This article was republished with permission from FCPAméricas Blog, for which Matteson Ellis is founder, editor and regular contributor.
FCPA compliance expectations for multinational corporations (MNCs) are relatively clear. Enforcement authorities regularly describe them in FCPA resolutions and public statements,.
But how should small- and medium-sized enterprises (SMEs) apply these standards, especially smaller companies that still have significant corruption risk profiles? SMEs’ resources, personnel and capacity are usually much more limited that those of MNCs. Does a privately held oil and gas services company with 100 employees in Texas and 250 on-site in Angola need a standalone compliance officer? How robust a third-party due diligence and monitoring program does a small technology company with 300 to 400 distributors worldwide need to have in place?
This post provides some importance perspectives on this issue:
U.S. Sentencing Guidelines: Section 8B2.1 of the U.S. Sentencing Guidelines provides a description of compliance expectations for smaller companies, explaining that SMEs “shall demonstrate the same degree of commitment to ethical conduct and compliance with the law as large organizations.” It states that SMEs can meet these requirements with “less formality and fewer resources” than larger companies. This can mean reliance on existing resources or systems that are simpler than those of larger companies. The Sentencing Guidelines provide four examples:
- The governing authority’s discharge of its responsibility for oversight of the compliance and ethics program by directly managing the organization’s compliance and ethics efforts.
- Training employees through informal staff meetings and monitoring through regular “walk-arounds” or continuous observation while managing the organization.
- Using available personnel rather than employing separate staff to carry out the compliance and ethics program.
- Modeling its own compliance and ethics program on existing, well-regarded compliance and ethics programs and best practices of other similar organizations.
FCPA Guidance: The FCPA Guidance states, “small- and medium-size enterprises likely will have different compliance programs from large multinational corporations, a fact the DOJ and SEC take into account when evaluating companies’ compliance programs.” Chuck Duross, who headed the DOJ’s FCPA Unit from 2010 to 2014, recently explained that one of the main reasons for producing the FCPA Guidance was to help provide information for smaller companies. “In October 2010, the OECD proposed that we provide better guidance as to both our enforcement priorities, our interpretations of the statute and the like, particularly aimed towards small and medium enterprises … the Guide was the ultimate product of that.” This insight suggests that Chapter Five of the FCPA Guidance’s description of the “Hallmarks of Effective Compliance Programs” should be read, understood and followed, not only by MNCs, but by SMEs, as well.
Enforcement Officials: Recently, at Momentum’s Global Anti-Corruption Conference in Washington D.C., Charles Cain, Assistant Director of the SEC’s FCPA Unit, and Jeffrey Knox, Chief of the DOJ’s Fraud Section, discussed SMEs in the context of FCPA enforcement. Mr. Cain confirmed that, while the SEC recognizes that companies have different resources, smaller companies still need to find ways to manage risk:
“I can’t give specific examples how, but it generally involves the creative use of existing resources. While not the same as big companies, they are addressing the same risks and need to be creative. They need to make it a standard part of business. If compliance is part of the culture, the compliance program overlay doesn’t need to be as big.”
Mr. Knox noted that authorities would still ask, “Were the [compliance] actions taken reasonable? Was there management involvement? Was the misconduct pervasive? What is the culture of the company?”
Transparency International: A report on SMEs by Transparency International offers advice on how SMEs should focus their approaches on “principals” of compliance to ensure business integrity. The report gives practical guidance on implementation.
The opinions expressed in this post are those of the author in his or her individual capacity and do not necessarily represent the views of anyone else, including the entities with which the author is affiliated, the author`s employers, other contributors, FCPAméricas or its advertisers. The information in the FCPAméricas blog is intended for public discussion and educational purposes only. It is not intended to provide legal advice to its readers and does not create an attorney-client relationship. It does not seek to describe or convey the quality of legal services. FCPAméricas encourages readers to seek qualified legal counsel regarding anti-corruption laws or any other legal issue. FCPAméricas gives permission to link, post, distribute or reference this article for any lawful purpose, provided attribution is made to the author and to FCPAméricas LLC.