Is Your FCPA Compliance Program Mitigating Risk Effectively?
What Does the Foreign Corrupt Practices Act Mandate?
Under the FCPA, it is an offence to bribe foreign public officials such as government ministers and customs officers. When conducting business with a state-owned organization—whether it is an oil company or a hospital, companies still must act with caution since individuals employed by state-owned hospitals, including executives and even physicians, are considered public officials.
Why is Risk Mitigation Important?
The costs of an FCPA investigation—even before any official findings are made—are substantial. Internal investigations often generate multi-million dollar price tags because of their complexity and global nature. In addition, a study by the Searle Civil Justice Institute at George Mason University found that upon announcement of an FCPA compliance investigation, shareholder value experiences an average decline of 2.9 percent.
For companies found to have violated the FCPA, the costs continue to mount. In addition to criminal penalties of up to $2 million per violation for companies and up to $250,000 fine and 5 years in prison for individuals, regulators can assess alternative fines equal to twice the amount of total profit. Alongside the criminal penalties, civil penalties may include additional fines, injunctions against future violations and additional collateral consequences including debarment from future government contracts and reputational damage.
FCPA Risk Mitigation EssentialsBuilding a FCPA compliance program starts with three must-have components:
- A documented internal compliance program.
- Thorough due diligence on third parties and transactions
- Prompt response to possible violations
FCPA compliance requires a strong corporate code of conduct that prohibits foreign corrupt payments and details expectations, not just for employees but for business partners and the other third-parties on which your company relies. In addition, you need to provide education and training to ensure that anyone acting on your company’s behalf—internally or externally—fully understands your compliance policy, FCPA requirements and best practices for FCPA risk mitigation.
You also need tools to support FCPA third-party due diligence and on-going monitoring. Manual due diligence and monitoring simply can’t offer the risk mitigation needed in a world where news travels at the speed of social media.
Nexis Diligence™ brings together a comprehensive global news archive with extensive PEPs, sanctions and watchlists, industry reports and more, empowering your compliance team with convenient, time- and cost-effective access to the information you need on people, companies and countries.
With the right solution in place, you are better positioned to implement a due diligence process that mitigates FCPA compliance risk.
What should be on your FCPA third-party due diligence checklist?
- Understand Compliance Concerns—Focus on mitigating risk exposure, not just internally but among the partners and third parties on whom you rely.
- Define Corporate Objectives for Due Diligence—Make sure your process aligns with strategic, financial, regulatory and reputational risks, particularly if your company relies on third parties in countries that attract high levels of regulatory scrutiny.
- Gather Key Information—Whether you’re researching individuals or other entities, you need to start with the basics and escalate your due diligence research should red flags appear.
- Screen Prospective Third Parties against Watchlists and PEPs—Prospective third parties—both companies and individuals—should be subjected to a watchlist screening process to mitigate risk.
- Conduct a FCPA Risk Assessment—Once preliminary information collection and watchlist screening has taken place, perform a risk assessment to identify factors that indicate higher risk such as significant country or industry risks.
- Validate the Information Collected—Verify the information and move high-risk third parties to an escalated due diligence process.
- Maintain an Audit Trail—Keep a comprehensive record of your third-party due diligence including relevant documents, assessments and decisions to demonstrate your commitment to compliance to enforcement agencies.
- Establish an On-going Monitoring Plan—Risk doesn’t stop; neither should your due diligence process. Set up alerts and continue to monitor negative news for effective risk mitigation over time.
- Reassess Your FCPA Due Diligence Process—Periodically evaluate how you conduct due diligence to ensure your process stays in line with emerging threats, changes to watchlists and new legislation.