FCPA Guidance: Emerging Benchmarks for an Effective Anti-Corruption Compliance Program?

Written by Mushtaq Dost on Friday January 25, 2013

Over recent years, we have all been witness to the US Department of Justice ("DOJ") and the Securities and Exchange Commission ("SEC") aggressively pursuing enforcement action against businesses and individuals under the Foreign Corrupt Practices Act ("FCPA"). Prohibiting bribery of foreign officials, this rather archaic, cloudy and ambiguous piece of legislation had become rather notoriously difficult for the courts to interpret. Moreover, with both the DOJ and SEC historically offering little public guidance on how they approach enforcement, compliance officers and the business community were left uncertain of their obligations when trying to comply with the FCPA.

On November 14, 2012, the DOJ and SEC took a step towards clarifying some of this uncertainty by publishing the 120-page 'A Resource Guide to the U.S. Foreign Corrupt Practices Act' (the "Guide"). According to the DOJ and the SEC, they prepared the Guide because they "want U.S. businesses, foreign officials, non-governmental organizations and others to understand why we prosecute FCPA cases as vigorously as we do, and also how and why we make our charging decisions." In the spirit of helping businesses of all shapes and sizes to "better understand the FCPA`` the Guide gathers in a single compendium the collective thinking of the FCPA enforcement community, thus providing a valuable resource tool for compliance professionals around the world.

The Guide discusses, among other things, the components of the FCPA's anti-bribery provisions, the Government's guiding principles of enforcement, potential FCPA penalties, sanctions and remedies, and possible resolutions to FCPA prosecutions and enforcement actions. Albeit a highly useful resource, most commentators agree, it offers no watershed change in the agencies' approach to FCPA enforcement. It does, however; offer an opportunity for the compliance officer to focus efforts on some key areas of concern.

Since publication of the Guide, there has been much guidance written on the guidance and there is certainly a lot to debate. What is perhaps the most important factor to come out of the Guide is the DOJ and SEC stressing that an effective, proactive FCPA compliance program is one of the key tools a company has to protect itself from FCPA liability.

While recognising "there is no one size fits all" the Guide emphasizes how a strong compliance program is one that is tailored to an organization's specific needs, risks, and challenges. The underlying message here is simple: Companies cannot rely on creating a compliance program in name only and expect that the agencies` will view it as making a ``good faith´´ effort at compliance. Instead, the Guide indicates that the DOJ and SEC will favourably view those companies that have made a “thoughtful effort to create a sustainable compliance program.”

In Chapter 5, the Guide lists`` ten hallmarks of an effective compliance program`` that provide constructive insights for compliance officers to help roadmap, improve and refresh compliance policies according to their company's unique circumstances and risk profile.

Here is a summary:

• Strong board commitment and a clearly articulated anti-corruption statement: The board and senior management are expected to set proper tone throughout the organisation and actively encourage a `compliance culture´ by managers and employees at all levels and discourage pure profit over compliance
• Clear, concise and easily accessible compliance policies, procedures and code of conduct: When evaluating a compliance program, the DOJ and SEC will consider whether policies and procedures clearly outline responsibilities for compliance; detail proper internal controls, auditing practices and set forth disciplinary procedures. It is expected that where necessary, the code of conduct will be translated into different languages so that it is accessible to all employees. It is also suggested that policies incorporate risks faced by individuals such as associating with third parties, travel, gifts, and entertainment
• Independent and powerful executive oversight: The compliance program should be overseen by a specific senior executive with appropriate authority, adequate resources and direct access to the governing body of the organization. Amount of resources devoted to compliance should depend on the company's size, complexity, industry, geography and unique risks associated with the business model
• Risk assessment: According to the Guide ``one size fits all`` compliance programs are "generally ill-conceived and ineffective" as it is only possible to allocate resources and focus compliance efforts after a company has conducted a thorough risk assessment.
  • Continuing education and regular training for employees and third parties: Anti-corruption policies and procedures should be communicated throughout the organization with periodic training and certification for all directors, officers, employees, agents and business partners
• Appropriate disciplinary procedures and incentives: Enforcement of the program is considered essential to its success. The Guide states “a compliance program should apply from the board room to the supply room—no one should be beyond its reach.”
• Third party due diligence: The Guide recognizes that third parties are commonly at the centre of many FCPA violations and provide a means to conceal illicit payments to foreign officials. It advocates risk based due diligence with ongoing monitoring of relationships
• Confidential Reporting and Internal Investigations: The Guide explains how employees are more likely to report compliance failures if they have a secure and confidential mechanism to do so
• Periodic testing and review: As the business changes over time, so does its operational environment, its customers and the laws under which it operates. According to the Guide, the compliance program should likewise "constantly evolve" and not allow itself to become stale.
• Pre-acquisition due diligence and post-acquisition integration for M&A: Not only should companies conduct FCPA due diligence prior to a merger or acquisition, but they should also "promptly incorporate the acquired company into all of its internal controls, including its compliance program."

The importance of crafting an effective compliance program that hits on each of these benchmarks cannot be understated, as doing so may ultimately save a company from incurring significant financial and reputational costs. Morgan Stanley & Co. benefited firsthand from this in April 2012. Then, both the DOJ and the SEC publically announced that each agency had declined to bring enforcement action because of the strength of Morgan Stanley's compliance program.

Despite the hopes of many, the Guide is not legally binding, nor does it provide a safe harbour for companies. What it does do, however; is serve as a wake-up call for those boards and senior management who have permitted their anti-corruption compliance programs to languish.

Mushtaq Dost is a Senior Consultant at Trafford Consulting SL, a specialist private equity / venture capital consultancy.