By now, most legal, finance, and compliance personnel at large international manufacturers are well versed in the compliance requirements of the U.S. Foreign Corrupt Practices Act of 1977 (FCPA). Executive leadership at most companies that are affected by the FCPA have been satisfactorily scared into compliance by promises of huge fines and jail time if violations of the FCPA are uncovered. To be sure, the fines are huge and the jail time is real -- depending upon the violation, a company can be fined up to $20 million, and an individual can be fined up to $5 million and spend up to 20 years in jail for each violation.
What makes this even more important is the new life that enforcement officials have recently breathed into the act -- FCPA enforcement actions jumped by 85 percent between 2009 and 2010 alone. In fact, the Department of Justice and the Securities and Exchange Commission brought a total of 74 FCPA enforcement actions in 2010, far surpassing any other year in the act's history. The Department of Justice collected over $1 billion as a result of FCPA penalties and fines during 2010.
Given the threat of huge fines and jail time, what can a manufacturing company do to protect itself? Where are the biggest risks that a company faces? What are the red flags that managers should look for? What can a manager do to help protect the company?
Before we dig too far into those questions, let's take a moment to get familiar with the FCPA. The FCPA was passed in 1977 as a measure to stop U.S. companies from bribing foreign officials to gain an unfair competitive advantage. More specifically, the FCPA prohibits U.S.-based companies, foreign companies listed on a U.S. exchange, U.S. citizens, or any person acting while in the U.S. from paying or offering to pay anything of value to a foreign official to obtain or retain business. In addition, SEC registrants are required to keep accurate books and records and maintain effective internal controls. More simply put -- bribes offered or given to foreign officials are a clear violation of the FCPA.
There are some key pitfalls of the FCPA to keep in mind. First, a foreign official typically includes anyone working on behalf of a foreign government. This could also include an employee of a government-owned or -operated entity, such as a public utility. Second, a company and its executives are responsible for the actions of anyone acting on the company's behalf. The company is responsible not only for the acts of its employees, but for the acts of agents and representatives as well. Third, a bribe constitutes anything of value. Cash, discounts, gifts, entertainment, vacations, charitable contributions, and promises of employment are but a few examples of bribes. The tentacles of the FCPA reach far beyond the corporate veil. For instance, there are no exceptions granted for wholly owned subsidiaries operating in a foreign country.
So what are some of the high-risk areas or "red flags" that a company, its managers, and executive leadership should be watching for to help protect against violations?
Extensive Use Of Agents & Representatives
Agents and representatives may be the single greatest threat a company faces when it comes to its compliance with the FCPA. Global manufacturers use agents in several different ways, including sales agents, purchasing agents, shipping and receiving agents, and tax recovery consultants. A company and its employees are held responsible under the FCPA for the actions of any person or organization authorized to act on its behalf. Many companies, executives, and employees have been prosecuted under the FCPA for the actions of its agents, even if the company, the executive, or the employee had no actual knowledge that the agent violated the FCPA.
While the use of agents and the seemingly limitless boundaries of the FCPA while using agents are somewhat nerve-racking, there are a few measures a company can take to protect itself. First, a company should complete an extensive due-diligence process around any person or organization the company intends to authorize as an agent. Key questions that should be answered include: What is the background of the person or the organization? Does the person or the organization have the experience to perform the required task? Has the person or organization been accused of or prosecuted for bribery in the past?
Second, a company should be sure that contracts exist with any person or organization authorized to act on its behalf. Contracts should include specific provisions requiring compliance with the FCPA and other provisions to help limit the company's risk. Some of these provisions include:
- Indemnification for third-party FCPA violations.
- Cooperation with any ethics or compliance investigation.
- Material breach of contract for any FCPA violation.
- Restriction of sub-vendors without prior approval.
- Audit rights in relation to FCPA.
- Acknowledgement by the third party of the applicability of FCPA to the relationship.
- Requirement for ongoing FCPA training for personnel.
- Annual certification that the third party has not engaged in any breach or violation of the FCPA.
Mergers & Acquisitions Mergers, acquisitions, or investments in joint ventures can present a significant risk of FCPA violation to a company. In many business transactions, the buyer assumes some or all of the existing liabilities of its target. This would also hold true for violations of the FCPA. An acquiring company should engage in an appropriate level of due diligence around a target company's policies and practices with regards to bribery, corrupt payments, and use of third party agents. It's important that the acquiring company integrate its own FCPA compliance policies with that of its target as soon as possible to help reduce the risk of violations after the merger.
Payments To Governmental Organizations Any and all disbursements to a governmental entity or a person associated with a governmental entity should be adequately scrutinized for signs of a potential violation of the FCPA. Payments to a governmental entity or a person associated with a governmental entity should be approved by an individual within the company who clearly understands both the reason for the payment and the requirements of the FCPA. This could include someone such as a Chief Compliance Officer.
Companies that are highly successful in combating bribery and FCPA violations have several common traits. First, a strong ethics and compliance program is in place. As a part of the ethics and compliance program, employees understand the requirements of the FCPA and what constitutes a violation.
Second, there is a strong system of internal controls designed to both prevent and detect violations of the FCPA. It's important to note that for a system of internal controls to be considered "strong," it must be periodically monitored and audited to help ensure it is working properly.
Third, and most importantly, there is a strong "tone at the top" from executives and upper management that clearly denounces and forbids unethical actions, including any type of bribery or corrupt payment. Tone at the top and the actions of leadership continue to be one of the most effective and cost efficient ways for a company to ensure a culture of ethics and accountability.
Chris Jeffrey is a senior manager in the Risk Services Group of Baker Tilly Virchow Krause's Minneapolis office. He has over 12 years experience in business risk management, internal audit, and compliance.