Year in Review: Top Anti-Corruption Enforcement and Compliance Trends and Developments and What to Watch For in 2023

Winter 2023, Covington Alert

What You Need to Know:

The number of resolved enforcement actions and the amount of monetary sanctions recovered in 2022 approximately doubled in the United States compared to 2021.
International coordination is as strong as it ever has been—all of the Department of Justice’s (“DOJ” or the “Department”) corporate enforcement actions in 2022 (excluding declinations) involved parallel resolutions with foreign enforcement authorities.
In the courtroom, DOJ continued to argue for broad extraterritorial application of the FCPA. While the Second Circuit dealt a setback to DOJ in U.S. v. Hoskins, the Fifth Circuit ruled in favor of DOJ in U.S. v. Rafoi-Bleuler. DOJ will likely continue to advocate for broad extraterritorial reach of the FCPA along the lines pursued in Hoskins and Rafoi-Bleuler, but DOJ’s mixed litigation track record in this area suggests that it will continue to be a battleground issue.
DOJ released two major policy pronouncements in late 2022 and early 2023 that underscored the Department’s continued focus on encouraging companies to voluntarily self-disclose wrongdoing—first in September by Deputy Attorney General (“DAG”) Lisa Monaco and then in January by Assistant Attorney General (“AAG”) for the Criminal Division Kenneth Polite. Taken together, these policy statements add nuance to the carrot-and-stick approach taken by DOJ in recent years, and they offer the strongest incentives to date to voluntarily self-disclose misconduct, particularly for recidivists, even as uncertainty around how the policies will be implemented in practice remains.
On the compliance front, DOJ aimed the spotlight on three topics: preservation of communications on personal devices and ephemeral messaging applications; compliance-related financial incentives and disincentives, including compensation clawbacks; and leveraging data to identify risks. Although considerable questions remain surrounding DOJ’s expectations in each of these areas, one thing is clear: DOJ expects compliance professionals to be intentional in developing, without delay, more effective tools and approaches to preserve evidence, tie compensation to compliance, and integrate data analytics into their compliance programs.
Looking outside the U.S., anti-corruption enforcement and regulation continue to gain traction in most regions. On the legislative front, in Europe, the EU parliament has announced an anti-corruption package, and the UK is deliberating a bill that would strengthen the enforcement powers of the Serious Fraud Office (“SFO”). In Asia, South Korea, Japan, and China have issued new policies restricting public officials from using their positions for personal gain, protecting whistleblowers, and punishing bribe-payers. Africa saw multiple notable enforcement outcomes, particularly in South Africa. Anti-corruption enforcement frameworks remain in earlier stages in Latin America, although U.S. focus in the region has helped support parallel enforcement proceedings by local authorities.

Overview

The past year saw an upward trend in U.S. anti-corruption corporate enforcement activity as corporate enforcement numbers doubled—both in the number of enforcement actions and the monetary sanctions imposed—from the notably few corporate enforcement actions in 2021. While the 2022 enforcement statistics do not stand out when compared to enforcement levels of the past 10 years, and although the investigations resolved in 2022 likely began at least two to three years ago, the recent increase may suggest the start of an upward trend in enforcement. Much will depend on whether enforcement agencies can more successfully move their cases to resolution than we saw during the height of the pandemic, as well as the effect of recent policy changes intended to encourage more voluntary self-disclosures.

Building on significant policy announcements from 2021 (covered here), DAG Lisa Monaco, in a September 2022 speech and memorandum (“the Monaco Memo”) signaled tougher treatment for companies that do not voluntarily disclose misconduct or meet DOJ’s expectations regarding cooperation and remediation. DOJ again made headlines in early 2023 when AAG for the Criminal Division Kenneth Polite announced an updated Criminal Division Corporate Enforcement and Voluntary Self-Disclosure Policy (the “Corporate Enforcement Policy”), providing new pathways for companies to receive more favorable settlement outcomes, subject to meeting heightened expectations for voluntary self-disclosure, cooperation, and remediation. As we move further into 2023, we will be watching the Criminal Division’s implementation of the Corporate Enforcement Policy, as well as whether other DOJ components follow the Criminal Division’s lead in offering additional incentives, beyond the baseline benefits announced in the Monaco Memo, for companies to encourage voluntary self-disclosure, cooperation, and remediation. But for companies facing Fraud Section inquiries, as well as enforcement from other DOJ criminal components, the Monaco Memo and the Corporate Enforcement Policy make clear that voluntary self-disclosure, full cooperation, and timely and appropriate remediation during the course of a DOJ criminal investigation will pay dividends, as was reflected in the resolution outcomes in 2022.

Turning to compliance developments, regulators continue to expect well-resourced, risk-based compliance programs that are tested for effectiveness. DOJ underscored this focus on “effective compliance programs” when it brought on two new hires with private sector executive compliance experience, who will bolster the agency’s assessment of compliance programs and data-driven compliance analytics. In the near term, companies should continue fine-tuning their compliance policies and controls, in particular ones related to stated areas of interest for DOJ. As examples, coming out of 2022, companies should be looking to understand whether and how employees use personal devices and ephemeral messaging platforms as part of their work, consider what role compliance-linked financial incentives and disincentives can play in employee compensation, and renew the focus on what company data can be leveraged to inform compliance efforts. These areas are evolving rapidly, and we expect regulators to provide additional guidance on their expectations in these areas in the coming months.

Looking abroad, the most visible anti-corruption enforcement activity and policymaking was concentrated in Europe, Asia, and Africa, while countries in Latin America struggled to gain traction locally. Globally, enforcement actions were supported by the U.S. enforcers’ dedication to international cooperation and coordination over the course of 2022, with all but one of the U.S. enforcement actions this year involving information-sharing with foreign enforcement authorities, and all five DOJ enforcement actions involving parallel foreign resolutions.

Below we cover the top anti-corruption enforcement trends from 2022, both domestically and internationally, and what they mean as we look ahead to 2023. This linked chart summarizes the FCPA corporate enforcement actions from the past year.

Domestic Corporate Enforcement Picks Up, with Help from Partners Abroad

Following the dip in 2021, 2022 saw an uptick in FCPA corporate enforcement actions, with the number of resolutions and total monetary sanctions both approximately doubling. The pace of announced resolutions accelerated in the last few months of 2022, with five of the years’ ten corporate resolutions being announced in the last four months of the year. The ten resolutions in 2022 included two declinations. Given that FCPA investigations often take multiple years to investigate and resolve, we expect that most if not all of this year’s resolutions were initiated prior to the Biden Administration; we will be watching to see whether the upswing continues as Biden Administration-initiated actions begin to conclude. Several key takeaways can be drawn from 2022’s FCPA corporate resolutions.

International Coordination

Although the enforcement numbers are not record breaking, the level of coordination with regulators and law enforcement agencies around the world is. All of DOJ’s FCPA corporate enforcement actions in 2022 (excluding declinations) involved parallel resolutions with regulators outside the U.S. In particular, the close relationship between U.S. regulators and Brazilian authorities was on full display, with coordinated resolutions in three of DOJ’s five parallel enforcement actions. Further, all but one of DOJ’s and U.S. Securities and Exchange Commission’s (“SEC” or the “Commission”) enforcement actions involved at least some level of information sharing with foreign authorities. U.S. regulators have placed increasing emphasis on international coordination in the past few years, and the resounding message is that “the recent trend of coordinated investigations and resolutions is here to stay.” These efforts may be bolstered through formalized agreements between countries making such coordination easier, such as an agreement entered into by the U.S. and the UK in October allowing authorities from the two countries to more easily access each other’s data to combat “serious crimes,” including bribery and money laundering violations.

Voluntary Disclosures Led to Declinations

DOJ’s FCPA declinations are also worthy of attention. After a nearly two-year hiatus, DOJ announced two declinations with disgorgement in 2022, one for Jardine Lloyd Thompson (“JLT”), a British reinsurance company, and the second for Safran, a French aircraft manufacturer. Notably, JLT and Safran were also the only two companies that received credit in 2022 for making voluntary disclosures to the Department in FCPA matters, underscoring the tangible benefit of voluntarily self-disclosing—a benefit that is further amplified for certain companies following the release of the Corporate Enforcement Policy. In addition, the value of post-acquisition compliance diligence and integration efforts evidenced in Safran’s case warrants special mention. Despite the seriousness of the misconduct (millions of dollars in alleged improper payments over the course of 15 years), DOJ declined to prosecute for, among other reasons, speedy voluntary disclosure of misconduct identified “through post-acquisition due diligence.” Both JLT and Safran were credited for providing “full and proactive cooperation,” as well as terminating engagements of involved individuals and entities (for Safran, an employee; for JLT, an executive and a third party). Safran also received credit for “withholding deferred compensation for a former employee,” in line with DOJ’s emphasis on financial compliance incentives and disincentives, discussed further below. These two cases, coupled with the Corporate Enforcement Policy (discussed further below and in our recent alert), may cause some companies to further assess the possible benefits of voluntary self-disclosure.

The CFTC Further Established its Role as an Anti-Corruption Enforcement Authority

While DOJ and the SEC are the traditional foreign anti-bribery enforcers in the U.S., the U.S. Commodity Futures Trading Commission (“CFTC”) is working to solidify its role as a third player in the arena. This year the CFTC brought its second coordinated case with DOJ since it began targeting foreign bribery several years ago. In May, Glencore, a Swiss commodity trading and mining company, entered into a global resolution of over $1 billion involving DOJ, the CFTC, the SFO, and Brazil’s Ministério Público Federal. Glencore and a subsidiary also pled guilty to one count of conspiracy to violate the FCPA and one count of conspiracy to engage in commodity price manipulation. The FCPA violation was in connection with an alleged decade-long scheme to bribe government officials in several countries in Africa and South America to obtain business advantages in crude oil contracts and other activities. The commodities violations included, among other allegedly improper activities, alleged “corrupt payments in exchange for improper preferential treatment and access to trade of oil and oil products with [state owned enterprises].” Following the CFTC’s 2019 announcement that it would prosecute misconduct related to foreign bribery, and with two coordinated prosecutions under its belt, the CFTC is another regulator to watch in the anti-bribery space. We note, however, that the CFTC’s jurisdiction remains limited to the commodities industry, so we do not expect the CFTC’s foreign bribery enforcement to outpace the SEC’s or DOJ’s in the long run.

Collateral Consequences Continue to Stack Up

Following a recent trend, in 2022 companies continued to experience post-resolution collateral consequences arising in the wake of agency-led enforcement. Glencore faced a $50 million restitution claim from a medical company in October, while Mexico’s petroleum company Pemex resolved another restitution claim against Glencore via a confidential agreement. Outside the U.S., Greece sued Novartis in June, alleging damages related to a bribery scheme that was the subject of a 2020 FCPA resolution. These follow-on cases underscore that the true cost of FCPA enforcement activity can extend beyond the monetary sanctions imposed in the resolutions themselves, further emphasizing the value of proactively investing in compliance and controls.

Individual Prosecutions Remain a Top Priority

As discussed in a recent alert, DOJ continues to focus on individual prosecutions, looking to hold the perpetrators of wrongdoing personally responsible. In a January 2023 speech, AAG Polite announced that the Fraud Section convicted more than 250 individuals in the past year, building on DAG Monaco’s 2021 announcement signaling the Department’s commitment to prioritize prosecution of individuals engaged in corporate wrongdoing. In this regard, DOJ prosecutions maintain a focus on Latin America through the use of both anti-corruption and anti-money laundering statutes to prosecute private citizens and government officials alike, particularly in the oil and gas sector.

Courts Continue to Weigh in on DOJ Theories of Extraterritorial Liability and Privilege

During the past year and in early 2023, developments in the courtroom have yielded mixed results on DOJ’s FCPA enforcement reach, while also providing reminders of best practices when conducting investigations.

For years, DOJ has been vigorously defending the extraterritorial application of the FCPA, arguing that it has the authority to target allegedly corrupt actors around the world, as we previously discussed here and here. In August, the Second Circuit affirmed the post-trial acquittal of Lawrence Hoskins, a UK national and former executive at Alstom SA, finding that Hoskins could not be held liable under the FCPA as an agent of a U.S. company. As we previously covered, the court ruled that the government presented insufficient evidence to demonstrate that Hoskins, a foreign citizen, was an agent of Alstom’s U.S. subsidiary because the subsidiary did not control Hoskins’s actions and he did not have the authority to act on the subsidiary’s behalf. After almost 10 years of litigation, DOJ accepted the decision in November, letting the deadline for an en banc review or Supreme Court appeal pass without action.

Earlier in 2022, Judge Kenneth Hoyt in the Southern District of Texas issued a similar ruling in U.S. v. Leon-Perez, dismissing charges of a conspiracy to violate the FCPA for lack of jurisdiction because the government could not establish that the defendant, a Portuguese and Swiss citizen, was an agent of a U.S. company, or participated in a conspiracy, based on conduct that the defendant engaged in abroad. Further, in Leon-Perez Judge Hoyt also rejected DOJ’s argument that it could successively toll the statute of limitations by making multiple Mutual Legal Assistance Treaty (“MLAT”) requests (which can allow for an extension of the statute of limitations by up to three years). This decision followed Judge Hoyt’s 2021 ruling in U.S. v. Rafoi-Bleuler, also granting a dismissal due to lack of jurisdiction over a foreign citizen (covered here and here). On consolidated appeal of Judge Hoyt’s decisions, DOJ argued forcefully, as it did in Hoskins, that conspirator liability extends to individuals abroad who conspire with U.S. citizens and that the two defendants’ actions made them agents of a domestic concern under the FCPA. In a win for DOJ, the Fifth Circuit reversed the district court’s dismissals and reinstated the FCPA charges. While the court declined to rule on whether an individual falling outside one of the enumerated categories of covered persons in the FCPA can be held liable as a conspirator under a secondary-liability theory, the court determined that the term “agent” in the FCPA is not unconstitutionally vague as a basis for jurisdiction. Overturning the district court, the Fifth Circuit also ruled that successive MLAT requests can toll the statute of limitations for a given defendant, and that the government is only precluded from seeking additional tolling once an indictment has been entered against the defendant.

While DOJ has conceded in Hoskins, the decision in Rafoi-Bleuler is likely to keep alive the battle over the jurisdictional reach of the FCPA in the years to come. Practitioners would do well to carefully assess agency-based theories of liability that may be at issue in their cases.

Recent decisions in United States v. Coburn, out of the District of New Jersey, also offer an important reminder of the waiver risks inherent in sharing certain materials with, and proffering to, the government during an investigation. In Coburn, an individual prosecution tied to Cognizant’s FCPA resolution in 2019, the court found in February and April 2022 that the company had effected a subject-matter waiver over attorney-client privileged materials, including interview memoranda. The decision was premised on the fact that these materials had been disclosed to DOJ, then a potential adversary, both directly and through presentations and oral summaries providing detailed accounts of 42 interviews with 19 employees. Coburn follows cases in the Southern District of Florida (SEC v. Herrera) and the Southern District of New York (SEC v. Vitesse Semiconductor Corp.), which similarly found that providing information to enforcement agencies, particularly oral downloads of interviews, can result in waiver of otherwise-protected investigation materials. Companies and their counsel who are seeking full cooperation credit in the midst of a government investigation should follow best practices to mitigate the risk of a downstream disclosure due to a privilege waiver including: focusing government proffers on non-privileged facts; avoiding “read outs” of witness interviews and instead presenting relevant facts, themes, and observations; and including a carve-out for privileged materials when negotiating a resolution agreement that includes a cooperation obligation.

DOJ Leads on Corporate Enforcement Policies

The Monaco Memo and Corporate Enforcement Policy

Turning to policy developments, 2022 was defined by the speech and memorandum issued by DAG Monaco in September, which built further on a foundation laid by the DAG in another policy announcement in October 2021. As we discussed in our alert, the Monaco Memo signaled harsher treatment for companies that do not voluntarily disclose misconduct, fully cooperate with DOJ investigations, and effectively remediate. Just a few weeks into 2023, AAG Polite announced an updated Corporate Enforcement Policy for the Criminal Division. The Corporate Enforcement Policy, as described in our recent alert, makes substantial new benefits available to companies that are willing to meet heightened expectations for voluntary self-disclosure, cooperation, and remediation. This development will be particularly welcome for recidivist companies and companies facing DOJ investigations and resolutions in the presence of other aggravating circumstances.

The updates to the Corporate Enforcement Policy indicate that the Criminal Division is focused on: (1) bringing more companies to the table voluntarily; and (2) convincing companies of the value of robust cooperation with regulators and thorough remediation throughout investigations. Reading between the lines, the Corporate Enforcement Policy’s carrots, which go well beyond the baseline benefits mandated across DOJ criminal enforcement components in the Monaco Memo, suggest that the Criminal Division was not satisfied with the level of voluntary self-disclosure, and perhaps cooperation and remediation, that it was seeing under the Division’s prior Policy, which was put in place for FCPA cases in 2017. Almost seven years since the FCPA Pilot Program (the precursor to the Corporate Enforcement Policy and its predecessor) launched, companies can expect that the Criminal Division has a wealth of experience that will allow it to differentiate between run-of-the-mill cooperation and remediation efforts, and efforts that go above and beyond and meet the new “extraordinary” standard required to obtain a declination with disgorgement in the presence of aggravating circumstances. Accordingly, as we have long advised our clients, from Day 1 of an investigation, cooperating companies seeking to obtain the most favorable resolution outcome would be wise to commit to active engagement with regulators and, in parallel, stand up a compliance workstream to remediate and test enhancements.

Although echoing some of the Monaco Memo’s themes at various conferences, the SEC did not put forward any of its own official guidance in the FCPA or corporate enforcement spaces in 2022. The SEC has long had the flexibility to follow DOJ’s more prescriptive lead under the two documents guiding SEC officials on resolving investigations: the Seaboard Report and the Statement of the Securities and Exchange Commission Concerning Financial Penalties. Both provide lists of non-exhaustive criteria, such as remedial efforts undertaken by the company and the extent of cooperation with the Commission and other law enforcement, to be considered in reaching enforcement judgements, and vest considerable discretion in SEC officials to determine whether and how to weigh these and/or other criteria. In comparison to DOJ’s push towards transparency and predictability, companies facing SEC enforcement may find it frustrating that the SEC remains more of a black box. While the Commission’s policy priorities may not be as clear as DOJ’s, the SEC’s continued promotion of and investment in its whistleblower program suggests that the Commission is interested in maintaining a healthy pipeline of corporate enforcement cases, especially on the heels of the highest number of whistleblower reports ever in 2022 and amended rules to further incentivize whistleblower tips.

With Heightened Post-Resolution Compliance Reporting Requirements and New CEO/CCO Certifications, Companies Should Prepare for Greater DOJ Involvement in Policing Compliance

In late 2021, DOJ announced that prosecutors would no longer be applying a Trump-era presumption against the imposition of compliance monitors as part of corporate resolutions, as we previously covered here and here. While only two of the ten corporate anti-corruption enforcement resolutions in 2022—Stericycle and Glencore—saw the imposition of an independent monitor, other companies were left to manage increasingly stringent compliance reporting requirements on their own. As part of resolutions not involving monitorships, companies historically have agreed to periodic self-generated compliance reporting throughout the duration of the resolution period, typically involving an initial review and report on remediation to date and proposals for future remedial efforts, followed by follow-up written reports assessing the design and strength of the company’s anti-corruption policies and procedures. These requirements typically were light on detail, leaving much to the companies in terms of process and content.

Beginning with Credit Suisse’s Deferred Prosecution Agreement (“DPA”) in October 2021, however, every DPA that has not required a monitor has instead contained enhanced corporate compliance reporting requirements, which include more detailed expectations for the compliance reporting process. As part of what now may be the new normal for DPAs, companies are required to submit initial and follow-up “workplans” to DOJ that identify with “reasonable specificity” how the company will review and test each element of its compliance program. Companies are still required to submit both initial and follow-up reports; however, the initial review and report now must cover an enumerated list of areas, including employee and third party interviews as part of the review and details on “testing conducted to evaluate the effectiveness of the compliance program and the results of that testing” as part of the report. Some companies (Credit Suisse and ABB) were also required to meet with the government on at least a quarterly basis to discuss with the government the status of their ongoing compliance reviews and any compliance proposals. Time will tell whether the same heightened obligations will be included in future non-prosecution agreements (“NPAs”) (the Department has not entered into an NPA since July 2019), as well as in all future DPAs.

These heightened compliance reporting requirements build on DOJ’s focus on promoting and policing compliance during the term of a settlement agreement, as first articulated by DAG Monaco in October 2021 (and discussed in our alert), particularly when combined with new CEO and CCO compliance certifications being imposed in DOJ enforcement actions. Announced by AAG Polite in March 2022 (and covered in our alert), these certifications are included in resolution documents and require the company’s CEO and CCO “to certify at the end of the term of the [DPA or NPA] that the company’s compliance program is reasonably designed and implemented to detect and prevent violations of the law [. . .], and is functioning effectively.” And in cases with annual reporting requirements, the CEO and CCO must also “certify that all compliance reports submitted during the term of the resolution are true, accurate, and complete.” Both are signed under penalty of perjury.

In his speech, AAG Polite emphasized that these certifications, which understandably have generated some angst, are intended “to empower [] compliance professionals to have the data, access, and voice within the organization[.]” This same message was repeated multiple times throughout the American Conference Institute’s Annual FCPA Conference (the “ACI Conference”), a leading anti-corruption conference held annually, reinforced by Fraud Section Chief Glenn Leon, Fraud Section Assistant Chief Lauren Kootman, and Deputy Assistant Attorney General Lisa Miller. In his speech, AAG Polite asked his team to “consider” requiring such certifications in every settlement, and they have in fact appeared in every FCPA DPA since March.

Looking ahead, companies that fail to commit to remediation during an investigation face a greater likelihood of having a monitor imposed in the post-Monaco Memo world. This risk places all the more importance on focusing on compliance from Day 1 of an investigation to avoid a monitorship, as well as on sustaining a commitment to compliance in the post-resolution phase to demonstrate to DOJ that the company is taking compliance seriously. For companies already subject to a monitorship, they would be wise to engage quickly and robustly with the monitor to avoid an extension of the monitor’s term, as occurred an unprecedented three times in 2022 (Deutsche Bank, Ericsson, and Mobile TeleSystems).

DOJ Strikes a Familiar Chord on Compliance: Keep Investing in Tailored, Risk-Based Programs

Repeating a message similar to years past, in 2022 DOJ continued to underscore the importance of investing in compliance. This message came in the form of both new hires and official policy pronouncements.

New Hires at DOJ

On the hiring front, DOJ brought two former compliance executives into the fold, showcasing the Fraud Section’s focus on building out its “compliance and monitorship experience in different industries.” Within the same week, DOJ onboarded Fraud Section Chief Glenn Leon, former Hewlett Packard Enterprise Chief Ethics and Compliance Officer; and new Corporate Enforcement, Compliance, and Policy Unit member Matt Galvin, former global compliance chief for Anheuser-Busch InBev. We will be watching to see how this influx of in-house compliance talent lends new perspectives within DOJ as it wrestles with how best to assess the adequacy and efficacy of corporate compliance programs. These private-sector hires will be familiar with the challenges of an in-house compliance function, including resourcing and technology constraints. At the same time, they will be well equipped to evaluate whether a program is in fact well-resourced and state of the art. Companies should expect increasing sophistication in DOJ’s analysis of their compliance programs moving forward.

Policy Updates

DOJ fleshed out its expectations for certain elements of an effective compliance program. Although the FCPA Resource Guide’s Hallmarks of Effective Compliance Programs and the Criminal Division’s Evaluation of Effective Compliance Programs (alert here) remain the most comprehensive sources on DOJ’s expectations, this year the Department focused on three specific elements of compliance programs: policies around the use and preservation of personal devices and ephemeral messaging communications; implementation and usage of compliance-related financial incentives and disincentives, including clawbacks; and commoditization of data to inform and monitor compliance.

Attention Turns to the Use of Personal Devices and Ephemeral Messaging and Financial Incentives and Disincentives

The use of personal devices and ephemeral messaging has been, and will continue to be, a thorny yet inevitable compliance challenge for any multinational corporation operating in the modern age. With increased use of personal mobile devices for corporate communications, ever-changing and increasingly sophisticated communication platforms (some of which intentionally feature auto-deletion and encryption), and regional preferences in messaging applications (e.g., WeChat in China, WhatsApp across Latin America), it can be difficult to create a one-size-fits-all policy or controls for business communications, and the collection and retention of such communications, that actually can be enforced and does not unduly interfere with business operations. The realities of business make it such that a complete ban on the use of these devices and platforms is borderline impossible, especially when confronted with obstacles such as customer requirements to use these platforms or employees who work in the field rather than in an office setting.

DOJ has been highlighting its concern around companies’ ability to retain and preserve business records when employees use personal devices or ephemeral messaging channels since 2017. That year, the Fraud Section issued an updated FCPA Corporate Enforcement Policy that included a flat prohibition on employee use of ephemeral messaging. But in 2018, officials walked back the outright prohibition and indicated that a risk-based approach would be acceptable. There has been limited practical guidance from regulators on implementing this risk-based approach, though both the Monaco Memo and DOJ (and SEC) officials at the ACI Conference placed the onus on companies to: (1) consider what risks such communication platforms present to their ability to preserve business communications; (2) design policies tailored to addressing those risks in a way that allows the company to get comfortable with employee practices; and (3) then be able to explain that deliberative process to regulators.

DOJ also placed new emphasis on financial tools that can be leveraged both to incentivize compliant behavior (such as “compensation structures that promote compliance”) and to disincentive non-compliance (such as financial clawbacks). Although the use of mechanisms to incentivize and disincentivize compliance is not new, DOJ’s particular focus on compensation and clawbacks is. It is unclear what near-term expectations for implementation and use of these financial tools are. For example, in September, shortly after the Monaco Memo was released, Principal Associate DAG Marshall Miller said that “we expect now in 2022 [] that companies will have robust and regularly deployed clawback programs.” Other officials seemed to temper those remarks, however, instead asking that companies be able to show that they are “thinking about it.” Much remains to be answered about how these tools will work in practice, such as what actually constitutes a “clawback” (only taking back money already paid, or also withholding future income?) and how these tools would work when employees are based abroad and foreign employment and privacy legal regimes come into play.

On both of these topics, companies are left hoping for clearer guidance on the Department’s expectations, as was promised in the Monaco Memo. But compliance personnel should not wait to act until such guidance is released. Instead, companies should promptly take steps to consider their policies and procedures as they relate to these two topics, and document the process. For personal devices and ephemeral messaging, it is essential to understand whether and to what extent those communication methods are being used by employees, including what platforms are used and what types of communications are conducted on them. For financial incentives and disincentives, compliance teams need to understand the different financial levers that already exist—or could exist in the future—to incentivize compliance, such as building a compliance metric into bonus considerations. They also would be wise to seek guidance on the legality of implementing clawbacks for current and former employees if operating abroad. In both cases, companies should deploy some combination of focus groups, studies, risk assessments, and benchmarking against peers to gather data points to inform what approach will be most appropriate and effective, such that the company could defend its approach in front of U.S. regulators.

Company Commoditization of Data

Finally, the Department continues to emphasize that effective compliance programs should leverage company “data.” This focus has been brought to the fore by the above-mentioned hire of Matt Galvin, a known leader in this space who was behind Anheuser-Busch InBev’s compliance analytics platform, BrewRight, as well as a new embedded FBI team in the Fraud Section to improve the Section’s “ability to bring data-driven corporate crime cases nationwide.”

Compliance teams should take these developments as a call to comprehensively assess both what data already exists across the company and what data would be helpful to generate. One way to do this is to work backwards: by first asking what questions the compliance team wishes to answer; considering what data points would help answer those questions; determining whether the relevant data exists; if it does not, assessing whether additional data sources can be developed; and finally, identifying who within the company is in a position to collect or help develop the relevant data. For example, if a company is trying to determine whether a culture of “speaking up” has permeated equally across the company, the company might seek a geographical breakdown of the origin of whistleblower and other hotline reports to identify whether any regions have relatively fewer reports proportionally. Companies that take the time to contemplate and then execute on the identification, collection, and analysis of such compliance data will find themselves better positioned to answer questions should they find themselves across the table from DOJ and SEC enforcers.

Zooming out, the message on compliance for companies is not unlike past years: compliance leadership should actively leverage available information to develop programs that are appropriately tailored to the risks presented by the company, implement and then actually use those tools to bolster compliance, and engage in regular testing to evaluate continuing effectiveness. Companies must ensure that this deliberative process is well documented should they need to justify policies to regulators in the future.

Alongside Increases in International Coordination, Most Regions See Enforcement and Legislative Developments

Looking outside of the U.S., anti-corruption policy pronouncements and enforcement actions continue to gain traction in most regions, particularly in Europe, Asia, and Africa. This momentum is perhaps spurred by a continued increase in international coordination, as multi-jurisdictional regulator enforcement becomes the norm. As noted above, almost all of the FCPA enforcement actions in 2022 involved some level of information sharing, and over half involved parallel enforcement, with cooperating agencies spanning Asia, Africa, Europe, and Latin America.

EU and UK

Several European enforcement authorities successfully resolved corporate anti-corruption enforcement actions in 2022, including the UK, French, Swiss, and German authorities, among others. While the UK’s SFO has seen the pace of its enforcement efforts slow, it has had some recent successes, including imposing upon Glencore the largest corporate penalty following a conviction in a case that also involved the first successful use of a substantive bribery offense against a company (as opposed to the failure to prevent bribery offence under the Bribery Act). In France, prosecutors concluded several enforcement actions under the Convention judiciaire d’intérêt public framework, including in relation to foreign corruption offences. And Swiss and German authorities collaborated with the SEC’s investigation of ABB. At the European level, the European Public Prosecutor’s Office (“EPPO”) continues to play a meaningful role in anti-corruption investigations. Since it became operational in 2021, the European authority has opened 576 investigations, and approximately four percent of its current investigations reportedly are related to the corruption of public officials.

On the legislative front, as we previously covered, the UK’s Economic Crime (Transparency and Enforcement) Act came into effect in March 2022. Among other things, it implemented changes designed to enhance the transparency of beneficial ownership of overseas entities holding property in the UK. In addition, the Economic Crime and Corporate Transparency Bill is currently working its way through the UK Parliament. If passed, it would strengthen the enforcement powers of the SFO and the National Crime Agency, and allow for greater voluntary information sharing between regulated firms to combat economic crime.

In the European Union, several countries implemented the EU Whistleblowing Directive, which requires companies with more than 50 employees to implement whistleblowing channels that meet certain criteria, as we previously covered, although only 13 of 27 Member States had adopted the Directive as national law as of December 2022. Finally, in response to a recent corruption scandal involving alleged gifts from Qatar to influence EU decision-making, the EU parliament announced that it will pass an anti-corruption package that will include stricter lobbying disclosure rules.

Asia

This past year saw similar efforts in Asia to bolster anti-corruption policies. South Korea’s new Act on the Prevention of Conflict of Interest Related to Duties of Public Servants, which prohibits public officials from using their official authority (or any confidential information obtained in the course of their duties) for personal gain, came into force in May 2022. In Japan, key amendments to the Whistleblower Protection Act took effect in June 2022, requiring companies with more than 300 employees to establish an internal system to appropriately respond to whistleblower reports. And in China, while there remain challenges to conducting investigations and taking action against responsible employees, as we previously covered, the Central Commission for Discipline Inspection has been taking a stricter stance against bribe-payers, placing companies and individuals purportedly engaged in corruption on a blacklist that comes with prohibitions and enhanced scrutiny. China is also considering amendments to the Anti-Unfair Competition Law, which regulates commercial bribery, to increase fines and reintroduce concepts that were previously removed from that law, including liability for bribing a commercial counterparty (as an entity) in addition to bribing employees of the commercial counterparty.

Africa

In Africa, we saw a number of significant enforcement developments in 2022. Most notably, in South Africa, 2022 saw the long-awaited delivery of the report by the Commission of Inquiry into Allegations of State Capture (the “Zondo Commission”), as well as the President’s response to the Zondo Commission’s report. The Zondo Commission made a series of sweeping recommendations for legislative changes (e.g., introducing DPAs, a “failure to prevent” offence akin to Section 7 of the UK Bribery Act, whistleblowing rewards, and enhanced whistleblower protections) as well as recommendations for the permanent establishment of a specialized anti-corruption unit in the National Prosecuting Authority. While time will tell whether the political will exists to bring the Zondo Commission’s numerous legislative recommendations to fruition, there is no doubt that South African enforcement authorities are aggressively pursuing State Capture cases in the near term.

In addition to a large number of individual prosecutions, in late 2022, we saw the first corporate resolution in South Africa arising out of a State Capture matter, a novel resolution with ABB under which the company agreed to pay approximately USD $140 million (ZAR 2.5 billion) in “punitive reparations” in the form an asset forfeiture. This settlement also marked the first instance of a coordinated resolution between U.S. and South African authorities, and we can expect further coordination between U.S. and South African authorities in other State Capture matters, even while diplomatic relations between the two countries remain somewhat strained.

Outside of South Africa, we saw notable enforcement activity in the Democratic Republic of Congo, with Glencore paying $180 million in December 2002 in a follow-on settlement to its resolution with U.S. and UK authorities earlier in the year, and in Angola, where authorities continue to pursue cases against individuals alleged to have been involved in widespread corruption during the regime of former President José Eduardo dos Santos. Of particular note, in late November, Interpol confirmed that that it had issued a red notice for the former President’s daughter, billionaire Isabel dos Santos.

Finally, as we have previously discussed, we expect that U.S. enforcement authorities and policymakers will continue to focus on combatting corruption in Africa as they look to execute on the Biden Administration’s 2021 Strategy for Countering Corruption (the “SCC”). The SCC’s focus on combatting so-called “strategic corruption” — “when a government weaponizes corrupt practices as a tenet of its foreign policy”—is particularly relevant in Africa, where U.S. authorities are increasingly concerned about access to critical minerals such as copper and cobalt in the face of competition from Chinese interests, as well as increasing Russian influence in fragile states such as Mali and the Central African Republic.

Latin America

In Latin America, anti-corruption enforcement continues to be sluggish and political turmoil took center stage. This year saw continued cooperation between authorities in the U.S. and Brazil. The surprising comeback of incoming President Lula da Silva—whose 12-year sentence arising out of Operation Carwash was annulled by the country’s Supreme Court—has resulted in significant political instability and polarization; it remains to be seen how this turmoil will impact anti-corruption enforcement in the country. Upheaval in countries such as Chile (facing a constitutional crisis) and Peru (facing a political one) diverted focus from enforcement activity. Mexico, the second largest country in the region, which did not experience the same level of political instability, also saw limited enforcement, with the OECD admonishing Mexico for its lack of foreign bribery enforcement. Despite little local progress, Latin America continues to remain a priority for DOJ, evidenced by the geographic focus of both corporate and individual enforcement actions over the past year.

Taken together, these international developments reflect incremental moves toward a more coordinated global effort to combat corruption.

The following Covington lawyers assisted in preparing this client update: Don Ridings, Jennifer Saperstein, Steve Fagell, Nancy Kestenbaum, Eric Carlson, Ben Haley, Ian Hargreaves, Gerald Hodgkins, Helen Hwang, Veronica Yepez, Adam Studner, Sarah Bishop, Ishita Kala, Leah Saris, Yohan Balan, Emanuel Ghebregergis, Shayan Karbassi, Julia Keller, Tom McGuire, and Margaret Shin.