01/11/2011 10:46:00 AM EST
Is Your FCPA Compliance Program a Good Business Model?
Many compliance practitioners struggle with the questions
of how to measure the effectiveness of their company's Foreign Corrupt
Practices Act (FCPA) compliance program. In the January-February 2010 issue of
the Harvard Business Review, authors Ramon
Casadesus-Masanell and Joan E. Ricart explore business model innovation in an
article entitled "How
to Design a Winning Business Model". While the article focuses on how
companies might compete more effectively through business models, they present
several key mechanisms which can be utilized by the FCPA practitioner in
helping to determine the effectiveness of a company's FCPA compliance program.
The authors looked to writer Joan Magretta for a definition of a business model
and cited her for the following "the story that explains how an enterprise
works". This can easily be adapted by the FCPA compliance practitioner into,
"the story of how your FCPA compliance program works". The reason being is that
in its simplest form, a business model "consists of a set of managerial choices
and the consequences of those choices." The authors go onto to state that a
company makes three different types of choices when creating a business model,
they are 1) A Policy Choice to set the course the entire organization will
take; 2) The Asset Choice which relates to the resources a company will use to
deploy the policy; and finally 3) there is a Governmental Choice about which of
the first two choices are managed and governed.
For the FCPA practitioner, the authors list three characteristics of an
effective business model. They note that a good business model will meet all
three of the following, 1) Is your business model aligned with company goals?;
2) Is your business model self-reinforcing?; and 3) Is your business model
robust? These characteristics are easily translated into the compliance world
and can be used by the compliance practitioner in evaluating a company FCPA
I. Is your compliance program "aligned with your company's goals"?
This may seem basic, however the choices made in your
FCPA compliance program should deliver consequences which assist your
organization to achieve its compliance goals. This should start with your "Tone
at the Top" but it is also the "Tone in the Middle" and the actions of those
below in the organization. Moreover, such the communication and sustainment of
such goals must include third parties which a company does business with, and
business representatives through which a company conducts business, such as
third parties, agents, distributors, resellers, representatives, consultants,
joint ventures or consortia. All must all align with your FCPA compliance goals
and this alignment should also include vendors in the supply chain.
II. Is your compliance program
The choices that are made to create and promote an
effective FCPA compliance program should all complement one another. This means
that there must be reinforcement throughout the compliance program; both
negative and positive. If an employee violates the FCPA compliance program,
there must be clearly set out consequences for such action. These consequences
must be uniformly and fairly applied across the company. If a first offense of
making misrepresentations on an expense account is sufficient grounds for
termination in South America, then they should be sufficient grounds for
termination in North America as well. Conversely, there must be positive
consequences to employee actions, the company must promote and award those
employees' who conduct business in a manner consistent with the company's FCPA
III. Is your compliance program "robust"?
Just as a good business model must be adaptable to
sustain its effectiveness over time, a good compliance policy must be able to
adapt to changes in the compliance landscape. The key to this component is an
annual assessment of your company's FCPA compliance program to determine if
there are any areas which may need to be modified. A couple of clear examples
of this are (A) facilitation payments; and (B) UK subsidiaries or company
employees subject to the UK Bribery Act. As led by Transparency International
and the UK, many in the compliance arena are forcefully arguing for the removal
of the facilitation payment exception for bribery. Many companies ban such
payments in the compliance policy and require the same of those which do
business with them. The second area is if your company is subject to the UK
Bribery Act, which not only does not have any exception for facilitation
payments but also is broader than the FCPA in applying to private commercial
transactions, in addition to those involving foreign governmental officials.
Companies need to be aware of both developments and enhance their compliance
program to meet these evolving standards.
Authors Casadesus-Masanell and Ricart have provided a valuable guide for the
FCPA compliance practitioner to think through, in a logic manner, about how to
set up a compliance business model for a company.
Visit the FCPA Compliance
and Ethics Blog, hosted by
Thomas Fox, for more commentary on FCPA compliance, indemnities and other forms
of risk management for a worldwide energy practice, tax issues faced by
multi-national US companies, insurance coverage issues and protection of trade
This publication contains general information
only and is based on the experiences and research of the author. The author is
not, by means of this publication, rendering business, legal advice, or other
professional advice or services. This publication is not a substitute for such
legal advice or services, nor should it be used as a basis for any decision or
action that may affect your business. Before making any decision or taking any
action that may affect your business, you should consult a qualified legal
advisor. The author, his affiliates, and related entities shall not be
responsible for any loss sustained by any person or entity that relies on this
publication. The Author gives his permission to link, post, distribute, or
reference this article for any lawful purpose, provided attribution is made to
the author. The author can be reached at email@example.com.
© Thomas R. Fox, 2011
For more information:
FCPA as it relates to the securities laws is discussed in greater detail in 6
A.A. Sommer Jr., Securities Law Techniques, Ch. 82 (Matthew Bender Rev.
Ed.), " Complying with the Foreign Corrupt Practices Act," which can
be accessed online by subscribers of lexis.com. This
treatise is also available on the LexisNexis online store.