Is Your FCPA Compliance Program a Good Business Model?

Many compliance practitioners struggle with the questions of how to measure the effectiveness of their company's Foreign Corrupt Practices Act (FCPA) compliance program. In the January-February 2010 issue of the Harvard Business Review, authors Ramon Casadesus-Masanell and Joan E. Ricart explore business model innovation in an article entitled "How to Design a Winning Business Model". While the article focuses on how companies might compete more effectively through business models, they present several key mechanisms which can be utilized by the FCPA practitioner in helping to determine the effectiveness of a company's FCPA compliance program.

The authors looked to writer Joan Magretta for a definition of a business model and cited her for the following "the story that explains how an enterprise works". This can easily be adapted by the FCPA compliance practitioner into, "the story of how your FCPA compliance program works". The reason being is that in its simplest form, a business model "consists of a set of managerial choices and the consequences of those choices." The authors go onto to state that a company makes three different types of choices when creating a business model, they are 1) A Policy Choice to set the course the entire organization will take; 2) The Asset Choice which relates to the resources a company will use to deploy the policy; and finally 3) there is a Governmental Choice about which of the first two choices are managed and governed.
For the FCPA practitioner, the authors list three characteristics of an effective business model. They note that a good business model will meet all three of the following, 1) Is your business model aligned with company goals?; 2) Is your business model self-reinforcing?; and 3) Is your business model robust? These characteristics are easily translated into the compliance world and can be used by the compliance practitioner in evaluating a company FCPA compliance program.

I. Is your compliance program "aligned with your company's goals"?

This may seem basic, however the choices made in your FCPA compliance program should deliver consequences which assist your organization to achieve its compliance goals. This should start with your "Tone at the Top" but it is also the "Tone in the Middle" and the actions of those below in the organization. Moreover, such the communication and sustainment of such goals must include third parties which a company does business with, and business representatives through which a company conducts business, such as third parties, agents, distributors, resellers, representatives, consultants, joint ventures or consortia. All must all align with your FCPA compliance goals and this alignment should also include vendors in the supply chain.

II. Is your compliance program "self-reinforcing"?

The choices that are made to create and promote an effective FCPA compliance program should all complement one another. This means that there must be reinforcement throughout the compliance program; both negative and positive. If an employee violates the FCPA compliance program, there must be clearly set out consequences for such action. These consequences must be uniformly and fairly applied across the company. If a first offense of making misrepresentations on an expense account is sufficient grounds for termination in South America, then they should be sufficient grounds for termination in North America as well. Conversely, there must be positive consequences to employee actions, the company must promote and award those employees' who conduct business in a manner consistent with the company's FCPA compliance program.

III. Is your compliance program "robust"?

Just as a good business model must be adaptable to sustain its effectiveness over time, a good compliance policy must be able to adapt to changes in the compliance landscape. The key to this component is an annual assessment of your company's FCPA compliance program to determine if there are any areas which may need to be modified. A couple of clear examples of this are (A) facilitation payments; and (B) UK subsidiaries or company employees subject to the UK Bribery Act. As led by Transparency International and the UK, many in the compliance arena are forcefully arguing for the removal of the facilitation payment exception for bribery. Many companies ban such payments in the compliance policy and require the same of those which do business with them. The second area is if your company is subject to the UK Bribery Act, which not only does not have any exception for facilitation payments but also is broader than the FCPA in applying to private commercial transactions, in addition to those involving foreign governmental officials. Companies need to be aware of both developments and enhance their compliance program to meet these evolving standards.
Authors Casadesus-Masanell and Ricart have provided a valuable guide for the FCPA compliance practitioner to think through, in a logic manner, about how to set up a compliance business model for a company.

Visit the FCPA Compliance and Ethics Blog, hosted by Thomas Fox, for more commentary on FCPA compliance, indemnities and other forms of risk management for a worldwide energy practice, tax issues faced by multi-national US companies, insurance coverage issues and protection of trade secrets.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

For more information:

The FCPA as it relates to the securities laws is discussed in greater detail in 6 A.A. Sommer Jr.,  Securities Law Techniques, Ch. 82 (Matthew Bender Rev. Ed.), " Complying with the Foreign Corrupt Practices Act," which can be accessed online by subscribers of lexis.com.  This treatise is also available on the LexisNexis online store.