Preventing FCPA Violations and Enforcement Actions with a Strong Corporate Compliance Program
Thursday, February 7, 2019 at 12:00PM
Jennifer H. Bouriat
DOJ and SEC consider nine factors in deciding whether to pursue a criminal indictment against a corporation for FCPA violations, or to instead seek resolution by other means, including non-prosecution or a deferred prosecution agreement. This decision can have a huge impact on the stability, reputation, and future of a corporation.

This post focuses on just one of the nine factors: The existence and effectiveness of a corporation’s compliance program. While the government does not have formulaic requirements for corporate compliance programs, it has offered guidance on the characteristics of programs that it considers most effective.

Commitment from Senior Management and a Clearly Articulated Policy Against Corruption
Senior executives must set the tone for a culture of compliance. They must send the message that compliance is mandatory and nonnegotiable, even if large (unlawful) profits are lost as a result.  

Code of Conduct and Compliance Policies and Procedures
A corporation’s code of conduct should be clear, concise, and accessible to everyone who conducts business on behalf of the company. For example, a corporation with employees around the globe should have its policies and procedures available in multiple languages. Corporate policies should outline responsibilities for compliance within the company, detail proper internal controls, and announce disciplinary procedures for violations.

Oversight, Autonomy, and Resources
Corporations must assign responsibility for oversight and implementation of its compliance program to someone with appropriate authority, adequate autonomy from management, and enough resources to ensure that the company’s compliance program is effective. Whether a corporation’s staffing in this regard is adequate will depend on the company’s size, structure, and risk profile.  

Risk Assessment
Not all transactions or relationships should be scrutinized in the same manner. Due diligence should be fact specific and should correspond with the level of risk involved in the transactions. DOJ will likely be more tolerant of an infraction in a low-risk area where the corporation has implemented a comprehensive, risk-based compliance program that devotes significant resources to areas that pose a higher risk, than it would be of an FCPA violation in a high-risk area that was not given enough attention and resources.  

Training and Continuing Advice
Compliance programs are not effective unless they are communicated throughout the organization. Corporate directors, officers, employees, agents, and business partners should receive periodic trainings on the company’s policies and procedures, applicable laws, and appropriate responses to various real-life scenarios.  

Incentives and Disciplinary Measures
DOJ and SEC will consider whether a company has appropriate and clear disciplinary procedures and whether they are applied reliably and promptly. In addition to punishing noncompliance, corporations should also consider rewarding compliance efforts with bonuses and opportunities for career advancement.

Third-Party Due Diligence and Payments
Though the degree of appropriate due diligence will vary, DOJ has noted that certain guiding principles always apply. First, companies should understand the qualifications of its third-party partners, including their reputations and relationships with foreign officials. Second, corporations should understand the business rationale for including the third-party in the transaction. Third, companies should consistently monitor third-party relationships, even after the initial due diligence is performed.  

Confidential Reporting and Internal Investigation
Companies should maintain mechanisms for reporting misconduct confidentially. An efficient and reliable system for investigating allegations should also be in place.  

Continuous Improvement: Periodic Testing and Review
A strong compliance program should evolve as the company changes over time. Changes in the business model, customers, area of operations, and the laws could impact the effectiveness of a corporate compliance program.  

Conclusion
In sum, the government’s analysis of a corporation’s compliance program will look to answer three “common-sense” questions – 1) Is the program well designed? 2) Is it being applied in good faith? and 3) Does it work? Corporations should remember these points in developing, implementing, and updating compliance programs.
Article originally appeared on White-Collared (http://www.white-collared.com/).
See website for complete article licensing information.