Tag Archive: FCPA

Gleaning Best FCPA Practices for Directors from Recent Government Actions

Published by

David N. Kelley and Bradley J. Bondi

The Foreign Corrupt Practices Act (FCPA) prohibits bribery of foreign public officials in order to obtain or retain business. While management primarily oversees the company’s compliance with the FCPA, directors also play an important role in overseeing these risks. According to a 2012 FCPA resource guide by the Securities and Exchange Commission (SEC) and Department of Justice (DOJ), “compliance begins with the board of directors and senior executives setting the proper tone for the rest of the company.” That view by the two primary enforcing bodies of the FCPA has predominated recent enforcement actions.

The government’s resource guide lists the “hallmarks” of an effective anti-corruption compliance program, and recent FCPA cases demonstrate that the government expects companies to actively adopt these hallmarks. FCPA compliance issues are so important to the DOJ that it recently retained a compliance specialist to assist in evaluating the effectiveness of companies’ programs. Below is a brief summary of the hallmarks that directors and officers should consider when building FCPA compliance programs,

  1. High-level commitment According to the SEC and DOJ, “compliance with the FCPA and ethical rules must start at the top.” Consistent with the agreements in recent DOJ actions, including those against Alstom S.A., IAP Worldwide Services, and Louis Berger International, directors and senior management should provide “strong, explicit, and visible support and commitment” to the company’s policy against violations of the anti-corruption laws and the company’s compliance code. In practice, that means actively reviewing the compliance program, devoting sufficient resources to the FCPA, following up on red flags, and disciplining wrongdoers for noncompliance.
  2. Policies and procedures The company’s policies and procedures should describe responsibilities for anti-corruption compliance; detail proper internal controls, auditing practices, and documentation policies; and set forth disciplinary procedures. In particular, the company should have a financial and accounting system, including internal controls, reasonably designed to fairly and accurately maintain the company’s books and records. Directors may satisfy their responsibilities by periodically reviewing internal controls and responding to any shortcomings, devoting sufficient resources to compliance and internal audit, and responding to compliance benchmarking against peer companies, among other options.
  3. Periodic risk-based review To keep pace with changes within the business, companies should review annually the foreign corruption risks they face and regularly benchmark their compliance function against industry standards, with the goal of ensuring that the compliance program is properly suited to the company’s risk. The review should be conducted with the assistance of outside counsel, as necessary. The board should request and expect a briefing on such a review from the chief compliance officer or general counsel at least annually.
  4. Proper oversight and independence At least one executive, often the chief compliance officer, should have the responsibility for oversight and implementation of the company’s anti-corruption program. This person should be given appropriate resources (including personnel and a travel budget) and have a direct reporting line to the company’s governing authority, usually the audit committee.
  5. Training and guidance In 2012, Morgan Stanley appropriately avoided an FCPA enforcement action due in large part to a robust compliance program that trained employees on FCPA issues and required annual employee certifications of compliance. Accordingly, companies should conduct periodic training of employees at home and abroad, and insist on regular certification of compliance with policies and procedures. Companies also should establish channels of communication to allow personnel to seek advice and guidance on compliance issues.
  6. Internal reporting and investigation The SEC and DOJ stress the importance of an anonymous hotline for employees and vendors to report suspected misconduct without fear of retaliation. The hotline should be actively monitored by appropriate compliance personnel, and suspected violations should be investigated promptly by management, and, when appropriate, by the audit committee.
  7. Enforcement and discipline Providing incentives for compliance and disincentives (i.e., discipline) for non-compliance with anti-corruption policies and procedures are essential components of FCPA compliance. The company’s incentives and discipline should be clearly articulated and should be applied reliably, promptly, and consistently to all company personnel. The board should have an active role in disciplining any senior managers who have violated anti-corruption policies.
  8. Third-party relationships According to the SEC and DOJ, third parties are commonly used to conceal bribes, so the company should conduct periodic due diligence on third-party service providers and vendors. As part of that diligence, the company should inform third parties of the company’s compliance program and require compliance. While written assurances from third parties of their compliance with the company’s FCPA policies and procedures may be useful, they are not substitutes for the company’s own periodic due diligence.
  9. Mergers and acquisitions Newly merged or acquired companies often pose the most FCPA risk, and acquirers are responsible for any illegal activity that occurs following the acquisition. Accordingly, the company should conduct thorough pre- and post-acquisition FCPA diligence and take prompt steps to ensure that newly-acquired entities are fully compliant on a going forward basis, including by training the new employees on FCPA compliance. Acquiring companies also should incorporate FCPA compliance into the internal audits of new companies and divisions.
  10. Monitoring and testing Companies should seek to improve their compliance programs by periodically testing their internal controls for potential weaknesses and risks in view of relevant developments and evolving industry standards. For example, in the DOJ’s landmark plea agreement with Alstom in December 2014, the DOJ required Alstom to conduct “appropriate reviews of its existing internal controls, policies, and procedures” and adopt or modify its controls to ensure it maintains fair and accurate books and records and a rigorous anti-corruption program.

David N. Kelley, who previously served as U.S. Attorney for the Southern District of New York, and Bradley J. Bondi, who previously served in senior positions at the SEC, are partners with Cahill Gordon & Reindel LLP. They advise financial institutions and global corporations, boards of directors, audit committees, and officers and directors of publicly-held companies in significant corporate and securities matters, including those involving the FCPA. Michael D. Wheatley, a litigation associate at Cahill, assisted with this article.

Beware the Whistleblowers

Published by
Judy Warner

Judy Warner

Today guest blogger Judy Warner, managing editor of NACD Directorship, shares her thoughts about the implications of the new whistleblower program and the board’s oversight role in corporate compliance.

Harry Markopolos writes emphatically about the need to compensate corporate whistleblowers in his book, No One Would Listen: A True Financial Thriller, released  this year by John Wiley & Sons.

The independent fraud investigator feared for his life for nearly a decade as he sought to expose Bernie Madoff’s $65 billion dollar Ponzi scheme to the government, the media—anyone who would listen. That all changed when Madoff confessed to his sons, and, in effect, turned himself in, exposing a financial fraud that resulted in his conviction and the loss of individual fortunes many times over. The Dodd-Frank Act creates a new whistleblower program, with new protections and potentially large cash rewards for individuals, like Markopolos, who provide information about securities law violations to the SEC.

Under the terms of the new law, the Commission will pay a whistleblower between 10 and 30 percent of any monetary sanctions in excess of $1 million dollars that the SEC recovers as a result of the whistleblower’s assistance.

A story by Marcia Coyle in The National Law Journal, published July 19, 2010, on www.law.com, reports that some corporate attorneys see the new program as a bounty and warns that even companies with robust compliance programs face increased risk. “You could have a perfect compliance program and still have no legal defense,” said FCPA specialist Richard Cassin of Cassin Law (www.cassinlaw.com) in Singapore. “We kind of depend on prosecutorial discretion. The Department of Justice (which shares enforcement authority with the SEC) will come down less hard, but still, when companies have employees who go rogue, companies are strictly liable. I don’t like it because I think it’s a disincentive to maintain a good, robust compliance program, and to self-report violations.”

Markopolos will speak specifically about the implications of the new whistleblower program and the board’s oversight role in corporate compliance at the NACD Directorship Forum on November 9 in New York City. To register, visit directorship.com/events.

Judy Warner is managing editor of NACD Directorship, the official magazine of NACD. A journalist for more than 30 years, Warner now manages the creation of all Directorship products, including its magazine, events, website, and newsletters. Warner joined the Directorship team in 2007 from ComAve, LLC, an independent marketing consulting firm she founded and ran for eight years. Warner was formerly the New England bureau chief and editor for Adweek magazine and a senior editor for Marketing Computers. She began her journalism career in the newsroom of The Boston Globe.