Effective Risk Management in Today’s Strict Global Anti-Corruption Enforcement Environment
Efforts to crack down on anti-corruption activities under the Federal Corrupt Practices Act have increased dramatically in the past 10 years, and violators have paid a significant price. In 2005 the average total value of monetary resolutions in corporate FCPA enforcement actions brought by the U.S. Department of Justice and the Securities and Exchange Commission was $7.27 million. In 2014 the figure reached an all-time high of $156.61 million, nearly twice the amount of $80.07 million from the previous year.
A recent example of the severe consequences FCPA violators can face is the case of global power generation and railway infrastructure giant Alstom. On December 22, 2014, the DOJ announced a plea agreement where Alstom will pay $772.29 million to settle a case involving violations of the FCPA’s internal control and books-and-records provisions. According to charging documents, Alstom and three of its subsidiaries paid roughly $75 million in inappropriate consultancy fees to third parties in an effort to secure projects totaling $4 billion in the Bahamas, Egypt, Taiwan, and several other countries.
In terms of total dollar resolution, the Alstom case ranks second behind the $800 million ($450 million DOJ and $350 million SEC) Siemens AG settlement that was reached in December 2008. The electronics company was alleged to have paid bribes totaling $1.4 billion to foreign officials in various countries around the world over a six-year period. With the additional penalties imposed by the German government, Siemens AG’s total liability reached $1.6 billion. The Siemens case also marked the first time criminal charges resulting from internal control violations were levied against a company.
What are the areas in which companies are most vulnerable to risk?
Global law firm Mayer Brown has identified several areas that have and should continue to pose risk and compliance challenges to companies that conduct international business:
- Third parties/intermediaries. As exemplified by the Alstom case, a large number of FCPA violations targeted by DOJ and SEC investigations involve the improper activities of third-party consultants or other intermediaries. It’s important to note that even if the company is unaware of the illegal activities, it can still be deemed liable, as the third parties frequently act as agents on behalf of the organization. Thus, companies must perform appropriate due diligence before enlisting the services of any third party and continue to closely monitor them after retention.
- Mergers and acquisitions. Organizations can unwittingly “buy” liability when merging with or acquiring another entity. A thorough review of the company’s operating structure and past business activities prior to completing the transaction can detect potential red flags that could place an organization at risk of an FCPA violation. In many cases, the best course of action is to walk away from the transaction if there is any uncertainty. Effective management of the post-acquisition period is also crucial, as the DOJ and SEC typically expect the companies to quickly synchronize their FCPA policies and ethics and compliance programs.
- Gifts, travel, and entertainment. The FCPA includes strict guidelines regarding the providing and receiving of gifts and the covering of travel and entertainment costs in an effort to gain or retain business. This frequently becomes a gray area that can lead to unintended FCPA violations. In general, any gift or payment must be for a “reasonable and bona fide expenditure” and be “related to the promotion, demonstration, or explanation of products or services.” The best practice is to abstain from giving or accepting gifts or paying or receiving money for expenditures whenever there is any doubt as to their legitimacy or legality.
Risk mitigation from a corporate compliance perspective
Mayer Brown also recommends that any organization conducting business on a global scale should incorporate FCPA compliance into its overall ethics and compliance program. In addition to reducing their risk exposure, companies that have robust FCPA programs in place tend to receive more favorable treatment from DOJ/SEC officials should a violation actually occur. Program elements should include the following:
- Starting at the top to establish a corporate culture of compliance
- Developing and distributing a written compliance policy
- Assigning the responsibility for compliance policy implementation to a specific individual or department
- Clearly communicating specific compliance measures
- Providing periodic FCPA compliance training
- Mandating periodic compliance self-certification
- Maintaining accurate and thorough compliance records
- Appropriately disciplining compliance policy violators
- Regularly conducting internal and external compliance audits
- Monitoring and adjusting the compliance program as needed to meet changing and evolving global risk assessment needs
Lighthouse Services offers an informative 45-minute e-learning course entitled, “FCPA: Anti-Corruption and Bribery” that can supplement your FCPA compliance training and education efforts. For more information, please view page 3 of our e-learning course catalog.