A key part of any multinational company’s compliance program includes complying with the Foreign Corrupt Practices Act (FCPA), and other foreign anti-bribery statutes. Not only should companies make sure they are maintaining compliance on a general level, they should also be aware of the unique FCPA-related issues presented by supply chains, and how to address them.
Supply chains often require working with third-parties that act on your company’s behalf, and as a result, your company may be responsible for their actions. Therefore, your due diligence compliance standards should affect not just internal employee actions, but also who you choose to do business with. If the Department of Justice (DOJ), or Securities and Exchange Commission (SEC), questions why you hired a third-party that participated in corrupt activities, you want to be able to show due diligence. Demonstrating that you have a competent compliance program in place, and have performed optimal due diligence, is necessary to avoid liability in these situations.
You should first be cognizant of the more notable red flags, such as a foreign government being the client, operations in countries that are particularly high-risk (e.g., see this graphic), and transactions that are known to often include corrupt activities (acquisitions and divestures, joint ventures, product inspections, promotional activities such as travel and entertainment, etc.).
As your company hires third-party support, FCPA compliance can easily get lost in translation, and thus performing adequate due diligence in choosing business partners is critical. Use a risk-based process when vetting third-part agents. It is highly advisable to send a questionnaire to the senior management of the prospective partner to evaluate the level of risk involved. The questionnaire should contain questions such as:
- What are the contents of their general compliance policy (e.g., do they have a specific anti-bribery policy?)? Ask for a copy of their compliance manual.
- Do they employ any government officials or any relatives of government officials?
- How often are they in contact with government officials outside of work?
- Have any of their employees been indicted for corruption in the past?
- Who will be the key personnel working on the assignment?
- What is their own compliance policy when forming partnerships with other companies?
After receiving a response to the questionnaire, consider hiring Dow Jones, or a similar organization, to perform background research on the company looking for specific information and possible red flags (e.g., what contracts do they have with foreign governments?).
After performing preliminary research, maintain a high level of due diligence during contract negotiations so that your team is fully confident in the other company’s compliance program before any payments are made to them. Is the fee they are asking for reasonable? Is it possible to reserve the right to production of their financial records regarding the transaction to ensure no bribes were made? Would it be reasonable to require the third-party to attend compliance meetings to learn the relevant anticorruption statutes and what compliance standards you expect of them?
Apart from confirming that the other party has appropriate compliance standards, make sure that your own compliance program meets due diligence standards when it comes to third-parties. Consider instituting the following policies:
- If you do not already, conduct regular compliance training and reviews of the compliance program.
- Require that even rumors of FCPA violations are to be reported to the highest levels.
- When an alleged corrupt activity comes to light, quickly determine if it truly happened and whether it should be disclosed to the government.
- Set up an anonymous hotline that can be used by employees or third-parties in the supply chain to report corrupt activities. The anonymity curtails any fear of any retaliation against the whistleblower.
- Consider performing a test where a rumor of corruption is planted to make sure that it is reported to the appropriate compliance personnel and executives. When rumors of corrupt activity come to light, lower-level employees often prefer to deal with it internally within their immediate organization, but if they know that it might be a test then they will be more inclined to follow procedure and report it to corporate.
- Make sure that compliance is emphasized and integrated into the work lives of senior management and not just lower-level employees.
- Many multinational companies have an FCPA oversight committee made up officials such as the CFO, General Counsel, and other senior executives who have duties that are relevant to FCPA compliance (e.g., the head of supply chains, head of operations in certain countries, the construction and real estate head). They meet on a regular basis (e.g., quarterly) and report to the board’s audit committee.
- Having a rigorous compliance program is only as effective as it is audited. As part of your company general internal audit, include anti-bribery audits as well. For example, look through financial records for cryptic invoices from brokers such as “miscellaneous processing fees.”
- Apart from corporate-wide audits, consider having compliance personnel perform random audits of international operations abroad.
- Keep up with recent DOJ and SEC actions, investigations, and press announcements. Ask yourself if your company’s controls are efficient in the way that others are being investigated, as they serve as case studies for your own compliance program.
- Document, document, document. Keeping a detailed record of all transactions is an important way of asserting due diligence.
An active and successful compliance program includes making sure your business partners in your supply chain are also compliant. It has been well-reported that effective due diligence can serve as barrier in being liable for actions of third-parties and your own personnel.