The rapidly changing economic landscape presents countless challenges to global organizations, not the least of which is compliance with the Foreign Corrupt Practices Act (FCPA). U.S. companies with foreign operations face new risks that can muddy the FCPA compliance waters. For instance, increasing M&A activity may mean acquiring the liability for someone else's FCPA violation, while reducing headcount may make it more difficult to monitor internal controls.
The FCPA prohibits bribery of foreign officials for purposes of obtaining or retaining business by anyone subject to U.S. jurisdiction. For those who have securities registered in the United States, or are required to file periodic reports with the U.S. Securities and Exchange Commission (SEC), they also must comply with the "books and records" requirements of the FCPA. Fortunately, anti-corruption has become a major global initiative. The other 29 member countries of the Organization for Economic Cooperation and Development (OECD), along with five other countries, have adopted similar conventions for combating bribery of foreign public officials in international business transactions.
What Is At Stake?
When corruption is prevalent, quality, timeliness, competitive pricing and certainly fair play all take a back seat to the expectation of illicit payments. Corruption clearly can cost companies and their shareholders a great deal of money. For example, under the FCPA anti-bribery provisions, corporations and other business entities are subject to fines of up to $2 million. Officers, directors, shareholders, employees and agents are subject to fines of up to $100,000 and imprisonment for up to five years. Under the Alternative Fines Act, the actual fines may be as high as twice the benefit that the defendant sought by making the corrupt payment.
The disgorgement of profits from the illegally obtained business and suspension of a firm's right to do business with the U.S. government are other potential penalties. Furthermore, perpetrating employees must personally face the consequences of their actions - including potential jail time - since their employer cannot pay fines imposed on individuals.
U.S. Department of Justice (DOJ) enforcement of the FCPA is at an all-time high. Penalties and disgorgements associated with FCPA violations also have escalated dramatically. Given that FCPA violations tend to increase during difficult economic times, companies should identify potential issues and take a fresh look at this law and their FCPA compliance programs.
The FCPA has two sets of key provisions. First, "books and records" provisions, set forth at 15 U.S.C. § 78m, require covered entities to "make and keep books, records and accounts, which, in reasonable detail, accurately and fairly represent the transactions and dispositions of the issuer." Second, "anti-bribery" provisions, set forth at 15 U.S.C. § 78dd-1 et seq., make it unlawful to bribe foreign officials to obtain or retain business.
The DOJ's Lay-Person's Guide to the FCPA Statute , available at www.usdoj. gov/criminal/fraud/fcpa/, can serve as an excellent refresher course. It provides a general explanation of the anti-bribery provisions and sets out five key elements that must exist to constitute a violation of the FCPA.
Corruption risk exists amid even the most routine foreign business activities. Below are seven broad categories of illustrative questions companies should ask about their international business activities. While the questions refer to the FCPA, any country's equivalent anti-corruption legislation and regulations can be substituted to provide a country-specific context.
Country risk profile
• What is the cultural, political and regulatory environment of the countries in which you conduct business? Do any have a history of corruption?
• How much control do you have over your foreign operations?
Due diligence performed on potential foreign business partners, acquisition targets and representatives
• Does your foreign joint venture partner or representative refuse to covenant that it will not take any action in furtherance of an unlawful offer, promise or payment to a foreign public official, and not commit any act that would cause the U.S. firm to violate the FCPA?
• Is there an apparent lack of qualifications or resources on the part of your joint venture partner or representative to perform the services offered?
• Is your joint venture partner or representative related to, or recommended by, an official of the potential governmental customer?
• Do you provide awareness training for foreign partners, agents and other representatives?
• Have you fully vetted any foreign acquisition targets, and are they willing to provide a written representation that they have not committed any act that is in violation of the FCPA (or would cause the U.S. firm to be in violation)? Note that in the M&A context, FCPA violations and liability for improper acts are inherited by the acquiring company.
Nature of payments and expenditures in foreign countries
• What gifts, meals and entertainment are provided to those with whom you do business in overseas markets?
• What charitable donations or political contributions are made "in-country" by your organization and its representatives?
• What leasing arrangements does your organization have in foreign countries?
• Are there unusual payment patterns, unusually high commission structures or special financial arrangements involving your organization or its foreign subsidiaries and related third parties?
Business model and relationships
• On what level does your company transact business in foreign countries?
• What is the nature of your business relationships with public international organizations, state-owned business enterprises, foreign governments, municipalities, legislative bodies, political parties and/or royal families?
• Do you hire foreign officials and/or members of their families as employees or contractors?
Control over cash accounts and books and records
• How are your organization's bank accounts, petty cash funds and inventory monitored in non-U.S. locations? What controls are in place with respect to these assets?
• Is there a lack of transparency in expenses or accounting records within your organization and its third-party intermediaries?
Legal, regulatory and contractual matters
• What business licenses, permits, certifications and inspections are required of your organization to conduct business in overseas locations?
• Who has been granted power of attorney for your organization in non-U.S. jurisdictions?
• What terms and conditions are included in written contracts with related third parties, and how is contract compliance monitored?
Policy and procedural matters
• What policies and programs are in place to support compliance with the FCPA?
• What training initiatives are in place to create and sustain awareness of everyone's responsibility for FCPA compliance?
• Has any downsizing activity reduced the size of your compliance team or weakened attention to internal controls? Are employees abnormally concerned with job security, possibly leading them to take risks they would not normally even consider in an effort to meet job objectives?
While the above questions are not intended to provide a complete diagnostic, answers to them may raise red flags requiring the immediate attention of executive management and the board.
Managing FCPA Compliance
The implementation of compliance programs intended to prevent, deter and detect improper payments by employees and agents is imperative. A robust compliance program and anti-corruption controls typically include:
Executive management and board oversight
• Boards and executives should have a proactive understanding of potential corruption risks and oversight of anti-corruption controls or the FCPA compliance program.
• Adesignated senior executive should coordinate and manage the FCPA compliance program.
Policies, standards, procedures and reporting mechanisms
• Company should document their anti-bribery, anti-corruption or FCPA policy and standards and communicate them to employees. Critical employees, vendors, agents and contractors should be required to provide written statements that they are in compliance with FCPA requirements.
• Boards and executives should provide effective mechanisms for individuals to report criminal conduct, concerns and other complaints involving potential FCPA violations, including the use of anonymous tip lines.
Risk assessment and due diligence activities
• Companies should implement risk identification processes, including explicit consideration of the risk of corruption involving foreign officials and employees or agents who operate out of the home country, especially at locations known for unethical business practices.
• Due diligence should be conducted on employees, joint venture partners and third-party agents.
• FCPA compliance language and representations should be incorporated in all third-party contracts.
Effective internal controls and monitoring
• Companies should have internal controls in place for books and records as well as proper accounting.
• Active monitoring of anti-corruption controls within financial and operational processes to identify and report potential red flags is vital.
• Companies should conduct periodic audits of the FCPA compliance program policies, procedures and controls to assess their effectiveness at ensuring compliance at all levels and across the organization.
• Areas of noncompliance and recommended solutions to enhance the organization's FCPA compliance should be reported to senior management and the board.
Training and awareness programs
• FCPA awareness education and training for employees, third-party agents and consultants conducting business on behalf of the organization out of the home country are needed to ensure they are knowledgeable of the appropriate behavior and legal requirements.
• Because many overseas governments have recently invested in private industry to help stabilize local economies, management should provide training to assist in understanding who is a "foreign official."
Investigatory and disciplinary mechanisms
• Companies should ensure there is thorough investigation and remediation of reported potential FCPA violations.
• Disciplinary mechanisms for those who violate FCPA compliance policy should be consistently enforced.
Adopting A Holistic Strategy
FCPA enforcement and penalties are on the rise. Companies that have paid bribes to foreign officials have been subjected to criminal and civil enforcement actions, resulting in large fines, as well as suspension and debarment from federal procurement contracting. In addition, reputation damage due to negative media attention can devastate the bottom line and impair shareholder value.
Compliance programs intended to prevent, deter and detect improper payments and activities by employees, as well as an organization's intermediaries and agents, are vital for avoiding such negative consequences. Anti-corruption compliance and other corresponding internal control capabilities should be considered as part of a holistic strategy to address all issues that could arise from illegal acts within your organization.
To learn more about Protiviti and itsLitigation, Restructuring and Investigative Services, visit www.protiviti.com.
Paul Sachs is the Managing Director responsible for Protiviti's global Litigation, Restructuring and Investigative Services solution. He has led major litigation, bankruptcy and financial investigation engagements. Pamela Verick is a Director in this practice, where she focuses on investigations and leads the company's fraud risk management initiative.