Business Risk March 2011

FCPA Enforcement

Implications for your business

Global regulators are intensifying corruption prosecutions and enforcement. Although the US Foreign Corrupt Practices Act (FCPA) took effect more than 30 years ago, there has recently been an increase in indictments, cases of civil enforcement, fines and other penalties, while similar legislation has recently been introduced in many other countries.
Despite the UK delaying its new anti-bribery law because of intense business lobbying, it should be introduced in 2011, firms should prepare accordingly. Considering the serious long-term consequences of violations, I recommend that businesses take proactive measures.

Key elements:

  • Money and gifts should not be offered to get business.
  • All transactions should be recorded.
  • There should be procedures to prevent and detect offences.

Anticorruption legislation
The FCPA was enacted in 1977 after some firms were found to be bribing foreign officials. Since then, many countries have adopted similar, but more concerted and globally coordinated, legislation supporting increasingly punitive penalties. The US reportedly is deploying significantly more resources against fraud and corruption, with a record 47 FCPA enforcement actions in 2010 carrying penalties totalling more than $1.7 bn. The recent Dodd-Frank Act, which rewards whistleblowers, is likely to result in further investigations.

Implications for Asia
The FCPA increasingly is being enforced abroad. This means that firms with US operations or employing US staff are vulnerable. A growing number of US firms are expanding in lower-cost Asian countries that, while being seen to have potential, are considered susceptible to corruption and bribery. Judged to be facing risk are those firms with high-level contacts in governments and state-owned enterprises, especially in oil, gas, pharmaceuticals and medical supplies industries.

In many developing countries, it is not uncommon for a potential business partner to use third-party consultants or agents that may act as go-betweens for firms and foreign officials. Such business procedures can raise a red flag, as the FCPA prohibits corrupt payments through intermediaries, or what it terms third party payments. Also, the acquiring firm in an M&A may find itself liable for any prior or continuing payments that the FCPA deems unlawful.

Proactive compliance

  • Considering the substantial potential costs of being unaware or underprepared, firms operating in Asia should be proactive in terms of corporate governance, taking the following measures to detect, deter and prevent corruption.
  • In-house training: ensure basic understanding of the FCPA, its applications and the repercussions of violations.
  • Periodic risk assessments: understand which parts of the organisation are at high risk of corruption, taking into account interaction with government officials, the nature of the industry and the jurisdictional location of operations.
  • External due diligence: determine background and reputation of current and potential business partners, principals and primary agents including their relationship with foreign officials and history of improper practices.
  • Internal due diligence: analyse records of business partners and acquisition targets to identify red flags, such as unusual commissions, lack of transparency in expenses, and third-party relationships.
  • Establish or review compliance policy: introduce a global, anti-corruption compliance programme that includes guidelines on gifts and entertainment, and a framework for staff seeking advice that is customized to take into account cultural differences and local anti-corruption laws.

How to respond to allegations

  • Multidisciplinary team: retain experienced advisors for legal counsel, forensic accounting, investigation, information preservation and production (that should include e-discovery) and communications.
  • Fact-finding investigation: conduct vigorous and impartial probe of allegations of improper activity to understand potential violations and remedy corrupt actions, thereby possibly lowering penalties.
  • Self-reporting: prepare formal reports for regulators, respond to government subpoenas, participate in witness interviews, identify electronic/paper data and reconstruct records.
  • Review of FCPA policies and controls: conduct independent, full and cost-effective reviews of existing compliance mechanisms, identify policy and procedural shortfalls, and obtain appropriate recommendations to bolster FCPA compliance.
  • Monitoring: institute an ongoing programme to test policies and procedures, ensure effectiveness of compliance mechanisms, and discreetly identify any areas of non-compliance.

In my experience, officials look favourably on the engagement of specialist external-risk consultants, such as FTI-International Risk, by firms seeking to develop an effective and substantial compliance programme. Moreover, the proactive development of robust compliance mechanisms makes economic sense. The relatively low cost of introducing appropriate measures limits the likelihood of punitive action and large fines.