Imposing about $6.4 billion penalties in 2020, the Department of Justice (DOJ) is cracking down on enforcing the US Foreign Corrupt Practices Act (FCPA).

In March 2019, the DOJ updated the FCPA Corporate Enforcement Policy with a few changes and clarifications. Knowing these updates to FCPA compliance is essential to protecting your organization's assets and reputation.

Ephemeral Messaging Platforms are No Longer Off-Limits

When considering enforcement action, the DOJ and Securities and Exchange Commission (SEC) take into account a company's cooperation with the investigation, the strength of their compliance program and their remediation actions.

In the past, FCPA compliance guidelines stated that organizations that used ephemeral messaging apps such as WhatsApp and WeChat could not receive full credit for remediation. The most recent FCPA compliance, though, allows disappearing messaging apps to be used at work, as long as the company:

• implements "appropriate guidelines and controls" to ensure the platforms properly retain business records
• establishes procedures guaranteeing the preservation of business records
• trains employees on those procedures
• complies with their document retention and destruction policies with respect to the apps

Interview Coordination with the DOJ is Limited

Updates to FCPA compliance also clarify the de-confliction policy. Many companies view de-confliction (the requirement that companies coordinate investigation interviews with the DOJ) as a way for the DOJ to control internal investigations.

Now the enforcement policy states that de-confliction only applies to circumstances where it's "requested and appropriate." This means that the DOJ won't directly interfere with internal investigations.

A footnote in the document states: "Although the Department may, where appropriate, request that a company refrain from taking a specific action for a limited period of time for de-confliction purposes, the Department will not take any steps to affirmatively direct a company’s internal investigation efforts."

RELATED: Human Resources and Foreign Corrupt Practices Act (FCPA) Compliance

Acquiring Companies Aren't Punished For Failure to Perform Pre-Acquisition Due Diligence

In 2018, Deputy Assistant Attorney General Matthew S. Miner made a speech announcing that in mergers and acquisitions, "a successor company’s voluntary disclosure, appropriate due diligence, and implementation of an effective compliance program" may decrease the chances of "an enforcement action regarding an acquired company’s post-acquisition conduct when pre-acquisition due diligence is not possible."

Updates in the enforcement policy codify this announcement. Acquiring companies should establish a strong compliance program in order to get full credit. If a company cooperates fully and self-discloses misconduct, criminal charges will likely not be brought against them.

You Don't Need to Share All Employee Information

The final change to the enforcement policy formalizes a 2018 speech by Deputy Attorney General Rod J. Rosenstein. He had announced that companies seeking FCPA compliance with the cooperation requirement would no longer be required to share information about every employee connected to the alleged misconduct.

As outlined in the new enforcement policy, an organization must now disclose "all relevant facts known to it, including all relevant facts about all individuals substantially involved in or responsible for the violation of law" [emphasis added]. This allows companies to keep some privacy while still prioritizing pursuit of individuals who performed the misconduct.

The DOJ gives organizations credit for performing consistent, thorough and accurate internal investigations with clear documentation. Capture the details with our free investigation report template.

FCPA compliance can be tricky to navigate, especially with evolving enforcement priorities. Keep up changes to protect your company from reputation damage and hefty fines.