The initial response to the global spread of COVID-19 has led to unprecedented changes in how we do business globally. There was a chaotic rush for supplies. As households struggled to find goods such as toilet paper and hand sanitizer, essential businesses similarly sought personal protective equipment (PPE) wherever it could be found, at almost any price. Businesses with overseas plants and other facilities sought to keep those factories operating in the face of confusing and ever-changing local policies. These exigent circumstances have created new and different risks under the Foreign Corrupt Practices Act (FCPA).
Consider two examples that will be familiar to many multinational companies:
- A foreign customs official demands a relatively small cash payment before a plane carrying critical PPE supplies is cleared to take off for the U.S. The need for the PPE may be so great – the PPE could be bound to supply health care workers treating patients infected by the virus – that an employee may feel personally justified in ignoring the company’s code of conduct and traditional anti-corruption policies.
- A local government official from a foreign country where you maintain a critical factory conducts a surprise inspection and threatens to shut down the plant unless he is paid a monthly stipend. Afraid for their livelihoods, uncertain about what the pandemic’s future will hold for them, and desperate to keep critical components flowing to the parent company, the employees may agree to make the payments despite knowing they are violating company policy and perhaps the FCPA.
These types of problems may be here to stay, at least for a while. With fears of a second wave of infections this fall and the persistent spread of the virus globally, these and other FCPA risks will not dissipate any time soon. Multinational businesses should be prepared to address the compliance risks created by the new and rapidly changing business climate.
To manage these COVID-19-specific risks, we strongly recommend that companies thoughtfully revisit their global bribery risk profiles. We recommend that multinational companies conduct a COVID-19 bribery risk assessment to figure out where their new pressure points might be. This process should, among other things, attempt to identify vulnerable links in the supply chain (e.g., a new supplier in Argentina, a well-connected customs broker in China, or a factory in Mexico previously under audit by the Mexican labor department).
With an appreciation of the current risk profile, companies should consider enhanced, potentially temporary COVID-19-related controls and procedures targeted to mitigate those risks. Here are some suggestions:
- Conduct targeted compliance training for management and other employees whose locations or functions may expose them to the newly identified risks and pressure points.
- Bolster virtual capabilities and increase the virtual presence of compliance at international locations to deliver frequent and impactful messages on the importance of compliance.
- Consider a temporary requirement of U.S. or regional approvals of certain higher-risk transactions at non-U.S. operations.
- Temporarily limit discretionary spending by international operations.
- Test and audit unusual expenditures related to the newly identified pressure point circumstances.
U.S. enforcement agencies have made it very clear that they expect compliance to be risk-based. This is critically important, now more than ever. The expectation from authorities is not that companies eliminate the risks entirely but that they take appropriate and reasonable steps to mitigate their specific risks. Companies who act promptly to address their changing risks are more likely to be given leniency if they discover and disclose an issue or if an enforcement action arises in the future. Thus, companies that take specific steps now to understand and mitigate the unique bribery risks presented by COVID-19 will save themselves from trouble down the road.