Proactive Use of Systemic Compliance Successes in an FCPA Enforcement Action

Proactive Use of Systemic Compliance Successes in an FCPA Enforcement Action

We recently looked at an article which reviewed the Department of Justice's (DOJ) Foreign Corruption Practices Act (FCPA) enforcements with an eye towards the failures of internal controls. This analysis provided a valuable summary of several "lessons learned" regarding the compliance failures of those companies caught up in FCPA enforcement actions. One of the frustrations I hear from compliance professions is that they have a good idea of what not to do but are less sure of more proactive steps which their company's might glean from published enforcement actions.

Fortunately this void has been filled by our colleague William Athanas with his article, "Demonstrating "Systemic Success" in FCPA Compliance: Identifying and Maintaining Evidence to Respond to Government Investigations . . . Before They Begin" recently published in the ABA Global Anti-Corruption Task Form site. He believes that by analyzing what went right, that companies can equip themselves with powerful evidence to respond to government inquiries and create readily identifiable benchmarks to measure the ongoing effectiveness of their FCPA compliance programs.

Athanas believes that underlying DOJ FCPA enforcement is based one of two bedrocks. Either (1) the company under investigation "has made a conscious choice to elevate profitability over compliance, essentially making foreign bribery an unwritten part of its strategic plan;" or (2) the company in question "has effectively disregarded any obligation to ensure that it conducts its activities within the boundaries of the law, opting instead to avoid putting any safeguards in place to prevent FCPA violations." Even if these underlying assumptions are not correct, a company must do more than show it did not have a culture built on bribe payments. It must offer tangible proof that it acted "with genuine commitment to conducting themselves within the parameters of the law, even when doing so resulted in significant financial harm or verifiable lost opportunities."

So how does a company provide such information to the DOJ? First the company must have documented, documented and then documented its compliance process and procedures. This documentation must show that the company's compliance program had real "teeth" and lend credence to a company's assertion that its compliance measures are robust and real - not just paper tigers. Athanas makes several specific suggestions of documentable events of compliance which a company can use. He suggests:

  • Detection of potential FCPA violations before they occurred and remedial measures taken.
  • Obtain periodic certifications of FCPA compliance from foreign business partners and termination of those when certifications were refused or revealed violations.
  • Exercise of audit rights.
  • Regular assessment and enhancement of a company's compliance program.
  • Books and Records audits and appropriate action taken based on such compliance audits.
  • Recognition of red flags in the due diligence process and either clearing of the Red Flag or termination based upon further investigation.
  • Follow up on hotline reports.

The author suggests, depending on the severity of the FCPA violations, that a company may consider disclosing "external" unlawful conduct to investigators. This could demonstrate that a compliance program has robust in both theory and practice and may support the notion that FCPA violations represent isolated, unsanctioned actions of rogue employees, rather than the manifestation of an unwritten company policy or the existence of a culture of corruption. Such a position could, in turn, allow the corporation to make a far more forceful argument that the sanctions exacted should be at the lower end of the spectrum.

Lastly Athanas emphasizes there a cornerstone of any compliance program, three cornerstones actually. They are document, document and then document. If you compliance program does not document its successes there is simply no evidence to present that it has succeeded. In addition to providing to your company support to put forward to the DOJ, it is the only manner in which to gage the overall effectiveness of your compliance program. Put another way, if you do not document it, you cannot measure it and if you cannot measure it, you cannot refine it. Athanas ends by noting that compliance should be treated as a journey and not a destination.

This paper provides helpful information for the FCPA compliance practitioner which can be used when things may appear at their bleakest, during a FCPA investigation. Because your company should be documenting its compliance program, the information the author suggests should be collected on an ongoing basis so the incremental cost of "putting more arrows on your quiver" should not be something to dissuade your company from engaging in this exercise.

You will find this article on a new website, the ABA Global Anti-Corruption Task Force Website. As noted by the FCPA Professor,

The ABA's Global Anti-Corruption Task Force, co-chaired by Andrew Boutros (Department of Justice) and Markus Funk (Perkins Coie), has launched a new website. The website "provides up-to-date, practitioner-oriented information and analysis on global anti-corruption matters" and the opportunity to publish peer-reviewed articles.

We commend this site to you.

Visit the FCPA Compliance and Ethics Blog, hosted by Thomas Fox, for more commentary on FCPA compliance, indemnities and other forms of risk management for a worldwide energy practice, tax issues faced by multi-national US companies, insurance coverage issues and protection of trade secrets.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

For more information about LexisNexis products and solutions connect with us through our corporate site.