Complying with the Foreign Corrupt Practices Act
by Terri Eyden on
By Curtis C. Verschoor, CMA
The DOJ and SEC recently published a guide that provides insight into the Foreign Corrupt Practices Act and how the agencies carry out their ongoing fight against corruption within companies throughout the world.
Congress passed the Foreign Corrupt Practices Act (FCPA) thirty-five years ago to eliminate bribery of foreign officials by US companies trying to obtain business. Over the years, the scope of the law has grown to include any multinational or foreign-based company that does business in the United States, is listed on a US exchange, or sells securities in the United States – thus making compliance with the FCPA an important issue for companies around the globe.
In November 2012, the Department of Justice (DOJ) and the US Securities and Exchange Commission (SEC), the two agencies charged with enforcing the statute, released A Resource Guide to the US Foreign Corrupt Practices Act, a detailed compilation of information about the Act, including its provisions and practical advice about how the two agencies pursue their enforcement efforts.
According to the DOJ website, "The Guide addresses a wide variety of topics, including who and what is covered by the FCPA's anti-bribery and accounting provisions; the definition of a 'foreign official'; and what constitute proper and improper gifts, travel, and entertainment expenses." It also differentiates a bribe from a facilitating payment and the nature of an effective corporate compliance program. Although applicable to publicly held companies, its principles provide best-practice guidelines for all organizations, including not-for-profit and government organizations.
The Guide also explains the different types of civil and criminal resolutions available in the FCPA context – perhaps the first time this has been done anywhere. Hypotheticals, examples of enforcement actions, and summaries of applicable case law and DOJ opinion releases are all used to describe enforcement practices for both the DOJ and SEC. Jonathan Drimmer, vice president and assistant general counsel for Barrick Gold Corporation, summed up the Guide for the Deloitte Forensic Center: "Though it has little new substantive information, it is a very helpful document and provides insight into the decision-making process regarding government prosecutions." It appears the US government plans to continue to pursue prosecution of bribery cases in every country possible.
As the Guide notes, "Corruption is a global problem. In the three decades since Congress enacted the FCPA, the extent of corporate bribery has become clearer and its ramifications in a transnational economy starker. Corruption impedes economic growth by diverting public resources from important priorities such as health, education, and infrastructure. It undermines democratic values and public accountability and weakens the rule of law. And it threatens stability and security by facilitating criminal activity within and across borders, such as the illegal trafficking of people, weapons, and drugs. International corruption also undercuts good governance and impedes US efforts to promote freedom and democracy, end poverty, and combat crime and terrorism across the globe." The DOJ has authority for criminal enforcement of the FCPA, and the SEC is responsible for civil enforcement.
The accounting provisions of the FCPA are designed to complement the anti-bribery provisions by prohibiting "off-the-books" accounting. Investors, creditors, and even company management rely on financial statements and internal controls to ensure reporting transparency about the financial health of the business, the risks undertaken, and the transactions between the company and its customers and business partners. The SEC says that the FCPA's accounting provisions "strengthen the accuracy of the corporate books and records and the reliability of the audit process which constitute the foundations of our system of corporate disclosure."
In a chapter titled "Guiding Principles of Enforcement," the Guide describes the differing approaches of the DOJ and SEC in regard to enforcement. For example, guidance to US attorneys in deciding whether to initiate or decline prosecution is contained in the Principles of Federal Prosecution. The Guide notes that, according to the Principles of Federal Prosecution, it will be appropriate in many investigations "for a prosecutor to consider a corporation's pre-indictment conduct, including voluntary disclosure, cooperation, and remediation, in determining whether to seek an indictment."
In contrast, the Guide notes how the SEC's Enforcement Manual suggests considering such factors as "the statutes or rules potentially violated; the egregiousness of the potential violation; the potential magnitude of the violation; whether the potentially harmed group is particularly vulnerable or at risk; whether the conduct is ongoing; whether the conduct can be investigated efficiently and within the statute of limitations period; and whether other authorities, including federal or state agencies or regulators, might be better suited to investigate the conduct."
In the same chapter on enforcement, the Guide also outlines the hallmarks of effective ethics and compliance programs:
- Commitment from senior management and a clearly articulated policy against corruption;
- Code of conduct and compliance policies and procedures;
- Oversight, autonomy, and resources;
- Risk assessment;
- Training and continuing advice;
- Incentives and disciplinary measures;
- Third-party due diligence and payments;
- Confidential reporting and internal investigation;
- Continuous improvement, including periodic testing and review; and
- Pre-acquisition due diligence and post-acquisition integration for mergers and acquisitions.
The chapter titled "Resolutions" describes possible outcomes to investigations. The DOJ may settle cases through a plea agreement, a deferred prosecution agreement (DPA), or a non-prosecution agreement (NPA). A DPA means that the DOJ files a charging document with the court but simultaneously requests that the prosecution be deferred so that the company can demonstrate its good conduct. DPAs generally include a monetary penalty, waiver of the statute of limitations, full cooperation with the government, and admission of relevant facts. The company also must commit to stated compliance and remediation changes. An NPA isn't filed with a court but is instead held by the parties. According to the Guide, the DOJ "maintains the right to file charges but refrains from doing so to allow the company to demonstrate its good conduct during the term of the NPA."
Deloitte's Forensic Center has conducted a number of surveys of FCPA ethics and compliance activities. Its "Anti-corruption Practices Survey 2011" found that only 29 percent of the executives surveyed were very confident their company's anticorruption program would prevent or detect corrupt activities. A poll during a December 2012 Deloitte webcast showed many companies still have a long way to go in FCPA compliance. In fact, 44.6 percent of poll respondents said either that their companies aren't making improvements to prevent and detect corrupt activity or that they are unaware if their company is doing so. "The 55.4 percent that do have plans to improve their corruption programs are `in line with the government's expectations,'" says Bill Pollard, a partner in Deloitte's FCPA consulting practice.
In a 2012 publication concerning the DOJ/SEC guidance, New FCPA Resource Guide: Ten Things for Legal and Compliance Officers to Consider, Deloitte reported several potential reasons that might inspire a low level of confidence in a company's antibribery program. These reasons suggest ten areas of ethics and compliance that need attention:
- The most critical way to defend against FCPA exposure is a preexisting compliance program that's risk-tailored and risk-based.
- In the eyes of a regulator, the tone at the middle and tone at the bottom of a company will define the effectiveness of the tone at the top.
- FCPA compliance is the responsibility of a senior executive who must work to ensure adequate staffing and resources.
- Third-party compliance is essential, must be risk-based, and must include purposeful and intelligently designed auditing and monitoring.
- Controlled subsidiaries, affiliates, and joint ventures must be taken into account in FCPA compliance.
- Even noncontrolled affiliates, joint ventures, distributors, and dealers should be included in the risk assessment and compliance plan.
- Financially immaterial transactions and payments may give rise to material liability, reputational harm, and management distraction.
- The ultimate test for an FCPA compliance program is "does it work?" Companies must be prepared to prove that it does.
- Privately held companies should be on notice that they also have FCPA risk exposure.
- The US government will continue to apply expansive jurisdictional concepts in order to enforce the provisions of the FCPA globally.
The favorable effects of establishing and maintaining a strong, open, and transparent corporate culture that's based on the highest standards of ethics have long been documented. The DOJ's and SEC's focus on the importance of self-reporting and cooperation with federal investigations makes this emphasis even more important, as the government continues to show signs of growing vigilance in enforcing the FCPA. For example, The Wall Street Journal reported on March 19, 2013, that federal regulators are investigating Microsoft Corporation's relationship with business partners that allegedly bribed foreign government officials in return for software contracts. The story advises that the Microsoft investigation is one of "dozens" being conducted under the FCPA.
Read  more articles by Curtis Verschoor.
About the author:
Curtis C. Verschoor, CMA, is a member of the IMA Committee on Ethics. He is the Emeritus Ledger & Quill Research Professor at the School of Accountancy and MIS and an honorary Senior Wicklander Research Fellow in the Institute for Business and Professional Ethics, both at DePaul University, Chicago. He is also a Research Scholar in the Center for Business Ethics at Bentley University, Waltham, Mass. He was selected by Trust Across America as one of North America's Top Thought Leaders in Trustworthy Business Behavior-2012. His e-mail address is firstname.lastname@example.org .
©2013 by the Institute of Management Accountants (IMA®), www.imanet.org ; reprinted with permission