Protecting your organization against damaging FCPA violations
Juniper networks discloses FCPA investigation – shares fall 5.6 percent
RISK BULLETIN |
The U.S. Securities and Exchange Commission and the U.S. Department of Justice are conducting investigations into possible violations by the Company of the U.S. Foreign Corrupt Practices Act. The Company is cooperating with these agencies regarding these matters. The Company is unable to predict the duration, scope or outcome of these investigations.
These 52 words—one of the shortest Foreign Corrupt Practices Act (FCPA) disclosures on record, and buried on page 32 of Juniper's most recent 10-Q, resulted in a one-day loss of $628 million to shareholders. If you think this can only happen to large, public companies, think again. There are nearly 100 ongoing FCPA investigations, and enforcement actions are clearly on the rise. This list includes middle-market, as well as Fortune 500 companies.
To illustrate, as we speak, there are active FCPA investigations occurring at companies such as:
- Image Sensing Systems ($25 million annual revenue)
- Dialogic Inc. ($160 million)
- Nordion Inc. ($245 million)
These are just the active investigations. The truth is no company with any international operations is immune to the FCPA. So what exactly is the FCPA, and how can you protect yourself from its potentially devastating effects?
In short, the FCPA contains two provisions, and is jointly enforced by the U.S. Department of Justice (DOJ) and the Securities and Exchange Commission (SEC):
- The Anti-Bribery Provision prohibits the payment of bribes (money or anything of value) to foreign government officials. This provision applies to virtually every U.S. organization (and its officers, directors, employees, agents and shareholders) and certain foreign nationals operating within the United States.
- The Accounting Provision consists of two components—a books and records component and an internal controls component. The books and records component requires companies to maintain their books and records in a manner that accurately and fairly reflect all transactions, and in a reasonable level of detail. The internal controls component requires that companies devise and maintain a system of internal accounting controls that can reasonably prevent and detect corrupt or unauthorized transactions. This provision applies to all issuers or companies traded on a U.S.-based stock exchange.
Now, we know what you're thinking…
We maintain a strict code of conduct and have a clearly-stated policy that prohibits all forms of bribery. We provide Web-based training on our anti-bribery policy to all employees each year. There's really not much more we can do, especially since our employees are highly-ethical and would never even consider paying a bribe to a foreign official.
Sound familiar? The fact is, there is much more that can be done; and much more that should be done. Just ask Wal-Mart, Siemens, Juniper Networks or Image Sensing Systems. Both the DOJ and SEC, who have dramatically increased their enforcement activity (year-to-date 2013 enforcement actions already outnumber all of 2012), consider the quality of an organization's anti-corruption compliance program in their determination of penalties related to FCPA infractions.
In short, do you have a paper program, (such as the one described above) or a living, customized approach to corruption risk management? Similar laws, such as the U.K. Bribery Act of 2010, can legally hold organizations accountable to demonstrate that prevention—and not remedy—was their primary anti-corruption strategy.
Perhaps you're thinking that bribes occur within elaborate, fraudulent schemes; or that they are paid in such large sums of money that they could not possibly go unnoticed. Perhaps that is exactly what Eli Lilly was thinking—until falsified expense reimbursement documentation in China was shown to have concealed generally nominal, yet wide-spread bribes used to facilitate business with government-employed physicians.
That also may be what the company thought when payments totaling $39,000 were made to a not-for-profit founded and administered by a regional government authority in exchange for placement on a government reimbursement list. These kinds of payments can be relatively small, and can often be concealed through expense reimbursement, charitable donations and vendor or other third-party transactions and pass-throughs.
While no organization should ever consider itself to be corruption-proof, there are some practical and fairly simple things to keep in mind. For instance, start by considering the following
- What are our specific corruption risks and how vulnerable are we?
- Have we defined the term "foreign official" in the context of our business?
- Are our internal controls proportionate to the pressures faced by our employees and third parties representing our business interests abroad?
- How are other organizations addressing similar challenges?
- What proactive steps should we be taking to confirm our program is working?
By asking (and answering) these relatively straightforward questions, organizations can begin to establish a compliance program tailored to their unique business environment, resources and operations; and one that is able to adapt and evolve over time. Programs that are process-centric (e.g., formal third-party due diligence), as well as resilient (e.g., ongoing dialogue about risks and customized training), are generally most beneficial.
Designing and building an appropriate anti-corruption compliance program is critically important for any organization that is serious about rooting out corruption. Your organization's ability to demonstrate that its compliance program is actually working is the most important element. In other words, you must be able to answer the following:
- What processes are in place to monitor and test the effectiveness of the program?
- Are the results of these processes being used to continually refresh the program?
- Is the organization then taking corrective action—actually changing the way it does business—as a result of these processes?
These are the types of questions being asked by regulators. This helps explain why enforcement authorities recognize efforts made in good faith to assess the design or monitor the operation of anti-corruption programs as a clear demonstration of an organization's commitment to combating bribery and corruption.
Finally, it is worth noting that organizations that sustain effective anti-corruption programs can realize significant benefits well beyond compliance with laws and regulations. Monitoring efforts, if conducted effectively, can improve communication with foreign operations—supporting problem identification and resolution. Perhaps most importantly, a strong anti-corruption program demonstrates real commitment to ethics by your organization—improving tone at the top and acting as a significant deterrent to various forms of unethical business behaviors. Put simply, good ethics truly is good business.