CCRcorp Sites  

The CCRcorp Network unlocks access to a world of insights, research, guides and information in a range of specialty areas.

Our Sites


A basis for research and practical guidance focusing on federal securities laws, compliance & corporate governance.


An educational service that provides practical guidance on legal issues involving public and private mergers & acquisitions, joint ventures, private equity – and much more.


The “one stop” resource for information about responsible executive compensation practices & disclosure.

Widely recognized as the premier online research platform providing practical guidance on issues involving Section 16 of the Securities Exchange Act of 1934 and all of its related rules.


Keeping you in-the-know on environmental, social and governance developments

There is a fair amount of overlap between ESG and corporate compliance, particularly in relation to governance. To some, that is a blindingly obvious statement, but perhaps less so to those whose backgrounds are more in the E and S side of things. Sure, E & S have their own management certifications such as Title V air emissions permit annual compliance certifications and OSHA logs/incident reports. I’ve even been involved in a couple Department of Justice settlements under EPA where other quarterly and annual reports were required. But this new update from Sidley indicates there may be a new personal risk for CEOs and Chief Compliance Officers.

According to Sidley:

Chief compliance officers (CCOs) whose companies are subject to enforcement actions could face the possibility of individual criminal liability under a new compliance certification requirement that the U.S. Department of Justice (DOJ) imposed as part of a recent Foreign Corrupt Practices Act (FCPA) settlement. CCOs and chief executive officers (CEOs) whose companies are subject to anti-corruption enforcement actions may be required to certify the effectiveness of their companies’ compliance programs, subjecting both officers to individual criminal liability for any misrepresentations made via that certification.

The recent FCPA plea agreement requires the company’s CEO and CCO to certify at the end of a required monitorship that its compliance program is “reasonably designed to detect and prevent” future anti-corruption violations. The agreement indicates that the CEO and CCO could face individual criminal liability under federal statutes that criminalize any false statements by making the certification.

The case referred to in the Sidley update is In the Matter of Tenaris, SA. Tenaris is a global manufacturer of steel pipe and tubing products. The company was accused of paying bribes to a Brazilian government official from 2008 – 2013 and covering them up by creating fake contracts between a Uruguayan company and Panamanian company that were shell corporations owned by Tenaris. Under the settlement, Tenaris paid over $42 million in disgorgement, more than $10 million in interest and a penalty of $25 million. It is also subject to a two-year DOJ monitoring program, which is what ultimately creates the basis of potential criminal liabilities.

What This Means

Compliance and governance under FCPA isn’t anything new, but adding the certification with potential personal criminal liability element is. It isn’t much of a stretch to see how FCPA governance compliance certifications – along with the criminal liability – may soon extend to E & S matters that generally don’t have an adequate level of controls for current issues, let alone those “reasonably designed to detect and prevent” future anti-corruption violations.

Of course, the key is to avoid being in a situation where corruption exists and DOJ initiates enforcement. These kinds of risks may be heightened for companies dealing with critical minerals necessary for new/emerging battery and other alternative energy technologies dealing with critical minerals because many countries of origin for those minerals have long histories of corruption – especially in mining. Some existing minerals due diligence programs/frameworks are narrowly focused on specific issues (such as funding armed groups or use of child labor). They don’t consider matters outside their scope, nor do they involve accounting due diligence.

Even though this compliance certification and related criminal risk appears to apply to failures that occur (or possibly simply discovered) after a monitoring period is over, companies would be wise to take another look at their anti-corruption policies, procedures, practices, internal accounting controls, record keeping and finance reporting processes to ensure there are no gaps now. Changes in business models, structure, personnel, management, geographic locations and even new product development can trigger the need for program updates. New, additional or refresher training for employees may also be valuable to communicate the company’s continued emphasis on business ethics and anti-corruption mandates.

An ounce of prevention is well worth a few pounds of cure, especially if that cure involves criminal liability.

Back to all blogs

The Editor

Lawrence Heim has been practicing in the field of ESG management for almost 40 years. He began his career as a legal assistant in the Environmental Practice of Vinson & Elkins working for a partner who is nationally recognized and an adjunct professor of environmental law at the University of Texas Law School. He moved into technical environmental consulting with ENSR Consulting & Engineering at the height of environmental regulatory development, working across a range of disciplines. He was one… View Profile