|In February 2017, the U.S. Department of Justice (DOJ) Fraud Section published its latest guidance on corporate compliance programs with the release of the very useful document titled “Evaluation of Corporate Compliance Programs.”
While many legal and compliance scholars have rightly stated that this latest publication isn’t anything radically different than prior authoritative guidance issued by the DOJ and other organizations, what jumps out is the reframing of the well-worn expression, “tone at the top,” with the potentially more insightful, and arguably much scarier, “conduct at the top.” In a just-released Flash Report, we put forth questions and insights that illustrate the degree to which the DOJ is examining senior management and the board of directors while evaluating a corporate compliance program.
In my post yesterday, I suggested penalizing companies that pay bribes where it hurts them the most: in falling stock price and market share — not just civil fines and penalties. But ultimately, it is the internal controls and anti-corruption culture that companies set in place that serve as the most effective deterrent.
While anti-corruption and its correlation with business ethics command a great deal of attention, bribery of foreign public officials and employees of state-owned companies remains an enormous challenge for companies seeking to operate ethically and within the rule of law of each country in which they do business.
In December 2014, the OECD published the Foreign Bribery Report, an analysis of the crime of bribery of foreign public officials. For those unfamiliar with the report, it is a study of 427 prosecutions of bribery offenses that have been brought in countries that are signatories to the OECD Anti-Bribery Convention, enacted in 1999. The report is a very comprehensive analysis of cases involving bribery of foreign officials, and it debunks some widely held beliefs about bribery and corruption. We covered the findings of the report in detail in a blog post back in 2014 – these findings are as relevant as ever, and I highly recommend a read.
Unfortunately, the current state of companies’ abilities to deter, detect, investigate and report fraud and corruption remains discouragingly anemic. Despite the many legal and economic incentives for companies to maintain robust anti-fraud and anti-corruption programs, most companies do not dedicate sufficient resources to adequately manage the risks of their employees and business partners paying bribes to gain unfair business advantages. This was recently confirmed in Protiviti’s 2016 White Collar Crime and Fraud Risk Survey.
For example, despite the fact that the OECD Foreign Bribery Report cited that 75 percent of the foreign bribery cases that they studied involved bribes that were paid by third-party business partners, Protiviti’s survey revealed that only 6 percent of respondents reported a high degree of confidence in their organization’s vendor fraud and corruption risk oversight. More than 35 percent of those surveyed stated that they did not perform any form of due diligence on the third parties acting on their behalf. And an equal number of respondents (35 percent) stated that they were not aware of any efforts to identify foreign government agencies, state-owned companies and public international organizations amongst their customer base.
Our findings also suggested that most companies do not perform sufficient due diligence on the corruption risk and anti-corruption practices of their acquisition targets, which often leads to the unwitting “purchase” of ongoing corruption and bribery schemes that continue, sometimes for many years, after the deal has been closed. Hiring practices is another area that has come into focus due to recent corruption enforcement actions. Here again, our survey revealed that only 34 percent of respondents could say that their organizations attempt to determine whether job candidates are family members or associates of government officials in a position to influence the award of contracts.
In order for anti-corruption efforts to be truly effective and to reduce the human suffering corruption causes, compliance professionals have to do not “just this” or “just that,” but everything: Correct misconceptions about the sources of corruption risk in order to direct resources where they would be most effective; understand where their organizations are most vulnerable in order to apply strong internal controls to these areas; and question the cultural acceptance of kleptocracy and bribery as a way of life. Until there is a highly publicized linkage between the companies that pay bribes, the corrupt regimes that favor bribe payers and the human toll that corruption and kleptocracy take in those countries, anti-corruption efforts will continue to be less than effective.
As mentioned in my post last week, one of the ways the Department of Justice (DOJ) determines whether or not a company has performed the required anti-corruption due diligence when acquiring an entity is looking at whether the new entity was promptly incorporated into the acquiring company’s internal controls, including its compliance program.
There are three main areas to focus on in order to successfully accomplish this integration, whether it be into your existing anti-corruption program or one that has been newly established. These are:
- Identifying the universe of foreign official touchpoints
- Fully identifying the intermediaries among third parties, and
- Examining hiring practices as they relate to foreign officials
Mapping Foreign Official Touchpoints
Most senior executives struggle to understand the term “foreign officials.” The designation includes not only government officials but employees of state-owned companies and public international organizations like the World Bank or the United Nations. Further, when companies look at foreign officials, the focus of scrutiny tends to be on customers, while failing to consider the various ways in which companies routinely interact with government agencies at the federal, state and local level and the ways those interactions can be problematic. It is therefore critically important to perform an exhaustive “inventory” of all of the ways that the organization may come into contact with foreign officials, not just among the company’s customer base, but through the various ways in which the company may interact with such persons in connection with meeting regulatory, legal, administrative and licensing obligations as well as any other way there may be contact, official or unofficial. Mapping these relationships, examining them and then prioritizing them in terms of the potential risk is a critically important step to successfully integrating the acquired entity into the acquiring organization and its compliance program.
Fully Identifying Intermediaries
In the overwhelming majority of FCPA prosecutions, the bribe payers are business intermediaries acting on behalf of the defendant company. It is not common practice to delve deeply into business intermediaries during pre-acquisition due diligence, and yet most FCPA risk resides within those relationships. Part of the process of identifying intermediaries is doing something similar to the mapping of foreign official touchpoints discussed above. Understanding the activities of each intermediary and determining whether and to what extent they may be interacting with foreign officials on the company’s behalf will make mitigating the potential corruption risk of the newly acquired entity a far less challenging exercise.
Examining Hiring Practices
Government touchpoints extend to the hiring of employees, interns and consultants. In several recent cases, the SEC has charged companies with FCPA violations in connection with hiring employees or interns who would not have otherwise been hired were it not for the fact that their family members were government officials in a position to award business to the defendant companies. Most companies do not include hiring practices in their anti-corruption program risk assessments, nor do they examine how a candidate was sourced and whether a prospective hire poses any added FCPA risk. While simply hiring a family member of a foreign government official does not violate the FCPA, it is the hiring decision that could eventually come under intense scrutiny. The key is ensuring that the candidate has met or exceeded all of the criteria for the position and there is no indication of a quid pro quo. Since such a hire represents heightened risk, some organizations require additional controls, such as increased levels of approval prior to extending an offer to a family member or associate of a foreign official.
In closing, acquisitive companies should seek to examine the potential FCPA risk of a prospective acquisition within the constraints of the information that is made available to them pre-close and then perform a timely, thorough risk assessment focusing on the three areas above: touchpoints with foreign officials and the acquired entity’s intermediaries – especially those who are interacting with foreign officials on the company’s behalf – and the alignment of recruiting and hiring activities with the company’s anti-corruption compliance program. It is not uncommon for a company to get more than it bargains for when buying an entity – such as ongoing fraud and bribery schemes. Being able to demonstrate the lengths the company has gone to root them out will make all the difference in the government’s determination as to whether to hold it accountable for someone else’s sins.