Writing in an upcoming Security Magazine, Michael Varnum of Corporate Risk International, the global market has continually created new business opportunities for U.S. companies of every size. However, with these opportunities come risks and challenges associated with cultural, social, and ethical business practices, as well as a myriad of local and international laws and stringent regulations. The U.S. Department of Justice’s (DOJ) increased use of the Foreign Corrupt Practices Act (FCPA) has placed a bright beacon on multinational corporations and underscored the risks and challenges they now face in the global market place.

The FCPA was enacted by Congress in 1977, after the Securities and Exchange Commission (SEC) discovered during investigations conducted in the mid 1970’s, the prevalent use of cash “slush” funds and, according to the DOJ over 400 U.S. corporations admitted to paying in excess of $300 million in illegal bribes and campaign contributions to foreign officials. The original intent and purpose of the FCPA was and remains, to curb the widespread bribery of foreign officials.

The most recognized provisions of the FCPA make it unlawful for domestic concerns, certain foreign issuers of securities and issuers required to file periodic reports to the SEC to make bribe payments to foreign officials for the purpose of obtaining or retaining business. Just as important to the anti-bribery provisions, are the FCPA requirements that mandate companies whose securities are listed in the U.S. to keep proper accounting records and create and maintain a system of internal controls. 

Justifiably, much has been stated and written about the recent FCPA enforcement actions taken by the DOJ and the SEC. In a July, 2007 article entitled, The FCPA Enforcement Explosion Continues: Nine Enforcement Actions in 2007 and Approximately 100 Active Investigations, Gibson, Dunn and Crutcher LLP presented statistics supporting what might be considered an exponential growth when they chronicled FCPA enforcement activity during the period of 2003 to 2007. Specifically, DOJ and SEC FCPA actions increased from 2 in 2003 to 15 in 2006 and through the middle of 2007 there were 9 new actions initiated. Through various sources, the firm also identified approximately 100 other companies that had opened internal FCPA investigations in 2007.

The spike in FCPA enforcement activity and sanctions, according to a December 1, 2005 Inside Counsel Magazine article by Michael T. Burr, is attributed in great part to the confluence of the government’s increased focus on corporate accounting and governance practices post-Enron and Sarbanes-Oxley, tighter cross-border dealings dictated by the anti-money laundering provisions of the USA Patriot Act and U.S. Commerce and State Departments’ export control regulations. It was further stated in the article that as a result of the broader regulatory mandates and increased resources at the DOJ, SEC and Commerce Department and the tougher due diligence and disclosure mandates companies now face, pressure is rising to squeeze any hint of impropriety out of international business dealings.   

With the increasing enforcement of the FCPA, multinational corporations need to be in command of the business activities of their overseas subsidiaries to ensure that they remain FCPA compliant. There is a well known saying, "what you don't know won't hurt you." When it comes to the FCPA this maxim could not be further from the truth. In fact, it has been repeatedly demonstrated in recent DOJ and SEC enforcement actions that while self reporting may serve as mitigation, companies are still being fined and sanctioned for violating the FCPA. While the charges, fines, accounting, legal and investigative fees can be substantial, it is the company's reputation that is most at stake.           

It is critically important that companies operating in an international market have in-place an anti-bribery and compliance programs but there are two primary elements that must be in place for such programs to succeed - leadership and knowing your business partners. Without strong executive leadership, the culture, standards and corporate code of conduct essential to growing and maintaining a comprehensive and effective anti-corruption and anti-bribery corporate environment, is nearly impossible. Board members, CEOs and other top executives must set the tone through active participation and by clearly communicating to corporate business leaders and all members of the organization that paying bribes, in any form, will not be an accepted business practice. This in our view sets the cornerstone for workable compliance and governance, policies, practices and procedures to which a company must adhere to be compliant with the FCPA.   

Once the organizational mission, purpose, goals and objectives and most importantly, values have been communicated from the top of the organization then the focus must shift to what we believe to be the second most important element – knowing your business partners. Whether an individual company, joint venture, partnership, contractors and/or consultants, conducting a thorough due diligence is not only a good business practice but it also makes good sense. As we have publicized in our own corporate material, violation of the FCPA is a significant offense punishable with serious monetary fines and injunctions. Not only do companies and individuals suffer the financial repercussions but a company’s business reputation can be seriously tarnished.

Developing sound due diligence practices means knowing and fully understanding the requirements of the FCPA and other laws, and knowing who you are dealing with by conducting background and reputation checks on agents and third parties. Although conducting background checks on all vendors and suppliers is not a fail safe, corporate leader's that are doing everything in their power to establish a state of FCPA compliance and to maintain good faith in accordance with the DOJ and the SEC will be positioned better to more effectively endure potentially difficult inquiries. 

Once these key “cornerstones” are set, then the focus can turn to developing a sound compliance program. Establishing comprehensive global compliance involves multiple processes. The anti-corruption compliance program should begin with defining the corruption risks specific to the industry, company and its various business sectors. Designing and implementing policies, practices and procedures and integrating each into the company’s organizational structure and assigning responsibility for monitoring and ensuring adherence to the FCPA are essential elements to developing a strong compliance program.

There are a number of anti-bribery and compliance issues that are recognized “red flags” that automatically raise suspicion and may lead to non-compliance with the FCPA. Companies should be aware of these signals and ensure that their compliance program fully addresses relevant issues. For instance, location is an important “red flag” consideration when contemplating establishing associations with a foreign company, as certain countries like Nigeria are regarded as high risk areas and where corruption is more prevalent. 

Also, bribes to foreign officials can take many apparently innocuous forms such as gifts, contributions, political or charitable donations, travel, meals and entertainment.   Any money directly or indirectly put in the hands of a foreign official for the purpose of generating or ensuring business is illegal in the U.S. and other countries now beginning to adhere to anti-bribery and anti-corruption mandates. Therefore, it is critical for a multinational company to recognize such areas of concern and be FCPA compliant by establishing and following an internal code of conduct that is documented and includes clear policies, procedures and practices.

The accounting mandates portion of the FCPA also require corporations covered by the provisions to make and keep books and records that accurately and fairly reflect the transactions of the corporation and to devise and maintain an adequate system of internal accounting controls. Maintaining solid record keeping goes hand-in-hand with establishing a standard internal code of conduct. In order to ensure accurate record keeping, the standard internal code of conduct must be maintained by the foreign subsidiary. Poor record keeping practices on the part of the foreign office creates risks for the U.S. parent company, as it is liable for errors in its filing with the SEC.

Another important measure in establishing global compliance is to have an email system or a hotline in place that allows individuals to report suspicious activity or behavior. Once an issue or rumor of a violation of the FCPA is raised, a company will be able to conduct its own investigation and take appropriate action to resolve the issue in a timely manner.

When an FCPA investigation is initiated, it is imperative to report and respond aggressively. The more quickly a company responds to an FCPA probe, the greater its confirmation of its commitment to regulatory compliance and its internal code of conduct and business practices. 

Another way a company can make an investigation run smoothly is to be upfront about corrupt or suspicious behavior discovered through its own investigative efforts. Investigating issues and conducting evaluations and reports when suspicious behavior comes to light, and responding to improper behavior and taking action to remove individuals responsible for violating the laws further demonstrates a company's commitment to be compliant and transparent.

Once a compliance program has been implemented and training has been conducted, the next step is to conduct reviews of the process, provide opportunities for feedback, evaluate the program's effectiveness, and determine improvements.

With the government's ever increasing enforcement of the FCPA, multinational companies need to be prepared to withstand anything that comes their way. Establishing an anti-bribery culture, conducting thorough due diligence, having a compliance program in place and doing as much as possible to become FCPA compliant will better enable a company to reduce risk and preserve its reputation.

About the Author – Michael Varnum is Senior Vice President and head of the Fraud and Anti Corruption practice for Corporate Risk International, a leading full service risk management firm. Michael was a Senior Executive Service member in the FBI becoming an internationally recognized as a leader in law enforcement and the intelligence community. His career work encompassed numerous executive, senior level and operational assignments concentrated on corruption, white collar crime, counter terrorism and human resource issues.   Prior assignments with the FBI included Special Agent-in-Charge, Norfolk, VA, Deputy Assistant Director - Human Resources, FBI Headquarters, Assistant Special Agent-in-Charge, Philadelphia, PA, and Chief of the Public Corruption/Economic Crimes Programs, FBI Headquarters. Michael provided senior leadership for the FBI’s Public Corruption Program, where he directed and guided many of the FBI’s most sensitive corruption and white collar crime investigations internationally.