One of the complaints made about the Department of
Justice (DOJ) is that companies are not made aware of the requirements of a best
practices compliance program. However, since the summer of 2010, the DOJ
has appended to each Deferred Prosecution Agreement (DPA) released an
'Attachment C' which lists and provides detail about is current thinking on
what it believes to be a minimum best practices compliance program.
Additionally since at least 2004, the DOJ has provided
very public guidance on what should compose a best practices compliance
program. In Opinion Release 04-02, the DOJ reviewed the proposal by an
investment group which was acquiring certain companies and assets from ABB Ltd.
Certain assets being acquired by the investment group, ABB Vetco Gray Inc. and
ABB Vetco Gray (UK) Ltd., had previously pled guilty to violations of the
Foreign Corrupt Practices Act (FCPA).
The investment group desired to protect itself from
further liability, to the extent possible, by proposing to the DOJ a
comprehensive best practices compliance program. While the DOJ noted
that this compliance program was not a shield against future violations, the
DOJ would not "intend to take an enforcement action [against the investors] for
violations of the FCPA prior to their acquisition from ABB."
I recently read the components set out in Opinion Release
04-02 and compared then with the recent DPA Attachment C, best practices. I
have put together the following chart to compare them.
13 Point Minimum Best
1. Code of Conduct. To ensure against FCPA violations
B. Assignment of one or more corporate officials to
report to the Compliance Committee of the Board of Directors
6. Senior Management Oversight and Reporting.
Assignment of one or more senior corporate executives for implementation
& oversight of compliance program and they shall report to Board of
C. Effective communications to shareholders (Private
Equity owners) of FCPA training and annual certifications.
8. Training. A company shall effectively communicate
compliance program through training and annual certifications.
D. Hotline reporting system to report suspected
9(b)-internal and confidential reporting system.
E. Appropriate disciplinary procedures for violations
of FCPA or compliance policy.
10. Discipline. A company shall institute appropriate
disciplinary procedures to address violations compliance policy or
F. Procedures to ensure company forms business
relationships with reputable and qualified business partners.
G. Extensive pre-retention due diligence and
post-retention oversight of agents and business partners; maintenance of
complete files thereon
11(a) Properly documented risk-based due diligence and
regular oversight of agents and business partners.
H. Clearly articulated procedures which ensure that
discretionary authority is not delegated to persons who the company knows
have a propensity to engage in illegal or improper activities.
I. A management review committee to monitor agents
J. Inclusion of compliance terms and conditions in all
12. Compliance terms and conditions which should be
included in every agent agreement
K. Financial and accounting procedures designed to
ensure that accurate books and records are maintained.
7. Internal controls including financial and accounting
procedures which should ensure that the company has accurate and fair books
and records, which cannot be used for or conceal bribery.
L. Independent audits by outside counsel and auditors
at no longer than 3 year intervals to ensure effective compliance program
5. Annual Reviews. No less than annually, a company
should review and update as appropriate to ensure continued compliance
program effectiveness. 12. Ongoing Assessment. Period review and testing of
compliance program to evaluate it and improve the program's effectiveness.
comparison demonstrates the substantive policies that the DOJ has consistently
advocated, since at least 2004. The items which do not have any current
equivalents under recent best practices have to do with the FCPA
violations of the ABB Vetco Gray entities which the investment group was
acquiring. Nevertheless, they are still good suggestions to follow in your
company's compliance program. It is a good idea to review the source material
that is available to you. Sometimes to know where to go, you have to know where
you have been.
Visit the FCPA Compliance and Ethics Blog,
hosted by Thomas Fox, for more commentary on FCPA compliance, indemnities and
other forms of risk management for a worldwide energy practice, tax issues
faced by multi-national US companies, insurance coverage issues and protection
of trade secrets.
This publication contains general information
only and is based on the experiences and research of the author. The author is
not, by means of this publication, rendering business, legal advice, or other
professional advice or services. This publication is not a substitute for such
legal advice or services, nor should it be used as a basis for any decision or
action that may affect your business. Before making any decision or taking any
action that may affect your business, you should consult a qualified legal
advisor. The author, his affiliates, and related entities shall not be
responsible for any loss sustained by any person or entity that relies on this
publication. The Author gives his permission to link, post, distribute, or
reference this article for any lawful purpose, provided attribution is made to
the author. The author can be reached at firstname.lastname@example.org.
© Thomas R. Fox, 2011
For more information about LexisNexis
products and solutions connect with us through our corporate site.