A recent survey found that close to half of all responding companies had established or increased anti-corruption compliance. That is a very positive response to increased FCPA enforcement. It is time and money well spent. Increased compliance reduces risk.
Companies have to be realistic about the enforcement risks. Most (if not all) major enforcement actions involve situations where there is a “systematic” breakdown in compliance. As I like to say, no one is going to jail when there is a single violation – i.e. a gift that is given in violation of corporate policy, or a charitable donation given without due diligence..
When a systematic breakdown in anti-corruption compliance occurs it typically leads to the exclusion of legal and compliance offices. Legal protocols and compliance controls are often ignored. The company’s business side takes over all governance and operations – ethics, compliance and legal functions are ignored. In the Siemens case, the compliance officer was complicit in the bribery scheme.
Large scale bribery schemes are committed sometimes with the complicit assistance or willful blindness of the gatekeepers in internal audit. The factual statements for these cases typically paint internal auditors as complicit or negligently indifferent to internal controls.
Given that the real focus of a compliance program should be on preventing conditions which lead to systematic breakdowns rather than isolated violations, the compliance team should build monitoring and auditing programs around the key components of the compliance program – preserving internal controls.
The major FCPA enforcement actions have involved entire business units or even subsidiaries which are making improper payments to foreign officials. Most cases involve third parties who hand out bribes to foreign officials. Sometimes gift-giving, especially in China, is used as a way to supplement bribes. In the systematic breakdown cases, the bad actors often set up bank accounts to help funnel money to the third parties or government officials.
Compliance officers have an important function in maintaining focus on the real corruption risks. When a compliance department is prevented or delayed in integrating a newly-acquired company into the compliance program, or loses touch with a separate business unit, these are real and systematic risks.
In addition, if the third-party due diligence requirements are subverted or ignored in particular areas, there is a real risk of a systematic breakdown in compliance. All too often a company discovers a particular problem with its third party agents in a specific country. Once the internal review begins, the company is surprised to find out that third party problems exist in regions and then even entire continents.
To avoid such situations, compliance officers have to dedicate themselves to maintaining the integrity of the compliance program. Making sure that subsidiaries and business units are following a compliance program is essential.