Famed financier Warren Buffet once advised, “Never ask a barber if you need a haircut.”  Obviously, self-interest could lead the barber to recommend at least a trim — even if the potential client is, like myself, completely bald.

Now consider the question, “Should my company self-report to the government a possible violation of the Cayman Islands 2008 Anti-Corruption Law, the U.K. 2010 Bribery Act, or the U.S. Foreign Corrupt Practices Act (FCPA)?”  If a company officer posed this question to a government agency enforcing those laws, or to a law firm specializing in anti-corruption matters, the response would likely be one that advocates self-reporting, for reasons similar to those motivating the barber:  self-interest and institutional self-preservation. After all, enforcement officials working on corruption cases advance their careers (and help fill government coffers) by locating possible law breakers and bringing their cases to resolution, oftentimes winning substantial fines from defendant parties. And professionals working in law firms, accounting firms, and consulting firms stand at the ready, eagerly awaiting the opportunity to bill hundreds (or thousands) of hours, at premium rates, in providing counsel and advice throughout the investigation and resolution phases of each case. Indeed, the U.S. press has coined a term for the army of private law and consulting firms working to guide clients through this highly specialized area of practice: FCPA, Inc.

The director of the enforcement division within the U.S. Securities and Exchange Commission  recently stated that “any company that does the calculus will realize that self-reporting [FCPA misconduct] is always in the company’s best interest.”1 I would suggest, however, that the “calculus” surrounding self-reporting in these kinds of matters, which involves both legal and business elements, is a complicated one, and the final decision is rarely crystal clear.

The company must ask, “What are the costs and benefits of self-reporting?” I conclude in a forthcoming law review article2 that despite exhortations from private law firms and government enforcement agencies for companies to self-report potential anti-corruption law violations, there are times when it might not be a good idea to do so. That’s right: It turns out that a barber’s recommended course of action might not always be in the potential client’s strategic best interest.


Do you really need to be concerned about these laws?

Yes, you do. You and your company could potentially be impacted by one or more of these laws (the Cayman Islands 2008 Anti-Corruption Law, the U.K. 2010 Bribery Act, and the U.S. Foreign Corrupt Practices Act), all of which were passed with the intent of giving effect to the United Nations Convention Against Corruption, as well as the OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions.


Cayman Islands 2008 Anti-Corruption Law

corruptionWhile the impact of this law has heretofore been most visible with respect to reports of transgressions by public officials and employees (such as public office misconduct and breach of trust charges against former Premier William McKeeva Bush, or bribery solicitation and breach of trust convictions against a former Police Constable), abuses of elected or public office is only one of four separate categories of corruption offenses addressed by the law.

The other three categories include foreign and domestic bribery, secret commissions, and fraud on the government. Thus, there is clearly the potential for many kinds of matters to be pursued through this law, particularly in the realm of financial and business transactions.


U.K. 2010 Bribery Act

Certain provisions of this law (such as those addressing bribery) are applicable to the Cayman Islands and various other British Overseas Territories. Thus, if a person or entity engages in certain behaviors that would be considered an offense within the U.K., and, furthermore, if that person or entity has a close connection to the U.K. (such as being a British citizen, a British Overseas Territories citizen, or an entity incorporated in the U.K.), then that person or entity could be subject to the law and to any fines or penalties resulting from its enforcement.


U.S. Foreign Corrupt Practices Act

It was recently announced that the U.S. Department of Justice (“DOJ”) will be collaborating with the U.S. Federal Bureau of Investigations (“FBI”) to form three international anti-corruption units in Washington, D.C., Los Angeles, and New York City. According to the FBI, the new squads will target both domestic and foreign organizations, and transgressors will be brought to justice within the United States, as was done in the recent Alstom case — a $772 million FCPA matter involving a French company spearheading an international bribery scheme in countries around the world, including Saudi Arabia, Egypt, Indonesia and the Bahamas.

Over the years, there have been critics of expansive FCPA enforcement theories used to justify U.S. targeting of foreign actors. Indeed, during a 2010 Senate hearing addressing the FCPA, Senator Chris Coons of Delaware stated, “Today we are the only nation that is extending extraterritorial reach and going after the citizens of other countries; we may someday find ourselves on the receiving end of such transnational actions.”3

One must look only to the recent FCPA enforcement action against Total S.A., a French oil and gas company, to see how lean the jurisdictional allegations can sometimes be, even in a case yielding one of the largest settlement amounts ($398 million) in FCPA history:  In brief, the French company was alleged to have made illegal payments to an Iranian official by way of a British Virgin Islands company and a Swiss bank employee. The only alleged jurisdictional connection to the United States (a necessary element of the crime) was a wire transfer from an account based in New York City; the amount wired ($500,000) was less than one percent of the total bribe payments made in the case.

Yet there are literally billions of reasons for the United States to continue ramping up international FCPA enforcement: Since 2010, the DOJ and SEC have together collected over $3 billion in FCPA fines. And it’s not only giant international companies like Avon or Walmart that are in the enforcement crosshairs of the U.S. Government. Consider, for example, the recent $2 million FCPA settlement reached by the SEC with Smith & Wesson; this case makes it clear that even small and medium-sized companies that are attempting to expand international sales — sometimes in high-risk markets — can quickly find themselves under investigation and in violation of the statute.


Advantages of self-reporting

There a clearly some advantages to self-reporting possible violations. First, doing so can allow a company to set a tone of positive interaction with the government, including emphasizing the effectiveness of the company’s compliance programs, as well as its willingness to cooperate.  Stephen L. Cohen, associate director of the SEC’s enforcement division, says that “Nothing sets the tone differently than self-reporting versus a phone call from us.”4

Second, companies might decide it is best to self-report a violation before it comes to light by another means, such as through whistleblower provisions enacted as part of Dodd-Frank Wall Street reforms. Monetary incentives to blow the whistle are looking sweeter and sweeter: The SEC recently authorized a $30 million award to an unidentified whistleblower of an ongoing fraud matter.

Finally, potential FCPA violations discovered during increasingly aggressive mergers and acquisitions due diligence can spur companies to self-report violations so they can be fully addressed before becoming possible stumbling blocks to a given deal’s completion.


Disadvantages of self-reporting

The list of possible negative consequences of self-reporting is long, including reputational damage; additional enforcement measures/penalties/fines by foreign governments (resulting from various multi-jurisdictional treaties and cooperation agreements); decreasing stock prices; shareholder litigation against the company; and, for government contractors, suspension and debarment.

In addition, after a corporate entity decides to self-report a violation, the enforcement agency involved in the matter usually begins its own, independent investigation. This is nearly always conducted at the expense of the self-reporting company, leading to tens of thousands (or millions) of dollars in expense and months (or years) of a company’s time and attention. Moreover, these independent investigations can sometimes lead to findings of corruption above and beyond the initial inquiry (think tax violations, government contracting violations, export control violations, etc.).

Finally, it’s possible for one enforcement agency to expand its investigation to include other enforcement agencies, either domestically (like when the SEC works together with the DOJ) or internationally (like when the DOJ works together with its counterparts in other countries).


So should you self-report or not?

This is a complicated decision requiring careful analysis of the facts and circumstances surrounding each particular case. I hope this brief article begins to underscore that there could be instances when a corporate entity might reasonably decide not to self-report a possible violation, but instead choose to keep quiet and then, should the matter come to light at a future time, to cooperate fully and completely with the enforcement agency involved. (In the meantime, the company should, of course, take remedial actions such as terminating culpable employees, as well as enhancing internal controls and compliance measures).

Let me emphasize that I am neither advocating for nor condoning a corporate entity’s choice to not self-report a potential violation to the appropriate enforcement authorities. Rather, I am simply pointing out that, after conducting a comprehensive cost/benefit analysis, there will likely be instances when choosing not to self-report could be a reasonable decision from a financial, strategic, and business-oriented perspective.



  1. Andrew Ceresney, Director, SEC Division of Enforcement, Remarks at 31st International Conference on the Foreign Corrupt Practices Act, National Harbor, MD, United States, Nov. 19, 2014 (emphasis added).
  2. Peter Reilly, Incentivizing Corporate America to Eradicate Transnational Bribery Worldwide: Federal Transparency and Voluntary Disclosure under the Foreign Corrupt Practices Act, FLORIDA LAW REVIEW (forthcoming), available at http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2585789
  3. U.S. Senate Committee on the Judiciary, Subcommittee on Crime and Drugs, Nov. 30, 2010, Washington, D.C.
  4. Emmanuel Olaoye, Companies will be treated favorably if they report violations first, SEC enforcer tells lawyers, THOMSON REUTERS BLOG, Oct. 24, 2012.