Board Of Directors And Doing Business In China Under The FCPA


The case of GlaxoSmithKline PLC (GSK) is still resonating across the corporate globe. While many questions are still unanswered, one that seems to be at the forefront of the inquiry was where was the GSK Board of Directors? The role of a Board of Directors is becoming more important and more of a critical part of any effective compliance program. Indeed Board involvement is listed as one of the ten hallmarks of an effective compliance program, set out in last year’s FCPA Guidance. In addition to helping to set the proper tone in an organization, the Board has a specific oversight role in any Foreign Corrupt Practices Act (FCPA) or UK Bribery Act compliance program.

In addition to the pronouncements set out in the FCPA Guidance, other commentators have discussed the legal duties set out for Board members regarding compliance. Donna Boehme, writing in the SCCE Complete Compliance and Ethics Manual, 2nd Ed., entitled “Board Engagement, Training and Reporting: Strategies for the Chief Ethics and Compliance Officer”, said that a Board’s responsibility for compliance and ethics can be traced back to the Caremark decision (1996), which was later augmented by Stone v. Ritter (2006). She believes that these state court decisions establish the parameters of Board duty of care for corporate compliance activities. Moreover, this case law on the duty of a Board member, read in conjunction with the US Sentencing Guidelines, sets out the elements of an effective program to be overseen by the Board. The US Sentencing Guidelines also require that a Board “be “knowledgeable” about the content and operation of the company program and exercise “reasonable oversight” over its implementation and effectiveness.”

A timely article in the July/August issue of the NACD Directorship, entitled “Corruption in China and Elsewhere Demands Board Oversight”, by Eric Zwisler and Dean Yoost notes that as “Boards are ultimately responsible for risk oversight” any Board of a company with operations in China “needs to have a clear understanding of its duties and responsibilities under the FCPA and other international laws, such as the U.K. Bribery Act”. Why should China be on the radar of Boards? The authors report that “20 percent of FCPA enforcement actions in the past five years have involved business conduct in China. The reputational and economic ramifications of misinterpreting these duties and responsibilities can have a long-lasting impact on the economic and reputation of the company.” You can certainly ask GSK that right about now.

The authors understand that corruption can be endemic in China. They write that “Local organizations in China are exceedingly adept at appearing compliant while hiding unacceptable business practices. The board should be aware that a well-crafted compliance program must be complemented with a thorough understanding of frontline business practices and constant auditing of actual practices, not just documentation.” Further, “the management cadence of monitoring and auditing should be visible to the board.” Echoing one of the Board’s roles, as articulated in the FCPA Guidance, the authors believe that a “board must ensure that the human resources committed to compliance management and reporting relationships are commensurate with the level of compliance risk.” So if that risk is perceived to be high in a country, such as China, the Board should follow the prescription in the Guidance which states “the amount of resources devoted to compliance will depend on the company’s size, complexity, industry, geographical reach, and risks associated with the business. In assessing whether a company has reasonable internal controls, DOJ and SEC typically consider whether the company devoted adequate staffing and resources to the compliance program given the size, structure, and risk profile of the business.”

To help achieve these goals, the authors suggest a list of questions that they believe every director should ask about a company’s business in China.

  • How is “tone at the top” established and communicated?
  • How are business practice risks assessed?
  • Are effective standards, policies and procedures in place to address these risks?
  • What procedures are in place to identify and mitigate fraud, theft, corruption?
  • What local training is conducted on business practices and is it effective?
  • Are incentives provided to promote the correct behaviors?
  • How is the detection of improper behavior monitored and audited?
  • How is the effectiveness of the compliance program reviewed and initiated?
  • If a problem is identified, how is an independent and thorough investigation assured?

The authors correctly point out that third parties generally present the most risk under a FCPA compliance program and that “more than 90 percent of reported FCPA cases involve the use of third-party intermediaries such as agents or consultants.” However, they also point out that “all potential opportunities in China will have some level of compliance related issues.” As joint ventures (JV) and the acquisition of Chinese entities are an important component of many organizations’ strategic plans in China, it is important to have Board oversight in the mergers and acquisition (M&A) process.

The authors understand that “non-compliant business practices and how to bring these into compliance is often a major and defining deal risk.” But, more importantly, it is a company’s “inability to understand actual business practices, the impact of those practices on the core business, and effectively dealing with a transition plan is one of the main reasons why joint ventures and acquisitions fail.” So even if the conduct of an acquisition target was legal or tolerated in its home country, once that target is acquired and subject to the FCPA or Bribery Act, such conduct must stop. However, if such conduct ends, it may so devalue the core assets of the acquired entity so as to ruin the business basis for the transaction. The authors cite back to the FCPA Guidance and its prescribed due diligence in the pre-acquisition stage as a key to this dilemma. But those guidelines also make clear that post-acquisition integration is a must to avoid FCPA liability if the illegal conduct continues after the transaction is completed.

The authors conclude by articulating that many Boards are not engaged enough to understand the way that their company is conducting business, particularly in a business environment as challenging as China. They believe that a Board should have a “detailed understanding of the business if it is to be an effective safeguard against fraud or corrupt practices.” They remind us that not only should a Board understand the specific financial risks to a company if a FCPA violation is uncovered; but perhaps more importantly the “potential impact on the corporate culture and the risk to the company’s reputation, including the reputations of individual board members.” Finally, the authors believe that “effective oversight of corruption in China will only become increasingly more important”. That may be the most important lesson for any Board collective or Board member individually to take away from the ongoing GSK corruption and bribery scandal.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Thomas Fox, Compliance Evangelist | Attorney Advertising

Written by:


Compliance Evangelist on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.