Corporations and financial institutions doing business in foreign countries are responsible for ensuring that their business practices do not run afoul of laws against bribery and corruption. But that’s not always easy in places where bribery and corruption are commonplace, or where providing gifts and favors to seal a deal is routine, and perhaps even expected.
In a recent Thomson Reuters webinar entitled, Top Three Focus Areas for Anti-Corruption Compliance, Thomson Reuters Regulatory Intelligence expert Julie DiMauro and compliance expert and lawyer Michael Volkov, CEO of The Volkov Law Group, provide a thorough overview of best practices for compliance in a world where regulations are tightening and aggressive federal prosecutors are cracking down on corruption.
DiMauro and Volkov began the webinar by explaining that the two laws most relevant to foreign multi-nationals are the United States’ Foreign Corrupt Practices Act (FCPA) and the United Kingdom’s Bribery Act. Both laws prohibit bribery of public officials and restrict the dollar amount allowable for gifts, meals, entertainment, travel, and hospitality. The UK Bribery Act is considered more stringent and covers bribes to private individuals as well.
More crucial to the discussion, however, is that both laws allow prosecution of corporations and individuals. As Volkov points out, the trend at both the Securities and Exchange Commission (SEC) and Department of Justice (DOJ), as well as internationally, is toward prosecution of more individuals as a deterrent against corruption.
A more ethical approach
To avoid such calamities, DiMauro and Volkov advocate a focused, disciplined approach to compliance that emphasizes thorough risk assessment, compulsory compliance programs (especially for upper executives), staff training, and up-to-date financial technology (fintech), as well as close oversight of third parties that act on a company’s behalf.
DiMauro also stresses the importance of timely self-reporting and cooperation with government regulators if transgressions are discovered, not only because it’s the ethical thing to do, but because considerable leniency credits are extended to companies that divulge individual wrongdoers.
According to Volkov, U.S. Deputy Attorney General Rod Rosenstein has been particularly forthright about his department’s intention to prosecute “individuals who deliberately set a company on a course of criminal conduct.” Indeed, Rosenstein has explicitly stated that “the most effective deterrent to corporate criminal misconduct is identifying and punishing the people who committed the crimes.” It would be foolish not to take him seriously, Volkov insists, or to bet that the DOJ is so under-resourced that it won’t pursue smaller-value cases.
“[Failing to comply] is a big risk,” Volkov says. “The PR damages from companies dealing with SEC charges and the money required to pay these fines isn’t worth it.” Ethical compliance practices are important for several reasons, he adds, not the least of which is that “ethical companies make more money than unethical companies.” Which is why, the best-run companies in the world are investing more time and money in building and maintaining an ethical business culture, he says.
Building a culture of ethical compliance
But an ethical culture of compliance doesn’t happen by accident. It’s the result of strong leadership at the top and specific policies and processes that are designed to maximize thoroughness and accountability. However, virtuous compliance and ethics policies aren’t very effective without training programs to support them, says DiMauro, adding that “we need more education of senior management and board members” — not just employees.
An effective anti-corruption program involves widely accessible and understood polices, training on relevant laws and regulations, real-world knowledge of how to apply policies and procedures, scrupulous accounting procedures supported by fintech, and strict record-keeping of any and all transactions, no matter how small, explains DiMauro. “Most FCPA actions brought by the SEC are the result of accounting violations and not bribery per se.”
As a general rule, “all organizations should focus on keeping accurate financial records as a means of avoiding risky or suspicious payments,” she says, adding that continuous benchmarking of compliance targets is also important, and employees should be able to easily and anonymously report wrongdoing.
Third-party risk management
Oversight and training of third parties that act on the organization’s behalf is also critical, Volkov adds, because companies can be held liable for the corrupt actions of a third party, even if they’re unaware of it. “It used to be all about due diligence,” Volkov says. “Now it’s about monitoring your third parties and auditing them. Customs brokers, agents, lobbyists, lawyers — anyone who advances your agenda with the government — is a third party, and 90% of cases involve them.”
Ignorance of a third party’s actions isn’t a viable defense either, he warns. Even if a company “had reason to know, or acted with willful blindness (ignoring red flags, for instance),” it can still be held liable. Mergers and acquisitions also invite third-party risk, he says, because companies can be held liable for illegal activity perpetrated by newly acquired entities.
Another area where accusations of bribery and graft can creep in is gifts, meals, entertainment, and other acts of hospitality where implicit or explicit quid pro quos are involved. “Gifts with ‘corrupt intent’ are the problem,” says DiMauro, so the best defense is not to give or accept high-value items, and to keep specific, thorough records of all such transactions.
Automating your records for outlays of allowable gifts, meals, entertainment, travel, and hospitality is also a good way to maintain policy consistency, review suspicious patterns, and identify flags, she notes.
In the end, honesty is truly the best policy, DiMauro and Volkov advise, along with transparency, accountability, and — if the SEC or DOJ come knocking — full cooperation.