The SEC recently appointed James Doty to be the new chairman of the Public Company Accounting Oversight Board. (See here).
Before FCPA reform was the thing to talk about, Doty was talking about FCPA reform.
Doty's recent appointment caused me to re-read his 2007 article (here) "Toward a Reg. FCPA: A Modest Proposal for Change in Administering the Foreign Corrupt Practices Act."
Most troubling, Doty writes, are: (i) trends in the imposition of civil liability on a parent issuer for acts of a subsidiary's employee or agent in the absence of active complicity of the parent, and in some cases where the actions of employees and agents contravene established, company wide policies; (ii) prosecution on aggressive legal theories extending beyond traditional bribery (which underscore the need for prospective regulatory clarification of permitted activities), and (iii) the expansive criminalization of vicarious liability under a vague statute, in some cases where there is not certainty that a bribe has been offered or paid by the corporation."
The issue as Doty saw it, "is whether our law enforcement agencies should be left to devise their own, case-by-case interpretation of the FCPA, without the rigor of greater regulatory clarity and the benefits of more consistent administrative interpretation."
How did we get this point even in 2007?
Doty notes that the "current state of affairs reflects the confluence of a number of enforcement developments. Among other things: (i) the SEC is increasingly pursuing substantive bribery charges against the corporate parent, in addition to focusing, as usual, on enforcement of the books and records and internal controls provisions of the FCPA; (ii) non-litigated settlement orders are aggressively expanding the range of conduct subject to the statute; (iii) DPAs, which have been used in this context only since 2004, have become virtually commonplace; (iv) linkage of FCPA charges to other Exchange Act charges is becoming more aggressive."
Doty states as follows. "Aggressive enforcement, based on an expansive interpretation of a vague statute, a little-used DOJ opinion process, and the temptation perhaps to assume that more draconian criminal enforcement is better, have all led to a lack of predictability in law enforcement and, in the author's view, some incorrect application of the standards. [...] Consistency and predictability are not matters of grace granted to corporate citizens at the government's pleasure; the government owes consistency and predictability to public corporations that are attempting to accomplish complex tasks in difficult foreign venues, and to management and directors who want to know the 'how-to-do-it' of compliance in these circumstances." (emphasis in original).
Stating that "vagueness and ambiguity are the DNA of the FCPA," Doty "does not advocate repeal or weakened enforcement of the FCPA," but states that "support for the policies of the FCPA does not require turning a deaf ear to warnings about the increased costs associated with current enforcement practices under the statute."
Absent reform, Doty writes, "there is a policy vacuum in which law is developed on an ad hoc basis by Assistant U.S. Attorneys and by the Staff of the SEC and DOJ as they respond to the exigencies of particular factual situations."
Doty's 2007 reform proposal?
So-called Regulation FCPA - a permissive filing regime whereby, in pertinent part, an issuer "would benefit from a regulatory presumption of compliance" and thus "protect itself, its senior management and its board of directors from vicarious, general corporate liability" in the FCPA context.
As Doty writes, "for a company to avail itself of the benefits of Reg. FCPA, it would be required to establish an FCPA Compliance Program designed to prevent and detect, insofar as practicable, any violations. The company would also be required to certify that it has, to the best knowledge and belief of its certifying officers, reasonably discharged the duties and obligations under the program, and that the company is not aware of continuing, unremedied violations."
Doty states, that "as with any regulatory safe harbor, the claimant would have the burden of demonstrating compliance with the conditions" and that "upon satisfying these conditions, the company would be presumed not to have violated the statute" a presumption that "could be rebutted by a preponderance of the evidence."
Doty's proposal of course, would not completely solve the FCPA enforcement problems he identifies. For starters, so-called Reg. FCPA would only apply to issuers. Yet Doty's proposal does bear many similarities to a so-called "adequate procedures defense" embodied in the U.K. Bribery Act and an FCPA reform proposal currently under consideration here in the U.S.
Although Doty's new PCAOB job functions are not FCPA specific, when a high-ranking SEC official was previously critical of key aspects of FCPA enforcement, and when those criticisms remain even more valid today, well, I think we should all take notice.