Trying to avoid the unusually strict import controls in Argentina and facilitate faster clearance of its products through customs, a subsidiary of Ralph Lauren Corp. was found to have bribed local officials between 2005 and 2009. Following the news of the FCPA violations, Ralph Lauren will pay in excess of $1.6 million as part of two non-prosecution agreements with the DOJ and SEC, but will not face criminal charges.
How did the company avoid prosecution, along with a more jaw dropping fine that is typical in these kinds of cases?
Having a well-established compliance policy significantly impacted Ralph Lauren’s ability to respond to the issues both internally and with the U.S. government. Upon learning of the misconduct, Ralph Lauren:
immediately reported it to the SEC and took steps to end any further FCPA violations;
gave a thorough review of its existing compliance program to help prevent future compliance issues; and
agreed to provide the government with ongoing reporting over a two-year period.
This recent news follows the high-profile 2012 Morgan Stanley FCPA case, where the DOJ declined to prosecute Morgan Stanley because of a strong compliance program and internal controls. Similarly, the robust compliance program Ralph Lauren put into place prior to these events highlights the importance of a comprehensive and well-designed program. Both the DOJ and SEC are sending companies a strong message that effective ethics and compliance programs (vs. “paper programs”) will get real credit – from avoiding potential prosecution to reduced fines and penalties.
With the escalating risks around third parties in international markets, some of the most important and impactful investments a company can make in its compliance program are around the supply and distribution chain.
The DOJ and SEC press releases announcing the Ralph Lauren non-prosecution agreements highlight what really are the cornerstones of a strong ethics and compliance program:
A system for extensive third party due diligence
Worldwide compliance training (including dedicated FCPA training)
Enhanced policies and procedures (including a dedicated FCPA policy)
Consistent consequences (i.e. termination) for employees and third-party agents who violate policy
A designated corporate compliance attorney
Self-policing and self-reporting
While there is never 100% certainty that a compliance program will be followed exactly as intended, there are certainly steps companies can take to mitigate the risk of prosecution should an incident occur.
One thing is clear – regulators are now demanding more robust and comprehensive compliance programs, and rewarding those companies that can demonstrate them.
The next challenge for organizations will be evolving from a piece-meal approach to compliance to better integration between program components so they function more effectively, are more cost-effective, and the hard, data-based evidence of the company’s efforts are readily accessible when the crisis hits.
As we all know, we’re in the business of having to assume that risks exist and fires will ignite – even in companies with the best controls and cultures. We are now simply in the era of building better systems to tackle the inevitable and actually improving the value of the overall business through ethics and compliance efforts.