Foreign Corrupt Practices Act (FCPA) enforcement continues to be a priority for the United States Department of Justice (DOJ) and Securities and Exchange Commission (SEC). In recent years, U.S. authorities have aggressively investigated and charged corporations and individuals for foreign bribery and related conduct. FCPA investigations can be extremely expensive, and resolving enforcement actions is often very costly in terms of direct fines and penalties, as well as collateral consequences.
Anti-corruption enforcement is increasingly global in scope. A number of countries outside the U.S. have recently passed their own international anti-corruption laws, and more nations are aggressively enforcing their domestic anti-corruption legislation, leading to vigorous multinational anti-corruption enforcement often targeting Western companies. Employees around the world are potential sources of corruption allegations, particularly after the advent of the SEC whistleblower program in 2011.
Shareholder derivative litigation has similarly proliferated in the wake of FCPA investigations and settlements. In addition to government enforcement, companies increasingly face derivative suits alleging that directors have breached their fiduciary duties by failing to implement and maintain FCPA-compliant internal controls.
With adequate preparation and resources, companies can effectively avoid costly risks – both financial and reputational – associated with FCPA and anti-corruption enforcement. We recommend three measures:
- Prevention: maintaining an effective compliance program;
- Investigation: responding quickly and adequately to corruption allegations; and
- Remediation: implementing appropriate remedial measures.
Prevention: maintaining an effective compliance program
Companies must implement and maintain a robust compliance program that should be continuously improved through periodic testing and review:
- Clearly articulate a corporate policy against corruption, consistent with a strong tone at the top from the board of directors and senior management.
- Augment the company’s code of conduct with anti-corruption policies and procedures that are periodically updated.
- Establish an oversight/audit function that has appropriate authority, autonomy from management, and sufficient resources to ensure effective implementation of the compliance program.
- Perform a risk assessment and tailor the company’s compliance program to risks identified by the assessment.
- Require anti-corruption training for all directors, officers, relevant employees, and, where appropriate, agents and business partners.
- Adopt positive incentives to drive compliant behavior and clear disciplinary procedures to deter unlawful conduct.
- Implement adequate due diligence policies for engaging third party representatives and business partners.
- Establish procedures for confidential reporting and internal investigations.
- Ensure appropriate oversight by the board or a committee thereof through regular reporting on the compliance program, any allegations, and any internal investigations conducted and their resolution.
Investigation: responding quickly and adequately to corruption allegations
Companies must be prepared to internally investigate corruption allegations, whether from U.S. or foreign regulators, the media, or whistleblowers:
- Assess who should be conducting the investigation. While many internal investigations may be conducted at the direction of the general counsel or management, if the allegations are pervasive or implicate senior management, companies should consider an independent investigation directed by the Audit Committee or another committee of the board of directors.
- Conduct the investigation with internal or external resources commensurate with the scope of the allegations.
- Use investigators experienced with the relevant issues and jurisdictions. Companies should also ensure that investigators are equipped with the appropriate language skills and resources.
- Maintain attorney-client privilege over the investigation to the fullest extent possible to avoid subsequent involuntary disclosure of investigation findings.
- Consider relevant local laws, including local data privacy laws and other laws affecting the conduct of investigations.
- Employ forensic accountants and other experts working at the direction of counsel if necessary to address the allegations.
Remediation: implementing appropriate remedial measures
If an internal investigation corroborates corruption allegations, companies must implement adequate remedial measures with appropriate oversight by the board of directors:
- Remedy any improper conduct and practices identified. Companies should also examine and correct gaps identified in corporate policies or the existing compliance program.
- Assess whether the identified problems affect the company’s internal controls over financial reporting. Management should determine whether problems constitute a significant deficiency or material weakness under the federal securities laws.
- Consider disclosing any potential violations to U.S. or non-U.S. authorities. Determining whether to self-disclose is often a complex decision involving an assessment of the company’s conduct, legal obligations, and disclosure obligations under federal securities laws.
To effectively manage today’s FCPA and anti-corruption risks, companies must make considerable effort to prevent – and, when necessary, investigate and remedy – improper conduct and practices.