Globalization has allowed for the geographic expansion of corporate borders to happen quickly, and it often takes time for the infrastructure to catch up. As a result, many businesses routinely:
With the SEC’s recent announcement of a settlement with Walmart for violation of the Foreign Corrupt Practices Act (FCPA), it is a good time for companies doing business internationally to evaluate their business operations and ensure compliance with all aspects of the FCPA. When most people think of the FCPA, they assume that it applies only to the payment of bribes and that the SEC pursues violations like those committed by MobileTeleSystems. However, as was the case with Walmart’s violation and subsequent $282 million in penalties, companies can also be held liable for “failing to operate a sufficient anti-corruption compliance program.” This is because the FCPA has two provisions: Anti-Bribery and Accounting.
In order to avoid being on the wrong end of an SEC enforcement action, there are key issues to address. And in addressing them it is important to focus on the risk being mitigated, the reasonableness of the solution, and the effort required for implementation.
Risk exists. It cannot be eliminated but there should be an active process in place to identify and assess it (managing and monitoring come next). Internal policies, procedures, and oversight will help to identify tactical and strategic risks, whether they are driven by an individual transaction or region-wide operation. As the comprehensiveness of policies and procedures goes down and as transactional value goes up, the risk of corruption increases. The most common areas for violations to originate include:
The key to an effective anti-corruption program lies in clearly identifying the corruption risks you face and what the industry best practices are from a legal/compliance perspective, as these will likely be in line with what is expected by regulatory authorities. Once you have the mitigating options available, they can be tailored to match the identified risk profile and to allocate resources effectively and efficiently.
Compliance program policies and procedures need to be dynamic to adapt to new situations or to incorporate best practices from lessons learned. Companies should address the following compliance areas:
Third parties are a large risk because the reduced oversight limits the effectiveness of internal controls, which can offer numerous avenues for the avoidance of detection. Because of this, it is important that all third parties undergo rigorous due diligence before contracting, that contracts include FCPA or anti-corruption provisions, that the relationships are actively managed to identify red flags, and that all issues raised are investigated and resolved.
Assuming a robust compliance program, regulatory authorities will expect a thorough internal investigation so that a company can provide the information necessary to assess the potential violation. This will include, but is not limited to:
Companies and their insurers alike cannot turn a blind eye to the realities of international trade. In many countries, corruption is an accepted aspect of the culture and it will be encouraged, tolerated, or ignored. But with that in mind, make sure the policies and procedures in place address not only your current operational risks but those that are a part of your 3- or 5-year strategic plan. Consider the following: