The Dos & Don’ts of Compliance with Anti-Corruption Laws, Straightline

The Foreign Corrupt Practices Act (FCPA) strictly prohibits the payment of bribes to foreign government officials for the purposes of obtaining or retaining business or securing an improper business advantage. Enforcement of the FCPA has been a priority for both the U.S. Department of Justice (DOJ) and the Securities and Exchange Commission (SEC) in recent years and will continue to be in the near future. Other countries, including the U.K., have adopted similar anti-corruption laws and enforcement worldwide is gaining momentum. The costs associated with anti-corruption investigations, whether internal or government initiated, vastly exceed any cost of compliance. Adopting and implementing an effective anti-corruption policy is more important than ever.

Companies that make a good-faith effort and implement an effective anti-corruption compliance program are more likely to receive leniency from the U.S. and U.K. governments if a violation should occur at some point. An effective program includes diligent implementation, ongoing monitoring, testing and auditing to evaluate your company’s program—both of the company’s own employees and all third-party affiliations—as well as continual improvement of your anti-corruption compliance program. Following the compliance steps the DOJ, SEC and U.K.’s Serious Fraud Office (SFO) have identified is the best way to establish a good-faith effort at compliance.

1. Top-Level Commitment
   
   DO: Set the right tone at the top.
   DON’T: Create a culture that ignores anti-corruption compliance.
   
   
2. Clear Policies and Procedures
   
   DO: Adopt a written compliance policy as part of the company’s Code of Business Conduct.
   DON’T: Adopt a policy and then ignore it.
   
   
3. Compliance Responsibility Rests with a Senior Executive with Autonomy
   
   DO: Appoint a member of senior management to oversee anti-corruption compliance and ensure that the organization has an effective compliance program.
   DON’T: Entrust compliance to a low-level employee without access to the board or resources to implement the program.
   
   
4. Performance of Risk Assessments and Triage as Appropriate
   
   DO: Include risk assessment as part of the program, including a review of operational realities and the risks attendant to the company’s business; work with in-house counsel and outside counsel, if appropriate, to prepare a confidential assessment report.
   DON’T: Miss a major issue as a result of undue emphasis on less risky areas.
   
   
5. Communication of Policies; Training and Advice
   
   DO: Adopt explicit written policies regarding anti-corruption in an easily understandable format for all employees and conduct training and education for the board, high level persons, employees and, as appropriate, agents.
   DON’T: Adopt a one-size-fits-all approach. Training should be tailored to meet the risk profile of the specific group being trained.
   
   
6. Incentives for Good Behavior and Disciplinary Measures for Bad Behavior
   
   DO: Explain incentives and disciplinary consequences for anti-corruption violations.
   DON’T: Ignore violations by senior employees while disciplining more junior ones.
   
   
7. Maintenance of Due Diligence Programs for Business Partners and Merger/Acquisition Targets
   
   DO: Conduct due diligence of all third parties, including agents, joint venture partners, international sales representatives, international logistics agents, distributors, resellers/traders and international non-U.S. governmental representatives.
   DON’T: Overlook merger or acquisition targets—remember that the acquiring company assumes all legal and business risks. Before closing the deal, the acquiring company should perform detailed due diligence to ensure anticorruption compliance.
   
   
8. Mechanism for Reporting Confidentially/Anonymously
   
   DO: Institute a hotline for employees to ask questions or report suspected wrongdoing on a confidential and/or anonymous basis.
   DON’T: Give senior or top-producing employees the benefit of the doubt—investigate reported or suspected violations.
   
   
9. Mechanism for Investigating Reports of Misconduct
   
   DO: Have a process to investigate allegations of criminal conduct and suspected violations of the anti-corruption laws and company policies “at the direction of counsel.”
   DON’T: Fail to modify the program, including policies, training and communications, after detection of misconduct or lapses to prevent future violations.
   
   
10. Periodic Testing and Review of the Compliance Program
    
    DO: Take reasonable steps to regularly monitor, evaluate (test), audit and update the company’s program to ensure ongoing compliance.
    DON’T: Fail to train accounting staff on the best practices for conducting enhanced review of high-risk transactions and identifying red flags related to corruption, including those on the DOJ’s red flag list.
    DO: Document the company’s compliance program, including plans, implementation, monitoring, testing and auditing of compliance and effectiveness.
    DON’T: Fail to conduct training when needed to correct any deficiencies and identify new or updated controls and procedures.

The U.S. government has declined to prosecute companies that have successfully implemented effective compliance programs in the past (e.g., PetroTiger, Morgan Stanley and Global Industries) and has indicated that it will continue to do so in the future. The U.K. government also has provided a defense to companies with an adequate compliance program. An anti-corruption program that implements the 10 steps above should provide your company with proof it has an adequate and effective program and will increase the likelihood of satisfying both the U.S. and U.K. governments in the event of a government investigation.