The sustained trend of aggressive US criminal and regulatory enforcement activity against corporations and their directors, officers and employees continued unabated in 2016 and the first half of 2017, with companies entering into record-breaking settlements and new, sweeping investigations being launched seemingly on a weekly basis on numerous fronts. In the financial sector, even eight years after the onset of the financial crisis, regulators continued to reach multibillion dollar settlements with companies relating to subprime mortgage securitisations, settling civil claims against Deutsche Bank for $7.2 billion and Credit Suisse for $5.3 billion. In the environmental law and consumer fraud arena, Volkswagen reached an agreement with regulators requiring it to pay more than $4 billion in criminal and civil penalties in connection with allegations that that it sold cars with ‘defeat devices' intended to circumvent emissions testing and environmental regulations. In the healthcare industry, the US Department of Justice (DOJ) established a corporate healthcare fraud task force, which entered into a settlement of more than $513 million with a major US hospital chain, Tenet Healthcare Corporation, accused of perpetrating a scheme involving illegal kickback payments in exchange for patient referrals. After the pace of enforcement of the Foreign Corrupt Practice Act (FCPA) slowed somewhat in 2015, with just 22 enforcement actions and a total of $133 million in sanctions imposed (the lowest totals since 2006 and 2005, respectively), 2016 was one of the most active years on record with US regulators imposing more than $2.4 billion in sanctions in 54 FCPA enforcement actions against 44 corporate and 24 individual defendants. Moreover, dozens of companies are known to be under investigation for potential FCPA violations, and the DOJ announced last year that it has hired 10 new prosecutors for its FCPA unit, a 50 per cent increase in headcount. Significantly, US regulators continued to target non-US companies and individuals suspected of anti-corruption violations, often with the cooperation of foreign governments and regulators. For example, last year's VimpelCom settlement, which resulted in the imposition of $795 million in criminal fines, penalties and forfeiture to authorities in the US and the Netherlands, was the result of an investigation jointly conducted by authorities in the US, the Netherlands, Sweden, Norway, Switzerland and Latvia, with assistance provided by regulators in the British Virgin Islands, Cayman Islands, Bermuda, Ireland, Estonia, Spain, the UAE, the Marshall Islands and Gibraltar. Similarly, the recent $3.5 billion settlement with Odebrecht/Braskem to resolve bribery allegations relating to improper payments in South America, Central America, and Africa, was coordinated among US, Brazilian, and Swiss authorities.

In keeping with the DOJ's more aggressive stance with respect to pursuing individuals implicated in corporate misconduct, the DOJ has continued to aggressively seek and obtain guilty pleas from individual defendants, including from a number of Volkswagen executives charged with felonies in connection with the ‘defeat devices' investigation, and from high-ranking officials charged in connection with the DOJ's ongoing investigation into racketeering and fraud at FIFA, the international governing body of football.

The statutes authorising these prosecutions represent just a sliver of the interlocking regulatory and legal regimes in the United States, where companies must comply with numerous regulations and statutes or face criminal or civil sanctions. There is no shortage of regulatory agencies empowered to take action in the event of a compliance lapse. The most prominent of these include the DOJ, the SEC, the Internal Revenue Service (IRS), the Environmental Protection Agency (EPA), the US Commodity Futures Trading Commission (CFTC), the US Departments of Commerce, Labor and the Treasury, the Federal Energy Regulatory Commission and the Occupational Safety and Health Administration. Many of these agencies are empowered to commence formal investigations and enforcement proceedings on their own initiative and impose monetary sanctions or other penalties, and these powers have expanded in recent years. The enforcement arm of the SEC, for instance, was granted permanent authority in August 2010 to issue subpoenas for documents and witnesses and to compel testimony in connection with investigations into financial wrongdoing.

Still, the DOJ, which is charged with prosecuting corporate crimes such as fraud, money laundering, bribery and tax fraud, is uniquely formidable among the agencies due to its power to indict and prosecute criminally, the threat of which has remained an important method of ensuring corporate compliance over the past decade; this phenomenon is demonstrated not only by the passage of the 2002 Sarbanes-Oxley Act and the expansion of corporate criminal statutes, but also by the contemporaneous revision of the United States Sentencing Commission's (USSC) Organizational Guidelines to impose harsher penalties for corporate malfeasance.

For large-scale corporate investigations and prosecutions, however, the DOJ frequently coordinates with other federal agencies, as well as state and local authorities. For example, the Volkswagen settlement resulted from an investigation that was closely coordinated between the DOJ and EPA, and in recent years, the DOJ has worked closely with the IRS's Criminal Investigative Division to investigate and charge Swiss banks with facilitating tax fraud by US taxpayers, including obtaining an indictment in 2012 against a bank for allegedly hiding more than $1.2 billion in secret accounts. That cooperation continued in 2013 with US and Swiss regulators rolling out a new programme that affords to Swiss banks implicated in tax evasion the opportunity to avoid formal prosecution by paying penalties and providing certain information about accounts held by US taxpayers. In early 2014, Credit Suisse pleaded guilty to criminal tax-evasion charges and was fined $2.6 billion. Recently, the DOJ has expanded its tax evasion investigation to other jurisdictions, with ongoing enforcement actions related to banking activities in the Caribbean region, the Middle East and India.

The DOJ also has pursued enforcement actions against a number of international financial institutions in recent years for the failure of anti-money laundering controls and for ‘stripping', or removing identifying information from payment messages on behalf of parties subject to US trade sanctions administered by the Office of Foreign Assets Control (OFAC) of the US Treasury Department.2 In 2012, Standard Chartered paid $340 million to the New York State Department of Financial Services and $227 million to the DOJ, the New York County District Attorney's Office and other federal regulators to resolve charges stemming from payments and trade business with sanctioned parties. HSBC paid a then-record $1.9 billion in late 2012 for failures in its anti-money laundering programme and its own business with sanctioned parties; BNP Paribas paid an $8.9 billion fine for similar conduct in 2014; and Commerzbank AG paid a total of $1.45 billion in March 2015. The DOJ investigations in this space have been conducted in conjunction with the New York County District Attorney's Office, OFAC and the US bank regulatory agencies. Cooperation between federal agencies and state and local authorities has become more common, with various ‘task forces' created to coordinate the agencies' efforts; this includes the financial fraud enforcement task force, which was set up by the Obama administration and brings together representatives from various agencies and state and local authorities to take action against financial fraud, with a recent special focus on corporate entities engaged in mortgage fraud.

A corporation facing a criminal investigation by the DOJ or other agencies typically feels great pressure to avoid an indictment, which carries the risk of severe reputational, legal and regulatory consequences (even apart from the potential criminal penalties such as fines, forfeiture, disgorgement of unlawful profits and restitution). For many companies, particularly highly regulated ones, a mere indictment - even before conviction - can have severe reputational effects and disastrous consequences for a company's stock price and its ability to seek funding in the capital markets. Moreover, corporations in certain industries, such as companies that serve as government contractors for the Department of Defense or participate in the federal government's Medicaid and Medicare programmes, can face crippling suspension upon the filing of charges and mandatory exclusion from the programmes if ultimately convicted. Notably, the US House of Representatives passed a bill in 2010 that would have made ‘debarment' mandatory for an FCPA violation (though the bill ultimately was not passed by the US Senate). The collateral consequences of a corporate criminal investigation and prosecution may not be reversible even if the company is ultimately vindicated on appeal. For example, Arthur Andersen - an 89-year-old firm with 85,000 employees, implicated in the Enron accounting fraud - suffered severe damage to its reputation after being indicted by the DOJ, and lost its licence to audit public companies after being convicted of felony obstruction of justice. Although that conviction was ultimately overturned by the Supreme Court, the firm had already suffered irreparable harm and had by that time ceased to function as a viable business. It is therefore not surprising that most companies facing regulatory investigations cooperate as fully as possible with the investigation with the hope of avoiding formal charges and companies frequently self-report potential wrongdoing in which the company or company employees may be implicated.


i Self-reporting

Most federal enforcement agencies3 have published official policies emphasising the importance of voluntary disclosure and full cooperation in an investigation, and pledging to take such disclosure and cooperation (or lack thereof) into account in determining whether to bring an enforcement action and what kind of penalties to seek. The USSC Organizational Guidelines also explicitly provide for reduced sentences for companies that provide ‘timely and thorough cooperation', where ‘timely' is defined as ‘begin[ning] essentially at the same time as the organization is officially notified of a criminal investigation'.

In some cases, the benefits of self-reporting and cooperation are unambiguous. The Department of Defense, for instance, will not pursue suspension or debarment sanctions against companies that self-report and cooperate, and the Antitrust Division of the DOJ offers full amnesty to the first company involved in an antitrust cartel that (1) comes forward to voluntarily disclose its participation, (2) makes restitution to victims of the cartel, and (3) cooperates in the investigation and prosecution of other culpable companies. The cooperating company's directors, officers and employees will also receive amnesty if they are willing to cooperate in the investigation.

In most other settings, however, voluntary disclosure and cooperation are just two of many factors that regulators and prosecutors promise to ‘take into account' in their charging calculus, without specific guidance as to how much weight each will be accorded in relation to other factors affecting the charging decision. For example, both the DOJ and SEC have explicitly included voluntary disclosure and cooperation in their respective official enforcement policies, as well as in the DOJ and SEC's 2012 FCPA resource guide, as factors to be weighed and high-ranking representatives from these agencies have made various other public pronouncements of the importance of voluntary disclosure and are quick to cite examples of companies that were purportedly spared severe sanctions after disclosing and cooperating fully. In spite of these assurances, however, it is difficult to isolate any quantifiable benefit that can be attributed to voluntary reporting as opposed to other factors because of the lack of visibility in the regulators' decision-making process and the multitude of factors that affect both the decision to charge and the severity of the ultimate penalty imposed; given the regulators' clear interest in having companies come forward on their own initiative to disclose wrongdoing, thereby avoiding the burden of independently detecting illicit activity, companies may have good reason for some degree of scepticism of the professed benefits of self-disclosure.

In apparent response to criticism regarding the uncertain benefits of self-reporting and cooperation in the FCPA context, the DOJ announced last year year the implementation of a pilot programme aimed at providing additional guidance for prosecutors investigating FCPA violations and motivating companies to disclose potential FCPA violations. The pilot programme expands upon prior DOJ guidance by articulating the specific requirements that companies must satisfy to be eligible for reductions in penalties as a result of voluntary disclosure, cooperation with the DOJ, and remediation (i.e., the implementation of effective FCPA compliance controls), and quantifies the potential reduction in fines a qualifying company may be eligible for: up to 50 per cent off of the minimum USSC Organizational Guidelines range if the target company fully complies with the criteria set out in the announcement. The pilot programme was extended indefinitely by the DOJ earlier this year.

Even with this additional guidance from the DOJ in the FCPA context, however, it is not completely clear that voluntary reporting should be the default action of every company that discovers potentially unlawful conduct within its organisation; at the very least, the company should assess the probability of independent discovery of the potential misconduct by government authorities. It is important to note, however, that the likelihood that some government agency will independently become aware of any impropriety has increased significantly in recent years as a result of the general upturn in regulatory enforcement activity, the expansion of international cooperation and the proliferation of new laws and regulations favourable to whistle-blowers.

A corporation must, of course, first determine whether it has a mandatory legal obligation to disclose potential wrongdoing that it discovers. For example, financial institutions may be obligated to report suspicious activity. Sarbanes-Oxley also imposes numerous compulsory reporting requirements on companies should they discover certain types of fraud and other misconduct. Because many of the regulators have information-sharing agreements or otherwise coordinate their actions, if a company decides to self-report, it is also prudent to make the disclosures to all potentially related agencies. This is to ensure that the company receives credit for self-reporting from each regulator that could potentially bring an enforcement action. For example, if a company believes that one of its subsidiaries may have made an improper payment to a foreign official and has decided to voluntarily disclose this information to the SEC, it should strongly consider also informing the DOJ, given how frequently the two regulators bring parallel enforcement actions under the FCPA and the likelihood that the SEC will pass on any information received, or make a formal referral, to the DOJ.

In determining whether to self-report, and to what extent to cooperate with a regulatory investigation, corporations and their employees also must bear in mind that should they be deemed to be impeding or obstructing the investigation, in addition to charges relating to the conduct under investigation, they may potentially face charges of obstruction of justice or conspiracy to commit obstruction of justice. These charges typically are much easier to prove than charges stemming from the underlying conduct being investigated and can carry as, or more, severe penalties. Under Sarbanes-Oxley, for example, an individual can face up to 20 years in prison for altering or falsifying documents with the intention of obstructing a federal investigation and a company can face substantial fines for this conduct. In recent years, the DOJ has not hesitated to seek such penalties against companies and employees that are perceived to be uncooperative or evasive and the SEC and other agencies have been known to refer reports of obstructive conduct during civil enforcement actions to the DOJ for criminal prosecution.

ii Internal investigations

In conjunction with disclosing potentially improper conduct to the government, a corporation will typically undertake an internal investigation, either on its own initiative or with the encouragement of the relevant government agency, to determine whether unlawful activity has in fact occurred and, if so, which employees are responsible. There are several important reasons to conduct such an investigation. First, a full understanding of the facts can be crucial to mounting a defence in any adversarial proceedings that might arise with government authorities or in any private civil suits that might be filed. Second, by conducting an internal investigation and disclosing important information gleaned from a review of documents and employee witness interviews to federal agencies, a corporation may be more likely to receive credit for cooperation and thereby decrease its risk of indictment and the imposition of severe penalties. Finally, simply as a matter of good corporate governance, it is important for the corporation to be confident that it has accurately determined which employees were responsible for the unlawful activity and to ensure that it has implemented adequate controls to prevent any recurrence of the wrongdoing.

Even if a company has not yet made the decision to report potentially unlawful conduct to a regulator, it still might have cause to conduct an internal investigation after, for example, (1) receiving a tip about fraudulent activity on a dedicated company hotline, (2) receiving information from an internal or external auditor about a potential compliance issue, or (3) being named in a civil suit by a former employee containing allegations of improper conduct on the part of the company. Further, because Sarbanes-Oxley requires companies to implement systems for the reporting of complaints by employees relating to accounting or auditing matters and conduct investigations in response to a wide range of concerns, companies are more likely than ever before to encounter situations where the prudent course of action is to initiate an internal investigation.

It is generally advisable to have counsel supervise such investigations because of the likelihood that legal questions and issues will arise, although whether it is necessary to retain an outside law firm will depend on the company's assessment of various considerations. In-house counsel may have the advantage of a more intimate understanding of the company's operations and culture, while external counsel may have more experience conducting internal investigations and dealing with government agencies. In-house counsel's familiarity with the company can also be a weakness if it is perceived by the government to undermine their objectivity, in which case the company may have more credibility in interacting with the government if it retains reputable external counsel. This is especially likely to be the case, of course, if any members of the company's legal department are implicated in the conduct under investigation.

With respect to the conduct of such investigations, typically there are two primary components: review and analysis of relevant documents, and interviews of company employees with knowledge of the relevant facts. Generally, documents are gathered and reviewed prior to conducting interviews, which allows the interviewer to focus his or her questioning on key issues or questions discovered during the course of the document review, or to seek clarification on potentially inculpatory or troubling statements contained in those documents. At the outset of each interview, the standard practice is to notify the employee that the attorney conducting the interview is counsel to the company and not the interviewee's personal attorney, and that while the conversation is protected by the attorney-client privilege, that privilege belongs to the company, which it may waive at its sole discretion. The interviewee should also be informed that any information imparted during the interview may be shared with government authorities.

Unless it has not previously made any disclosures to the government and uncovers nothing to merit such disclosure during the course of the internal investigation, a company typically will present its findings to the government after the completion of the document review and interviewing process, or - for a particularly complex investigation - at the conclusion of some segment of that process. Those presentations can be made orally or in written form, in response to which the government may identify additional areas of concern that require follow-up work. The government and counsel may then engage in dialogue regarding whether and what kind of criminal or civil charges are warranted and how much credit to give to the company for its cooperation. In making its case for leniency, it may be effective for a company to argue not only that the facts uncovered do not amount to actionable misconduct, but also, from a policy perspective, that the relevant agency's objectives would not be advanced by pursuing an enforcement action against the company. A company should also consider reviewing the agency's published charging guidelines (such as the DOJ's guidelines for the prosecution of business organisations) to support an argument that an indictment is not warranted or that the situation calls for reduced charges; for example, (1) by emphasising that senior management was not implicated in the wrongdoing and, therefore, the misconduct was not pervasive, (2) that the company has no history of criminal conduct, or (3) that the collateral consequences of prosecution would be unjustifiably severe.

Whether conducted by in-house or outside counsel, a significant amount of attorney-client privileged information and attorney work-product material will be generated through the course of an internal investigation. Until recently, it was the expectation of the DOJ that a corporation would waive the attorney-client privilege and provide the DOJ with all requested materials and information if the company wished to receive cooperation credit. There was significant criticism of this policy from the corporate sector, the defence bar and various members of Congress. In response, the DOJ has revised its policy and now categorically directs prosecutors not to seek a waiver of privilege and prohibits prosecutors from taking waiver into account when making a cooperation determination. The current policy does, however, allow prosecutors to consider the extent to which the company has disclosed all ‘relevant facts'. Therefore, despite the government's assurances that waiver is not necessary to obtain cooperation credit, a company may find that it is not possible to make a full disclosure of the ‘relevant facts' without turning over privileged materials. Other agencies, such as the SEC, have published similar policies.

iii Whistle-blowers

The probability of a US company facing a whistle-blower complaint increased significantly with the implementation of the whistle-blower provisions of the Dodd-Frank Wall Street Reform and Consumer Protection Act, which came into effect in 2011 and authorise the payment of rewards of between 10 and 30 per cent of judgments over $1 million by the SEC to whistle-blowers who alert the SEC to certain types of wrongdoing and that ultimately result in successful enforcement actions. The new whistle-blower rules expand the already far-reaching protections for whistle-blowers created by Sarbanes-Oxley and the False Claims Act, including extending Sarbanes-Oxley whistle-blower coverage to employees of non-public subsidiaries of publicly traded companies. According to its annual report to Congress on the program at the end of last year, the SEC has received in excess of 18,000 tips since the new programme's inception in 2011, and has paid several substantial bounties to whistle-blowers who have given information leading to successful prosecutions. For example, in 2014, the SEC paid more than $30 million to a whistle-blower who provided information leading to a successful enforcement action - the largest award to date - and issued awards totalling $57 million in 2016.

Given this new regulatory regime, a company must now proceed with even greater caution when confronted with allegations of misconduct from a whistle-blower. Any credible tips describing potential illegal acts should be investigated promptly and thoroughly, with the assistance of outside counsel if necessary. If the company determines that the allegations have merit, it should take swift remedial action and consider self-reporting its findings to interested regulators. By no means should a company take any action that might be perceived as retaliation against the whistle-blower as such behaviour could potentially expose the company to substantial civil or criminal liability. In 2015, the SEC brought an enforcement action against KBR Inc in connection with the company's practice of discouraging potential whistle-blowers by means of confidentiality agreements prohibiting the reporting of wrongdoing without the company's permission, which the SEC alleged violated a Dodd-Frank regulation barring companies from impeding communication between whistle-blowers and the SEC. In connection with the settlement of that action, KBR agreed to end the practice and paid a fine of $130,000. Similarly, in connection with last year's settlement of an FCPA enforcement action against Anheuser-Busch InBEV, the SEC penalised the company for entering into a separation agreement with a whistle-blower forbidding him from continuing to speak with the SEC about potential violations.


i Corporate liability

Because of the way in which the doctrines of corporate criminal and civil liability have evolved in the United States, prosecuting and regulatory agencies have considerable leverage over business organisations. Generally speaking, companies are liable for the actions of employees if the employees' conduct is ‘within the scope of their employment' and they act at least in part with ‘the motive of benefiting the company'. These two qualifiers have been interpreted to place little meaningful limit on a company's potential exposure. For example, corporations have been held liable where the wrongdoing at issue benefited only the employee and was perpetrated in violation of the company's explicit instructions. Moreover, it is irrelevant where the culpable employee falls on the corporate ladder; legally speaking, the conduct of a mailroom clerk is imputed to the company to the same extent as the company's CEO. Further, under the collective liability or collective scienter doctrine, a company may be liable - particularly in the civil context - if its employees, when considered in the aggregate, possessed sufficient knowledge and intent to violate the law, even if no single employee alone had the requisite mental state or corrupt intent. While some courts have limited the application of this doctrine in recent years, it still can be an attractive option for a regulator bringing, for example, a complex securities fraud case against a huge, decentralised company.

ii Penalties

Regulators have a vast arsenal of potential sanctions to impose on corporations convicted of a statutory violation. Various regulatory statutes authorise, among other potential penalties and sanctions, criminal or civil fines (or both), restitution, disgorgement, criminal forfeiture, probation and community service. Further, as mentioned above, the collateral consequences of a conviction can be just as damaging, potentially resulting in suspension or debarment from eligibility for government contracts, reputational harm and decline in company stock price.

In past years, most corporate criminal investigations have ended with the two sides entering into a deferred prosecution agreement or non-prosecution agreement (DPAs or NPAs, respectively). There has been a marked increase in guilty pleas to resolved DOJ actions in more recent years, as noted above. The typical DPA provides that the agency will file formal charges, which will be stayed for a period of time (usually between one and three years), after which the charges will be dismissed if the company has complied with certain obligations. These obligations typically require the company to (1) cooperate fully with the agency's investigation and in any other investigation that may be ongoing, (2) accept responsibility for the wrongdoing at issue, and (3) undertake remedial action, including terminating or disciplining culpable employees and implementing revised internal controls and procedures, and appointing an independent compliance monitor in some cases. The company also normally agrees to a monetary penalty, including a criminal or civil fine, forfeiture, restitution or disgorgement of unlawful profits. NPAs require similar types of performance on the part of the company but do not involve the formal filing of charges with a court. In both types of agreement, because the company has admitted to the conduct at issue (which is typically set forth in an agreed ‘statement of facts' attached to the agreement), if a company is indicted upon breach of the agreement, conviction is almost certain. In previous years, DPAs and NPAs were the exclusive domain of the DOJ, but the SEC has also recently adopted their use.

iii Compliance programmes

Not only do DPAs typically require the implementation of an effective compliance programme or the improvement of an existing one, the existence of an effective compliance programme is also a factor that the DOJ and other regulators take into account in making their ultimate charging decisions and may lead to a reduced sentence under the USSC Organizational Guidelines. These Guidelines provide guidance on the characteristics of a compliance programme that will be looked upon favourably by the government. These include the following:

a management that is knowledgeable about and able to oversee the programme competently;

b adequate staffing of the programme;

c training for all employees in compliance standards and procedures;

d procedures for monitoring and periodic auditing of the programme's effectiveness;

e a system for the anonymous reporting of compliance breaches;

f the consistent enforcement of the programme; and

g procedures for taking ‘reasonable steps' to prevent further wrongful conduct if any is detected.

In 2010, the USSC revised its commentary to note that as part of the ‘reasonable steps' a company is expected to take to prevent the recurrence of wrongful conduct, a company should pay restitution to any victims that can be identified. The USSC further stated that the hiring of an ‘outside professional adviser' to oversee the implementation of the compliance programme also could be considered such a ‘reasonable step'. This has led to speculation that the hiring of an outside consultant by the company may vitiate the need to impose an independent compliance monitor on a company as part of a regulatory settlement, which until very recently was a common requirement of a DPA or NPA, but which was also a practice that had come under criticism for being unduly disruptive to the company and excessively remunerative to the monitors themselves. In recent years, there had been a trend toward self-monitoring and reporting rather than the imposition of an independent monitor as a standard feature of a settlement agreement. However, there was a resurgence of the imposition of outside monitors in 2016, with regulators imposing eight independent compliance monitors in connection with FCPA settlements. It is, as of yet, unclear if this was a one-year aberration or indicative of a return towards monitors as a standard feature of significant FCPA settlements.

Notably, in their FCPA Resource Guide, the DOJ and SEC reaffirmed the importance of the presence or absence of a robust compliance programme as a key factor in the regulators' charging decision and in their determination of an appropriate settlement for a violation. The regulators cited a recent anti-corruption enforcement action against a Morgan Stanley employee - in which the SEC declined to charge the company itself in view of Morgan Stanley's implementation of an extensive compliance system - as evidence of the SEC's commitment to rewarding companies that put into place strong compliance programmes.

iv Prosecution of individuals

The question often arises during the course of a regulatory investigation of whether it is appropriate for a corporation to enter into a joint defence agreement with employees that are also under investigation. The DOJ's official position is that the government may not consider such an arrangement in determining whether a corporation has cooperated with the investigation. However, as with the issue of waiver of privilege, the DOJ has qualified this position by noting that to the extent that such an agreement limits the company's ability to disclose ‘relevant facts', it may adversely affect the ability of the company to obtain credit for cooperation. Moreover, because various agency policies, as well as the USSC Organizational Guidelines, encourage corporations to cooperate fully in the prosecution of wrongdoing employees, in many situations the risk of a conflict of interest between the company and its employees may preclude the possibility of entering into a joint defence agreement. Such conflicts of interest are more likely than ever to arise as, in recent years, the government has pursued individuals suspected of corporate malfeasance increasingly aggressively, and the DOJ has publicly announced that it favours prosecution of individuals over entities where feasible. For example, in October 2015 the DOJ issued the Yates Memo, which calls for more focus on individual defendants by prosecutors, announces that cooperation credit for companies will henceforth be contingent on disclosing all relevant facts regarding individuals in the misconduct, and prohibits the resolution of any corporate action without a ‘clear plan to resolve related individual actions'.

A distinct but related issue is the advancement or payment by a company under investigation of the attorneys' fees of employees implicated in the wrongdoing at issue. While, as with waiver of privilege, the DOJ's stance until recent years was that advancing such fees would weigh against a corporation in the DOJ's cooperation determination, the government has now reversed that position, in part because of the United States Court of Appeals for the Second Circuit's ruling in United States v. Stein.4 In that case, the court upheld a trial court ruling that the DOJ had violated the Fifth and Sixth Amendment rights of certain KPMG employees when it communicated to KPMG that it would not look favourably upon the advancement of fees to employees incriminated in the accounting scandal for which KPMG was under investigation, despite KPMG's historical practice of paying for its employees' fees in such situations. At the same time as this decision, the DOJ announced that it would no longer consider advancement of fees as a factor influencing its cooperation determination, though it noted that the failure to terminate or adequately discipline employees would still be a consideration influencing its ultimate indictment decision. Other agencies, such as the SEC, have not taken a clear stance with respect to this issue.


i Extraterritorial jurisdiction

Now more than ever, federal agencies are taking an expansive view of their statutory jurisdiction and aggressively pursuing foreign companies for violations of domestic law. This trend is evident in a variety of contexts. For example, in recent years the SEC has pursued a number of China-based issuers of US securities (as well as their auditors and accountants) for alleged financial fraud. Also, in the FCPA context, a significant portion of enforcement actions over the past two years - including many of the higher-value settlements - targeted foreign companies and individuals. While the FCPA applied only to issuers of stock on a US exchange when originally enacted, the statute now proscribes corrupt payments by any person, natural or otherwise, where relevant acts occur ‘in the territory of the United States'. Regulators at times have pushed the boundaries of this language, asserting jurisdiction, for example, based on the fact that a transaction in issue was cleared through a US bank, even though no employee of the target entity took any action while physically present in the United States. Moreover, even where that minimum territorial connection is not met, the government has not hesitated to stretch traditional legal doctrines to assert jurisdiction, for example, by charging a foreign subsidiary with ‘aiding and abetting' a violation by its US parent or for making an improper payment as the ‘agent' of a US company. While a small number of court decisions have pushed back on the regulators' most aggressive attempts to extend jurisdiction, the significant expense and risk associated with litigating an FCPA action has resulted in few FCPA cases reaching the courtroom and therefore few legal or practical constraints on the extraterritorial reach of the FCPA. Other countries have also begun to look beyond their shores to target illegal conduct by corporations. For example, while previously criticised for its inaction in the foreign corruption arena, the United Kingdom enacted enhanced anti-bribery laws that went into effect in 2011. The law has an expansive jurisdictional scope that may exceed even that of the FCPA, theoretically allowing the UK government to assert jurisdiction over any company that does business in the United Kingdom, even if the conduct at issue occurred elsewhere. In 2012, UK authorities reaffirmed their commitment to aggressively pursuing criminal charges against suspected violators of UK anti-bribery laws, revising previously issued guidance on the those laws that called for leniency or the imposition of civil fines only in certain situations.

ii International cooperation

Because a successful international prosecution depends on effective cross-border cooperation and access to witnesses and evidence located abroad, the government frequently enlists the assistance of foreign governments and agencies in such investigations. The DOJ, for instance, has many formal and informal relationships with foreign agencies to facilitate cross-border enforcement. Neither have other agencies shied away from international investigation; the SEC, for example, maintains an Office of International Affairs, through which it coordinates with foreign governments and provides training to foreign agencies in financial fraud enforcement. Earlier this year, the DOJ announced that it intended to continue its anti-corruption cooperation efforts with the UK's Financial Conduct Authority and Serious Fraud Office by assigning a US prosecutor to those offices for a two-year term, after which the prosecutor will return to the US to provide training and propose new policies based on the prosecutor's experience abroad. Indeed, many of the highest-profile settlements have been the result of cooperative efforts between US and foreign regulators. For example, the recent 11-figure settlements with six financial institutions arising out of foreign-exchange manipulation were the result of a cooperative investigation between US, UK and Swiss authorities; many other settlements in recent years5 were publicly stated to have been the result of international coordination.

iii Local law considerations

Not all countries, however, have been as amenable to the expanding extraterritoriality of US law enforcement and enhanced cooperation among foreign authorities. For example, various countries, including Mexico, Canada and certain members of the EU, have enacted ‘blocking statutes' that prohibit, or place limits on, the production of information for use in a legal proceeding in a foreign country. This puts companies operating in the international arena in a difficult position, as compliance with one law may necessarily mean running afoul of another. A multinational company under investigation by multiple regulators in other countries also faces innumerable complexities in dealing with varying and potentially inconsistent laws relating to the discovery of evidence and examination of witnesses. For example, data privacy laws in one country may prohibit the company from complying with a subpoena from a regulator in another, and the rights to counsel and against self-incrimination may be limited or absent under other regimes.


For at least the past decade, corporate and civil liability in the United States has moved inexorably towards more regulation and enforcement, harsher penalties and expanding jurisdiction. This trend continued in 2016, with enforcement authorities bringing high-profile prosecutions under a number of regulatory frameworks, leading to the imposition of some of the highest penalties ever imposed and the insistence in many cases on guilty pleas, rather than NPAs or DPAs. The new political administration under President Donald Trump has given rise to some uncertainty as to whether certain long-standing areas of high enforcement, such as antitrust and FCPA enforcement, will continue to be areas of high priority, or whether there will be shift in enforcement resources to other areas - or even, in the longer term, a softening of the laws and regulations that provide the basis for enforcement through the legislative process (for example, through the amendment of the FCPA to include a long-proposed ‘compliance defence' for companies accused of FCPA violations). Still, given the significant number of ongoing investigations - including many involving international enforcement cooperation - under the FCPA and other wide-reaching statutes, such as the False Claims Act, and the sweeping FIFA corruption investigation and the Volkswagen emissions investigation, there is likely to be no immediate dramatic shift in the enforcement landscape. Further, the high reporting rate and apparent success of the first four years of the SEC's whistle-blower bounty programme, as well as the SEC's willingness to pay bounties at or near the maximum amount allowed and the SEC's willingness to protect whistle-blowers that suffer retaliation through enforcement actions, suggests that whistle-blower investigations will become increasingly prevalent in the future, compounding the risk that a corporation will find itself the target of an enforcement action (subject to potential longer term recalibration of SEC priorities under the new administration). The trend is unlikely to be limited to the financial fraud context, however: antitrust law, consumer protection, healthcare fraud, and environmental regulation, just to name a few, all remain areas of high enforcement activity and will likely remain so into the foreseeable future. The past few years have seen changes in the DOJ's policies to incentivise companies to self-report misconduct and provide all available evidence to permit prosecutors to bring charges against individuals. It remains to be seen to what degree these new approaches will achieve their desired outcome. What remains clear, however, is the necessity of maintaining a robust compliance structure to promptly detect potential wrongdoing. While total prevention is unlikely given the innumerable ways in which a company can run afoul of the law and the sheer complexity of the various regulatory regimes, prompt detection, thorough investigation and meaningful remedial action will limit the company's exposure and maximise its chance of avoiding criminal or civil charges, or - failing that - negotiating a favourable settlement with government authorities.

1 Nicolas Bourtin is a partner and Nathaniel Green is an associate at Sullivan & Cromwell LLP.

2 ABN AMRO, HSBC, ING Bank NV, Barclays, Credit Suisse, Lloyds TSB Bank, Standard Chartered, BNP Paribas and Commerzbank AG.

3 Including the DOJ, SEC, EPA, the enforcement arms of the Treasury Department, Departments of Defense and Health and Human Services and the CFTC.

4 541 F.3d 130 (2nd Circuit 2008).

5 Including the 10-figure Siemens FCPA settlement in 2008, which involved US and German regulators, and last year's $3.5 billion settlement with Odebrecht/Braskem, which was pursued jointly by US, Brazilian, and Swiss authorities, as noted above.