We recently looked at an article which reviewed the
Department of Justice's (DOJ) Foreign Corruption Practices Act (FCPA)
enforcements with an eye towards the failures of internal controls. This
analysis provided a valuable summary of several "lessons learned" regarding the
compliance failures of those companies caught up in FCPA enforcement actions.
One of the frustrations I hear from compliance professions is that they have a
good idea of what not to do but are less sure of more proactive steps which
their company's might glean from published enforcement actions.
Fortunately this void has been filled by our colleague William
Athanas with his article, "Demonstrating
"Systemic Success" in FCPA Compliance: Identifying and Maintaining Evidence to
Respond to Government Investigations . . . Before They Begin" recently
published in the ABA Global Anti-Corruption Task Form site. He believes that by
analyzing what went right, that companies can equip themselves with powerful
evidence to respond to government inquiries and create readily identifiable
benchmarks to measure the ongoing effectiveness of their FCPA compliance
programs.
Athanas believes that underlying DOJ FCPA enforcement is
based one of two bedrocks. Either (1) the company under investigation "has made
a conscious choice to elevate profitability over compliance, essentially making
foreign bribery an unwritten part of its strategic plan;" or (2) the company in
question "has effectively disregarded any obligation to ensure that it conducts
its activities within the boundaries of the law, opting instead to avoid
putting any safeguards in place to prevent FCPA violations." Even if these
underlying assumptions are not correct, a company must do more than show it did
not have a culture built on bribe payments. It must offer tangible proof that
it acted "with genuine commitment to conducting themselves within the
parameters of the law, even when doing so resulted in significant financial
harm or verifiable lost opportunities."
So how does a company provide such information to the
DOJ? First the company must have documented, documented and then documented its
compliance process and procedures. This documentation must show that the
company's compliance program had real "teeth" and lend credence to a company's
assertion that its compliance measures are robust and real - not just paper
tigers. Athanas makes several specific suggestions of documentable events of
compliance which a company can use. He suggests:
- Detection of potential FCPA violations before they occurred and remedial
measures taken.
- Obtain periodic certifications of FCPA compliance from foreign business
partners and termination of those when certifications were refused or revealed
violations.
- Exercise of audit rights.
- Regular assessment and enhancement of a company's compliance program.
-
Books and Records audits and appropriate action taken based on such
compliance audits.
-
Recognition of red flags in the due diligence process and either clearing of
the Red Flag or termination based upon further investigation.
-
Follow up on hotline reports.
The author suggests, depending on the severity of the FCPA
violations, that a company may consider disclosing "external" unlawful conduct
to investigators. This could demonstrate that a compliance program has robust
in both theory and practice and may support the notion that FCPA violations
represent isolated, unsanctioned actions of rogue employees, rather than the
manifestation of an unwritten company policy or the existence of a culture of
corruption. Such a position could, in turn, allow the corporation to make a far
more forceful argument that the sanctions exacted should be at the lower end of
the spectrum.
Lastly Athanas emphasizes there a cornerstone of any
compliance program, three cornerstones actually. They are document, document
and then document. If you compliance program does not document its successes
there is simply no evidence to present that it has succeeded. In addition to
providing to your company support to put forward to the DOJ, it is the only
manner in which to gage the overall effectiveness of your compliance program.
Put another way, if you do not document it, you cannot measure it and if you
cannot measure it, you cannot refine it. Athanas ends by noting that compliance
should be treated as a journey and not a destination.
This paper provides helpful information for the FCPA
compliance practitioner which can be used when things may appear at their
bleakest, during a FCPA investigation. Because your company should be
documenting its compliance program, the information the author suggests should
be collected on an ongoing basis so the incremental cost of "putting more
arrows on your quiver" should not be something to dissuade your company from
engaging in this exercise.
You will find this article on a new website, the ABA
Global Anti-Corruption Task Force Website. As noted by the FCPA Professor,
The ABA's Global Anti-Corruption Task Force,
co-chaired by Andrew Boutros (Department of Justice) and Markus Funk (Perkins
Coie), has launched a new website. The website "provides up-to-date,
practitioner-oriented information and analysis on global anti-corruption
matters" and the opportunity to publish peer-reviewed articles.
We commend this site to you.
Visit the FCPA Compliance and Ethics Blog,
hosted by Thomas Fox, for more commentary on FCPA compliance, indemnities and
other forms of risk management for a worldwide energy practice, tax issues
faced by multi-national US companies, insurance coverage issues and protection
of trade secrets.
This publication contains general information
only and is based on the experiences and research of the author. The author is
not, by means of this publication, rendering business, legal advice, or other
professional advice or services. This publication is not a substitute for such
legal advice or services, nor should it be used as a basis for any decision or
action that may affect your business. Before making any decision or taking any
action that may affect your business, you should consult a qualified legal
advisor. The author, his affiliates, and related entities shall not be
responsible for any loss sustained by any person or entity that relies on this
publication. The Author gives his permission to link, post, distribute, or
reference this article for any lawful purpose, provided attribution is made to
the author. The author can be reached at tfox@tfoxlaw.com.
© Thomas R. Fox, 2011
For
more information about LexisNexis products and solutions connect with us
through our corporate site.