By McDonald Hopkins' Attorney, Edmund W. Searby[1] and BBP Partners' Forensic Accountant, George P. Farragher[2]

This article explains why the Foreign Corrupt Practices Act (FCPA) poses a real risk to middle market companies that conduct business abroad and outlines cost effective measures to limit this risk.

The FCPA has become big business.  The investigation of Siemens AG for FCPA violations reportedly employed 100 attorneys and 1300 forensic accountants. One can only imagine the bill on top of the some 1.6 billion dollars paid to settle the problem. By now, Fortune 500 companies have certainly heard the cautionary tale of Siemens and other companies caught violating the FCPA. Most have responded to the risk and the intensive marketing of preventive compliance programs by law and accounting firms.

However, despite the extensive attention given to the FCPA by big companies, we submit based on experience that middle market and smaller companies have given the FCPA far less consideration. In part, this is explained by the fact that the marketing has targeted large corporations with the discretionary cash to pay for large teams of lawyers and accountants. In part, the disparity may be explained by a false sense of security that the targets of the FCPA are big publicly traded corporations like Siemens. Finally, we submit that the disparity is explained in some instances by the perception that middle market companies cannot afford to implement a meaningful compliance program. We submit that this is not the case.

The Foreign Corrupt Practices Act

The FCPA prohibits the corrupt offer, promise, or payment of anything of value to foreign government officials, political parties, party officials or candidates, to obtain or retain business. Not surprisingly given the trend of increasing enforcement of the FCPA in general, there is a trend of increasing enforcement of the FCPA against small to midsized companies and individuals. The FCPA make no distinction as to the size of the offender.

The FCPA also does not have a materiality standard and the payment of anything of value, however small, can violate the statute. Payments to third parties are unlawful when made with knowledge that all or part of the payment will be passed on to a government official or other covered person.

In many parts of the world it is difficult to identify who is a government official, because the company may have been a former state owned entity or have members of a state owned entity on the board. Nevertheless, management has the responsibility to know who they are doing business with and conduct prudent due diligence before they enter into a business arrangement.

In addition to the anti-bribery provisions, there are accounting provisions that apply to publicly traded entities and their subsidiaries. These require maintenance of reasonably detailed and accurate books and records. In addition, the FCPA requires adequate internal controls to provide “reasonable assurances” that transactions are accurately recorded. The books and records provisions apply regardless of whether the company has foreign operations or whether or not bribery is actually involved. The act includes criminal liability for knowingly falsifying books and records or for knowingly failing to implement an internal control system. 

There are exceptions and defenses. These include “facilitation payments” or, “grease payments” made to expedite or secure performance of a routine non-discretionary governmental action. An exception also exists where the payment was lawful under the written laws and regulations of the country. An exception may also exist where the payment was a reasonable and bona fide expenditure to promote or demonstrate a product or service, such as for travel expenses to visit a plant or jobsite.

What Can Be Done - Preventive Measures

Middle market companies, in general, have the same obligations as large corporations to comply with the FCPA and can cost-effectively institute many of the same type of preventive measures through a compliance program. In addition to preventing violations, a compliance program reduces the risk of an indictment even if a violation occurs. The Department of Justice guidelines for charging corporations lists a “pre-existing compliance program” as a factor to consider as to whether a criminal charge is warranted. Even where the compliance programs do not pre-date a violation, a compliance program may be seen by the Government as a good faith effort to take remedial measures and a mitigating factor.

Furthermore, review of compliance programs has increasingly become a standard part of due diligence for mergers and acquisitions. Companies looking to sell their businesses to larger corporations will find their larger acquirers more comfortable with the transaction if a documented effort has been made to avoid FCPA violations. The elements of an effective compliance plan should include:

Policies and Standards

Companies should have clearly articulated policies prohibiting unethical conduct in general and violations of the FCPA in particular. Importantly, Companies must recognize that the mere existence of a paper policy will be given little weight by the Government if it is not implemented earnestly along with the following additional elements.

Awareness Training

The primary means of avoiding violations is to first ensure that all employees understand what is prohibited. Training should go beyond a “read and sign” process and address real world situations. In doing so, the training process should focus on employees that do business overseas and are most likely to encounter unlawful situations. As part of the training process, top senior management must reinforce their commitment to comply with the Company’s FCPA policies and the law.

Training should also teach managers and employees how to spot potential problems in their own organizations. As an example, an employee should know the indicators of a government official soliciting a bribe and common means by which a bribe is hidden on the books and records of a corporation. The point is to develop the in-house capability or “savvy” to deter a violation and related problems before you are in trouble.

Due Diligence

One of the most effective means of keeping out of trouble with the FCPA is to ensure you know who your business partners are and know of any questionable relationships with government officials. Companies looking to move into a new global market will often “buy in” with locals to form a joint venture or will retain representatives or agents. Before entering into any such arrangement, companies must vet prospective partners and customers. We cannot stress enough: “know who you are really doing business with.” Payments to third parties can result in criminal liability if they end up in whole or in part with government officials or other covered persons.

In addition to investigating potential business partners, companies should periodically investigate themselves. This self- investigation should include interviews of persons with significant involvement in business overseas to make sure that they are complying with the policy and reporting any questionable conduct. The periodic due diligence should also involve the review of books and records for any questionable transactions such as large rounded one time payments to unknown entities and other “red flag” situations.

In particular, companies should be vigilant to review the conduct of overseas subsidiaries and other remote divisions that may be more removed from a culture of compliance.

Responsibility and Reporting

An effective compliance program should be run by designated senior officials with ownership responsibility for running the program. The program should also include clearly identified processes for reporting potential violations or concerns to senior officials with responsibility.

Accounting Controls

Even if the company is not publicly traded, it should have accurate books and records. An effective compliance program should ensure effective controls for the timely, complete, and accurate recording of financial transactions.

Disciplinary Procedures

A true commitment to conduct business in accordance with a written ethics and anti-corruption policy is demonstrated, in part, by imposing real sanctions on those that violate it. The absence of any consequences for violations demonstrates the lack of such a commitment. Accordingly, an effective compliance policy should designate persons responsible for reviewing potential violations and for real penalties for non-compliance.

Summary

In summary, experts agree that the U.S. Government will continue to step up its enforcement of the FCPA. The Government expects executives of companies of all sizes to be informed of the risks and to proactively avoid them. It is our recommendation that Companies review the following to assess their potential vulnerability in this area:

1. Ensure that Corporate policies are documented and part of the organization’s policy and procedure manual (both hard copy and corporate intranet, if possible)
2. As part of the internal controls and auditing process, include an annual review of all overseas expenditures and business partners
3. Assign a designated person(s) as the owner of the FCPA process for the organization
4. Establish a standard due diligence process along with documentation for all overseas business partners
5. Provide annual refresher training on FCPA and hot topics to all personnel involved with overseas transactions

The measures outlined can be implemented efficiently within any size company and can be cost effective with the assistance of qualified attorneys, forensic accountants and financial investigation consultants.