6 Steps for Complying with the DOJ’s FCPA Pilot Program

On May 19, we outlined the contours of the new pilot program for the voluntary disclosure of Foreign Corrupt Practice Act (FCPA) violations, which is part of the newly released FCPA Enforcement Plan and Guidance from the Fraud Section of the U.S. Department of Justice (DOJ).

Companies concerned about the potential for FCPA exposure are partnering with experienced counsel and Big Data, data science and eDiscovery experts to create an effective compliance and ethics program. While there are various areas to address, including financial and operational controls, key components often include the following:

1. Conduct a baseline risk assessment. Savvy counsel speak with employees and collect documents to assess potential vulnerabilities, including all aspects of cross-border business dealings, relationships, and transactions. They closely examine their relationships with third parties, including agents, sales representatives, joint venture partners, distributors, resellers, consultants, and others who have contact with foreign officials.
2. Create a data map. Knowing where documents are stored throughout the company—including on servers, mobile devices, and in the cloud—will prove invaluable in the event of an investigation, when they are racing against the clock to collect, review, and produce responsive documents. They also seek to understand what languages are included in their documents so they can amass the proper search and discovery tools and personnel capable of parsing documents that contain multiple languages.
3. Mine data for red flags. Work with subject matter experts and discovery specialists to create keyword searches, drawing on the expertise of linguists who can craft searches to identify coded language that employees may use to mask their “bad” behavior.
4. Use Big Data analytics to unearth hidden trends and patterns in your data that may indicate “risk”.
   While traditional eDiscovery analytics can help you assess data on a case-by-case basis—such as technology-assisted review (TAR), e-mail threading, relationship analysis, concept analyzes, near-dupe detection and more—these analytics don’t look at and assess data across all of your prior and current cases. That means you have to begin the eDiscovery process each time a new case commences, rather than repurposing the extensive work you’re already performed in previous cases. By employing Big Data analytics as a service, you can consolidate data across legal and compliance matters, assess millions (or even billions!) of prior document classifications to identify which documents are relevant to FCPA matters, eliminate repeat reviews, automate document classifications and identify data that could pose a future legal liability.
5. Develop a comprehensive data gathering strategy. FCPA investigations involve aggressive timelines that will require outside assistance in creating a collection plan that leaves no stone unturned. Leading counsel partner with dedicated project managers with experience in cross-border discovery, who can create a realistic rolling schedule for production that will meet the government’s deadlines.
6. …And address how to collect documents overseas. The Guidance acknowledges that disclosure may be “impossible due to… foreign data privacy laws” but requires organizations to consider all possible ways of obtaining information. Wise counsel work with discovery partners experienced in disclosure strategies that comply with foreign data protection laws and blocking statutes. They also ensure their partners have translators and document reviewers capable of managing foreign language documents.

By following these six steps, leading organizations are better meeting the compliance requirements of the pilot program, potentially saving them millions of dollars and avoiding criminal prosecution.