The Foreign Corrupt Practices Act (FCPA) has placed a bright beacon on multinational corporations and underscored the risks and challenges they now face. IT and physical play key compliance and investigation roles.

The global market has continually created new business opportunities for U.S. companies of every size.
However, with these opportunities come risks and challenges associated with cultural, social and ethical business practices, as well as a myriad of local and international laws and stringent regulations. The U.S. Department of Justice’s (DOJ) increased use of the Foreign Corrupt Practices Act (FCPA) has placed a bright beacon on multinational corporations and underscored the risks and challenges they now face in the global marketplace.

The FCPA was enacted by Congress in 1977, after the Securities and Exchange Commission (SEC) discovered during investigations conducted in the mid 1970s, the prevalent use of cash slush funds and, according to the DOJ, over 400 U.S. corporations admitted to paying in excess of $300 million in illegal bribes and campaign contributions to foreign officials. The original intent and purpose of the FCPA was and remains to curb the widespread bribery of foreign officials.

The most recognized provisions of the FCPA make it unlawful for domestic concerns, certain foreign issuers of securities and issuers required to file periodic reports to the SEC to make bribe payments to foreign officials for the purpose of obtaining or retaining business. Just as important to the anti-bribery provisions are the FCPA requirements that mandate companies whose securities are listed in the U.S. to keep proper accounting records and create and maintain a system of internal controls.


The Background

Justifiably, much has been stated and written about the recent FCPA enforcement actions taken by the DOJ and the SEC. In a July 2007 article entitled, The FCPA Enforcement Explosion Continues: Nine Enforcement Actions in 2007 and Approximately 100 Active Investigations, Gibson, Dunn and Crutcher, LLP presented statistics supporting what might be considered an exponential growth when they chronicled FCPA enforcement activity during the period of 2003 to 2007. Specifically, DOJ and SEC FCPA actions increased from two in 2003 to 15 in 2006 and through the middle of 2007 there were nine new actions initiated. Through various sources, the firm also identified approximately 100 other companies that had opened internal FCPA investigations in 2007.

The spike in FCPA enforcement activity and sanctions, according to a December 2005 Inside Counsel Magazine article by Michael T. Burr, is attributed in great part to the confluence of the government’s increased focus on corporate accounting and governance practices post-Enron and Sarbanes-Oxley, tighter cross-border dealings dictated by the anti-money laundering provisions of the U.S. Patriot Act and U.S. Commerce and State departments’ export control regulations. It was further stated in the article that as a result of the broader regulatory mandates and increased resources at the DOJ, SEC and Commerce Department and the tougher due diligence and disclosure mandates companies now face, pressure is rising to squeeze any hint of impropriety out of international business dealings.


Know Your Dealings

With the increasing enforcement of the FCPA, multinational corporations need to be in command of the business activities of their overseas subsidiaries to ensure that they remain FCPA compliant. There is a well-known saying, “What you don’t know won’t hurt you.” When it comes to the FCPA, this maxim could not be further from the truth. In fact, it has been repeatedly demonstrated in recent DOJ and SEC enforcement actions that while self-reporting may serve as mitigation, companies are still being fined and sanctioned for violating the FCPA. While the charges, fines, accounting, legal and investigative fees can be substantial, it is the company’s reputation that is most at stake. It is critically important that companies operating in an international market have an anti-bribery and compliance program in place, but there are two primary elements that must be in place for such programs to succeed – leadership and knowing your business partners. Without strong executive leadership, the culture, standards and corporate code of conduct essential to growing and maintaining a comprehensive and effective anti-corruption and anti-bribery corporate environment is nearly impossible. Board members, CEOs and other top executives, including security executives, must set the tone through active participation and by clearly communicating to corporate business leaders and all members of the organization that paying bribes, in any form, will not be an accepted business practice. This sets the cornerstone for workable compliance and governance, policies, practices and procedures to which a company must adhere to be compliant with the FCPA.



Once the organizational mission, purpose, goals and objectives, and most importantly, values have been communicated from the top of the organization, the focus must shift to the second most important element – knowing your business partners. Whether an individual company, joint venture, partnership, contractors and/or consultants, conducting a thorough due diligence is not only a good business practice but it also makes good sense. As we have publicized in our own corporate material, violation of the FCPA is a significant offense punishable with serious monetary fines and injunctions. Not only do companies and individuals suffer the financial repercussions, but also a company’s business reputation can be seriously tarnished.
Developing sound due diligence practices means knowing and fully understanding the requirements of the FCPA and other laws, and knowing with whom you are dealing through background and reputation checks on agents and third parties. Although conducting background checks on all vendors and suppliers is not a fail safe, security leaders that are doing everything in their power to establish a state of FCPA compliance to maintain good faith in accordance with the DOJ and the SEC is important. This also creates a better position for security leaders to more effectively endure potentially difficult inquiries.


Once these key cornerstones are set, the focus can then turn to developing a sound compliance program. Establishing comprehensive global compliance involves multiple processes. The anti-corruption compliance program should begin with defining the corruption risks specific to the industry, company and its various business sectors. Designing and implementing policies, practices and procedures and integrating each into the company’s organizational structure and assigning responsibility for monitoring and ensuring adherence to the FCPA are essential elements to developing a strong compliance program.
There are numerous anti-bribery and compliance issues, recognized as red flags, that automatically raise suspicion and may lead to non-compliance with the FCPA. Companies should be aware of these signals and ensure that their compliance program fully addresses relevant issues. For instance, location is an important red flag consideration when contemplating establishing associations with a foreign company. Certain countries, such as Nigeria, are regarded as high-risk areas where corruption is more prevalent.
Also, bribes to foreign officials can take many apparently innocuous forms such as gifts, contributions, political or charitable donations, travel, meals and entertainment. Any money directly or indirectly put in the hands of a foreign official for the purpose of generating or ensuring business is illegal in the U.S. and other countries now beginning to adhere to anti-bribery and anti-corruption mandates. Therefore, it is critical for a multinational company to recognize such areas of concern and be FCPA compliant by establishing and following an internal code of conduct that is documented and includes clear policies, procedures and practices.
The accounting mandates portion of the FCPA also require corporations covered by the provisions to make and keep books and records that accurately and fairly reflect the transactions of the corporation and to devise and maintain an adequate system of internal accounting controls. Maintaining solid record keeping goes hand-in-hand with establishing a standard internal code of conduct. In order to ensure accurate record keeping, the standard internal code of conduct must be maintained by the foreign subsidiary. Poor record keeping practices on the part of the foreign office creates risks for the U.S. parent company, as it is liable for errors in its filing with the SEC.


Another important measure in establishing global compliance is to have an e-mail system or a hotline in place that allows individuals to report suspicious activity or behavior. Once an issue or rumor of a violation of the FCPA is raised, a company will be able to conduct its own investigation and take appropriate action to resolve the issue in a timely manner.
When an FCPA investigation is initiated, it is imperative to report and respond aggressively. The more quickly a company responds to an FCPA probe, the greater its confirmation of its commitment to regulatory compliance and its internal code of conduct and business practices.
Another way a company can make an investigation run smoothly is to be upfront about corrupt or suspicious behavior discovered through its own investigative efforts. Investigate issues and conduct evaluations and reports when suspicious behavior comes to light.     Responding to improper behavior and taking action to remove individuals responsible for violating the laws further demonstrates a company’s commitment to be compliant and transparent.
Once a compliance program has been implemented and training has been conducted, the next step is to conduct reviews of the process, provide opportunities for feedback, evaluate the program’s effectiveness and determine improvements.
With the government’s ever-increasing enforcement of the FCPA, multinational companies need to be prepared to withstand anything that comes their way. Establishing an anti-bribery culture, conducting thorough due diligence, having a compliance program in place and doing as much as possible to become FCPA compliant will better enable a company to reduce risk and preserve its reputation.