Don’t let enforcement myths drive compliance decisions

by Hui CHEN

It is no secret that I have always been critical of the enforcement-driven and FCPA-obsessed approach to compliance, especially when it is fueled by those who sell fear. I had hoped that the FCPA pause would provide a much-needed opportunity for our community to focus on integrity over fear, ethics over compliance, and holistic perspective over single-statute myopia. Old habits, however, die hard.

So, here’s the thing. If you are ready to move on to integrity-driven ethical leadership, I invite you to go directly to our thought-provoking conversation with General (ret.) Tom Kolditz, Ph.D.: you will get battle-tested insights on trust and leadership in times of crisis. If, however, you still want to linger on a discussion about DOJ priorities, our community’s reaction to DOJ statements and memos, and tips for navigating hyperbole in the risk landscape, keep reading.

Okay, back to the DOJ. It has been disappointing—and concerning—to see some in our professional continue to spin every message from DOJ into another FCPA scarecrow.

When the Executive Order pausing FCPA enforcement was issued, it was: “But it’s still on the books! There is still the SEC! There is still a statute of limitation! There are still other jurisdictions who might get ya!”

Zach Coseglia and I debunked these in our podcast on the FCPA pause.

Now, with the latest memo on “Guidelines for Investigations and Enforcement of the Foreign Corrupt Practices Act”, some are proclaiming “FCPA is back!”

No, FCPA enforcement is NOT back: not in the way that fear mongers say it is.

The current administration has been remarkably consistent in its messaging about the FCPA. From the Attorney General’s Day One memos, to the White House’s Executive Order, to the Head of Criminal Division’s speeches and the memos and policies they reference, they all sound at least three consistent themes:

• Past FCPA enforcement regimes (e.g. those focused on corporate enforcement) have been harmful to U.S. businesses and therefore U.S. interests;

• The administration has other—much higher—enforcement priorities, such as cartels, transnational criminal organizations, terrorism, immigration, etc. FCPA enforcement—if and when it occurs—will serve to support these other cases; and

• FCPA enforcement may also occur to protect specific American business and economic interests.

These messages have another commonality: compliance programs are barely—if at all—mentioned.

There are also no articulated expectations that companies conduct exhaustive—or even robust—internal investigations as a remediation factor or pre-condition to self-disclosure. To the contrary, the Head of the Criminal Division has repeatedly emphasized “efficiency” and severely criticized lengthy investigations.

The latest memo, and its accompanying speech, also emphasized prosecution focus on individuals over corporations.

Let’s be honest, the risk of enforcement has always been exaggerated to create fear in order to sell FCPA compliance and its associated products and services. What is disappointing and concerning is that some in the compliance community continue to give-in to the hype in the face of clear and convincing evidence to the contrary.

To be clear, I strongly and unequivocally believe white-collar crimes that facilitate fraud, waste, and corruption harm employees, investors, communities, and reputations—and are detrimental to any organization’s long-term interest. They go against any legitimate organization’s articulated values and should not be tolerated.  I also believe companies need robust and efficient controls to ensure the integrity of their processes and soundness of their decisions. When a suspicion of misconduct arises, it is entirely in a company’s interest to conduct an appropriately scoped investigation to understand the breadth and depth of the misconduct, assess the root cause, and implement responsive remediation measures.

What raises concerns for me is that legal, compliance, and business leaders may be influenced in their risk assessment and mitigation decisions by hyperbolic portrayal of the risk landscape.  In order to inform your risk decisions with objective, holistic, and critical analysis of facts and evidence, I recommend that you do the following:

Read the original source. Instead of relying on the summaries prepared by those who may want to sway your opinion, read the original speech, memos, and policies yourself. None of them are that long, and they will give you a much more holistic understanding of the core messages.

Context matters. Resist the temptation to pick one or two sentences out of a whole speech or memo that is closer to what you want to hear or is more aligned with your preexisting assumptions about the state of things. The context in which speeches are given and memos are written matters: very much. For example, it is fully expected that a DOJ official would come to a white-collar crime conference to articulate DOJ’s commitment to white-collar prosecution. This makes it that much more interesting when a DOJ official comes to a white-collar crime conference to reaffirm priorities in non-white-collar prosecutions. The context gives additional nuance that really underscores where the priorities are.

There is also the greater context of the messages and actions of the entire administration. What do the actions of this administration tell you about its commitment to anti-bribery and corruption?

Ask questions and demand evidence. When someone tells you: “DOJ expects” something, ask them when, where, and how this alleged expectation was articulated. Administration priorities have changed dramatically: even if an expectation was really articulated in 2024, such expectation may be nonexistent in 2025. Ask them to point to specific documents that support their claims. Examine the context in which the alleged expectation was set.

Ask why the so-called DOJ “expectation” would matter to you if you have no pending matter before the DOJ. Before committing to expensive and exhaustive investigations, ask critical questions about the proposed scope of these investigations: what is the rationale for the proposed scope? What do you hope to get out of it? If someone tells you the purpose is to satisfy DOJ, ask them what makes them think DOJ would expect something that has been so strongly and consistently criticized by the Head of the Criminal Division?

When someone tells you to run to DOJ for self-disclosure, ask them to cite you the cases where DOJ successfully investigated and prosecuted a case without company self-disclosure and cooperation. When someone analyzes the benefits of trial vs. plea, ask them to include in their analysis the prosecution team’s trial experience and records.

Discern hyperbole. I have seen claims that DOJ’s current emphasis on cartels translates into companies’ need for more vigilant third-party risk management programs. Ask yourself the realistic question of just how many drug cartels and organized crime families do you think you have in your third-party population?

Ultimately, this is about our ability to think critically and independently. Instead of buying into fear-driven hypes, let’s focus on value-inspired actions. Let us focus on preventing, detecting, and remediating all misconduct (not just foreign corruption) because that is who we are, not just because someone might catch us.