Note to compliance officers: If you aren’t already seriously worried about being ensnared by the Foreign Corrupt Practices Act, you should be.
That was one takeaway from remarks by regulators and experts at a recent event on managing FCPA risks. Speakers at a Sept. 23 conference sponsored by The Economist warn that the onslaught of enforcement—and the astronomical fines—will march on.
Observers expect to see the Department of Justice and the Securities and Exchange Commission continue to bring more enforcement actions and to extract higher fines related to FCPA violations, despite current distractions stemming from the credit crisis.
The U.S. anti-bribery statute, which has become a nightmare for compliance officers in recent years, remains a focal point for the SEC, says Bruce Karpati, an assistant enforcement director in the SEC’s New York regional office. “I’d expect to see much more significant actions in the next year,” Karpati told attendees. “The trends of increased corporate penalties and prosecutions of individuals will continue.”
Smith
Former Federal Prosecutor Richard Smith, a partner at the law firm Fulbright & Jaworski, predicts that the record-setting total fines of $44 million imposed against Baker Hughes and its subsidiaries in 2007 will soon be exceeded. As for the enforcement environment, Smith quipped: “You’ll be able to get a deferred prosecution agreement, but it will cost a lot more.”
While the statute has been on the books for more than 30 years, enforcement of the law has only really taken off in the last four. Karpati noted that enforcement officials have brought more FCPA-related cases since 2004 than they did in all of the 26 previous years combined, including more than 30 against corporations and more than 20 against individuals.
So, why the sudden increase in interest in cracking down on bribery? At least part of it has to do with the passage of the Sarbanes-Oxley Act in 2002. SOX, which requires management to make representations about their internal controls over financial reporting and requires auditors to inspect them as well, “has been a major impetus for cases,” Karpati said.
Government statistics on the influence of bribery over U.S. business may shed some additional light on the increased interest in enforcing the FCPA. From May 1994 to April 2008, roughly 459 contracts worth an estimated $417 billion were allegedly affected by bribery of foreign public officials, notes Katheryn Nickerson, a senior counsel with the U.S. Department of Commerce. During that same period, Nickerson says, companies lost at least 152 contracts worth $91 billion, including contracts worth $20 billion in the last 12 months alone.
Increased cooperation among enforcement agencies is another reason for more FCPA enforcement actions, experts say. The Justice Department and the SEC have stepped up their resources aimed at fighting bribery and corruption. Meanwhile, the Federal Bureau of Investigation has also devoted an entire task force to FCPA enforcement. At the same, cooperation with international authorities has also increased, leading to more information—and more requests for information—from overseas, Karpati notes. Indeed, Smith says the current level of international cooperation “is unlike any I’ve ever seen.”
FRAUD POLICY SUGGESTIONS
Sample antifraud document’s general policy, roles, and responsibilities:
1. Policy.
Fraudulent practices of any kind are prohibited. The Company will implement appropriate procedures, controls and monitoring activities to protect against the commission of fraud. In the event of suspected or reported fraud, the Company will promptly investigate such suspected or reported activity and take such action as is appropriate to remedy the situation and ensure that it does not reoccur. The Company has numerous policies which provide resources for procedures deter fraud, including, but not limited to, The Business Principles, the Disbursement Policy, the Payroll Policy, and the Procurement Policy.
2. Awareness, Training and Communication.
The Company, through its Compliance and Ethics Program Guidelines, and more specifically in its Business Principles (Working With Others, Working to Achieve Competitive Advantage, and Working to Protect Our Information, Records, Systems and Property), regularly communicates its expectations to the workforce and maintains records of employee’s commitment to comply. Members of the Compliance and Ethics Leadership Team will undergo anti-fraud training. The Company will periodically communicate with the workforce about this Program to ensure employees are aware of the Program and understand their individual obligations.
3.Risk Assessment.
The office of the General Auditor shall oversee the performance of a risk assessment which shall identify specific schemes and scenarios in which fraud may occur within the context of the XYZ business. This risk assessment is intended to identify gaps in monitoring and preventing potential fraudulent activities.
4.Internal Controls and Monitoring.
Each Group/Division/department manager is responsible for instituting and maintaining a system of internal control to provide reasonable assurance for the prevention and detection of fraud, misappropriations and other irregularities. Management should be familiar with the types of improprieties that might occur within their area of responsibility and be alert for any indications of such conduct.
5.Reporting.
Employees are responsible for reporting suspected fraud. A report may be made to management, to Human Resources, to the Business Unit or Enterprise Services Compliance Officer, or by calling the Wyntegrity Line. No employee will be retaliated against for reporting suspected fraud to the Company.
6. Investigation, Discipline and Remediation.
The Enterprise Compliance Officer shall follow the procedures set forth in the XYZ Compliance and Ethics Program Guidelines in determining the appropriate course of action with respect to investigating, disciplining, remediation, and as appropriate, reporting the results of any fraud investigation to the Board of Directors.
Source
Sample Antifraud Policy & Response Program.
Companies themselves may also be partly responsible for the rise in actions through self-reporting, which Smith describes as currently “off the chart.”
Panelists offered several reasons for the interest in self-disclosure. One may be the higher risk attached to violations that aren’t disclosed, in the form of increased penalties. Mark Mershon, assistant director in charge of the FBI’s New York regional office, notes that some FCPA violations carry individual fines of up to $5 million and up to 20 years in prison; corporations may be subject to fines as high as $25 million, making some “more motivated to come forward,” rather than taking the risk that authorities won’t come knocking.
Rial
Fear of whistleblower retaliation may also be forcing more companies to self-disclose, notes Edward Rial, global leader of FCPA consulting services for Deloitte Financial Advisory Services. The risk that a whistleblower will report possible violations of the FCPA “is something companies need to take into account if they’re thinking of not disclosing,” Rial warns.
If a disgruntled employee files a complaint with the Labor Department alleging FCPA violations, that complaint goes to the Justice Department’s fraud section even if the Labor Department dismisses it, Smith says. That often leads to a “race to the courthouse,” he says.
In some cases, prosecutors springboard from a voluntary disclosure by one company to open investigations into others in the same industry. For example, a voluntary disclosure by one issuer that implicates a third-party vendor could spur an investigation into other companies that use the same vendor. In other words, Smith says, if a competitor makes a disclosure, “you’ve just been invited to the party.”
While there’s still a debate about the merits of voluntary disclosure, observers agree that the decision to self-report must be weighed carefully; once a disclosure is made, that act cannot be undone.
“If you decide to cooperate, you can’t just out your toe in,” Smith says. “You’re in it for the long haul.”
Karpati notes recent cases have ensnared companies in the oil, agriculture, pharmaceutical, and technology industries, but says companies doing business in China—particularly in the financial services sector—could get a close look by regulators. “We know the state-owned nature of companies in China lends itself to foreign payments,” he says. “I wouldn’t be surprised to see investigations opened in that area.”
Rial stresses that companies must closely examine their mix of business (as well as where they’re doing business) to understand where their FCPA risks lie. For example, interaction with government officials and the use of third parties increases a company’s risk of violations. Further, doing—and documenting—due diligence on third parties has become particularly important, Smith says.
As always, all of the panelists said, a strong compliance program is a company’s best defense. “It’s not an area that’s going to generate money to your bottom line, but it can save you significant fines and penalties if a problem creeps up,” said Smith.
That includes “clear, firm, and frequently reinforced communication that leadership is absolutely intolerant of this type of activity,” as well as internal controls “that reinforce the fact that management is determined to find any violators of the FCPA,” Mershon added.
Nickerson recommends that companies not only study existing DoJ opinion releases as guidance, but also consider asking the Justice Department for an advisory opinion on their own particular circumstances. “It’s the closest thing to a safe harbor you can get from the DoJ,” she said.
No comments yet