FCPA violations FCPA Enforcement Has Dramatically IncreasedRajesh Unadkat
Building compliance programs to prevent, detect and eliminate FCPA violations
Although the FCPA (Foreign Corrupt Practices Act) was enacted nearly thirty years ago, the legislation is now facing more rigorous enforcement than ever by the SEC and DOJ. The Obama Administration has made it clear to the business community that FCPA enforcement will be a high priority and also focused on new industries – pharmaceutical and financial institutions – while additional resources are assigned to support the crackdown. In response, businesses must work to continuously identify potential compliance and internal control weaknesses and violations.
Anti-Bribery and Accounting
The goal for the increase in enforcement is to compel corporate transparency and ultimately prevent employees and third parties working for global enterprises from accepting and disguising bribes as legitimate commercial transactions. The accounting provisions make it illegal for any organization reporting to the SEC to have false, doctored, or inaccurate books or records or neglect to maintain a system of internal accounting controls. Failure to adhere to the FCPA could result criminal and civil penalties including multi-million dollar fines or even prison terms.
The United States Department of Justice and the Securities Exchange Commission have expressly identified the existence of a corporate compliance program as a factor to be considered when deciding whether to bring charges against an organization.
6 Steps to building an effective FCPA compliance program
A valid FCPA compliance program requires the education of key employees, the implementation of due diligence procedures in connection with pertinent business functions, for example hiring of consultants, focus on accurate financial records, a mechanism for reporting and maintaining an audit trail of violations and the monitoring of high risk activity that runs risk of corrupt payment transactions. Effective programs are difficult to establish, but nearly impossible to maintain without well-integrated technology to consolidate data in a central location and automate the workflow processes.
- Assignment of Ownership/Governance Responsibility – No compliance program is effective without buy-in from the top. Responsibility for compliance program design, implementation and oversight must be placed in the hands of senior management or the governing body.
- Assess Risk – The proper assessment of risk involves the collection and analysis of data with the goal of identifying any circumstance that may put the business at risk of an FCPA violation:
- Aspects of the business that operate overseas or deal with foreign officials
- All employees which interact with foreign officials, sales representatives and government personnel
- Foreign consultants and business partners
- Nature of foreign business operations that deal with government control or state entities
- Existing compliance functions to ensure foreign corrupt payments are not made and all accounting records clearly reflect transactions
- Design & Implement Policy – This policy may be incorporated into an existing code of ethics or code of conduct, but in the event of newly incorporated documentation outlining the law and the manner in which the company will comply, the documentation must be redistributed. Organizations should develop and distribute a due diligence checklist required for employees to execute prior engagement with foreign representatives or business partners.
- Communicate & Educate – Businesses must convey to employees an appropriate level of knowledge regarding the law. While a company may implement a policy banning corrupt payments, context and additional information (FAQs, where to find more information, or specific guides such as ‘Permissible Foreign Payments’) will also need to be delegated to employees. As always, organizations must also maintain accurate records of which employee views and comprehends corporate policy in the event of a federal investigation.
- Generate Violation Reports – Employees must have adequate means to report violations. For organizations subject to Sarbanes-Oxley, anonymous reporting requirements may also be grated to third parties – Internet based mechanisms are important for handling this.
- Conduct Regular Reviews & Document Compliance Efforts – It’s critical to monitor the effectiveness of the compliance program, from specific individuals in roles that deal with foreign entitles, to the company’s compliance of procedures that govern business tractions, the sufficiency of employee training or even the level at which employees comprehend policy. Businesses should carefully document compliance efforts that reflect accurate management of compliance initiatives. Comprehensive records should be maintained of education materials, training sessions, due diligence efforts and regular compliance reviews.
Incident Reporting – Compliance programs must also be equipped to handle violations. Policies must clearly state consequences for violation, and in the event of a violation – appropriate action must be taken and documented to ensure discipline and mitigation – this step is necessary to demonstrate violations were neither encouraged nor tolerated.