Complying with the Foreign Corrupt Practices Act in a Down Economy
(This article was contributed to Corporate Compliance Insights by Mr. Homer Moyer, one of the country’s leading authorities on the U.S. Foreign Corrupt Practices Act and international anti-corruption law. Homer Moyer can be contacted via email at the following address: hmoyer@milchev.com. He can also be contacted by phone at 202-626-6020.)
———-
The current economic downturn and the accompanying uncertainties about job security may increase the usual pressures on managers to “make their numbers.” These pressures may tempt those responsible for foreign sales and deals to operate close to the line, or even cross the line, in their efforts to secure new business.
In this climate, risks under the Foreign Corrupt Practices Act (“FCPA”) are heightened, as some enforcement officials have already publicly noted. Corporate management, audit committees, compliance professionals, and others may worry that in the mind of an anxious manager on the other side of the world, the lure of new business may outweigh the risks inherent in an improper payment or inducement to a foreign official.
The same economic pressures, however, may also limit dollars and resources available for FCPA compliance. This twin set of pressures is causing corporations to ask themselves how they can stretch their compliance dollars and make them as cost-effective as possible.
Although the answers to this question will vary with each company’s individual business and risk profile, the following eight suggestions may nonetheless have broad applicability and help maximize the cost-effectiveness of FCPA compliance programs. Companies can implement these steps on their own or with the assistance of knowledgeable outside counsel who share a sensitivity about managing costs.
1. Ensure that your program is risk-based.
Perhaps the most obvious first step is to assure that your program is designed to meet your greatest risks, as determined by the nature of your business, the markets where you operate, your channels to market, the nature of your interactions with government officials and employees of state-owned enterprises, your use of joint ventures, consultants, sales representatives, agents, and other third parties, and other factors.
Enforcement officials recognize that resources are limited and that a risk-based program is sensible. If your company’s primary interactions with government officials are with regulators, you will have different compliance challenges than if you are marketing goods or services to government buyers, just as you may have different challenges if you operate overseas through joint ventures as opposed to local representatives.
So the first low-cost step in maximizing your compliance dollars is to assure that you have correctly assessed the company’s FCPA risk profile and tailored its compliance initiatives to meet those risks.
2. Tone at the Top.
The least expensive compliance tool at your disposal is “tone at the top.” If a strong and visible commitment to compliance by the CEO and senior management exists — or if you can create it — it can be the driving force of a strong compliance program. Management teams that have undertaken to create a strong compliance culture, such as the new management team at Siemens, emphasize that a clear and unmistakable commitment to compliance by the CEO and other senior management is indispensable to achieving a compliance culture that permeates the company.
The right tone at the top must, however, be genuine. It can’t be faked. Company employees have a built-in, personal radar that allows them to distinguish between corporate leaders that mean what they say and senior management that is just going through the motions. Without the right tone at the top of the leadership structure, the most rigorous and sophisticated compliance program is facing an uphill battle.
Indicators of the right tone at the top are numerous. They range from what message the CEO conveys — how and how frequently she or he delivers that message; whether the corporation embraces values and ethics on which the compliance program is based or simply promulgates compliance rules; whether managers are held accountable for compliance in terms of compensation and advancement; whether FCPA risk factors into business decisions; and how the company responds to failures to comply with company policies. Where the right tone at the top truly exists, it can radiate through the corporation. It is also a uniquely cost-effective compliance tool.
3. Understand that the costs of an FCPA violation may be more crippling in a down economy than in a flourishing one.
The tone at the top can be buttressed by an appreciation that an FCPA violation in a down economy can be more onerous and harmful than in a flourishing commercial environment. The last several years have seen the advent of larger and more aggressive types of penalties for FCPA violations. Not only have statutory penalties been increased since the FCPA was first adopted, but penalties can now exceed statutory fine levels based on the amount of profit that an improper payment has made possible. To fines, the SEC has recently added the penalty of disgorgement of profits. In the recent settlement against Halliburton and Kellogg Brown & Root, for example, the financial penalties were increased by $177 million as disgorgement of ill-gotten gains. Depending on the circumstances of a bribe, disgorgement of downstream profits can be an enormous number.
For many years, suspension or debarment from government contracting and loss of export privileges have been potential consequences of an FCPA violation. In addition, over the last five years, the Justice Department has used Deferred Prosecution Agreements in settling FCPA cases and has required offending companies to retain, and pay for, an independent compliance monitor or consultant. Monitors, who are given broad discretion to evaluate and test company compliance programs and to make binding recommendations for enhancements, can be both intrusive and costly. To the direct six-, seven-, or even eight-figure cost of a three-year monitor must be added the incidental and indirect costs of the diverted time and energy of managers, more intensive than usual compliance activities, and greater involvement of outside counsel.
Candid, after-the-fact admissions from companies that have had sizable FCPA settlements have suggested that the total costs, direct and indirect, can be far greater than the fines imposed. So — even without a discussion of the increased emphasis on prosecuting individual corporate officials who are involved in FCPA violations and the jail sentences likely to follow — those responsible for governing a corporation can quickly be made to see that the consequences of an FCPA violation can be far more debilitating and relatively more difficult to absorb when a company is otherwise experiencing a contraction in its revenues and profits. In short, it’s a bad time to have an FCPA violation.
4. Train to Red Flags.
If you could train on only one FCPA topic, what would it be? Although FCPA training often includes everything from explanations of jurisdiction to due diligence flow charts to detailed guidelines on gifts and entertainment, it is useful to remember that training need not be designed to produce a corporation of FCPA experts. Rather, the compliance objectives of most companies can be substantially realized if all relevant people in the company simply know how to recognize FCPA red flags and how to react to them.
If employees know red flags when they see them, and understand that they may represent significant risks to the company, you are far down the compliance road. If employees who see a red flag know to stop and ask for guidance, many if not most FCPA issues can be avoided. Lawyers and compliance personnel can make the legal judgments, advise on what may and may not be done, and indicate where lines need to be drawn. But if faced with the necessity of prioritizing training dollars, focusing on red flags related to your company’s risk profile can be a cost-effective compliance step.
5. Minimize the Use of Third Parties.
The most treacherous provisions of the FCPA may be those that permit vicarious liability for the unlawful acts of third parties. Congress, determined to prevent companies from avoiding FCPA liability through “head in the sand” ignorance (or “willful blindness”), wrote the FCPA to hold corporations liable for the acts of third parties — consultants, sales reps, local agents, and the like — when circumstances suggest that there is a strong likelihood or “high probability” that the third party will make improper payments. And increasingly, enforcement officials are invoking this standard of “knowledge” in finding corporations liable.
Under this aggressive liability standard, corporations operate at the mercy of the third parties they employ. A corporation is at risk if the consultant it retains disregards a company’s ethical or business standards, or believes that they are only for appearances, or dismisses them as naive. The risk exists not only for companies who intend for their third parties to divert funds to government officials, but also for companies that choose to be indifferent to or insulate themselves from their third party’s behavior.
Corporations can significantly reduce their FCPA risk by eliminating or minimizing their use of third party consultants and agents over whom they have less than full control, particularly those who are paid commissions, success fees, or bonuses. Due diligence, vetting, training, and monitoring of third parties can reduce risk, but risk is inherent in the use of third parties. To the extent a corporation can eliminate or avoid its reliance on third parties, it can, by definition, reduce its FCPA risk profile.
Ironically, a down economy also creates incentives for companies to use more, not fewer, third parties to help secure business. Compared to full-time sales personnel, agents or sales representatives compensated by a commission or success fee may be a less expensive way to stay in the market and seek new business. In FCPA terms, however, third parties also represent risk, a risk that can be reduced by carefully structuring and monitoring the work that they do, as well as by minimizing the use of third parties altogether.
6. Train Your Internal Auditors.
Internal auditors are typically dispatched to the field to examine the books and records of far-flung business units. They are an existing, potential FCPA compliance asset. Internal auditors are not, however, FCPA experts, and even excellent auditors are not necessarily skilled at identifying FCPA risks or violations. A simple example, sometimes cited, is that a large payment to a third party consultant that is based on a contract and supported by an invoice may raise no audit issues, but it may reflect high FCPA risk.
To take advantage of extensive coverage that internal auditors already achieve, many companies are providing special FCPA training to their internal auditors. Although an FCPA module or component of a financial audit may be less rigorous than a full FCPA audit or investigation, it is a way in which FCPA compliance reviews can be broadened in a company. Auditors trained in FCPA principles and compliance techniques can provide a valuable, additional set of FCPA eyes and ears. By identifying potential FCPA issues that may warrant follow-up, they can substantially expand a company’s compliance coverage without adding new compliance resources.
FCPA training for auditors is, of course, different from the FCPA training provided to audit committees, senior management, or sales personnel, but if tailored to the potential role of auditors and the skills they bring to the process, it can strengthen a corporation’s compliance program and do so inexpensively.
7. Conduct Smart Investigations.
Internal investigations are often necessary, and they can be costly, intrusive, and disruptive. In a down economy, the challenge is in determining when an independent investigation is needed or prudent and in deciding how the investigation can be conducted cost-effectively without compromising its integrity or thoroughness.
Some situations cause for global investigations and massive resources, but not all do. Conducting an investigation expeditiously and determining early whether the issue raised is isolated or systemic can save money. Employing counsel or auditors who are experienced in conducting internal investigations and expert in FCPA matters can avoid learning curves that can lengthen an investigation and expand its cost.
A tricky issue presented by many investigations is when to stop. Stopping prematurely can be an obvious mistake that can ultimately backfire and increase costs. However, if an investigation identifies a pattern of violations or systemic compliance weaknesses, what may be most important is to recognize the pattern and take prompt remedial actions, not attempt to track down and document every instance of a violation or compliance failure. If a mid-stream assessment suggests that the final 40 percent of the cost of an investigation is likely to yield only marginal additional or largely redundant information, the most cost-effective compliance response may not be to continue the investigation to its maximum extent, but rather to deal aggressively with the issues that led to the violations.
This is particularly so where an investigation focuses on the behavior of a third party. In those cases, investigators may not have access to or cooperation from the third party, and even the most thorough investigation may end with less than definitive factual findings. When this is the case, targeted compliance enhancements may be more productive than extending the investigation until every rock has been overturned.
8. Incentives and Discipline.
Among a company’s most effective compliance tools, and surest triggers of effective internal communication, are incentives and discipline. One company with recent FCPA violations tied 30 percent of senior managers’ future compensation to effective compliance, measured in part by employee surveys. When that policy was actually implemented, doubting executives received a powerful message, and considerably less money. Conversely, if a regional manager causes or tolerates an FCPA violation or violates company policies, and the company responds by terminating or otherwise strongly disciplining the individual, it is a convincing sign of the company’s seriousness of purpose. In this context, one disciplinary action may be worth a thousand pages of compliance guidelines.
A corollary to internal discipline is a strong and immediate response to actions by any third party who violates the law or disregards company policies or procedures. Equivocation or delay borne of concern about offending consultant’s commercial value to the company, or gratitude for past economic contributions, will likely be seen by enforcement officials as a sure sign of superficial commitment to compliance and to the principles the company may otherwise have espoused.
Companies often cite FCPA violations as the unauthorized acts of a “rogue employee.” A failure to discipline suggests that the employee’s behavior was not, in fact, “rogue,” but rather reflected the true culture of the company. The direct collar costs of discipline are negligible; the compliance message it sends can be clear and loud.
Compliance is often depicted as a “cost center” that can affect the bottom line only negatively. Whether or not that proposition can be challenged, measures that can extract more compliance value per dollar spent are likely to be welcomed, particularly in a proverbial “down economy.” The ultimate cost-saver is, of course, avoiding violations altogether. By focusing on cost-effective approaches to FCPA compliance, you may achieve greater fuel efficiency in seeking to reach that goal.
**********
Homer Moyer has written and spoken on the Foreign Corrupt Practices Act extensively, chaired more than 20 national and international conferences, produced a training video, represented and advised dozens of clients, and served as an SEC-appointed Independent Compliance Consultant. In the area of export controls and economic sanctions, Mr. Moyer’s experience dates from when he served as General Counsel of the U.S. Department of Commerce during a time of historic foreign policy and national security controls. He has counseled numerous clients on export issues of first impression, co-authored the book Export Controls as Instruments of Foreign Policy, and been called to testify as an expert witness. While in government, he co-authored the Anti-Boycott regulations of the Export Administration Act.
Tags: Compliance, fcpa, Homer Moyer
