What you need to know:

Wal-Mart is under investigation by federal authorities for alleged violations of the Foreign Corrupt Practices Act, and for its six-year delay in disclosing these violations.

What you need to do:

Companies should take a fresh look at their compliance policies and programs, as well as at the underlying business conditions in each foreign jurisdiction in which they operate.  If companies identify a possible compliance issue, they should promptly engage in remediation efforts, including modifying internal controls, and consider whether disclosure to the relevant authorities is appropriate.

The recent spate of publicity surrounding Wal-Mart and its alleged violations of the FCPA highlights, once again, the inherent risks of doing business abroad.  These developments have been eye-opening not only due to the nature and scope of the alleged violations, involving senior managers paying millions of dollars in bribes to facilitate the expansion of Wal-Mart’s business in Mexico, but also because of Wal-Mart's profile as the world's largest retailer that has worked hard in recent years to cultivate an image as a good corporate citizen.  The fact that Wal-Mart apparently discovered these violations years ago but chose not to disclose them to authorities will undoubtedly exacerbate the legal and public relations repercussions.

From a compliance perspective, Wal-Mart’s conduct highlights the inescapable reality that even in the most compliant organizations, there will be enormous business and financial incentives that are in tension with compliance objectives.  Companies should reexamine their anti-bribery policies and compliance programs, as well as at the underlying business conditions in the foreign jurisdictions in which they operate.

An effective anti-bribery policy should include the following essential elements:  

  • a company’s stated commitment to comply with the FCPA (and other applicable anti-bribery laws);
  • specific guidance to employees regarding prohibited and permitted conduct, including the risks posed by third-party relationships;
  • procedures for reporting possible violations to management; and
  • assessment of the consequences of non-compliance, including internal discipline and possible prosecution.

Inasmuch as an appropriate FCPA policy statement is only one aspect of an effective FCPA compliance program, companies should confirm that their compliance programs support such a policy.  A robust compliance program should contain:

  • oversight by senior management;
  • policies related to the use of third parties;
  • training and education; and
  • audits.

While reviewing their FCPA policies and programs, companies should also consider other anti-bribery laws in the foreign jurisdictions in which they do business.  For example, the UK Bribery Act, which went into effect in July 2011, applies to any private or public company with a business connection to the UK and covers bribery even if the offense does not take place in the UK and the person committing the offense has no connection to the UK.  Additionally, the UK Bribery Act includes a strict liability offense for companies that fail to prevent bribery by an employee, agent or subsidiary. 

Companies should also consider disclosing potential compliance problems early.  Prompt disclosure may be a wise strategy.  Early disclosure protects officers and directors from allegations of a cover-up and can simultaneously educate all employees within the company – and even third parties working with the company – about specific FCPA risks.  Prompt disclosure can thus help reduce the risk of future compliance problems