The bribery of foreign officials and accounting transparency has attracted a lot of attention since 2000. In the past 4-5 years in particular, there’s been an explosion of growth in the number of FCPA violations and allegations. In an interview I had with Tom Fox at the SCCE Ethics and Compliance conference last week, Tom mentioned that many FCPA cases have been self reported, which he feels has been the product of the introduction of Sarbanes-Oxley in 2002. Tom also noted that a lot of companies struggle with having compliance vs. doing compliance. Tom is a lawyer who currently assists companies with FCPA compliance, Risk Management and international transactions. Tom is the author of the FCPA Compliance and Ethics Blog. Here’s an overview of what we discussed during our meeting:
Once an allegation has been made or an FCPA violation is reported, it typically results in an incident investigation, a negotiation with the government and then an implementation of the solution agreed upon by involved parties. These solutions tend to revolve around revamping a company’s ethics and compliance department, updating policies, increasing ethics and compliance training, etc.
I asked Tom, based on his experience, if he feels that companies act reactively or proactively when it comes to the FCPA. Tom stated that in the US, companies tend to take a reactive approach to FCPA violations. Many companies seem to actively enforce control measures after a case has been reported to ensure FCPA violations don’t occur a second time. Tom noted that recently there has been a slight shift, with many companies taking matters into their own hands and implementing proactive solutions to combat corruption. Tom accredits the shift to demands from the Department of Justice and the fact that companies can receive lower penalties (if found guilty of violating the FCPA) for having specific ethics and compliance programs in place.
FREE Investigation Report Template
Prepare thorough, consistent investigation reports with our free report template.Download Template
Amendments to the US Sentencing Guidelines
In November, additional amendments to the US Sentencing Guidelines will come into effect. The amendments focus on making organization take reasonable steps to respond to criminal conduct and prevent similar acts from occurring in the future. The amendments outline what is required of an ethics and compliance program in order to render it effective, highlighting the areas of:
- Corporate culture.
- Internal evaluation of the company ethics and compliance program.
- Publicize and promote the ethics and compliance program.
- The ethics and compliance program must be enforced consistently throughout the organization.
Tom referenced US DoJ Criminal Division Assistant Attorney General Lanny Breuer, stating:
“An effective compliance program is not static but dynamic, adapting to meet new and additional compliance challenges.”
Tom suggested that the two most important factors of a good ethics and compliance program are:
- Direct reporting access to the CEO or Board of Directors
- Annual internal review of the ethics and compliance program- remain current.
The Future of the FCPA
I ended our discussion by asking Tom what he thinks the future holds for FCPA enforcement. Here’s a list of opinions he shared with me:
- Increased enforcement actions. Laws will be created and amended, forcing organizations to take proactive measures to discourage corruption, for example, the UK Bribery Act.
- Having a good formal audit conducted by external experts. Independent audits can be more objective than internal ones, but both are necessary to ensure employees are following the company ethics and compliance program.
- Targeting certain industries- pharma, hospitals, etc. Some industries face greater risks than others when it comes to corruption, fraud and bribery. These industries will likely be targeted first.
- Tone at the top and in the middle. Tom and I frequently blog about this topic. If commitment from the top level isn’t there, the program will fail. Another concern is ensuring the message from the top makes it’s way through the organization, which is where tone in the middle comes in. Middle managers spend most of their time with lower level staff, and must reiterate to them the company’s mission and stance on issues such as FCPA.
Thomas Fox has practiced law in Houston for 25 years. He is now assisting companies with FCPA compliance, Risk Management and international transactions. He was most recently the General Counsel at Drilling Controls, Inc., a worldwide oilfield manufacturing and service company. He was previously Division Counsel with Halliburton Energy Services, Inc. where he supported Halliburton’s software division and its downhole division, which included the logging, directional drilling and drill bit business units.
About Tom Fox: Tom attended undergraduate school at the University of Texas, graduate school at Michigan State University and law school at the University of Michigan. Tom writes and speaks nationally and internationally on a wide variety of topics, ranging from FCPA compliance, indemnities and other forms of risk management for a worldwide energy practice, tax issues faced by multi-national US companies, insurance coverage issues and protection of trade secrets. He regularly writes on the FCPA and his blog can be found at www.tfoxlaw.wordpress.com. He can be reached at firstname.lastname@example.org.