I’m sure by now, you’ve read, or at least heard of, the Airbus SE multi-billion dollar settlement with U.S., French and UK authorities, for FCPA and Export violations—the largest penalty that I can recall in my 30+ years in international trade! Although, I’ve had extensive experience in anti-bribery and anti-corruption (ABAC) matters, this article will address the lessons we can learn from Airbus’ mistakes, if you can even call it that.

I was taught, very early in my career, to stay out of the front or second page of the WSJ, or any other paper for that matter, (as a story, not as a reader). For the younger readers of this article, we didn’t have news delivered to us via the internet, so it was the old-fashioned printed paper that we got to hear of such stories. The saying was, and still is, would you want your mother or grandmother to read about you (in a not so great spotlight) in the front page of the WSJ? I think for most of us, the answer is an emphatic “no”. Yet, in the case of Airbus, how could such a systematic, intentional, and unethical behavior continue for such an extended period? I’m not here to point any fingers, given Airbus has extensive best-practices in training, compliance, and export control programs in place. The fact remains, there’s often a bad apple, or apples, in many companies, so it becomes an issue of how to shake the bad apples off the tree, or better yet, identify such individuals, early on, and get them to understand the requirement for complying with the company’s compliance program.

For any compliance program to work, it must be disseminated, both down to the “rank and file”, and up, to the C-suite and Board. Everyone must have a stake and interest, in seeing that the program(s) are effectively implemented. What many of us, say, “walk the walk, talk the talk”. The challenge is how do you implement, and bring awareness, to your programs, early on. From my experience, it’s by creating a program that is systematic throughout the entire organization, a living and breathing program, and constantly updated to reflect your company’s current business practices and the regulatory changes. So where do you start? Assuming you’ve “rolled up your sleeves” and have visited your business units, factories, and stakeholders, flow-charting your operations is critical. If you’re privileged enough to have a black-belt or yellow-belt six-sigma peer, I’d recommend engaging them; if not, the basic concepts of six-sigma and flow-charting can be found readily on Google, but I do recommend having Microsoft Visio or a similar flow-chart system to document your operations.

I always recommend looking at the Charging Letters and Settlement Agreements, on the DDTC website, to see where companies, such as Airbus, failed. The case at hand, involved lack of controls in areas that can be challenging to identify, early on, including compliance with Part 130 (commissions & political contributions), false statements, recordkeeping errors on ITAR transactions (keep in mind the breadth and size of Airbus—this must be an overwhelming challenge given their operations), and unauthorized exports/retransfers of defense articles. Thus, if you were to base your compliance controls and program, to avoid the mistakes Airbus made, thoroughly reading, dissecting and applying the remedial steps that would have avoided the violations, from the start, is a great starting point.

Case in point—Part 130 violations: many of us, have seen this “check the box” on DSP-5 licenses. The question is then, who within your organization is responsible for communicating potential commissions and political contributions, to you, in order to ensure you aren’t making a false statement? Is it marketing/business development, or your lobbyists who are responsible for political contributions? Is it your sales and client relations office who’s responsible for commissions? Identifying the “who” is critical, in order to avoid these sort of “fatal” violations. My suggestion is always to start with the on-boarding of new employees and reassignment of current employees into new positions. Leverage your employee Active Directory (or similar) program; make compliance training and awareness part of the on-boarding process. The same applies to transfers of employees into new positions that may be considered peripheral or directly related to export controls. The fact that there was a disconnect as to how political contributions were to be handled, and by whom, shows that awareness and training, was lacking in that area of their business, as well as notifications when such payments were made.

So, what can we learn? First and foremost, hats off to Airbus for voluntarily disclosing these violations to the authorities, which shows their sincere desire to settle and address these weaknesses. Next, as stated above, read and review both the Charging Letter and Settlement Agreement (you should also be looking at other settlement agreements), and make an excel sheet, with the various violations, the regulatory citation for those violations, and what DDTC’s recommended corrective actions are; then cross those with your internal policies and procedures. Where you are lacking such procedures, identify whether you should have one in place, and tailor it to your company, but utilize charging letters and settlement agreements on what your controls should look like.

In conclusion, mirroring your program to certain elements of the violations and the corrective actions Airbus and DDTC have laid out in their settlements is a great starting point. This will allow you to put into place the controls that should have been there for Airbus, which may have avoided the violations they settled. These agreements provide a roadmap of where the “potholes” are within your organization and how to fill those holes, in order to avoid the front page of the WSJ.