This week I will present a series on steps that you can take in your compliance program if you find yourself, your company or your industry in an economic downturn. All of the recommendations I will make are ideas that have been put into action by companies currently facing these issues. They are ideas that you can use if you have scarce or lessened economic resources for your compliance function. Today I will take my cue from the recent Securities and Exchange Commission (SEC) enforcement action against BHP Billiton (BHP) as a key indicator of where greater and more rigorous SEC enforcement is heading. That is in the area of the enforcement of internal controls and steps that you can take right now, even with reduced head count and budgetary resources, to improve your Foreign Corrupt Practices Act (FCPA), UK Bribery Act or other anti-corruption compliance program.
However, before we get to that subject, I want to remember Marques Haynes, who died last week. Haynes was a basket baller extraordinaire who played with the Harlem Globetrotters off and on for 40 years. As was set out in his New York Times (NYT) obituary last week, Haynes “whose dazzling ball-handling skills, exhibited for more than 40 years as a member of the Harlem Globetrotters and other barnstorming black basketball teams, earned him a place in the Naismith Basketball Hall of Fame and an international reputation as the world’s greatest dribbler”. He was the first Globetrotter inducted into the Naismith Memorial Basketball Hall of Fame. I saw Haynes play in the later stages of his career with the Globetrotters; both on ABC’s Wide World of Sports and through their non-stop touring when they came to even my Podunk hometown. So here’s to you Marques and I am sure you have called ‘Next’ for that great pickup game in the sky several times now.
As they made clear with several FCPA enforcement actions from last fall, the SEC has placed a renewed interest in the accounting provisions of the FCPA, specifically the internal controls provisions. The BHP enforcement continued this trend, where there was no evidence that bribes were paid or offered in violation of the FCPA, tet the poor internal compliance controls at BHP led to a $25MM fine. Indeed Kara Brockmeyer, the Chief, FCPA Unit; Division of Enforcement of the SEC, who spoke at the recently concluded Compliance Week 2015, in a session entitled “A New Look at FCPA Enforcement”, reiterated that the SEC was committed to protecting investors in US public companies and those which list other securities in the US, through enforcement of the accounting provisions, including internal controls provisions of the FCPA. It would seem that the reason is straightforward; a company with rigorous internal compliance controls is better able to prevent, detect and remedy any FCPA violations that may occur.
So, in the midst of an economic downturn, what can you do around the FCPA’s requirements for internal controls and current SEC emphasis? I would suggest that you begin with an exercise where you map the internal controls your company has in place to the indicia of the Ten Hallmarks of an Effective Compliance Program, as set out in the FCPA Guidance. While most compliance practitioners are familiar with the Ten Hallmarks, you may not be as familiar with standards for internal controls. I would suggest that you begin with the COSO 2013 Framework as your starting point.
As a lawyer or compliance practitioner you may not be familiar with all the internal controls that you have in place. This exercise would give you a good opportunity to meet with the heads of Internal Audit, Finance and Accounting (F&A), Treasury or any other function in your company that deals with financial controls. Talk with them about the financial controls you may already have in place. An easy example is employee expense reports. Every company I have ever worked at or even heard about requires expenses for reimbursement to be presented, in documented form on some type of expense reimbursement form. This is mandatory for IRS reporting; so all entities perform this action. See how many controls are in place. Is the employee who submits the expense reimbursement required to sign it? Does his/her immediate supervisor review, approve and sign it? Does any party in the employee’s direct reporting chain review, approve and sign? Does anyone from accounts payable review and approve, both for accuracy and to make sure that all referenced expenses are properly receipted? Is there any other review in accounts payable? Is there any aggregate review of expense reports? Is there a monetary limit over which additional reviews and approvals occur?
Now if an employee has submitted expenses for activities that occurred outside the US are there are any foreign government officials involved? Were those employees identified on the expense reimbursement form? Was the business purpose of the meal, gift or other hospitality recorded? Can you aggregate the monies spent on any one foreign official or by a single employee in your expense reporting system? All of these are internal controls that can be mapped to the appropriate prong of the Ten Hallmarks or other indicia of your compliance program.
You can take this exercise through each of the five objectives under the COSO 2013 Framework and its attendant 17 Principles. From this mapping you can then perform a gap analysis to determine where you might need to implement internal compliance controls into your anti-corruption compliance program. This can lead to remedial steps that you can take. For example you can recommend procedures be written for all key compliance areas in which there are currently no procedures and your existing procedures can be updated to include compliance issues and clear definition how controls are to be evidenced. Through this you can move from having detect controls in place, to having prevent controls, whenever possible.
As a Chief Compliance Officer (CCO) or compliance practitioner, this is an exercise that you can engage in at no cost. You simply investigate and note what internal controls you have in place and how they may be a part of your anti-corruption efforts going forward. As I said last week, compliance is a straightforward exercise. This does not mean that it is easy; you do have to work at it so that you will simply not have a paper, “check the box”, program. But using the excuse that you have limited resources is simply an excuse and a rather poor one at that. While the clear lesson from the BHP enforcement action is that you are required to have effective internal controls in place, by engaging in this mapping exercise you can then figure out what you have and, more importantly, what internal compliance controls that you do not have and need to institute.
Finally, if you do have resources and need some help, you can reach me at the email below.
[view source.]
