120 Pages of Non-Stop FCPA Compliance Action!

newsIn mid-December, the US Department of Justice and the Securities and Exchange Commission released much anticipated new guidance on the Foreign Corrupt Practices Act (FCPA).  This resource guide – 120 pages in length, but a surprisingly interesting read (at least for this geek) – outlines the DOJ and SEC priorities around FCPA, enforcement guidelines and attempts to clarify grey areas through the use of case studies and examples.

In January, Thomas Fox, FCPA expert and consultant for Resources Global Professionals, presented his take on the guidance in a webinar, “The New DOJ FCPA Guidelines: A Resources for the Compliance Practitioner”. (A recording of that webinar is available in the RGP event library.)

Anti-Corruption Compliance Continues to be Top of Mind

The subject of FCPA and Anti-Bribery compliance continues to be top of mind for our policyIQ team, as it is certainly top of mind for many clients of RGP.  Virtually every morning there is at least one article at the top of my newsfeed pointing to developments or new perspectives on anti-corruption compliance.   One of those recent articles, published on Tuesday on The FCPA Blog (Step Aside, ten elements, and make way for the hallmarks), highlights the Hallmarks of Effective Compliance Programs, as outlined in the recently released DOJ and SEC FCPA guidance.  Mr. Richard Cassin, publisher of The FCPA Blog, suggests that these hallmarks “go to the heart of the matter” – and it isn’t hard to understand why.

The Hallmarks of Effective Compliance Programs

1. Commitment from senior management and a clearly articulated policy against corruption

2. Code of conduct and compliance policies and procedures

3. Oversight, autonomy, and resources

4. Risk assessment

5. Training and continuing advice

6. Incentives and disciplinary measures

7. Third-party due diligence and payments

8. Confidential reporting and internal investigations apparatus

9. Continuous improvement: periodic testing and review, and

10. Mergers and acquisitions: pre-acquisition due diligence and post-acquisition integration.

These ten hallmarks certainly do lay out a good plan for moving ahead with anti-corruption compliance, but it is important to recognize that there is not a one size fits all approach to how to implement your program.  As the authors of the guidance point out,

Compliance programs that employ a “check-the-box” approach may be inefficient and, more importantly, ineffec­tive. Because each compliance program should be tailored to an organization’s specific needs, risks, and challenges, the information provided below should not be considered a substitute for a company’s own assessment of the corpo­rate compliance program most appropriate for that particu­lar business organization.

How policyIQ and Resources Global Professionals can help

Your organization’s needs around anti-corruption compliance will depend on your level of risk – with factors ranging from what industry you are in, in what areas of the world you conduct business, and how much you rely on third party partners.  As we mentioned, this is a subject that is top of mind for many of our clients – and therefore, we’ve been spending time recently developing solutions to help our clients manage their Anti-Corruption compliance program effectively and efficiently in policyIQ, with varying levels of complexity.

policyIQ can help you to manage risk assessments, code of conduct, related training and sign-offs, confidential reporting and follow-up, third-party due diligence, oversight, and audit.  policyIQ can also be used to more effectively manage due diligence around acquisitions or help to streamline the integration of new business units.

Contact us for a demo of how policyIQ can help your organization to effectively implement an anti-corruption program!

Participate in International Anti-Corruption Day with policyIQ and Resources Global Professionals training

The United Nations Development Programme and the United Nations Office on Drugs and Crime are leading Against Corruption Today (ACT), a campaign to fight corruption across the globe.  They have declared tomorrow, December 9th, to be International Anti-Corruption Day.

Anti-Corruption has been a hot topic lately for most companies, but in our business blogs, webinars and articles, we’ve tended to focus on the regulations and corporate financial impacts of non-compliance.  The Against Corruption Today campaign focuses on the economic and social impact of corruption to regular citizens throughout the world.

Within their Call to Action Matrix, ACT recommends some familiar tactics for the private sector to improve the global economy and eliminate corrution worldwide

Strengthen democracy…
Foster economic stability by enforcing zero-tolerance practices towards corruption.A transparent and open business community is a cornerstone of any strong democracy.

Promote justice…
Enact policies covering gifts, supply chain, whistleblowers and other key corruption issues, educate employees about them.

Employees will work better if they feel confident that they are operating in a fair and just environment.

Bring prosperity…
Strictly enforce anti-corruption measures and use independent auditors to ensure compliance. Introduce “anti-corruption strategies” into the social dialogue (see Trade Unions).

In the private sector, corruption increases the cost of doing business through the added “tax” of bribes, the additional management cost of negotiating with corrupt officials, and the legal and financial penalties of breached agreements or getting caught.

Participate in International Anti-Corruption Day by learning more from policyIQ and Resources Global Professionals 

The policyIQ team recently hosted a webinar outlining tactics for using policyIQ to manage your Anti-Corruption Compliance ProgramCheck out the recording, or review the wrap-up blog post from that session to learn more.

And coincidentally, Resources Global Professionals will be hosting a webinar next Tuesday, December 13th (12 pm ET) titled International Compliance Enforcement: The Need for an Effective Best Practices Compliance Program.  Hosted by Thomas Robert Fox, Resources consultant and FCPA / Anti-Bribery legal expert, this session will explore the best practices for establishing an effective global compliance program. Register today to secure your spot in this fantastic upcoming webinar!

Anti-Corruption Compliance in policyIQ: Training review and highlights

*whew*  Another training session under our belts.  I’ll admit – I was nervous about this one.  The topic of Anti-Corruption Compliance is one that fascinates me and I wanted to do it justice.  There are so many different ways that policyIQ might help an organization with the various anti-corruption and anti-bribery compliance initiatives – and we had just one hour to hit the highlights.  (View the recording now!)

While we focused on the United States’ Foreign Corrupt Practices Act (FCPA) and the United Kingdom’s Bribery Act of 2010 (UK Anti-Bribery Act), it’s also important to remember that there are many other anti-corruption laws, local regulations and related legislation that should be considered when building or strengthening your program.

Documentation is key

Through all of my own investigation and learning about the FCPA and the UK Anti-Bribery Act, the key takeaway for me has been that documentation is absolutely critical from start to finish.  Clearn documentation is critical not just of the ultimate expenses that are made (so that you can defend your decisions), but also of the policies, procedures and risk assessments that drive your program.

During the training session, we stressed the need to document a variety of things, such as:

  • Policies and procedures – in detail and with as much context as possible.
  • Your risk assessment, the methodology you used and the support for your decisions around the scope of your anti-corruption programs.
  • Due diligence you conducted on your partners or third parties acting on your behalf, and be sure that they have documented their own internal policies, procedures, etc.
  • Every payment, gift, travel expense or entertainment expense made in a transparent way, so that there can be no question about your motivations or reasons for those expenses.

It was gratifying to hear this point reiterated by one of our attendees, David Roberts, Director at Wall Street Institute, who is responsible for the anti-corruption program in his organization. David followed up in chat to say, “Our organization is constantly reminding of us that.  It is important to note that not only is this important for the company but also the employees.  They are subject to fines and imprisonment.” 

The potential for criminal charges and possible imprisonment should be motivation enough for any employee to get on board with this idea of documentation!

And then you can do this.  And then you can do this.  And then you can…*breathe*

I found myself talking a bit more quickly than normal while presenting the material – both getting excited about the possibilities and anxious about my time limit.  While preparing for the session, we identified eighteen different things that can be organized into or automated by policyIQ, and frankly that was just the eighteen things that fit nicely in our table.  We talked about Anti-Corruption Compliance using the UK’s Ministry of Justice’s guidance on six principles of compliance.  Those six principles are outlined below, along with just a few of the ways that policyIQ might help an organization manage their compliance program.

1.     Risk Assessment

a.   Track Risk Assessments
b.   Report on High Risk Areas

2.     Top Level Commitment

a.   Publish Ethical Conduct Policy internally and externally
b.   Allow all employees and partners to easily reach Corporate Compliance Officer to ask for clarification

3.     Due Diligence

a.   Track all partners and third parties
b.   Retain all Due Diligence documentation

4.     Policies and Procedures

a.   Ask high risk employees and partners to sign off on critical policies
b.   Document specific situational advice and FAQs

5.     Effective Implementation

a.   Use forms in policyIQ to automate Gift Reporting or Expense Request processes
b.   Track Training Attendance

6.     Monitoring and Review

a.   Build and execute audit programs
b.   Periodically review partners and agreements

Great ways to learn more about Anti-Corruption Compliance – specifically FCPA and UK Anti-Bribery

We didn’t go into detail around the specifics of the FCPA or the UK Anti-Bribery Act, and some of you indicated in the evaluation that you were hoping for more information about the legislation.  There are so many nuances and details – and so many far more intelligent folks out there who have great information on the subject.  Here are just a few of the places that I go to get more information:

– Thomas Fox’s FCPA Compliance and Ethics Blog

– Michael Volkov’s Corruption, Crime & Compliance Blog

– If you are on LinkedIn, join the group FCPA – Foreign Corrupt Practices Act – Anti-Corruption Compliance Group

One of our attendees also pointed out that she uses resources from CCH, Deloitte and a variety of other sources found via web searches.  I’ll add Compliance Week to that list, which requires a subscription but is worth it for the wealth of information!

If you have any questions or if you need some help organizing your thoughts to get started, don’t hesitate to reach out to us and we’ll be happy to talk through it!

Foreign Corrupt Practices Act: Don’t wait until it’s too late to formalize your program

I was really excited to have an opportunity to learn more about the Foreign Corrupt Practices Act recently through our Resources Global Professionals’ webcasts.  Not only was it an area of compliance that was relatively new to me, but it was of particular interest.  I had spent a summer in Russia during college studying business practices of US companies working in the Russian business environment.  At the time, many US companies were just starting to see opportunities in the emerging economy, but found themselves struggling to operate in an environment marred by organized crime, corrupt officials and poor government oversight.

FCPA_cashWhat is the Foreign Corrupt Practices Act?

The FCPA is not new legislation.  It has been around since 1977, but recent increases in enforcement and lawsuits have brought it back up into the spotlight for many US organizations.  In a nutshell, the FCPA states that:

1.) It’s a crime to bribe non-US officials in order to obtain or continue business activity in that region.

2.) Organizations must have proper records of all transactions, and controls in place to prevent bribery of non-US officials.

(If you want a much more detailed explanation, check out the Department of Justices’ “Lay Person’s Guide”.)

I am by no means an expert, but here’s a few of the things I’ve learned recently that I found interesting:

    • FCPA is enforced by both the Department of Justice and the Securities and Exchange Commission. The SEC is responsible for civil action against corporations (or individuals), while the DOJ is responsible for criminal prosecution of individuals.
    • There aren’t any guidelines or standards for the internal controls (structure, documentation, etc) that US companies must keep, but many experts (including Tom Fox, RGP consultant and legal expert in the area of FCPA) seem to point to the 6 Principles in the UK Anti-Bribery Act as a good place to start.
  • Violations of the FCPA can mean up to $5 million in fines and 20 years in prison.

Put your FCPA Compliance Program in policyIQ!

If you are doing business internationally, your organization is required to comply with FCPA – and you probably already have a program in place.  But if you don’t have it well-documented and easily accessible, you are increasing your risk.   As I see it, the keys to a successful FCPA program are the same as any compliance program:

1.) Assess the risk – where in the organization might you be at risk of violations and how significant is that risk?

2.) Document (and communicate!) controls that mitigate those risks

3.) Periodically test those controls to confirm that they are designed and operating effectively, and

4.) Keep an auditable set of documentation to prove that you’ve done all of this

If you follow these four steps, you’ll be in a great position to quickly respond to any inquiry – and avoid the high cost of lengthy, invasive investigations.  This is where policyIQ shines!  Not only can you retain all of your Risk, Control, and Testing documentation in one place – but using policyIQ forms, you can also have key employees review and sign-off on your FCPA controls on an annual basis.  You’ll have an audit-able record of their agreement to follow the controls and policies as they are laid out by the compliance department.  Any areas of concern can be documented, with mitigating action plans assigned and due dates set – all within policyIQ.

While we certainly hope that none of our policyIQ clients face an SEC or DOJ investigation for violations to FCPA, with a strong program documented in policyIQ, you can keep those investigations shorter, less expensive, and put yourself in a great position to come out the other side with no violations or findings.

Check out some of these great resources to learn more about FCPA:

Get started today! 

If you are already using policyIQ for another compliance program, you are just a few minutes away from getting started.  You already have Risk, Control and Test Templates (or something very similar) – that can be used for FCPA or copied and altered just slightly to accommodate the new usage.  Create a Folder, import or create the Risks and Controls – and make the information visible to your employees.

Don’t know where to start?  Contact us.  You can’t afford to wait until an audit is pending – and we’re happy to help you get moving!  If you don’t have FCPA controls in place – or you aren’t sure if your program is strong enough – contact us and we’ll put you in touch with a local expert who can get you on the right path.