Ongoing FCPA Compliance Assessments

Friday, October 22, 2010

Thomas Fox

59d9b46aa00c70238bb89056cfeb96c0

One of the requirements consistent throughout the Principles of Federal Prosecution of Business Organization (US Sentencing Guidelines) and its section on corporate compliance programs; the Organization for Economic Co-operation and Development (OECD) Good Practice Guidance on Internal Controls, Ethics, and Compliance, and the UK Bribery Act’s Consultative Guidance is the need for continued assessment of an anti-corruption and anti-bribery compliance program.

This posting will review the specifics of each of these documents and will provide to the compliance and ethics practitioner some ideas on how to implement what each of these protocols stress is key component of any best practices compliance program.

US Sentencing Guidelines

The US Sentencing Guidelines state that there should be periodic reviews of a company’s compliance program, utilizing internal resources, such as a company’s Internal Audit function, and outside professional consultants.

The OECD Good Practice states that a compliance program should be periodically re-assessed and re-evaluated to take into account any new developments.

The UK Bribery Act Consultative Guidance, recently released by the UK Ministry of Justice, requires ongoing monitoring and review by noting that a compliance program and procedures should be reviewed regularly and a company should consider whether an “external verification [of the compliance program] would help.”

Speaking at the Compliance Week 2010 Annual Conference, Assistant Attorney General for the Criminal Division of the US Department of Justice, Lanny Breuer, indicated that such an external verification or assurance of the effectiveness of a compliance program is a key component to assist a company in maintaining a ‘best practices’ FCPA compliance program.

He noted that it is through a mechanism such as an ongoing assessment that a company could continue to evaluate its own compliance program with reference to compliance standards which are evolving on a world wide basis.

OECD

In this same speech, Breuer cited as a benchmark for a best practices compliance and ethics program the protocols set forth in the OECD Good Practice Guidance on Internal Controls, Ethics, and Compliance.

In this protocol the OECD suggested that “periodic reviews of the ethics and compliance programs or measures, designed to evaluate and improve their effectiveness in preventing and detecting foreign bribery, taking into account relevant developments in the field, and evolving international and industry standards.”

Writing in the Society of Corporate Compliance and Ethics Magazine (SCCE) (Vol. 7 / No. 3), Russ Berland explained that this guidance meant that companies should regularly reassess their anti-bribery and anti-corruption compliance program to evaluate and improve its overall effectiveness.

Although he did not give a time frame for this regular assessment, Berland noted that any such assessment “should take into account new developments in the area and evolving standards.

UK Bribery Act

Principle Six of the UK Bribery Act’s Consultation Guidance discusses the need for ongoing monitoring and review. The Principle states “The commercial organization institutes monitoring and review mechanisms to ensure compliance with relevant policies and procedures and identifies any issues as they arise.

The organization implements improvements where appropriate.” The reasons for this continued monitoring was to ensure that if, external events like government changes, corruption convictions, or negative press reports occur, an appropriate compliance response is triggered.

The Guidance noted that it would be prudent for companies to consult the publications of relevant trade bodies or regulators that could highlight examples of good or bad practice.

Organizations should also ensure that their procedures take account of external methods of issue identification and reporting as a result of the statutory requirements applying to their supporting institutions, for example money laundering regulations reporting by accountants and solicitors.

The Consultative Guidance provided advice for companies which covered several specific suggestions. The senior management of higher risk and larger organizations may wish to consider whether to commission external verification or assurance of the effectiveness of anti-bribery and anti-corruption policies.

An independent review can provide to a company, which is undergoing structural change or entering new markets, with an insight into the strengths and weaknesses of its anti-bribery policies and procedures and in identifying areas for improvement.

Such independent assessment would also enhance a company’s credibility with business partners or to restore market confidence following the discovery of a bribery incident, to help meet the requirements of both voluntary or industry initiatives and any future pre-qualification requirements.

Ongoing Assessment as ‘Best Practices’

All three cornerstones of guidance available to the Foreign Corrupt Practices Act (FCPA) compliance practitioner include ongoing assessments as a key component of any best practices program.

The text of each document and the remarks by commentators make clear the reasons for such an ongoing assessment. Not only do best practices evolve but companies and business evolve.

An assessment is key to measuring where your program currently stands to allow you to know where it needs to be updated.

Attention should be paid to who and how the assessment is conducted. The entity, be it a law firm; professional consultant or other, which designed the FCPA compliance program for your company should not be the assessor. Such assessment would obviously be a conflict of interest.

Additionally a drafter usually has blind spots when assessing one’s own work. An outside FCPA compliance professional should be engaged to assess your compliance policy, at no less than every two years, to review and make recommendations to keep your program at the best practices standard.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

Cross-posted from Tom Fox Law

Possibly Related Articles:
9352
General
Compliance FCPA
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.