Wrongdoing memorandum19 is the latest of a series of pronouncements regarding the increasing focus of the DOJ on individual liability for corporate crimes. Under the Yates memo approach, corporations cannot qualify for any cooperation credit unless they “provide to the Department all relevant facts relating to the individuals responsible for the misconduct.”20 The Yates memo also has other requirements regarding individuals, including announcing a reluctance to release individuals from liability. All information regarding individuals can then be viewed by the DOJ to determine whether it should focus enforcement attention on individual employees. This focus on individuals both deals with some criticisms of the DOJ for not prosecuting individuals regarding the sub-prime mortgage crisis, and also is consistent with the view stated by Assistant Attorney General Breuer that “the strongest deterrent against corporate crime is the prospect of prison time for individual employees.”21
Senator Sessions is likely to continue this focus on individuals. At a 2002 Judiciary Committee hearing regarding white collar crime, Senator Sessions stated his view that prosecution of individuals is essential for deterrence of criminal activity. As he stated: “I am going to tell you there is a lot better behavior in banking today because people went to jail over those cases in the past. They lost everything they had, their families were embarrassed, and a lot of people started checking to make sure they were doing their banking correctly.”22 Along these lines, in hearings involving white collar issues, Senator Sessions has stated that in cases of serious violations of law, “the crooks in the corporation [should] be sent to jail” and that sentences for white-collar violators “should not be a lot different than [for] somebody who robs a bank.”23 This endorsement of individual responsibility for corporate wrong-doing is consistent with the goals of the Yates memorandum — a point made by Sally Yates herself, who recently stated that “[h]olding individuals accountable for corporate wrongdoing isn’t ideological; it’s good law enforcement.”24
The U.S. government has put in place incentives to report wrongdoing, including in the high-profile area of the FCPA (where the SEC maintains a whistleblower program for publicly traded companies). Senator Sessions appears to approve of such efforts, having stated that “whistleblowers can be a critical part of discovering frauds that may be of a massive nature,” making whistleblower programs “a legitimate part of our enforcement effort.”25 This mindset may lead to support for enhanced whistleblower programs, especially when considered alongside evidence that such programs as the one implemented at the SEC have been successful. (Further information regarding the potential repeal of the Dodd-Frank Act, and its impact on the whistleblower program, will be covered in a future client alert.)
Across a variety of enforcement contexts, the U.S. government has used aggressive theories of agency, tangential contact with the territorial United States (such as the sending of a single email from within the United States), or the unplanned/unknown use of the U.S. financial system as a means of asserting jurisdiction. As a result, the U.S. government, in some ways, has become the world’s white collar policeman. For example, 7 of the 10 largest FCPA actions have targeted non-U.S. companies for activities largely taking place outside of the United States, and many of the recent large OFAC settlements have targeted non-U.S. financial institutions (particularly in Europe).
It is unlikely the U.S. government will cease using such theories, because they are such a useful way of asserting jurisdiction. Nonetheless, as more individuals are charged (see above), the number of cases going to court is likely to rise, because individuals facing jail time are far more likely to fight enforcement activity than are corporations, which often want to settle investigations and move on. These cases likely will target jurisdiction based upon attenuated contact with the United States, the U.S. economy, or the U.S. financial system. Thus, judicial review may lead to restrictions on the use of such jurisdictional theories. Otherwise, we do not see a likely decline in the use of these aggressive jurisdictional theories.
Regardless of the enforcement priorities of the new administration, the days where enforcement actions could be considered a “cost of doing business” are long gone. Large penalties and the poor publicity that accompanies high-profile compliance lapses have ensured that regulatory risk management is going to remain a corporate priority for the foreseeable future.
Although the topic of regulatory risk management is complicated, and best performed based upon an evaluation of the individual risk profile, scope of business operations, and compliance culture of an individual company, the following are the six areas where corporations (especially multinational corporations) should focus their risk-management attention:
Compliance Program. At most organizations, there are anywhere between 18 and 22 key regulatory areas that are the subject of detailed compliance policies.27 These policies should dovetail with the company’s code of conduct/code of ethics and internal controls/standard operating procedures. The focus should be on making the policies effective, including through making them short and easy to understand and tailoring them to the organization’s unique risk and business profile.
Compliance Infrastructure. There can be a major difference between how compliance is envisioned at headquarters and how it actually is implemented in the field. Often this is because compliance is viewed as a top-down affair, with insufficient attention being given to the administration of the compliance program, especially at multinational corporations. Organizations, accordingly, should take the time to evaluate their compliance infrastructure, including by determining whether the organization has sufficient compliance liaisons at different divisions and regions/countries, whether there is an adequate two-way flow of information regarding compliance topics and compliance lapses, and whether the compliance infrastructure is supported by adequate resources.
Internal Controls. Internal controls, along with written compliance policies and training, are one of the three legs of a properly functioning compliance program, yet they are often neglected. But the compliance mission is not satisfied by the mere promulgations of even a well-written compliance policy. Organizations should look for areas where compliance response can be institutionalized and governed by internal controls that systematize the compliance function. Examples of common internal controls include Gifts, Meals, Entertainment & Travel policies for antibribery compliance, screening protocols for economic sanctions, and know-your-customer controls for AML.
Training. Effective compliance requires frequent training, yet too many organizations provide training at orientation and leave it at that. The U.S. government, however, has communicated that it does not give any mitigating credit in an enforcement action to “paper programs” that look good as written, but are not consistently applied or understood at the organization. Training should be tailored to the audience, being more in-depth for personnel at highest risk and made relevant to the audience through the provision of actual examples likely to be encountered. Detailed logs of training, including when it occurred, who was trained, and the actual training materials relied upon and used should be kept for a minimum of five years past the time when the personnel remain at the company.
Audits. Finally, the days when an organization could launch a compliance program and then let it run on auto-pilot are long gone (if they ever existed). Effective compliance, at least in high-risk areas, requires that organizations continually assess the state of compliance efforts, benchmark them against industry competitors, and update the compliance program and internal controls based on the gathered learning. Companies accordingly should establish a multi-year compliance audit schedule in which key compliance measures are evaluated and processes established to enhance compliance efforts. The areas/divisions/regions to be examined should be established using risk-based principles.
Looking for More Help? Further information regarding compliance best practices, including a sample risk-assessment questionnaire and an international compliance guide listing best practices for high-risk laws, is available by contacting the authors at email@example.com and firstname.lastname@example.org.
* * *
NOTE: The international climate for U.S.-based multinational companies and non-U.S. based companies that sell into the United States has never been more uncertain. The Foley Export Controls & National Security Group will be issuing a series of “ten question” alerts related to the transition to a new administration, including with regard to such international regulatory topics as the future of NAFTA (already issued),28 International Trade (antidumping, countervailing duty, and safeguard) actions (already issued),29 Customs & Border Protection (already issued),30 CFIUS reviews31 (already issued), economic sanctions and export controls, the FCPA, and cybersecurity. If you would like to be put on a mailing list for these and other alerts related to the international regulatory environment, please contact Greg Husisian, head of Foley’s Export Controls & National Security Practice, at email@example.com or 202.945.6149.
1 See Gregory Husisian, “CFIUS and the New Trump Administration: Your Top Ten Questions Answered,” https://www.foley.com/cfius-and-the-new-trump-administration-your-top-ten-questions-answered-01-25-2017/.
2 See Gregory Husisian and Robert Huey, “NAFTA and the New Trump Administration: Your Top Ten Questions Answered,” https://www.foley.com/nafta-and-the-new-trump-administration-12-01-2016/.
3 See Gregory Husisian and Robert Huey, “U.S. Customs and the New Trump Administration: Your Top Ten Questions Answered,” https://www.foley.com/us-customs-and-the-new-trump-administration-your-top-ten-questions-answered-02-07-2017/.
4 See Gregory Husisian and Robert Huey, “International Trade Litigation and the New Trump Administration: Your Top Ten Questions Answered,” https://www.foley.com/International-Trade-Litigation-and-the-New-Trump-Administration-Your-Top-Ten-Questions-Answered-01-06-2017/.
5 Penalties for White Collar Crime: Hearing Before the Subcomm. on Crime and Drugs of the S. Comm. on the Judiciary, 107th Cong. 176 (2002) (Statement of the Hon. Jeff Sessions).
6 See FCPA Professor, “The FCPA is a Horrible Law and It Should be Changed,” http://fcpaprofessor.com/donald-trump-the-fcpa-is-a-horrible-law-and-it-should-be-changed/.
7 See Ken Guggenheim, “Republican Senators Push for Tighter Export Controls,” Associated Press (Mar. 10, 2003); David Clarke, “Hill Republicans Want Bush Help on Export Controls,” CQ Homeland Security – Technology (Mar. 11, 2003).
8 See Ken Guggenhein, “GOP Senators Seek Tighter Export Controls,” http://www.myplainview.com/news/article/GOP-Senators-Seek-Tighter-Export-Controls-8861452.php.
11 See Donald J. Trump’s Vision – Cybersecurity, available at https://www.donaldjtrump.com/policies/cyber-security.
13 See “Healthcare Reform to Make America Great Again,” available at https://www.donaldjtrump.com/positions/healthcare-reform.
14 See “Assistant Attorney General Lanny A. Breuer Speaks at the New York City Bar Association” (Sept. 13, 2012), available at https://www.justice.gov/opa/speech/assistant-attorney-general-lanny-breuer-speaks-new-york-city-bar-association.
15 Nomination of James Michael Cole, Nominee To Be Deputy Attorney General, U.S. Department of Justice: Hearing Before the S. Comm. on the Judiciary, 111th Cong. 99 (2010) (Statement of Senator Sessions).
16 Nomination of James Michael Cole, Nominee To Be Deputy Attorney General, U.S. Department of Justice: Hearing Before the S. Comm. on the Judiciary, 111th Cong. 98 (2010) (Statement of Senator Sessions).
17 See Assistant Attorney General Lanny A. Breuer Speaks at the New York City Bar Ass’n (Sept. 13, 2012), available at www.justice.gov/opa.speech/assistant-attorney-general-lanny-breuer-speaks-new-york-city-bar-association.
18 Protecting American Taxpayers: Significant Accomplishments and Ongoing Challenges in the Fight Against Fraud: Hearing Before the S. Comm. on the Judiciary, 112th Cong. 54 (2011) (Questions Posed by Senator Jeff Sessions).
20 See Sally Quillian Yates, “Individual Accountability for Corporate Wrongdoing” (Sept. 9, 2015), available at https://www.justice.gov/dag/file/769036/download.
21 See Assistant Attorney General Lanny A. Breuer Speaks at the New York City Bar Ass’n (Sept. 13, 2012), available at www.justice.gov/opa.speech/assistant-attorney-general-lanny-breuer-speaks-new-york-city-bar-association.
22 Penalties for White Collar Crime: Hearing Before the Subcomm. on Crime and Drugs of the S. Comm. on the Judiciary, 107th Cong. 176 (2002) (Statement of Hon. Jeff Sessions).
23 Penalties for White Collar Crime: Hearing Before the Subcomm. on Crime and Drugs of the S. Comm. on the Judiciary, 107th Cong. 177 (2002) (Statement of Hon. Jeff Sessions).
24 See C. Ryan Barber, “Yates ‘Optimistic’ Trump Won’t Trash Namesake Enforcement Memo” (New York L.J.) (Dec. 1, 2016) (quoting Deputy Attorney General Sally Yates).
25 Effective Strategies for Preventing Health Care Fraud: Hearing Before the S. Comm. on the Judiciary, 111th Cong. 3 (2009) (Statement of Hon. Jeff Sessions).
26 A risk-assessment questionnaire that provides a good starting point for assessing regulatory risk at most multinational corporations is available by sending an email to firstname.lastname@example.org or by contacting him at 202.945.6149.
27 A starting list of typical core policies that should be considered by most organizations is available by sending an email to email@example.com or by contacting him at 202.945.6149.
29 See Gregory Husisian and Robert Huey, “International Trade Litigation and the New Trump Administration: Your Top Ten Questions Answered,” available at https://www.foley.com/International-Trade-Litigation-and-the-New-Trump-Administration-Your-Top-Ten-Questions-Answered-01-06-2017/.
30 See Gregory Husisian and Robert Huey, “U.S. Customs and the New Trump Administration: Your Top Ten Questions Answered,” https://www.foley.com/us-customs-and-the-new-trump-administration-your-top-ten-questions-answered-02-07-2017/.
31 See Gregory Husisian, “CFIUS and the New Trump Administration: Your Top Ten Questions Answered,” https://www.foley.com/cfius-and-the-new-trump-administration-your-top-ten-questions-answered-01-25-2017/.