2011 Mid-Year Update on Corporate Deferred Prosecution and Non-Prosecution Agreements

July 12, 2011

Deferred Prosecution Agreements ("DPAs") and Non-Prosecution Agreements ("NPAs") are an increasingly familiar tool used by the Department of Justice ("DOJ") to resolve alleged corporate wrongdoing.  In May 2011, for the first time, the United States Securities and Exchange Commission ("SEC" or "Commission") entered into a DPA to resolve an enforcement action following its first-ever NPA in December 2010.  Through these agreements, DOJ and, now, the SEC, agree to forgo prosecution in exchange for the company’s agreement not to commit further violations of the law and to undertake specific cooperation and compliance obligations.  In the DOJ context, DPAs and NPAs differ in one material respect:  DOJ typically files a criminal information in federal court for DPAs, while NPAs generally are not filed in court.[1]  The dichotomy between the SEC’s agreements is less clear because it has only announced one of each to date.  The Commission, however, has not yet leveled any financial penalties for NPAs and neither agreement appears subject to judicial scrutiny.

DOJ began using DPAs and NPAs to sanction corporate misconduct without exposing corporate stakeholders to the many negative consequences of criminal indictment or conviction, including the collapse of the company.  According to DOJ, these agreements strike the appropriate balance between penalizing companies, compensating victims, and halting criminal conduct "without causing the loss of jobs, the loss of pensions, and other significant negative consequences to innocent parties who played no role in the criminal conduct, were unaware of it, or were unable to prevent it."[2]

Historically, the majority of the agreements have come from DOJ’s Fraud Section in connection with Foreign Corrupt Practices Act ("FCPA") violations as well as a growing selection of United States Attorney’s Offices.  Increasingly, other DOJ entities are using these agreements to address allegations of corporate misconduct.  Much of the initial criticism of DOJ’s DPAs and NPAs focused on the lack of guidance on what conduct merits an NPA instead of a DPA and on a lack of uniformity and standards in these agreements, leaving corporations guessing at to what to expect from federal prosecutors when confronted with a criminal investigation.  DOJ has responded to many of these concerns and made progress toward standardizing the terms and conditions of DPAs and NPAs, the process by which fines are levied, and its expectations with regard to corporate compliance programs.  However, certain specific requirements–such as the requirement for companies to hire independent compliance monitors–remain somewhat opaque and, accordingly, controversial.  Moreover, the SEC’s adoption of DPAs and NPAs as "cooperation tools" alongside its traditional enforcement tools of civil injunctions and administrative proceedings raises a host of new issues for corporations and their counsel to consider.  Finally, as these agreements proliferate, the likelihood that prosecutors and regulators will declare a company in breach of its agreement will increase along with thorny legal issues.

Gibson Dunn has participated in negotiating and obtaining these agreements since their introduction, and our attorneys have written extensively on the legal and policy implications of DPAs and NPAs for more than 15 years.  This client update, the latest installment in our biannual series of updates, reviews the corporate DPAs and NPAs announced during the first half of 2011 and highlights key trends and developments.

Deferred and Non-Prosecution Agreements to Date in 2011

To date, DOJ and the SEC entered into or received court approval for 17 reported agreements in the first half of 2011.[3]  Significantly, one of these agreements was the SEC’s first-ever corporate DPA this year (after entering into its first NPA in 2010).  As the chart below indicates, DOJ and the SEC continue to employ these agreements at the near record pace witnessed in 2010, almost equaling the total number of agreements reached in 2008 and 2009.  As discussed in our 2010 Year-End Update, this exceptional pace is attributable to (a) the growing number of government units, now including DOJ’s Antitrust Division and the SEC, using agreements to resolve alleged corporate wrongdoing, (b) the continued explosion of FCPA enforcement actions, (c) the increased voluntary disclosure of potential misconduct by corporations, which accounts for nearly half of the recent FCPA settlements, and (d) DOJ’s sustained focus on corporate crime, particularly in the finance and healthcare areas.

Although the use of agreements is on the rise, there has been a notable decrease in the variety of matters resolved by DPAs and NPAs so far this year.  In 2010, the 35 agreements reflected 15 different types of allegations.  To date in 2011, the 17 agreements cover only 6 different types of allegations, with nearly half of all agreements involving alleged FCPA violations.  Given the prevalence of FCPA-related DPAs and NPAs, it is not surprising that, as in the past, DOJ’s Fraud Section has led the DPA and NPA parade during 2011. 

Consistent with a trend that we have previously noted–but with a few notable exceptions[4]–the terms and conditions of DPAs and NPAs have continued to standardize.  This trend toward uniformity is consistent across all DOJ entities, including the Fraud Section, the Antitrust Division, and various U.S. Attorney’s Offices.  One of those standardized terms found in all of DOJ’s agreements this year reserves sole discretion to determine whether the corporation breached the agreement.  (The SEC’s agreements are less clear on this point.)  As discussed further below, and as DPAs and NPAs become more prevalent, we expect to see a much closer focus on what constitutes a breach, and what remedies, if any, a corporation has if DOJ or the SEC declares a corporation is in breach.

The chart below summarizes the agreements that DOJ and the SEC have entered into through July 10, 2011.  The complete text of each agreement is hyperlinked in the chart.

New Users of NPAs and DPAs

As DOJ’s lead FCPA enforcer, the Fraud Section has been the primary user of DPAs and NPAs.  In addition to the Fraud Section and various U.S. Attorneys’ Offices, two other federal enforcers have used these agreements so far in 2011:  the SEC and DOJ’s Antitrust Division.  These are game-changing developments that provide alternative settlement options for corporations to consider.

SEC Enters into its First-Ever DPA

On May 17, 2011, the SEC announced that it had entered into its first-ever DPA with Luxembourg-based Tenaris S.A. to resolve alleged violations of the FCPA.  This settlement is the SEC’s first use of a DPA since the Commission outlined the use of NPAs and DPAs as "cooperation tools" as part of its Cooperation Initiative in January 2010.[5]  The Cooperation Initiative represents a new, formal process through which the SEC’s Division of Enforcement seeks to reward cooperation by individuals and companies through alternative resolution methods and less severe penalties.  Consistent with its prior approach set out in the Seaboard Report[6], the Division of Enforcement identified four key measures of a company’s cooperation:  (1) self-policing prior to the discovery of the misconduct; (2) self-reporting upon discovery of the misconduct; (3) remediation of the misconduct through compensation of those injured and improvement of internal controls and policies; and (4) cooperation with law enforcement authorities, including providing the SEC with all information regarding the underlying conduct.[7]  The Division identified a continuum of so-called "cooperation tools," including proffer and cooperation agreements, DPAs and NPAs, and criminal immunity requests, all designed to reward cooperation.  The Tenaris DPA represents only the second example of the SEC using a cooperation tool, the first being the December 2010 NPA with Carter’s Inc. ("Carter’s NPA") that resolved accounting fraud allegations without any monetary penalty imposed by the Commission.

The SEC’s DPA with Tenaris

The complete details of this enforcement action are available in Gibson Dunn’s May 19, 2011 client alert on the topic.  According to the Statement of Facts in the Tenaris DPA, in 2006 and 2007, Tenaris’s sales personnel for the Caspian Sea region allegedly engaged in a bid-rigging scheme involving four contracts with OJSC O’ztashqineftgaz ("OAO"), a subsidiary of Uzbekistan’s state-owned oil and gas company, and ultimately was awarded contracts worth nearly $20 million.  Following complaints from Tenaris’s competitors and an investigation by the Uzbekistani government, OAO canceled the contracts by 2008.  Subsequently, Tenaris learned of apparently unrelated improper payments and launched an investigation.  Tenaris self-reported certain issues to DOJ and the SEC in June 2009, but only raised the Uzbekistan issue in July 2010.  Any other improper conduct hinted at in the settlement documents was never charged; DOJ’s NPA and the SEC’s DPA only raise the Uzbekistan matter.

In announcing the DPA, the SEC’s Director of Enforcement, Robert Khuzami, noted that Tenaris’s response upon learning of the allegations demonstrated "high levels of corporate accountability and cooperation," including its "immediate self-reporting, thorough internal investigation, full cooperation with SEC staff, enhanced anti-corruption procedures, and enhanced training[,] made it an appropriate candidate for the Enforcement Division’s first Deferred Prosecution Agreement."  Mr. Khuzami continued, "Effective enforcement of the securities laws includes acknowledging and providing credit to those who fully and completely support our investigations and who display an exemplary commitment to compliance, cooperation, and remediation."

The DPA, which has a two-year term, requires Tenaris to disgorge profits plus prejudgment interest totaling $5.43 million; provide the SEC with a written compliance certification in advance of the DPA’s expiration; and engage in certain changes to its anti-corruption compliance program.  The improvements include reviewing and, if appropriate, updating its Code of Conduct on an annual basis; requiring each director, officer, and management-level employee to certify annually his or her compliance with the Code of Conduct; and conducting FCPA training for all officers and managers, employees in Finance, Accounting, Internal Audit, Sales, and Government Relations, plus any other employees in positions Tenaris determines involve FCPA risk, and for all such future employees within 90 days of their hiring.  The DPA noted that Tenaris had already undertaken substantial remedial measures, including strengthening the anti-corruption controls in its Code of Conduct, Business Conduct Policy, and Agent Retention Procedures, and improving its due diligence procedures for retaining and paying third-party agents.

The breach provision of the Tenaris DPA is less clear than analogous provisions drafted by DOJ.  While the DPA asserts that the Division has sole discretion to recommend to the Commission that it take enforcement action, the DPA is silent as to how the parties are to decide whether a breach has occurred.  The DPA sets out that the Commission will issue a Wells notice and consider Tenaris’s response.  In typical DOJ DPAs, DOJ claims "sole discretion" to determine whether the defendants breached the agreement.[8]  In the event of an enforcement action by the SEC, Tenaris agrees not to contest or contradict the factual statements contained in the DPA as admissions.  Beyond that context, however, the agreement asserts that Tenaris may contest those facts in any other legal proceeding and purports that the agreed upon statement of facts was made pursuant to settlement negotiations and is not binding on Tenaris in any other proceeding, and it is not binding on any other party or entity.  As discussed below, we note that this assertion is untested in the context of the SEC’s DPAs.  The DPA also tolls the statute of limitations for the duration of the DPA.

DOJ’s NPA with Tenaris

Separately, Tenaris also entered into a two-year NPA with DOJ, agreeing to a $3.5 million criminal penalty.  This agreement is significant in that it demonstrates that DOJ and the SEC have different standards for deciding which type of agreement a company merits.  Nothing in either agency’s statements explained this outcome.  Similar to the SEC’s commentary, DOJ’s press release noted that Tenaris exhibited "extraordinary cooperation" and "undertook extensive remediation" to its anti-corruption compliance program.  The DOJ NPA, articulated in an appendix to the NPA, provided detailed best practices guidance for Tenaris to improve its corporate compliance program that went far beyond the more limited requirements sought by the SEC.  As discussed in greater depth below, this guidance has been included in some form in each of DOJ’s FCPA settlement agreements since November 2010

Comparing the SEC’s DPA and NPA

Historically, the SEC resolved settled enforcement actions by filing consent judgments based on civil complaints in a U.S. District Court or an administrative order instituting proceedings and imposing sanctions to which the respondent consented.  In both types of actions, the defendants (or respondents) neither admitted nor denied the Commission’s allegations or findings.  As we discussed in the 2010 Year-End Update, the SEC’s adoption of DPAs and NPAs, formerly used only to resolve criminal matters, represents a stark departure from past practice. 

The SEC’s new resolution methods differ from its historic practices and from DOJ’s methods in several ways.  Procedurally, the SEC does not file a civil case or institute an administrative action as part of the DPA or NPA.  In fact, neither form of agreement is necessarily made public, let alone subject to judicial scrutiny or approval.  The Enforcement Manual states that only DPAs will be made available to the public upon request, unless the Commission directs otherwise.  By contrast, the key difference between the two types of DOJ agreements are that NPAs are not filed with a court, but they almost universally are released, and thus not necessarily public, while DPAs are filed in federal court along with a criminal information and require court approval.

More substantively, the Enforcement Manual imposes two basic requirements upon defendants entering into NPAs with the SEC:  cooperate fully and truthfully in the SEC’s investigation and comply with any undertakings in the agreement.  The Carter’s NPA noted that Carter’s agreed to "cooperate fully and truthfully . . . regardless of the time period in which the cooperation is required."  In the case of both the DPA and NPA, if the defendant violates the agreement, the SEC reserves the right to pursue an enforcement action based on the underlying conduct.  Unlike the Tenaris DPA, which was valid for two years, the Carter’s NPA did not have a time period for which it was valid.  The lack of a time period for the NPA is particularly relevant in light of the consequences if the SEC determines that Carter’s breached the agreement.  If Carter’s violates the NPA and the SEC takes responsive action, Carter’s agreed that if the action "would not have been time-barred by the applicable statute of limitations if brought on the date of the execution" of the NPA, the SEC may bring the action "notwithstanding the expiration of the statute of limitations between the signing of [the NPA] and the commencement of such action."  This provision appears to extend the statute of limitations indefinitely should the company violate the terms of its NPA.  In contrast, the Tenaris DPA tolls any applicable statute of limitations during the period of the DPA but not indefinitely.

One question this case raises is where the SEC draws the line between use of a DPA and an NPA.  Obviously, DOJ and the SEC drew the line differently in this case:  based on the same facts, DOJ chose an NPA while the SEC chose a DPA.  The Enforcement Manual notes that an NPA is not appropriate if the defendant has previously violated the securities laws, if the investigation is in its early stages, or if the defendant’s role in the misconduct and/or the importance of the defendant’s cooperation are not yet clear.  As Mr. Khuzami noted in his press conference announcing the Cooperation Initiative, an NPA is "entered into under limited and appropriate circumstances."  Most importantly, from a collateral consequences perspective, the Carter’s NPA lacks a detailed statement of facts and any admission of liability, including lacking the stock statement that the company "neither admits nor denies" the allegations.

Based on comments by the Commission staff in announcing the DPA, Tenaris was a DPA candidate because of its immediate disclosure and exceptional cooperation.  However, it appears not to have been an NPA candidate because of the alleged underlying violation.  According to Cheryl Scarboro, then-Chief of the SEC Enforcement Division’s FCPA Unit, "Tenaris’s conduct was clearly in violation of the FCPA.  The company’s employees bribed government officials in Uzbekistan to obtain government contracts.  But when Tenaris discovered the illegal conduct, it took noteworthy steps to address the violations and significantly enhance its anti-corruption policies and practices to remediate weaknesses in its internal controls." 

It appears that the Tenaris Audit Committee’s robust response to the "red flag" information from its customer, its "extensive, thorough, real-time cooperation" with DOJ and the SEC, and its willingness to undertake certain remedial measures led to the disposition.  Nevertheless, Tenaris still paid $8.93 million in monetary penalties and disgorgement–effectively double the reported profit it made from the allegedly improperly obtained contracts.

Beyond these differences, a comparison of these two SEC settlement agreements permits several preliminary conclusions regarding the SEC’s new practice. 

First, the benefits of an NPA are clear:  NPAs do not appear to carry any financial penalties.  That being said, the SEC frequently settled enforcement actions using its traditional methods without any financial penalties.  Second, the NPA makes no allegations of misconduct and contains no statements of fact.  This benefits a company seeking to avoid collateral civil litigation based on a Commission-authored recitation of facts. 

Turning to a DPA, the defendant agrees to what appears to be remedies very similar to those historically obtained by the SEC in a settled enforcement action, but potential defendants need to consider the risks and benefits of a DPA more carefully.  As long as a company fulfills its commitment under the DPA, it can accurately state that the SEC decided not to take an enforcement action against it.  This distinction is meaningful for a defendant’s public image and reputation.  Moreover, in the Tenaris matter, the SEC staff went to great lengths to point out the company’s "extensive, thorough, real-time cooperation" with U.S. regulators, which can help a defendant show its constituents, investors, and other regulators that it is an earnest, law-abiding entity.  A second potential advantage of a DPA is avoidance of collateral consequences.  Some collateral consequences, such as disclosure obligations or disqualification from participation in the securities industry, arise from the entry of an injunction.  A DPA may avoid these consequences.

On the other hand, the DPA model is untested.  One reason parties settle SEC proceedings is to avoid the collateral estoppel effect of adverse findings of fact and conclusions of law, which an adversary may later use in suing for damages or other relief.  Generally, courts have concluded that they will not impose collateral estoppel based on factual recitations contained in settled SEC enforcement actions and that settled SEC complaints or administrative orders are not evidence.  Because DPAs are new, there is less precedent regarding how courts will view similar factual recitations.  Beyond their effect in courts, DPAs may carry other collateral effects, such as suspension or debarment of companies that obtain government contracts in the United States or Europe, or companies that perform projects with funds from international development banks (e.g., The World Bank).  Such decisions are discretionary based on facts and circumstances, but the untested nature of DPAs carries some risk.  For example, under the Federal Acquisition Regulation, a U.S. government agency may have the discretion to suspend a company "on the basis of adequate evidence" and debar a company "based upon a preponderance of the evidence."[9]  A company considering a DPA resolution should consider how, if at all, the agreement and its statement of facts could affect these contractual relationships.  Similarly, a company considering a DPA may wish to consider confirming that its insurance carriers will not construe a DPA as an admission that could adversely affect coverage for the company and/or its directors and officers.

DOJ’s Antitrust Division Inks Two NPAs

The Antitrust Division has made only limited use of NPAs in the past.  Historically, under the Division’s Leniency Program, the first company to report collusive activity and cooperate with the Division can avoid criminal conviction, fines, and prison sentences for many of their employees.  For "second-in-the-door" companies, the Division’s stated policy is to provide NPAs for employees in select cases depending on the degree of cooperation and the value of the information,[10] but the Division does not have an articulated policy addressing how it uses NPAs for corporations.  Although the Division has not announced a policy change, it has entered into two NPAs so far this year with companies that did not apparently qualify for the Leniency Program.

A Look Back at Past Antitrust Division NPAs

According to our research, the Antitrust Division has previously entered into only a handful of similar agreements in recent years.  NEC Corp. and Hitachi Ltd. each entered into a "Cooperation and Non-Prosecution Agreement" with the Division in January 2006 as part of the Division’s plea deal with the companies’ joint venture subsidiary, Elpida Memory, Inc.  Next, following an industry-wide sweep of anticompetitive and fraudulent conduct related to the Department of Defense’s International Through Government Bill of Lading ("ITGBL") program, the Division entered into an NPA with The Pasha Group and related companies in September 2006 relating to apparent violations of the ITGBL program.  Also, in March 2007, the Division, along with the U.S. Attorney’s Office for the Northern District of Georgia, entered into an NPA with NetVersant Solutions, Inc. and its subsidiary for allegedly anticompetitive conduct in connection with the Federal Communication Commission’s E-Rate program.  Of these prior NPAs, only NetVersant was required to pay any restitution and none of these companies were required to pay any criminal penalties.  None mentioned the Division’s Leniency Program.

Recent Antitrust Division NPAs

In May 2011, the Division entered into an NPA with UBS AG concerning criminal antitrust charges concluding a long-running investigation into municipal bond investment agreements.  Under the terms of the NPA, which by its terms is only binding on DOJ’s Antitrust Division, UBS accepted responsibility for anticompetitive conduct by former employees who "entered into unlawful agreements to manipulate the bidding process and rig bids on municipal investment contracts."  UBS agreed to cooperate fully in DOJ’s investigation into the industry and pay restitution, penalties, and disgorgement totaling $160.3 million, divided among the IRS, the SEC, and 25 State Attorneys General.  On the same set of facts, the Division entered another NPA with JPMorgan Chase & Co. on July 6, 2011 concerning identical conduct by JPMorgan’s former employees and agreed to pay $228.0 million in restitution, penalties, and disgorgement. 

Previously, in December 2010, the Antitrust Division announced its first settlement in this series with Bank of America through its Corporate Leniency Program, with the bank agreeing to pay restitution of $137.3 million to federal and state agencies in its amnesty agreement.  The practical effect of the Bank of America settlement appears identical to that of the JPMorgan and UBS NPAs–the Division will not prosecute any of the companies for their alleged misconduct.  The salient difference appears to be that Bank of America was able to be "first in the door" to take advantage of the Leniency Program, thereby avoiding disgorgement and penalties.  Both JPMorgan and UBS are licensed as national banks and have broker-dealer licenses as well as are registered as investment advisors.  These types of licenses of regulated businesses can be jeopardized by a criminal conviction.

A possible conclusion from the JPMorgan and UBS NPAs is that the Antitrust Division may now occasionally use NPAs for corporations that do not qualify for the Leniency Program but are nevertheless good corporate citizens that would be susceptible to significant collateral harm should they be convicted of or plead guilty to a crime.

New Jersey U.S. Attorney Finds Second Firm in Breach of DPA Obligations

In September 2010, Wright Medical Group entered into a DPA with the U.S. Attorney for the District of New Jersey to resolve allegations of conspiracy to violate the Federal Anti-Kickback statute.  On May 5, 2011, the company announced that the U.S. Attorney for the District of New Jersey accused the company of "knowingly and willfully committ[ing] at least two breaches of material provisions of [its] DPA."  A day earlier, pursuant to the terms of its DPA, the company had informed its independent monitor and the U.S. Attorney’s Office that an internal investigation had revealed "credible evidence of serious wrongdoing."  In April 2011, the company disclosed that its CEO had resigned "without good reason" under the terms of his employment agreement "prior to a Board meeting called to discuss management’s oversight of the Company’s ongoing compliance program" and that, at that meeting, the Board terminated the company’s Chief Technology Officer "for failing to exhibit appropriate regard for the company’s ongoing compliance program."

Under the terms of its DPA, the New Jersey U.S. Attorney’s Office had "sole discretion" to determine "in good faith" whether the company breached the agreement by having "committed any criminal conduct relating to compliance with health care laws."  The company’s DPA provided it three weeks within which to make a presentation to the U.S. Attorney to "demonstrate that no breach occurred, or . . . that the breach was not material or knowingly and willfully committed or has been cured" before the government took any action against it.  Significantly, the terms "knowingly" and "willfully" are not defined in the agreement and thus open to different interpretations.  Presently, there is no publicly available information as to how the U.S. Attorney has chosen to proceed, but its quick declaration of breach the day after the company’s mandatory disclosure is telling.

Even without federal criminal action at this point, Wright Medical is already facing the possibility of collateral consequences resulting from its alleged breach.  At least two plaintiffs’ firms have opened investigations of Wright Medical for potential shareholder claims.  This development raises the prospect of the company facing multiple waves of civil litigation surrounding its federal settlements involving substantial cost, reputational harm, and distraction from its business and remediation requirements. 

Lessons from Past Breaches in New Jersey

Wright Medical is not the first instance in which New Jersey’s U.S. Attorney’s Office has declared that a company is in breach of its DPA commitments.  In 2006, that office similarly notified Bristol-Myers Squibb Co. ("Bristol-Myers") that it had violated the terms of a 2005 DPA relating to securities fraud by allegedly violating federal antitrust law.  The terms of Bristol-Myers’ DPA regarding breach were far broader than those of Wright Medical:  (1) there was no good faith requirement and (2) a breach could be triggered by any criminal conduct "related to [Bristol-Myers’] business activities."  In contrast, Wright Medical’s DPA limited the trigger for breach to violations of health care laws, and therefore was more narrowly tailored to reflect the original allegations relating to the company paying kickbacks to doctors.

Companies considering DPAs in the District of New Jersey be warned:  Of the nine DPAs entered into by the New Jersey U.S. Attorney’s Office, that office has declared two companies in breach–some 22% of its agreements.  Given this fact, companies entering into DPAs in New Jersey, and to the extent possible in other jurisdictions, would be wise to push hard for narrow breach triggers and then make best efforts to ensure compliance with the agreement’s terms and avoid further violations.  

Remedies and Outcomes Following Past Breaches

In the Bristol-Myers case, the New Jersey U.S. Attorney subsequently determined that the company had cured any breach by ousting its CEO and general counsel and implementing additional internal reforms.  The U.S. Attorney for the District of New Jersey reportedly attended the Board of Directors’ meeting at which the company’s monitor recommended the termination of these executives, who subsequently resigned, to confirm that such action would help cure the company’s breach.  Later, in a three-way agreement between the company, the New Jersey U.S. Attorney, and the Antitrust Division, the company settled the alleged antitrust violations by pleading guilty to two counts of making false statements to the Federal Trade Commission and paying a $1 million penalty.  As part of this agreement, the New Jersey U.S. Attorney formally agreed not to prosecute the company for the underlying securities fraud allegations covered in its DPA, which subsequently expired without further incident.  By avoiding criminal prosecution, Bristol-Myers also avoided the severe consequence of possible debarment from participation in federal health care programs.

In the event DOJ determines that a company is in breach of an agreement, the company’s chances of successfully challenging DOJ’s determination are remote.  With one notable exception discussed below, companies have a limited ability to litigate allegations of a breach.  Given this reality, companies must first endeavor to define material terms and include all relevant facts and dates when negotiating settlement agreements.  Next, companies must see signing a settlement agreement as the first step down the road to remediation, as a subsequent violation may put the company in a worse position than if it never entered into the agreement in the first place.  Aside from the reputational harm of negative press, a company will suffer the actual harm of a criminal conviction, having essentially admitted the elements of the crime in the agreement’s statement of facts–admissions that the company would not likely make in contested litigation.  These admissions often include concessions to DOJ’s often expansive view of the law and its use of novel and untested legal theories, which a company agrees to as part of a corporate settlement but would vigorously challenge in a contested trial.  Worse still, a company’s admissions in its statement of facts often provide a roadmap for plaintiffs to pursue civil litigation such as shareholder or class action suits against the company.

To date, DOJ has only revoked one company’s DPA and subsequently required it to plead guilty to criminal charges.  As discussed in our 2008 Year-End DPA/NPA Update and our 2008 Year-End FCPA Update, in February 2007, Aibel Group Ltd., a U.K.-based energy services company, entered into a DPA with DOJ’s Fraud Section to resolve allegations of FCPA violations involving improper payments to Nigerian customs officials totaling $2.1 million.  Twenty-one months later, in November 2008, DOJ announced that Aibel Group had breached its DPA and had agreed to plead guilty to a two-count superseding information re-alleging the same conduct underlying the DPA.  DOJ did not specify the reason for its revocation of the 2007 agreement, except to say in the plea agreement that despite Aibel’s commitment of "substantial time, personnel, and resources to meeting the obligations of its DPA," Aibel had "failed to meet its obligations."  Under Aibel’s DPA, as is common in most prosecution agreements, DOJ had "sole discretion" to determine breach and make charging decisions.  Pursuant to the plea agreement, in addition to a term of organizational probation, Aibel Group paid a $4.2 million criminal fine.  A guilty plea, then, is the most likely outcome if DOJ revokes a company’s DPA.

Stolt-Nielsen S.A. is the only company to date to successfully challenge DOJ’s allegation of a settlement agreement breach, albeit in a slightly different context–a conditional amnesty agreement with DOJ’s Antitrust Division as part of the Division’s Corporate Leniency Program.  Stolt-Nielsen reported antitrust violations to the Division, earning conditional amnesty in early 2003.  Only months later, the Division revoked the company’s immunity asserting that the company had not taken "prompt and effective action" to terminate its part in the conspiracy.  In a creative move, Stolt-Nielsen turned to the courts to intervene and, following contested litigation, had DOJ’s indictment against the company dismissed.  The federal district court that heard the case concluded that the company did not breach its conditional amnesty agreement because the company did indeed take "prompt and effective action" by engaging in a "prompt and diligent process" to prevent further violations, even if the anticompetitive activity did not stop immediately.[11]  For instance, the court found that Stolt-Nielsen promptly issued a comprehensive and revised Antitrust Compliance Policy, including drafting and distributing a revised Antitrust Compliance Handbook, trained its employees around the world, required all relevant employees to sign compliance certifications, and informed its competitors of the revised Policy and the company’s intention to comply with it.  Further, the court found that "[a]t all times, Stolt-Nielsen’s management conveyed the unequivocal message that all anticompetitive activity must cease immediately."[12]  The court also concluded that DOJ had the burden of showing that the company materially breached the agreement, which DOJ could not meet because it had received the benefit of the bargain in its agreement:  the company had cooperated extensively and provided "volumes of highly incriminating evidence" that DOJ used to prosecute other companies and individuals in the conspiracy and secure $62 million in fines.[13]  The Division chose not to appeal the court’s ruling, making Stolt-Nielsen the only company to successfully litigate an alleged breach of its settlement agreement.  In the wake of the Stolt-Nielsen decision, the Antitrust Division revised its policies in an effort to stave off future judicial intervention. 

Decrease in Independent Monitor Provisions and the Rise of Self-Monitoring

In the past, DPAs and NPAs have commonly required companies to retain independent monitors or consultants to oversee performance of the companies’ obligations.  As discussed in detail in Gibson Dunn’s recent summary of FCPA monitorships, independent monitor requirements had been especially prevalent in DPAs and NPAs resolving FCPA violations, with DOJ requiring them in about 42% of settlements. 

To date in 2011, however, settlement agreements have demonstrated a marked decline in the use of independent monitors, particularly in FCPA cases.  Of the 17 agreements approved this year, only two, Alcatel-Lucent and JGC, require corporate monitors.  Those two cases represent this year’s two largest FCPA settlements in financial terms.

Inside and outside corporate boardrooms, companies have expressed concern about "how monitors were carrying out their responsibilities" and "the overall cost of the monitorship."[14]  Perhaps in light of this concern, recent trends in corporate monitorships demonstrate that DOJ appears to be shifting away from independent monitors in favor of corporate self-monitoring arrangements.  We first noted this trend in our 2010 Year-End Update, and it appears that this trend has continued.  So far in 2011, every DOJ DPA resolving FCPA allegations that did not include an independent monitor included a "Corporate Compliance Reporting" self-monitoring requirement.  Under these requirements, companies must provide DOJ with an initial report and annual reviews regarding the remediation provisions of the agreements and the implementation of revised corporate compliance programs for the duration of the agreement.  It appears that DOJ will continue to use the self-monitoring model in the future as a less onerous alternative to independent monitors.

FCPA Compliance Best Practices

In the past six months, several DPAs that DOJ has entered have offered insight into what the government considers "best practices" in FCPA compliance.  These particular DPAs have provided much greater clarity in identifying basic benchmarks that DOJ considers vital in a robust compliance program.

As mentioned earlier, DPAs have begun to include "Corporate Compliance Reporting" provisions.  These provisions include 12 items that should be considered at a minimum to ensure that a company maintains "(a) a system of internal accounting controls designed to ensure that [the company] makes and keeps fair and accurate books, records, and accounts; and (b) a rigorous anti-corruption compliance code, standards, and procedures designed to detect and deter violations of the FCPA and other applicable anticorruption laws."[15]  The 12 items are:

1. Strong, written corporate policy against violations of the FCPA that is supported by senior management;
2. Development and promulgation of standards and procedures to reduce the prospect of violation of anti-corruption laws[16];
3. Development of internal controls and compliance programs on the basis of risk assessments addressing the company’s individual circumstances;
4. Annual reviews and updates of compliance standards and procedures;
5. Designation of a single senior corporate executive to implement and oversee compliance with anti-corruption laws;
6. Implementation of financial and accounting systems to prevent foreign bribery or concealment of such bribery;
7. Strong mechanisms to ensure communication with and training of all officers, directors, employees, agents and business partners;
8. Clear channels to provide guidance and advice to all personnel, to ensure confidential reporting and to protect those who wish to report violation of anti-corruption laws;
9. Implementation of disciplinary procedures to address violations of anti-corruption laws;
10. Creation of due diligence and compliance requirements pertaining to all agents and business partners;
11. Inclusion of standard provisions in all agreements designed to prevent violation of anti-corruption laws; and
12. Periodic review and testing of compliance codes to improve effectiveness in detecting and preventing violations of anti-corruption laws. 

These requirements reflect prior best practice guidance, including the "Good Practice Guidance on Internal Controls, Ethics, and Compliance" issued by the Organisation for Economic Co-Operation and Development Working Group on Bribery and elaborate on the U.S. Sentencing Guidelines’ Elements of an Effective Compliance Program.[17]

DOJ has also provided additional guidance about the factors that should be considered (at a minimum) as part of a company’s risk assessment under item 3 above.  According to this guidance,[18] a company should consider the corruption risks arising from:

• Its geographical organization (i.e., where its business operations are located);
• Interactions with government officials;
• The industrial sector in which it operates;
• Its involvement in joint ventures;
• The importance of licensing and permits to operations;
• The degree of government oversight and inspection; and
• The volume and importance of goods and personnel clearing through customs and immigration.

Companies also should be aware that DOJ has begun to include a list of "Enhanced Compliance Obligations" that supplement the best practices listed in the Corporate Compliance Reporting provisions.  The Johnson & Johnson DPA appended one such example.[19]  These enhanced obligations overlap with the practices enumerated above and provide the best available model for what DOJ considers to be the essential elements of a robust compliance framework.  The enhanced obligations include:

• Creation of a compliance department that services all business sectors within the company;
• Procedures and standards regulating gifts, hospitality, and travel;
• Developing mechanisms for handling reports and complaints;
• Conducting regular risk assessments and intensive audits concerning possible areas which might result in violation of anti-corruption laws;
• Due diligence in all acquisitions of corporate entities to ensure compliance with anti-corruption laws;
• Due diligence reviews of all third parties;
• Annual training to all pertinent personnel and enhanced FCPA training for internal audit, financial and legal personnel; and
• Annual certification from senior managers confirming that local standard operating procedures reflect anti-corruption policies and procedures. 

The Corporate Compliance Reporting provisions and the Enhanced Compliance Obligations in the 2011 DPAs provide the best available insight into FCPA best practices.  Companies likely to be affected by the FCPA should view these requirements as a template for structuring their compliance programs to minimize the prospects of an FCPA violation.  Furthermore, crafting compliance programs to reflect the practices reflected in these provisions will likely help a company in negotiating terms for a DPA or NPA should a violation occur. 

Conclusion

While DPAs and NPAs remain somewhat controversial in the realm of corporate prosecutions, it is clear that they will remain a crucial tool for federal enforcement agencies for years to come.  While these agreements are viable alternatives to contested trials or pleas, they present separate and unique challenges.  Recent trends suggest that the government will continue to respond to criticism to provide greater uniformity in agreements and better clarity with regard to compliance best practices.  However, it remains unclear what effect this broader use of NPAs and DPAs will have on the operating strategy of the SEC, the Antitrust Division, and other enforcers.  Moreover, as the use of these agreements proliferates, significant problems (and litigation) are likely to arise if the government determines that a company is in breach of its obligations under an agreement.  As DPAs and NPAs remain a fixture in criminal prosecutions and civil enforcement moving forward, companies must ensure that they–and their counsel–have the expertise needed to adjust to the changing landscape.