Legal scrutiny – whether in the FCPA context or otherwise – is a cloud hanging over a business organization. When that legal scrutiny can result in potential criminal liability, the cloud is black or at the very least gray.For many companies, the gray cloud of FCPA scrutiny simply lasts too long.If you dig into the details of most corporate FCPA enforcement actions you quickly discover that the alleged conduct at issue occurred 5-7 years, 7-10 years, and in some instances, 10-15 years prior to the enforcement action.For instance, in a 2012 enforcement action against pharmaceutical company Biomet the conduct at issue went back to 2000; in a 2012 enforcement action against pharmaceutical company Pfizer the conduct at issue went back to 1997; and in a 2012 enforcement action against trading and investment firm Marubeni the conduct at issue went back to 1995. Likewise, in a 2013 enforcement action against oil and gas company Total, the conduct at issue went back to 1995. So old was the conduct giving rise to the Total enforcement action that the DOJ made the unusual statement in the DPA that “evidentiary challenges” were present for both parties given that “most of the underlying conduct occurred in the 1990s and early 2000s.”Statute of limitations are ordinarily the remedy the law provides for legal gray clouds.In 2013, in Gabelli v. SEC (an SEC enforcement action outside the FCPA context) the Supreme Court stated:“Statute of limitations are intended to ‘promote justice by preventing surprises through the revival of claims that have been allowed to slumber until evidence has been lost, memories have faded, and witnesses have disappeared. They provide ‘security and stability to human affairs. [They] are ‘vital to the welfare of society [and] ‘even wrongdoers are entitled to assume that their sins may be forgotten.’ […] It ‘would be utterly repugnant to the genius of our laws if actions for penalties could ‘be brought at any distance of time.’”The Supreme Court further stated that statute of limitations are even more important in a government enforcement action compared to a case brought by a private plaintiff.“There are good reasons why the fraud discovery rule has not been extended to Government enforcement actions for civil penalties. […] The SEC, for example, is not like an individual victim who relies on apparent injury to learn of a wrong. Rather, a central ‘mission’ of the Commission is to ‘investigate potential violations of the federal securities laws.’ Unlike the private party who has no reason to suspect fraud, the SEC’s very purpose is to root it out, and it has many legal tools at hand to aid in that pursuit. […] Charged with this mission and armed with these weapons, the SEC as enforcer is a far cry from the defrauded victim the discovery rule evolved to protect. In a civil penalty action, the Government is not only a different kind of plaintiff, it seeks a different kind of relief. The discovery rule helps to ensure that the injured receive recompense. But this case involves penalties, which go beyond compensation, and are intended to punish, and label defendants wrongdoers.”Why, despite the importance of statute of limitations to our legal system and Supreme Court recognition that it “would be utterly repugnant to the genius of our laws if actions for penalties could be brought at any distance of time,” do most corporate FCPA enforcement actions concern conduct well beyond the statute of limitations?Simply put, because in corporate FCPA enforcement actions the fundamental black-letter legal principle of statute of limitations seems not to matter. Granted counsel for a company under FCPA scrutiny based on conduct beyond the limitations period can argue about statute of limitation defenses around conference room tables behind closed doors in Washington, D.C. However, like with other FCPA issues, to truly challenge the enforcement agencies first requires that the company be criminally or civilly charged, something few corporate leaders are willing to let happen.In short, cooperation is the name of the game in corporate FCPA inquiries and to raise bona fide legal arguments such as statute of limitations is not cooperating in an investigation. Given the “carrots” and “sticks” relevant to resolving corporate FCPA enforcement actions, one of the first steps a company the subject of FCPA scrutiny often does to demonstrate its cooperation is agree to toll the statute of limitations or waive any statute of limitations defenses.A former DOJ enforcement attorney noted:“As a practical matter, companies, especially publicly held companies […], typically make a strategic decision to fully cooperate with a DOJ investigation. Despite the potential success of a statute of limitations defense, a company will often make the judgment that the negative press of a protracted investigation and the uncertainty of the outcome at trial make cooperation the more prudent business judgment. The company’s hope is that it will be given credit for the cooperation and it will achieve a better outcome than if it went to trial (i.e., avoid charges, a DPA, or a reduced fine).”Given this dynamic, the enforcement agencies face little or no time pressure in bringing corporate FCPA enforcement actions. The end result is that the gray cloud of FCPA scrutiny often hangs over a company far too long. For instance, Pfizer’s FCPA scrutiny began in 2004 but was not resolved until a 2012 enforcement action. Likewise, Total’s FCPA scrutiny began in 2003 but was not resolved until a 2013 enforcement action.Regarding the typical long periods of corporate FCPA scrutiny, an FCPA commentator stated:“[Companies under FCPA scrutiny are] routinely asked to waive the statute of limitations. They could refuse but none do; refusal might trigger an instant enforcement action against the company or its people. So the waiver gives the feds limitless time to investigate, deliberate, or procrastinate. And no one can force the DOJ or SEC to move on, either with an enforcement action or a declination. The result? Companies [under FCPA scrutiny] get stuck in FCPA limbo. […] But the DOJ and SEC should always keep one eye on the calendar. The threat of FCPA enforcement […] casts a long shadow. It darkens the future for management, shareholders, lenders, customers, and suppliers. Exactly the problem the statute of limitations was supposed to fix.”Another FCPA commentator stated:“The Justice Department and the SEC attorneys have a duty to manage caseloads and move cases responsibly. I called it “cut and run.” Either the government has the evidence or it does not – and they now fairly early on what direction a case is heading.”All of the above comments are of course spot-on.Yet when black letter legal principles matter little, the end result is that the gray cloud of FCPA scrutiny simply lasts too long and the DOJ and SEC are part of the problem.