Enacted in 1977, the FCPA has rarely been enforced. The change began in 2004, though the reasons are not entirely clear as to why there has been such an increase in enforcement. Figure 1 (right) tracks the number of corporate and individual enforcement actions since 2002.
Benefits of compliance
The recent enforcement action against Morgan Stanley’s managing director Garth Peterson demonstrated the benefits of having a minimum best practices compliance programme in place. Both the US Department of Justice (DOJ) and Securities and Exchange Commission (SEC) went out of their way to praise the Morgan Stanley Compliance Programme. This written praise demonstrated that not only do companies receive credit from the DOJ for having a compliance programme in place, but also provided solid information as to why the DOJ declined to prosecute Morgan Stanley.
Constituting a compliance programme
The DOJ has consistently provided information on what they consider to be a minimum ‘best practices’ compliance programme. They use a 13-step programme, which focuses on the following aspects:
1. Code of conduct
A Company should develop and promulgate a clearly articulated and visible corporate policy against violations of the FCPA, including its books and records, and internal controls provisions in a written compliance code.
2. Tone at the top
The Company will ensure that its senior management provides strong, explicit, and visible support and commitment to its corporate policy against violations of the anti-corruption laws and its compliance code.
3. Anti-corruption policies and procedures
A Company should develop compliance procedures designed to reduce the prospect of violations. These anti-corruption standards and procedures shall apply to all directors, officers, employees and outside parties acting on behalf of the company, including agents, intermediaries and other business partners. Such standards shall include policies governing:
– gifts;
– hospitality and entertainment;
– expenses;
– customer travel;
– political contributions;
– charitable donations;
– sponsorships;
– facilitation payments; and
– solicitation and extortion.
4. Use of risk assessment
A Company should develop these compliance standards and procedures based upon a risk assessment addressing the foreign bribery risks facing the company.
5. Annual review
A Company should review its anti-corruption compliance procedures, no less than annually, and update them as appropriate, taking into account relevant developments in the field and evolving standards, and update them as necessary to ensure their continued effectiveness.
6. Senior management reporting
Responsibility should be assigned to senior corporate executives of the Company for the implementation and oversight of their anti-corruption policies. Each should report directly to their legal director as well as the Company’s board of directors whom shall have an adequate level of autonomy from management, sufficient resources and authority to maintain such autonomy.
7. Internal controls
A Company should have a system of financial and accounting procedures, including a system of internal controls designed to warrant the maintenance of fair and accurate books, records, and accounts to guarantee they cannot be used for the purpose of foreign bribery or concealing such bribery.
8. Training
A Company should implement mechanisms designed to ensure that its anti-corruption policies are communicated effectively to all directors, officers, employees, agents and business partners. It should include periodic training and annual certifications of compliance with the requirements needed.
9. Ongoing advice and guidance
An effective system should be maintained for:
– providing guidance to directors, officers, employees, its agents and business partners on complying with the Company’s compliance policies, including when they need ongoing advice;
– internal and confidential reporting and protection of those reporting breaches of the law concerning anti-corruption occurring within the company, suspected criminal conduct, and/or violations of the compliance; and
– responding to such requests and undertaking appropriate action in response to such reports.
10. Discipline
A Company should have appropriate disciplinary procedures to address violations of the Company’s compliance code. This should include procedures to ensure that where misconduct is discovered, reasonable steps are taken to remedy the harm resulting from such misconduct, and to ensure that steps are taken to prevent further misconduct occurring, making modifications necessary to ensure programme effectiveness.
11. Use of agents and other business partners
To the extent that the use of agents and business partners is permitted at all by the Company, they should institute appropriate due diligence and compliance requirements pertaining to the retention and oversight of all agents and business partners, including:
– properly documented risk-based due diligence pertaining to the hiring and appropriate oversight of agents and business partners;
– informing agents and business partners of the Company’s commitment to abiding by laws on the prohibitions against foreign bribery;
– informing agents of the Company’s ethics and compliance standards; and
– seeking a reciprocal commitment from agents and business partners.
12. Contractual terms and conditions
A Company should include standard provisions in contracts with all agents and business partners that are reasonably calculated to prevent violations of the anti-corruption laws, which should include:
– anti-corruption relating to compliance;
– rights to conduct audits of the books and records of the agent or business partner to ensure compliance; and
– rights to terminate an agent or business partner as a result of any breach of anti-corruption laws.
13. Ongoing assessment
A Company should conduct periodic reviews and testing of its anti-corruption compliance code designed to evaluate and improve their effectiveness in preventing and detecting violations of anti-corruption laws and the Company’s anti-corruption code, taking into account relevant developments in the field and evolving international and industry standards.
Understanding the change
The US DOJ has provided specific information on what constitutes the minimum ‘best practices’ compliance programme. The benefits are now readily available and clear to prevent and detect violations of the FCPA, but also to protect a company from any enforcement action. These measures have been put in place to make sure corruption in the work place is left in the past.
About WorldCompliance
WorldCompliance empowers organisations to identify corrupt foreign officials and state owned enterprises within their business network. For this, we have created World-NEO to provide companies the ability to vet their third party vendors, suppliers, distributors and agents; directing them to register and complete a questionnaire within a web-based portal . World-NEO automatically assigns a risk score to every entity, performing initial and on-going due diligence. The risk score determines whether they represent a risk to the organisation and serves as proof that they are compliant with the FCPA and UK Bribery Act.
With more than 2000 customers in more than 140 countries, WorldCompliance is the premier information provider for compliance with the FCPA and UK Bribery Act. For more information visit www.worldcompliance.com