A Focus on Effective Compliance Programs
By Jimmy Pappas, National Leader, Forensic Advisory Services & Stephanie Marchand, Director, Advisory Services
The Foreign Corrupt Practices Act (“the Act”) was enacted in 1977 following an investigation by the Securities and Exchange Commission into corruption of foreign government officials by U.S.-based companies. Since then, the Department of Justice and the Securities and Exchange Commission, the two federal agencies responsible for enforcing the Act in the U.S., have continued to issue compliance guidance. Enforcement of the Act has increased considerably during the past 20 years with combined annual fines and penalties often exceeding $1 billion. In 2019, combined fines and penalties exceeded $2.5 billion. From January 1 through December 1, 2020, the Department of Justice brought 26 enforcement actions, while the Securities and Exchange Commission brought nine enforcement actions.1 The Act has two main components: the anti-bribery provisions and the accounting provisions.
The Act’s anti-bribery provisions prohibit corruptly giving, promising, or offering (or authorizing the giving of) anything of value to a foreign government official, political party, or party official, with the intent to influence that official in his or her official capacity, or to secure an improper advantage in order to obtain, or retain, business.2 This prohibition applies to both privately held and publicly traded organizations.
The Department of Justice and the Securities and Exchange Commission, have defined the term “foreign government official” broadly to include any employee in an entity that is directly or indirectly affiliated with a foreign government. In countries with high government influence over enterprises, the definition of foreign government official can apply to large swaths of business activity.
The Act’s accounting provisions require U.S. publicly traded companies, and foreign companies whose securities are traded in U.S. stock exchanges, to maintain accurate books and records and effective internal controls. To maintain accurate books and records, if a company makes a bribe, it must clearly describe the bribe as such. Failure to do so, or attempting to disguise it as something else, is a violation of the Act. The accounting provisions also require companies to devise and maintain a system of internal controls sufficient to provide reasonable assurance that transactions are executed pursuant to management’s authorization and recorded as necessary in order to maintain accountability of assets and prepare financial statements in accordance with generally accepted accounting principles.
The Act prohibits not only actual payments but also any offer, promise, or authorization for the provision of anything of value. No payment needs to be made, nor benefit bestowed, for liability to attach. An offer to make prohibited payments or gifts, even if rejected, is a violation. Indirect payments through third parties are also prohibited if they are made with a corrupt intent.
A prohibited “thing of value” can include noncash items, such an entertainment activities, meals, and trips, which might normally have a legitimate business purpose, but are given with the intent to bribe a foreign official. There are no de minimis exception rules for determining violations, but some facilitations payments are allowable under the Act, if such payments are geared toward expediting routine administrative tasks but otherwise do not enable the organization to secure an improper advantage in order to obtain, or retain, business. As a practical matter, most organizations with effective compliance programs will prohibit their employees and agents from making facilitation payments.
In addition to covered organizations, the Act also applies to officers, directors, agents and stockholders acting on behalf of any such organization. Companies that violate the anti-bribery provisions could face criminal penalties of up to $2 million per occurrence, while individuals can be fined up to $100,000 and serve up to five years in prison. Companies that violate the accounting provisions can be fined up to $25 million per occurrence, while individuals can be fined up to $5 million and serve up to 20 years in prison.
Often, a company can have fines for misconduct reduced if it can prove that, at the time of the violation, it had an effective compliance program in place to prevent bribery. In determining whether the company has an effective compliance program, consideration is given to whether the program is designed well and applied in good faith.
An effective compliance program, according to the Department of Justice and the Securities and Exchange Commission, includes the following:
- Tone at the Top – The tone at the top determines the values of the corporate culture. Top managers should communicate the firm’s ethical values and expectations throughout the organization.
- Code of Conduct – A code of conduct should not only describe the firm’s ethical expectations of employees, but should also express the firm’s ethical values and goals. An effective code of conduct has comprehensive content, is communicated to all levels of the organization, and has support from both immediate and higher-level managers.
- Oversight and Resources – There must be someone in charge of the compliance program who has proper authority and adequate resources to implement an effective compliance program.
- Risk Assessment – The program should be designed to address the specific risks of each organization with greater resources targeted at the highest risk areas.
- Third Party Due Diligence – Organizations that run afoul the Act often engage in prohibited conduct, knowingly or unknowingly, through third parties acting on their behalf. Conducting proper third-party due diligence, with emphasis on higher risk suppliers and vendors, must be part of any effective compliance program.
- Training – A compliance program must provide adequate training to employees and third parties acting on behalf of an organization.
- Confidential Reporting and Internal Investigations – Organizations should provide for confidential reporting of suspected violations and timely investigate credible tips.
- Incentives and Disciplinary Measures – Disciplinary measures must be enforced to avoid having the compliance program be little more than “window-dressing.” In addition, organizations should incentivize and reward employees for adherence to the compliance program.
- Pre-Acquisition Due Diligence and Post-Acquisition Integration – In general, when a company acquires another entity, the acquirer can be liable for the acquired company’s activities prior to the acquisition. To avoid liability for an acquired company’s misconduct, the acquirer should incorporate anti-bribery procedures in its pre-acquisition due diligence. Upon consummation of the acquisition, the acquirer should promptly integrate the new entity into its compliance structure.
- Continuous Improvement – Ethics and compliance is never static. A compliance program should be reviewed periodically to measure its effectiveness, and adjustments should be made as warranted.
Companies with effective compliance programs identify failures (hopefully, in a timely manner) and use lessons learned to improve compliance. Marcum’s forensic practice can assist organizations comply with the Act by conducting risk assessment, designing effective compliance programs, undertaking timely internal investigations, conducting pre-acquisition and post-acquisition anti-bribery audits, and advising on remedial efforts.