Conducting Corporate Investigations for FCPA Compliance

Conducting Corporate Investigations for FCPA Compliance

Your internal audit team just flagged consulting fees paid to third-party agents in Qatar – $1.2 million over eighteen months to entities whose services aren’t clearly documented, and due diligence records show one of the agents is related to a government official who awarded your company a defense contract. Or maybe compliance identified suspicious expense reports from your sales team in Southeast Asia – meals and gifts for “government relations” that might be disguised bribes to foreign officials. You’re the General Counsel or Chief Compliance Officer, and you’re facing a decision that determines whether your company faces prosecution or receives guaranteed declination: do these red flags require full FCPA investigation, and if investigation uncovers violations, does the June 9, 2025 DOJ FCPA Guidelines shift mean you’re still obligated to self-disclose? Here’s what matters: DOJ’s June 2025 FCPA Guidelines prioritize enforcement of misconduct that harms U.S. economic and national security interests, including bribery involving defense services, intelligence operations, and critical infrastructure. If your red flags involve those sectors, the 180-day enforcement pause that began February 2025 doesn’t protect you – and failure to investigate creates willful blindness liability under the new enforcement framework.

Thanks for visiting Spodek Law Group – a second generation law firm managed by Todd Spodek, with over 40 years of combined experience defending corporations in FCPA investigations. When Todd Spodek represented Anna Delvey, federal prosecutors had already decided she was guilty before trial began. That’s the same presumption companies face when DOJ discovers FCPA violations through whistleblowers or foreign enforcement agencies – by the time prosecutors contact you, they’ve concluded you’re culpable and investigation is adversarial. We’ve represented companies that conducted proactive FCPA investigations, self-disclosed under DOJ’s Corporate Enforcement Policy, and received declinations. We’ve also defended companies that ignored red flags, didn’t investigate, and faced indictment when DOJ discovered the same violations years later. This article explains how the August 2025 Liberty Mutual declination demonstrates DOJ’s continued commitment to rewarding self-disclosure despite the FCPA pause, what conducting an FCPA investigation actually requires, and why red flags you see today become evidence of willful blindness tomorrow if you don’t investigate.

June 2025 FCPA Guidelines: What Changed and What Didn’t

President Trump’s February 10, 2025 executive order directed DOJ to pause FCPA enforcement for 180 days while developing new guidelines focused on American interests and economic competitiveness. June 9, 2025: DOJ released promised FCPA Guidelines, ending the pause and establishing enforcement priorities.

What changed: DOJ will prioritize cases involving U.S. national security interests – bribery facilitating cartel operations, corruption in defense and intelligence sectors, misconduct affecting critical infrastructure. Enforcement will focus on individual accountability rather than corporate resolutions, and investigations will be conducted more quickly rather than dragging on for years. Cases involving routine commercial bribery unconnected to U.S. strategic interests receive lower enforcement priority.

What didn’t change: FCPA remains enforceable law with five-year statute of limitations. Companies with operations in high-risk countries still face liability for payments to foreign officials. Internal controls and books-and-records requirements under FCPA accounting provisions remain unchanged. And most critically for companies conducting internal investigations: DOJ’s Corporate Enforcement Policy guaranteeing declination for voluntary self-disclosure, full cooperation, and remediation wasn’t modified by the FCPA Guidelines.

Constitutional principle at stake: selective enforcement. When prosecutors decide which violations to pursue based on policy priorities rather than applying law uniformly, defendants argue equal protection violations and prosecutorial discretion abuse. DOJ’s response: enforcement priorities are legitimate exercise of prosecutorial discretion given limited resources. Companies can’t rely on enforcement pause or deprioritization – any FCPA violation can still be prosecuted, especially if it later connects to national security interests prosecutors didn’t initially recognize.

Red Flags That Require Investigation Under New Framework

Three categories of red flags commonly cited in FCPA enforcement actions: failure to adequately address internal audit findings identifying bribery risks or internal controls deficiencies, failure to adequately investigate internal or external allegations of bribery, and failure to conduct adequate due diligence on third-party agents or joint venture partners.

What makes a red flag require investigation? Pattern matters more than single incident. One unexplained payment to consultant in high-risk country might warrant inquiry but not full investigation. Repeated payments over years, combined with inadequate documentation, consultant’s relationship to government official, and company receiving government contracts – that pattern requires formal investigation because prosecutors will later argue management should have known payments were bribes.

Real example from DOJ enforcement resolution: Raytheon’s due diligence identified military official as shareholder of supplier company but “no action was taken to resolve the issue.” Employees used personal computers and off-channel communications to communicate with foreign officials. When DOJ investigated, these red flags became evidence that management had actual knowledge or deliberately avoided learning about violations. The investigation Raytheon should have conducted when red flags surfaced would have detected violations before they escalated into nine-figure settlement.

How to Conduct FCPA Investigation That DOJ Will Credit

FCPA investigations differ from general corporate investigations in four ways. First, they almost always involve foreign jurisdictions, requiring coordination with foreign counsel to collect evidence located abroad while complying with local data privacy and blocking statutes. Second, they require expertise in FCPA’s statutory elements – what constitutes “foreign official,” whether payment qualifies as “anything of value,” whether there was corrupt intent. Third, they often involve forensic accounting to trace payments through intermediaries and shell companies designed to conceal bribery. Fourth, findings create mandatory disclosure obligations faster than other violations because FCPA violations are criminal offenses and continued payments constitute ongoing crimes.

Investigation structure: outside counsel directs investigation to maximize privilege protection and demonstrate independence to DOJ. Forensic accountants trace payments from company accounts through intermediaries to ultimate recipients. Local counsel in foreign jurisdictions interviews third-party agents and collects documentation of services purportedly provided. Compliance personnel review due diligence records and approval chains to determine what company knew when payments were approved.

Scope definition matters. Narrow scope limited to specific payments already flagged might miss broader bribery scheme. Broader scope reviewing all third-party payments in high-risk countries over five-year period (matching statute of limitations) might uncover violations company would prefer not to discover. Under DOJ’s evaluation of compliance programs, investigations that are obviously scoped too narrowly to avoid finding violations demonstrate ineffective compliance rather than good faith.

May 2025 CEP Changes: “Will” Receive Declination, Not “Presumption”

May 2025: DOJ revised its Corporate Enforcement and Voluntary Self-Disclosure Policy, strengthening the declination guarantee. Previous policy: companies meeting criteria receive “presumption” of declination. New policy: companies meeting criteria “will” receive declination. That shift from presumption to certainty matters – it’s no longer prosecutorial discretion whether to decline, it’s mandatory declination if requirements are satisfied.

Four requirements unchanged: voluntary self-disclosure before DOJ contacts company, full cooperation including identification of culpable individuals, timely and appropriate remediation, and absence of aggravating circumstances or recent criminal resolutions. Meet all four: guaranteed declination. Fail self-disclosure requirement but meet the others: Non-Prosecution Agreement with 75% penalty reduction and no compliance monitor.

This creates strategic clarity for FCPA investigations. If investigation uncovers violations and company self-discloses within 120 days (for whistleblower-triggered investigations) or before DOJ independently discovers misconduct, declination is guaranteed assuming cooperation and remediation. Without self-disclosure: best case is NPA with reduced penalties, worst case is indictment and full Sentencing Guidelines exposure.

Liberty Mutual August 2025 Declination: Blueprint for FCPA Investigations

August 7, 2025: DOJ’s Fraud Section issued declination to Liberty Mutual for FCPA violations – the first FCPA resolution after the 180-day pause ended and the first under Trump’s second administration. DOJ highlighted seven factors: voluntary self-disclosure in March 2024, full and proactive cooperation including production of investigation findings, identification of responsible individuals, prompt remediation including termination of employees involved, enhanced compliance program implementation, disgorgement of profits from tainted contracts, and robust compliance program demonstrating effective controls.

What Liberty Mutual did right: detected potential violations through internal controls, immediately launched investigation directed by outside counsel, completed investigation within six months, self-disclosed to DOJ before government independently discovered violations, terminated employees responsible, enhanced third-party due diligence procedures, and disgorged $800,000 in profits. Result: zero criminal penalties, no compliance monitor, validation of compliance program effectiveness.

What would have happened without investigation and self-disclosure: DOJ or foreign enforcement authority discovers violations through whistleblower complaint or joint investigation with foreign regulators. By the time prosecutors contact company, they’ve developed substantial evidence through subpoenas and cooperating witnesses. Company loses declination option, faces full Sentencing Guidelines penalties potentially exceeding $50 million, and gets mandatory three-year monitorship costing millions annually.

Investigation Decision Tree: When Red Flags Require Action

You identified potential FCPA red flags. Decision one: is preliminary inquiry warranted? If yes, compliance conducts limited review of immediately available documents and interviews of directly involved employees to assess credibility. Decision two: did preliminary inquiry confirm violations occurred or reveal patterns requiring deeper investigation? If yes, formal investigation gets launched under privilege with outside counsel.

Decision three: investigation complete, findings documented. Did violations occur? If no: remediate any compliance deficiencies identified, enhance controls, close investigation. If yes: does May 2025 CEP apply (violations detected through internal controls, not government inquiry)? If yes: self-disclose within 120-day window for guaranteed declination. If already contacted by DOJ: cooperation and remediation can still secure NPA with penalty reduction.

The investigation you conduct today determines whether prosecutors will credit your compliance program or characterize it as willful blindness tomorrow. At Spodek Law Group, we’ve guided companies through FCPA investigations from initial red flag assessment through final disclosure negotiations with DOJ. The June 2025 FCPA Guidelines didn’t eliminate enforcement risk – they focused it on national security priorities. And the May 2025 CEP changes strengthened the declination guarantee for companies that investigate proactively and self-disclose. Constitutional principles require that enforcement be fair and predictable. Current DOJ policy provides that predictability: investigate, self-disclose, cooperate, remediate – guaranteed declination. Ignore red flags and wait for prosecutors to investigate – guaranteed prosecution. Contact us at 212-300-5196.