• |

Quick Looks

A Side-by-Side Look at the 2024 ECCP Edits

In September 2024, the DOJ announced its first comprehensive revisions to the Evaluation of Corporate Compliance Programs (ECCP) since 2020. While a new version was published in March 2023 reflecting updates related to compliance incentives and companies’ use of messaging apps, these newest edits include “critical additions in three main areas,” Deputy Assistant Attorney General Nicole Argentieri said in her speech announcing the edits. The Anti-Corruption Report has put together this side-by-side comparison of relevant portions of the March 2023 and September 2024 ECCP versions to show exactly what has changed. See “DOJ’s 2024 Edits to the ECCP: Some History and AI Expectations” (Nov. 6, 2024).

Checklist of Collateral Consequences From FCPA Enforcement Actions

Many companies and executives are well familiar with the significant direct consequences that arise from the resolution of FCPA enforcement actions. These include criminal convictions and fines for the company, disgorgement of profits, civil penalties, and prejudgment interest, as well as the potential for SEC/DOJ mandated corporate compliance monitors. Less familiar and often overlooked are the many and often substantial collateral consequences of entering into FCPA resolutions. The Foley & Lardner Anti-Bribery/FCPA team has for some time been compiling a list of these collateral consequences and this article represents their initial list and some examples from FCPA enforcement actions. We invite our readers to share additional consequences, examples, or other suggested modifications to the list by email to rebecca.parker@iongroup.com with the subject “Collateral Consequences Checklist.” 

A Quick Look at Root Cause Analysis

Recent statements from the DOJ and other enforcement authorities make clear that an internal investigation must do more than determine what happened – it must also uncover why something went wrong. The process of getting to why is commonly called a “root cause analysis” and performing one has become a necessity for companies that find themselves in hot water. In this quick start guide, we outline why a root cause analysis is necessary, how to perform one and how companies can use more advanced approaches to glean greater insights from the process. For a more detailed discussion of root cause analysis, see our three-part series: “DOJ Expectations and Getting to Why” (Jun. 23, 2021); “Gathering Information” (Aug. 4, 2021); and “Touching Bottom and Advanced Maneuvers” (Aug. 18, 2021).

Compliance Checklist for AI and Machine Learning

With the ubiquity of artificial intelligence and machine learning, public scrutiny and efforts to regulate them are proliferating. This checklist, originally published in our sister publication, the Cybersecurity Law Report, condenses its four-article AI Compliance Playbook series into a convenient guide that companies can use to shape a compliance program for AI/ML innovation. The checklist adapts in part the Three Lines of Defense risk management framework that financial companies have used for decades to ensure that earlier generations of automated decision making adhered to equal-opportunity laws. This guide is adjusted for the latest generation of powerful algorithms to help companies gain public and regulator trust in the sensitive AI projects that they are increasingly embedding throughout their businesses and across everyday life. See “How Three Companies Embarked on AI Compliance Journeys” (May 12, 2021).

Quick Look at 2021 Anti-Corruption Enforcement Developments

2021 was a surprisingly busy year in legislation that impacts anti-corruption enforcement, mainly stemming from the massive and sweeping National Defense Authorization Act (NDAA) which went into effect on January 1, 2021, and included significant new tools for combatting money laundering and kleptocracy. Additionally, the new administration has focused on anti-corruption efforts as a matter of national security, with a particular focus on combatting corruption in Central America. Then, at the end of the year, the DOJ announced several key policy changes that could have a significant impact on corporate enforcement. Here we have gathered a non-exhaustive guide to some of these key developments for your quick reference. See “Quick Look at Recent DOJ Policy Changes” (Feb. 20, 2019); “Quick Look at 2019 Policy Changes” (Jan. 22, 2020); and “Quick Look at 2020 Policy Changes” (Jan. 6, 2021).

A Quick Look at New Regulations to Address National Security Threats in Shell Company and Digital Currency Transactions

Recently, FinCEN has taken steps to implement two new regulatory regimes designed to address national security threats in modern financial transactions, one dealing with digital currency and one imposing new beneficial ownership reporting requirements. In a guest article, Mario Mancuso and Sanjay Mullick, partners at Kirkland & Ellis, along with Carrie Schroll, an associate at the firm, take a quick look at those developments and provide key takeaways. See “Cryptocurrency and Corruption: The Future of FCPA Enforcement?” (Mar. 31, 2021).

A Quick-Start Guide to Risk Assessments

Risk assessments are cornerstones of all compliance programs – how else can a company ensure that its program is risk-based and fit for purpose? The process of identifying the risks a company faces and ranking them against each other, however, can seem overwhelming. Here, we have condensed the process into a quick-start guide to get you out the door and assessing risk with confidence. For a more detailed discussion, see our four-part guide to risk assessments: “Types of Assessments” (Jun. 26, 2019); “Techniques and Building a Team” (Aug. 7, 2019); “Where to Look for Risk and Risk Ranking” (Sep. 4, 2019); and “Wrapping Up and Avoiding Pitfalls” (Jan. 22, 2020).

Quick Look at 2020 Policy Changes

In recent years, there has been a whirlwind of anti-corruption-related policy changes and updates, making it sometimes difficult to keep track of them. 2020 did not see quite the flurry of activity as 2018 and 2019 did, but there were four major updates – two each from U.S. authorities and the U.K. Serious Fraud Office. We have gathered the key features of each here for your quick reference. See “Quick Look at Recent DOJ Policy Changes” (Feb. 20, 2019) and “Quick Look at 2019 Policy Changes” (Jan. 22, 2020).

Privacy Compliant Return-to-Work Checklist

Our return-to-work checklist is designed to help balance health and safety concerns with privacy and other legal considerations, which can be overwhelming when implementing plans to have employees return to a physical workplace. This checklist is derived from an in-depth series by our sister publication, the Cybersecurity Law Report, on how to facilitate a safe and privacy compliant return to work – which featured insights from privacy leaders at Mastercard, Johnson Controls, Orrick, Dentons and Gibson Dunn – and from a panel presentation by Fenwick & West at the 2020 Privacy + Security Forum. See “How to Facilitate a Safe and Privacy Compliant Return to Work: Policies and Protocols” (May 27, 2020).

A Side-by-Side Look at Recent Revisions to the ECCP

The DOJ recently announced additional changes to the Evaluation of Corporate Compliance Programs (ECCP) guidance exhibiting a refinement in its compliance expectations. The guidance was first issued in 2017 as a simple list of questions. Revisions made in April 2019 introduced additional commentary and structure to the document, and clarified that it was aimed at prosecutors, not companies. The most recent changes are less comprehensive but illustrate the DOJ’s ever-increasing compliance sophistication and willingness to understand the business realities companies face. To help show exactly what has changed, we have put together a side-by-side comparison of the relevant portions of the April 2019 and the June 2020 versions. A comparison of the April 2019 version to the original 2017 version is available here. See “Analyzing the DOJ’s New Evaluation of Corporate Compliance Programs” (May 15, 2019).

30 Creative Ideas for Compliance Messaging

Communicating compliance messages to the right people in the right format outside of formal training sessions is a perennial challenge. Using concepts from behavioral science, along with creativity and a sense of fun, the compliance professionals we have spoken with have come up with some surprising ways of getting their compliance messages across. Here we have compiled 30 real-life examples from over a dozen multinational companies to use as a jumping off point for companies looking to take a fresh approach to their compliance messaging. See “How the World’s Most Ethical Companies Are Aligning Corporate Culture and Strategy” (Jul. 24, 2019).

Quick Look at 2019 Policy Changes

In a recent speech, Assistant Attorney General Brian Benczkowski explained that one of his goals is to build companies’ trust in the government’s investigation and resolution process. To achieve that goal, the DOJ has attempted to increase transparency by revising policies to better reflect actual practices and publishing guidance for prosecutors on how to approach these cases. Other enforcers, such as the U.K. Serious Fraud Office and the AFA in France, have joined in as well. Here is a quick look at some of the policy tweaks, changes and guidance that were announced in 2019 by the DOJ, CFTC, AFA and SFO. See “Quick Look at Recent DOJ Policy Changes” (Feb. 20, 2019).

A Side-by-Side Look at How Walmart’s Monitor Agreement Compares to Previous Monitor Agreements

In late 2018, the Department of Justice announced that it was updating its policies relating to corporate monitors. The DOJ’s memo mandated that monitorships be more narrowly tailored to the conduct at issue and also emphasized that a company’s remedial measures and testing will be weighed heavily when the government is determining whether a monitor is necessary. Although both MTS and Fresenius have been assigned monitors in FCPA matters since the DOJ’s announcement, Walmart is the first company to receive a substantially different monitor agreement as part of its FCPA settlement. Most notably, Walmart’s agreement limits the scope of the monitorship, requiring that the monitor only review issues relating to “Key Risk Areas” in the countries at issue in the settlement. To show exactly how the Walmart agreement differs from a more typical monitor agreement, we compare the language included in the monitor agreement entered into by Fresenius in April with the language included in Walmart’s agreement. Further analysis of the Walmart settlement can be found here. See our two-part series on the DOJ’s “new” monitor policy: “An Announcement of the Obvious” (Dec. 12, 2018), and “Carefully Selected Monitors, Thoughtfully Scoped Monitorships” (Jan. 9, 2019).

A Side-by-Side Look at How the Revised ECCP Compares to the Original

The DOJ recently announced a total revision of its Evaluation of Corporate Compliance Programs (ECCP) guidance including significant changes in the questions prosecutors will ask about a company’s compliance program. To help show exactly what has changed, we have put together a side-by-side comparison of the old and new questions. An analysis of the new narrative guidance and the implications for the edits overall can be found here. See “DOJ’s Guidance Shows That Compliance Programs Still Matter” (Mar. 15, 2017).

A Checklist for Managing a Dawn Raid in India

In a recent guest article, attorneys at Foley & Lardner and Panag & Babu explained how India’s antitrust enforcement agency is raiding companies suspected of antitrust violations at an increasing rate. In a follow-up article, David Simon, Samudra Sarangi and Michelle Freeman provide a checklist of actions to take to minimize the significant reputational backlash and serious business disruptions that dawn raids can otherwise cause. See “How to Prepare for the Possibility of a Dawn Raid in India” (Feb. 20, 2019).

A Quick-Start Guide to Creating a Compliance Champion Program

Many companies do not have the budget to station a dedicated compliance professional at every company outpost around the globe, but having no compliance presence at all can make it more difficult to engage local employees and spread the company’s compliance message. Utilizing well-respected local employees to serve as part-time compliance liaisons – often called “compliance champions” – in addition to their regular jobs is one creative way to address this common resource issue. To help companies who are considering this approach, we’ve put together a quick-start guide to selecting, training and utilizing local employees as champions of the compliance program. See “Lonza’s GC for Global Ethics and Compliance Discusses Enhancing a Compliance Program Post-Acquisition” (Feb. 6, 2018).

Seven Tips for Conducting Integrity Due Diligence on Third Parties in Brazil

The Operation Car Wash investigation and the introduction of the Brazilian Clean Company Act have made vetting third parties in Brazil more critical than ever before. In a guest article, KLA – Koury Lopes Advogados partner Eloy Rizzo and associate Fernanda Martins offer seven tips for performing integrity due diligence in Brazil, including links to pertinent government databases and a list of key phrases in Portuguese to use in media searches. For more from Rizzo, see “A Clean Slate? Analyzing SBM’s Latest Brazilian Settlement” (Sep. 5, 2018).

Quick Look at Recent DOJ Policy Changes

Looking back at the Anti-Corruption Report’s coverage over the course of 2018, it is clear that the DOJ is on a kick of making policy changes and tweaks. Starting with the FCPA Corporate Enforcement Policy, announced at the very end of 2017, and moving through the introduction of changes to the Yates Memo almost exactly 12 months later, the guidance provided to companies on how anti-corruption and other corporate crimes will be enforced is welcome but the sheer number of updates left some of our heads spinning. To help keep track of the developments, we’ve put together this quick guide to what was said and what it means for compliance and enforcement. Our other helpful Quick Looks can be found here.

A Quick Guide to Getting Started With Compliance Program Metrics

In recent years, the SEC and DOJ have made it clear that they want to see hard data to support a company’s claim that its compliance program is robust and functioning effectively. But gathering and analyzing compliance program data can be a daunting task for many companies. In this quick guide, we provide step-by-step instructions on how companies can get started on the process. For a full discussion of this process see our four-part series on measuring compliance: “Getting Started” (Aug. 2, 2017); “Seven Areas of Compliance to Measure” (Aug. 16, 2017); “How to Measure Quality” (Sep. 6, 2017); and “Gathering and Analyzing Data” (Sep. 20, 2017).

Compliance Program Checkup: A Checklist for Evaluating Employee Discipline Policies and Procedures

Properly disciplining employees involved in an anti-corruption matter is a necessary and useful part of remediation. Companies should have good discipline policies in place before an anti-corruption issue arises to ensure that the procedure does not appear ad hoc or arbitrary to either employees or enforcers. When an issue does arise, companies should proceed with care to ensure a just and defensible outcome. This checklist provides companies with questions to ask both about their policies and specific procedures to make sure that their discipline process is running as smoothly as possible. For a deeper dive on this topic, see the Anti-Corruption Report’s three-part series on employee discipline for anti-corruption issues: “Predictability and Consistency in the Face of Inconsistent Laws” (Nov. 1, 2017); “Investigation and Documentation to Smooth the Discipline Process” (Nov. 15, 2017); and “Due Process for a Just and Effective System” (Nov. 29, 2017).

Auditing Third Parties: A Ten-Step Checklist

A successful third-party risk-management program requires regularly conducting third-party audits. While some companies have active third-party audit programs, others are still developing this component of their compliance program. This checklist guides a party through the audit process, from drafting policies and procedures to documenting and remediating after an audit is completed. For a more in-depth look at enforcing audit rights, the next third-party management frontier, see our three-party series: “What to Do Before an Audit” (Nov. 9, 2016); “Conducting an Onsite Audit” (Dec. 7, 2016); “Forestalling Problems, Documenting the Audit and Responding Appropriately” (Mar. 1, 2017).

Compliance Program Checkup: A Checklist for Evaluating Customs Policies and Procedures

Clearing customs is, from a corruption perspective, one of the riskiest things a company can do. Particularly when a business relies on delivering its goods to a country in a timely manner, any delay can become costly. Knowledge of this cost and companies’ need for timely clearance gives corrupt customs officials a tremendous amount of power and can put pressure on company employees or third parties tasked with managing the process. Effective controls in this area are, therefore, a must. With this checklist, companies can assess and monitor the state of their compliance policies and procedures and begin to address any weaknesses. For a deeper dive on this topic, see our three-part series on customs corruption risks: “Identifying the Problem Areas” (Oct. 21, 2015); “Four Ways to Limit the Risks of Working With Customs Brokers, Freight Forwarders and Other Third Parties” (Nov. 4, 2015); and “Should a Company Ever Pay a Facilitation Payment to a Customs Official?” (Nov. 18, 2015).

A Bribe By Any Other Name: 101 Ways People Refer To Corruption

What do mangoes, cheese bread and bonbons have in common? Aside from being delicious treats, they all can be used as euphemisms for a bribe. Less creatively, fraudsters may also discuss providing a “boost,” a “courtesy payment” or a “motivation amount.” Being able to spot these synonyms for corruption is a critical part of anti-corruption compliance, whether it be while reviewing expense reports, conducting pre-acquisition due diligence or investigating potential corruption. This checklist, including 101 ways to refer to a bribe, is a useful starting point for anyone tasked with reviewing documents for evidence of potential corruption. See “Ten Tips for Performing Effective Anti-Corruption Investigations in India” (May 24, 2017).

Sample Anti-Corruption Third-Party Due Diligence Questionnaire

During the initial phases of anti-corruption third-party due diligence, many companies choose to use a questionnaire to gather information about their potential partners. The Anti-Corruption Report has compiled a sample questionnaire that companies can use during their diligence and onboarding process. Companies can use this questionnaire as a starting point, adding questions that might be specific to their industry, region, business model or risk profile. For more details on customizing questions for third parties, see our three-part series on in-house perspectives on third-party due diligence: “Right-Sizing and Risk Ranking” (May 24, 2017); “Information Gathering” (Jun. 7, 2017); and “Red Flags and Follow-Up” (Jun. 21, 2017).

Checklist of Issues to Consider When Implementing a Hiring Practices Policy

In the past year, the SEC’s settlements with BNY Mellon and Qualcomm have made it clear that, at least in the SEC’s opinion, a job or internship can be a “thing of value” under the FCPA. Hiring the relative of a foreign official in order to curry favor with that official can lead to an FCPA violation. The Anti-Corruption Report has put together a checklist a company can use when drafting and implementing policies governing hiring. A company can use this checklist to evaluate the strength of its program and identify areas for improvement. See also “Hiring Practices and FCPA Compliance in the Wake of the BNY Settlement”: Part One (Jan. 13, 2016); Part Two (Jan. 27, 2016).

Checklist of FCPA Issues to Consider Before and After Making a Charitable Donation

Charitable donations can be effective guises for bribes, but can also be perfectly legitimate and benefit whole communities – in a sense, countering the corrosive impact of corruption.  Separating the altruistic payments from the problematic payments that improperly influence a foreign official can be challenging, especially when a foreign official has some connection to the charity.  The Anti-Corruption Report has compiled a non-exhaustive list of considerations to help companies formulate policies for smart charitable giving and to encourage good corporate citizenship while avoiding FCPA violations.  See also “Defining the Corruption Risks of Foreign Political Contributions” (Sep. 10, 2014).

Checklist of Issues to Consider When Drafting and Implementing Expense-Reporting Procedures

Insufficient controls governing the expense-reimbursement process can allow employees to bribe foreign officials without detection.  Employees can and have manipulated expense reports in order to provide improper benefits to government officials in the form of gifts, hospitality and charitable contributions and to generate pools of cash from which employees can pay bribes.  This checklist is designed to assist companies in implementing a risk-based expenditures program which can prevent such fraud.  See also “A Guide to Detecting and Preventing Expense-Reimbursement Fraud (Part One of Three)” (Apr. 16, 2014); Part Two; and Part Three.

Checklist of Issues to Consider When Negotiating, Drafting and Enforcing Audit Clauses in Third-Party Contracts

Securing audit rights in contracts with third parties is one specific way to mitigate the corruption risk that doing business with third parties poses.  Audit rights allow a company to monitor third parties’ activities – activities which could result in FCPA charges for the company.  These rights can be challenging to obtain and enforce, and may not be appropriate for all third parties.  This checklist assists companies with structuring negotiations, drafting audit clauses and enforcing agreements.  See “When and How Should Companies Include Audit Rights in Third-Party Contracts? (Part One of Three)” (Jul. 23, 2014); Part Two and Part Three

Checklist of Issues to Consider When Negotiating Anti-Corruption Representations and Warranties in Third-Party Contracts

Third-party relationships continue to vex many companies operating internationally.  In fact, nearly every 2014 corporate FCPA resolution highlighted company liability for bribes made to foreign officials by third parties.  Anti-corruption reps and warranties in third-party contracts are one way to mitigate third-party corruption risk.  This checklist can help companies design a template to use when drafting provisions for specific third parties.  See also “A Guide to Anti-Corruption Representations in Third-Party Contracts: Nine Clauses to Include (Part One of Two)” (Jun. 25, 2014); “Clauses for High-Risk Situations and Enforcement Strategies (Part Two of Two)” (Jul. 9, 2014).

Checklist of Actions to Take and Issues to Consider When Navigating Data Privacy and Anti-Corruption Issues

Investigating a potential FCPA violation almost invariably entails cross-border discovery because U.S. companies need data housed overseas.  While trying to please U.S. regulators in obtaining information relevant to suspected bribes both in the context of internal investigations and due diligence of another company, however, companies often find themselves at the risk of violating the strong data privacy laws enacted in many countries across the globe.  To minimize conflicts, companies must educate themselves about data privacy, plan ahead and act strategically.  This checklist can serve as a guide to help companies comply with data privacy laws when conducting cross-border anti-corruption or other investigations, and when engaging in common compliance activities.  The checklist highlights data privacy issues that companies should consider and actions they should take prior to the development of an FCPA issue, during an investigation and during due diligence.  For more on the interaction between data privacy and anti-corruption laws, see the Anti-Corruption Report’s Data Privacy Series: "Conflicting Compliance Obligations: How to Navigate Data Privacy Laws While Performing Internal Investigations and Promoting FCPA Compliance in the E.U. (Part One of Three)” (Jan. 9, 2013); Part Two Of Three (Jan. 23, 2013); Part Three of Three (Feb. 6, 2013).

Sample Questions to Ask Third Parties When Initiating Anti-Corruption Due Diligence

This guest article, by Nardello & Co., provides an example of a questionnaire to be completed by third parties when a company is performing FCPA due diligence on such parties.  This questionnaire can be customized to specific circumstances, industries or geographies, and can serve as the basis for a risk assessment, further anti-corruption diligence or on-the-ground investigations.  The questionnaire includes corporate questions as well as individual questions.  For further insight on third-party due diligence, see “Conducting Effective Anti-Corruption Due Diligence on Third Parties: An Interview with the Principals of Nardello & Company” (Sep. 26, 2013).

Checklist of Actions to Take and Factors to Consider When Conducting Pre-Merger Anti-Corruption Due Diligence 

Anti-corruption issues can undermine a merger or acquisition that otherwise would be successful on the economic merits.  Consequently, FCPA due diligence has become a critical component of overall M&A due diligence, and such diligence is not complete before comprehensive FCPA due diligence has been conducted on the target company.  But what constitutes comprehensive FCPA due diligence in connection with a transaction?  What high-level areas should acquirers or merger partners investigate?  What specific questions should they ask, and what should cause them to drill down and ask hard follow-ups?  Perhaps most importantly, what issues should cause a company to walk away from an otherwise meritorious transaction?  This checklist, drafted by Michael Gilbert and Mauricio España, partners at Dechert LLP, addresses these questions, and in the process, helps define the scope and increase the precision of transactional FCPA due diligence.  For more from Gilbert and España on this subject, see “Critical Steps to Take and Questions to Ask When Conducting Pre-Merger Anti-Corruption Due Diligence” (Aug. 8, 2012).

Anti-Corruption Due Diligence Checklist for Mergers and Acquisitions

This checklist provides steps to guide companies through anti-corruption due diligence during a merger, acquisition or other transaction.  The authors of this checklist are Willkie Farr & Gallagher LLP partners Martin Weinstein, Robert Meyer and Jeffrey Clark, and this checklist was included in their treatise The Foreign Corrupt Practices Act: Compliance, Investigations and Enforcement.  In this and recent issues of the Anti-Corruption Report, we have serialized the chapter of the treatise dealing with anti-corruption issues in connection with mergers, acquisitions and other transactions.

Most-Read Articles

Spotlight on Trailblazing Women

To mark International Women’s Day 2024, women editors and reporters of ION Analytics interviewed outstanding women in the industries and jurisdictions we cover. In this part, Jill Abitbol, Managing Editor of the Cybersecurity Law Report and Anti-Corruption Report, features notable women in data privacy, cybersecurity, white collar defense, compliance and anti-corruption law, including Christina Montgomery, Leslie Shanklin, Palmina Fava, Alexandra Ross and Lucinda Low. Enjoy reading their inspiring remarks here.