The Foreign Corrupt Practices Act (FCPA) (15 U.S.C. § 78dd-1 et seq.) is a federal anti-bribery law that makes it unlawful for certain people to pay foreign government officials in order to conduct business abroad. While it sounds easy to stay in line with this important law, lots of companies are surprised to find themselves in violation of the FCPA because the foreign parties that they are involved with have convoluted the transaction in order to corruptly divert funding to government officials or entities.
Because of this possibility and the strict penalties that come from an FCPA violation, the due diligence internal controls that many companies use to inspect foreign transactions need to be followed to the letter and frequently subjected to internal audits.
Regularly Review International Contacts and Transactions
Domestic companies that do business abroad know to conduct due diligence on all of their business partners and clients to ensure that they are not making payments or providing services to any foreign government official or entities that could be perceived as bribery or as corruption.
However, once those initial internal investigations are completed, far fewer companies take the necessary steps to maintain that level of diligence.
The threat of legal risk that this creates is not small. International developments, even in secure parts of the world, can shift the grounds beneath foreign entities, creating new connections to foreign governments or to corrupt businesses abroad that were not there at the outset. Those developments can slowly and almost imperceptibly morph a business deal that complied with the FCPA into one that violates it.
Just because a legal transaction or business partnership has shifted from an upstanding one into a corrupt one, though, does not mean that the federal agencies that enforce the FCPA will look the other way. Companies can face legal exposure if they do not constantly check up on their foreign business contacts to ensure that no government entanglements have formed that could make it seem like the deal has become corrupt.
Stay Informed of Foreign Developments in Countries of Contact
Perhaps the best way to do this is to constantly stay informed of any foreign developments in the country of contact that are even remotely connected to your company’s business partners in the region. If business contacts form new connections with the government or with a quasi-government agency, that is something that your company needs to know. Once discovered, that information should trigger an audit of the due diligence inspection that was done at the outset of the venture. If things have changed in the status of your business partner or any third parties that they deal with, it may require a change on your company’s part, as well.
Audit Business Partners and Their Contacts
Importantly, it is not enough to merely audit the connections that your business partners have with foreign governments. U.S. companies that deal overseas also need to look past their direct contact and to their business partner’s associates, contractors, and other third parties. The services and the funding that flows through the direct partner and to these indirect associates can be enough to trigger liability under the FCPA.
This is something that Dr. Nick Oberheiden, an FCPA due diligence audit lawyer at the national law firm Oberheiden P.C., often has to remind clients about. “It is important to remember that the payments that you make to foreign business associates rarely stop there. Much of the money or the services that flow between you and your direct business partner are intimately connected to other business deals in the country that your direct business partner is a part of. While indirect, that connection to potentially corrupt deals can be enough to lead to FCPA enforcement actions.”
Keep Up-to-Date of Federal Enforcement Actions Abroad
At the very least, companies should initiate internal audits of their FCPA due diligence findings whenever the federal law enforcement agencies that enforce the FCPA have begun an investigation into a foreign organization in the country or into an industry that the domestic company does business in. For example, if an oil and gas company does business with a company in Qatar and its FCPA due diligence clears all of the players in the transaction, those due diligence decisions should be audited if the Department of Justice (DOJ) or the U.S. Securities and Exchange Commission (SEC) opens an investigation into oil and gas suppliers in Qatar.
On the one hand, it can be helpful to use the actions of these law enforcement agencies to put problematic situations on your company’s radar. By doing so, you are indirectly piggybacking off of information that is collected by the nation’s intelligence services – services that provide a level of information about foreign affairs that your company cannot hope to emulate.
On the other hand, though, once these enforcement actions become public, the Securities and Exchange Commission and Department of Justice will expect companies with foreign dealings in the countries and industries under scrutiny to review the details of their business transactions. Missing or ignoring these FCPA enforcement actions can lead to allegations that your company is not taking its obligations seriously.
Internal Audit Due Diligence Protocols to Ensure They Require a Level of Scrutiny that is Current
While it may be more common to audit the results of due diligence inspections, it can also be wise to review the details of those due diligence procedures, themselves.
In order to focus resources and maximize efficiency, many companies use tiers for their FCPA compliance programs and due diligence requirements. Transactions in high risk areas such as countries and regions that are unstable or are known to have lots of corruption are subjected to far more scrutiny by FCPA compliance officers than those that are done abroad in safer and less corrupt areas.
However, geopolitics can alter the relative stability of an area, while elections, coups, or other transfers of power can make a country more or less corrupt than it had been, before. Should any of these shakeups occur in an area where your company does business or has business opportunities, it should trigger an internal audit not only of any particular transactions that are ongoing and could be seen as bribery and corruption risks, but also of the due diligence requirements that will scrutinize future dealings.
FAQ
What does the Securities and Exchange Commission have to do with the Foreign Corrupt Practices Act?
The SEC is one organization that has governance in enforcing FCPA cases and provides the civil penalties for FCPA violations. The Department of Justice is the other governance body that handles FCPA violations, and the DOJ delivers criminal charges, including jail time, in these corruption cases.
What are internal auditors looking for during this type of audit?
During this type of internal audit, the internal auditors are looking for bribery and corruption risks in your company's business model and internal accounting controls. The self-imposed internal audit is a form of risk management, identifying the holes in your company's policies and FCPA compliance programs. Most internal auditors are consultants that are experts in risk management, and are looking through your payments and procedures, looking for anything that looks like it could be a bribery risk or a corruption risk. After the audit, the internal auditors will give you a report of your internal controls and your company's business model and your corruption risk assessment. From this report, management should work to formulate an action plan to remedy and risks that leave the company exposed.
