FCPA compliance is a must if you engage in international business. For an organization to demonstrate it has an effective program, the Federal Sentencing Guidelines require the organization to exercise due diligence to prevent and detect criminal activity and to promote an organizational culture that encourages ethical behavior and a commitment to lawful conduct.
The Guidelines provide that a program minimally requires the following seven characteristics:
1. The organization must “establish standards and procedures to prevent and detect criminal conduct.”
2. The organization’s governing authority (e.g., the board of directors) must be knowledgeable about and reasonably supervise the program. High-level personnel (i.e., individuals with substantial control over the organization or policy making) must ensure that the organization has an effective program and that specific high-level personnel are assigned overall program responsibility. Specific individuals must be responsible for the program’s day-to-day operations. Individuals with operational responsibility for the program must report periodically to high-level personnel and, as appropriate, to the governing authority or an appropriate subgroup of the governing authority (e.g., the audit committee) on the program’s effectiveness. These individuals must “be given adequate resources, appropriate authority, and direct access to the governing authority or an appropriate subgroup.”
3. The organization must use reasonable efforts to not empower substantial authority (i.e., the ability to exercise a substantial measure of discretion in acting on the organization’s behalf) in any individual whom it “knew, or should have known…engaged in illegal activities or other conduct inconsistent with an effective” program.
4. The organization must “take reasonable steps to communicate periodically and in a practical manner its standards and procedures” to the governing authority, officers and employees, and, as appropriate, agents and other third parties.
5. The organization must take reasonable steps to guarantee that the program is followed, including monitoring and auditing to discover unlawful behavior, to evaluate from time to time the program’s effectiveness, and to publicize a system that may include methods of communication that provide for anonymity or confidentiality, thus enabling employees and third parties to “report or seek guidance regarding potential or actual criminal conduct without fear of retaliation.”
6. The organization must promote and consistently enforce the program through appropriate performance incentives and commensurate “disciplinary measures for engaging in criminal conduct and for failing to take reasonable steps to prevent or detect criminal conduct.”
7. “After criminal conduct has been detected,” the organization must “take reasonable steps to respond appropriately…and to prevent further similar criminal conduct, including making any necessary modifications” to the program.
Finally, in addition to these seven elements, the Guidelines require that the organization “periodically assess the risk of criminal conduct” and take “steps to design, implement, or modify each requirement” to reduce the risk of unlawful conduct.
The Guidelines’ commentary indicate that while each of the seven requirements must be met, the specific course of action to meet them may vary based on industry practice, applicable government regulation, the organization’s size, and a history of similar misconduct.
An organization’s failure to implement and follow applicable industry practice or governmental regulation weighs against the finding of an effective program. In respect to size, larger organizations generally must “devote more formal operations and greater resources” than smaller organizations.
Smaller organizations, however, must demonstrate the same degree of commitment to ethical and lawful conduct as larger ones, but may do so “with less formality and fewer resources.”
The DOJ and SEC have stressed the need to conduct due diligence on anyone acting on behalf of an entity subject to the FCPA. The government has backed up these words by bringing enforcement actions against companies, their officers and employees, and third parties where the lack of due diligence contributed to FCPA violations.
There is no one right way to conduct due diligence. Due diligence is a set of tasks that include FCPA-tailored risk and awareness application materials; interviews, and scrutinizing answers provided thereto; background checks to assess a reputation/history of illegal activity; consulting a third party (such as the local U.S. Embassy’s Foreign Commercial Service section, local counsel, etc.) to provide reliable local information; using a forensic accountant to review books and records to evaluate high risk transactions or suspect patterns of transactions; documenting the services provided by third parties; and targeted review of email, electronic, and hard copy files, all comprise elements of an effective due diligence plan.
If any red flags appear during the due diligence phase, they must be investigated until you are reasonably satisfied you do not have an FCPA concern. Finally, due diligence must be documented.
The government has suggested that FCPA due diligence is not a one-size-fits-all undertaking. For example, degrees of diligence may reasonably vary from industry to industry, and location to location. As with the breadth and scope of due diligence, the timing may also vary.
In all instances, to the degree possible, due diligence should be done prior to entering into a relationship with a person or entity that will act on your behalf. Due diligence also should be performed periodically throughout the relationship.
Periodic due diligence may be done at a contract’s renewal, annually, semi-annually, or even quarterly in instances where heightened FCPA-compliance concerns dictate such a course of action.
Once you have satisfied your due diligence, you need to implement the next steps in mitigating potential FCPA exposure. Suggested courses of action include providing your third party agents with a copy of your anti-bribery code of conduct. Require them to read it and execute an acknowledgment that they will abide by it.
Include in this acknowledgment FCPA-specific representations and warranties attesting to past compliance and covenants promising future compliance. Negotiate as part of your third party contracts the right to inspect and audit the books and records of your agent. Be certain to include termination rights.
Debunking FCPA Myths and Identifying Red Flags Webinar
The Department of Justice's introduction of the “whistleblower bounty” is further evidence of the increasingly aggressive position the government is taking towards enforcing the Foreign Corrupt Practices Act. Under the provision, whistleblowers are eligible to recover between 10 and 30 percent of any settlement that exceeds $1 million based on the significance of information and level of cooperation provided.
Read the white paper
Michael Volkov is a litigation partner at the law firm of Dickinson Wright; he focuses on trial practice, white collar defense and complex internal investigations. Mr. Volkov is the author of “Navigating through the FCPA minefield, debunking myths and addressing red flags”.
In the paper, Mr. Volkov discusses the seven common FCPA myths. In addition, he covers the top thirty red flags that organizations must be aware of to avoid FCPA sanctions. This is a critical document for any compliance officer, legal counsel or other executive concerned with implementing a solid FCPA program. Sign up HERE.
Join us October 7th in a live online presentation where Mr. Volkov will discuss the highlights and trends contained within “Navigating through the FCPA minefield, debunking myths and addressing red flags”.
He will be accompanied by Ryan Morgan, U.S. Sales Director and FCPA specialist for World Compliance. Mr. Morgan will discuss strategies for implementing a systematic due diligence process and how to navigate the red flags.
Take advantage of this opportunity to obtain insights from FCPA professionals, gain perspective from their experiences, and use it to develop a program for your organization.
Don’t miss this important event!
For more information, contact Michael L. Volkov in Washington, D.C. at 202.659.6927 or firstname.lastname@example.org.