Key requirements and elements of an effective FCPA compliance programme
March 2021 | FEATURE | FRAUD & CORRUPTION
Financier Worldwide Magazine
March 2021 Issue
In a global marketplace, an effective compliance programme is a critical component of a company’s internal controls, and essential to detecting and preventing Foreign Corrupt Practice Act (FCPA) violations. Effective financial crime compliance programmes are tailored to a company’s specific business and its associated risks. They are dynamic and evolve as the business and its markets change.
Given the number of enforcement actions by the Department of Justice (DOJ) and the Securities and Exchange Commission (SEC) in recent years, it is perhaps more important than ever for companies to have their house in order. In 2020, there were a dozen corporate FCPA enforcement actions, with penalties totalling over $6.4bn.
Considering that the Biden administration is expected to be more active than its predecessor in pursuing and prosecuting financial crime, including fraud, bribery and corruption, we might expect increased FCPA enforcement in the coming years, along with greater regulatory oversight. Key trends in 2021 could include more multijurisdictional coordination in FCPA investigations and larger corporate penalties.
In light of these developments, it is imperative that companies prioritise ethical conduct and promote an organisational culture committed to compliance with the law. To achieve this goal, a company’s compliance programme must be adequately resourced and the compliance department given sufficient authority to implement and enforce the programme.
“The most targeted and well thought out programme is effective only if those implementing it have the capacity and authority to do so,” notes Jennifer Kies Mammen, counsel at Bryan Cave Leighton Paisner LLP. “In terms of essential provisions and controls, the programme must include policies and procedures that address the organisation’s risks, ongoing risk assessments, third-party due diligence, investigative procedures, and a monitoring and auditing component.”
Companies must also ensure their programmes are updated to reflect any changes in DOJ and SEC guidance. In June 2020, the DOJ updated its Evaluation of Corporate Compliance Programs Guidance, to provide prosecutors with a framework to evaluate the appropriateness and efficacy of compliance programmes. While the guidance does not provide templates, it does address formation and implementation, and is useful for benchmarking a corporate compliance programme.
Ultimately, the most effective way to avoid FCPA investigations is to implement a strong, bespoke anti-corruption compliance programme, according to Reid Whitten, a partner at Sheppard Mullin. “Most multinational companies have mature and sophisticated compliance programmes in place, so what is critical for them is to patrol the perimeter of their defences,” he says. “No one at the DOJ or Serious Fraud Office (SFO) expects to see your vice president of sales handing out bags of cash. So their investigations, using their networks of agents stationed at embassies and consulates around the world, are digging deeper and surveying further. As these enforcement agencies become more savvy about identifying indicia of corruption further from the source, companies will need to work harder to ensure that people who represent them are not creating potential liability exposure for the company.”
Compliance training is an important aspect of ensuring a company is FCPA compliant. It is central to preventing and remedying acts of corruption and bribery committed by employees, but to work it needs to be tailored to the organisation and to the people receiving the training.
“Providing practical and realistic scenarios as examples in your training is the best way to keep employees engaged and to prepare them to recognise risks and red flags they might see on the job,” notes Ms Mammen. “Also, live, interactive training can be extremely valuable to the compliance team, as questions and comments from businesspeople during training sessions may provide insight into real-world risks and red flags experienced by employees, or suggest areas of additional concern not adequately addressed by the existing programme.”
As Mr Whitten points out, for companies with less mature compliance programmes, or which are taking their first tentative steps into the global market, the first challenge is to determine the different regulations that may affect the company’s operations. While the FCPA is the most notable of the global anti-bribery laws – because its enforcement history illustrates how aggressively and extraterritorially it is enforced – companies will also need to be aware of and consider other potentially applicable anti-corruption laws wherever they operate, such as the UK’s Bribery Act, France’s Sapin II, and South Korea’s Improper Solicitation and Graft Act.
“Generally a single compliance programme should be able to address the risks under multiple anti-corruption regimes, but there are detailed decisions that will need to be made at the outset about how the company can keep flexibility in its operations but maintain strong risk mitigation in all relevant jurisdictions,” says Julien Blanquart, an associate at Sheppard Mullins.
Bribery and corruption can have significant consequences for companies as well as their senior executives and board members. When instances of potential malfeasance are uncovered, companies should use the situation as an opportunity to educate all stakeholders, and to test and evaluate their compliance training programme.
No matter where a company operates, it should create, implement and continually enhance a programme that explicitly outlines the procedures it will undertake to ensure compliance with the FCPA and other laws that prohibit corrupt practices. The financial consequences of failing to do so may be significant, as demonstrated by recent enforcement actions.
© Financier Worldwide
BY
Richard Summerfield