In December 2014, the Organization for Cooperation and Economic Development (“OECD”) published its first-ever foreign bribery report, the most comprehensive study of foreign bribery cases around the globe that has ever been conducted. The OECD report compiled and evaluated data from all 41 signatory countries to the OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions, between February 1999, when the OECD convention entered into force, and June 2014. The data covered 467 foreign bribery cases against 164 entities and 263 individuals.

The OECD report contains a number of key findings that companies can use to evaluate and refine their compliance risk assessments. For example, several of the most interesting conclusions in the OECD report are:

  • Bribes are most often paid to public officials in relatively wealthy countries (e., those with medium to very high United Nations Human Development Index scores), rather than to public officials of developing countries, who are generally assumed to be the most common recipients of illegal payments;
  • In most cases, top company employees knew about the bribes, with management-level employees paying or authorizing payments in 41% of the cases studied, and the company’s chief executive officer directly involved in 12% of the cases;
  • Bribery is largely concentrated in four industries: (1) extractive (19%); (2) construction (15%); (3) transportation and storage (15%); and (4) information and communication (10%);
  • In 75% of cases, the bribes were carried out by third-party intermediaries; and
  • In 57% of cases, the bribes were paid to win public procurement contracts.

Based on an analysis of this data, we drew several key takeaways, including the following:

  • Due diligence risk analyses should focus on the circumstances of the transaction and the industry profile rather than rely primarily on geography. As a starting point, companies should ask themselves: (1) Is my business in one of the four industries identified as most susceptible to bribery? (2) Does the transaction involve a public procurement contract (or another common cause for bribery); and (3) Is a third party involved, and if so, what kind?
  • The OECD report confirmed what FCPA enforcement actions in the United States have demonstrated over the past several years: Third parties are the primary source of FCPA risk for most companies. To protect itself against third-party liability, a company must employ best practices at every step in the third-party relationship – before contracting (due diligence), during contracting (negotiating contractual provisions to protect the company), and after contracting (continuous monitoring of the third party).
  • Finally, an effective compliance program should include more than a stand-alone policy. Compliance includes corporate governance and internal controls; the legal department, compliance department, internal audit, human resources, finance, senior management, and the board of directors working in harmony.  And it should be executed through proven change management practices.