Business people in continental Europe could be forgiven for wondering if the compliance program is an Anglo-Saxon conspiracy. The modern compliance program originated in the United States with the Federal Organizational Sentencing Guidelines, which include standards for and benefits of an “effective compliance and ethics program.” The United Kingdom picked up this theme, even providing a defense to criminal charges under its Bribery Act for companies with “adequate procedures” to prevent bribery, and a crime of failing to prevent bribery. “Adequate procedures” are a lot like a U.S. compliance program.
Continental European companies have created or enhanced compliance programs after encounters with the American criminal justice system. Siemens of Germany and Alcatel and Total of France are just three of the more (in)famous examples. But for these companies, the impetus for compliance programs has not come from home, but instead from American prosecutors enforcing U.S. law.
Last year, Spain adopted a new criminal code that includes a “compliance program” defense for certain crimes and France adopted “recommended” guidelines for anti-bribery compliance programs. In recent weeks, Spain announced guidelines for compliance programs and France began work on a new anti-corruption law that will reportedly require many companies to establish compliance programs. (The text of the proposed law has not yet been published.) Both Japan and Brazil have recently issued guidelines for anti-bribery compliance programs.
Companies should not take comfort from the “voluntary” nature of the guidelines. It’s true that there is not a legal penalty for failing to have a compliance program. But if your company is caught breaking the law, the likelihood of prosecution and the penalties assessed are much greater for companies without programs that prosecutors consider effective. Not to mention that an effective compliance program will make it less likely that your company breaks the law in the first place.
For multinational companies, wherever they are based, compliance programs become more important as more countries impose requirements. American multinationals will want to make sure that their programs comply with the requirement of each country in which they work. European companies, especially those without major U.S. activities, may have put off focusing on a compliance program because the issue seemed far away, but now find themselves needing to put more focus on developing and implementing them. Companies from other parts of the world may now increase their focus on compliance and compliance programs.
As more countries increase their enforcement efforts, companies can expect to face multiple prosecutions for the same actions. On February 19, VimpelCom, a mobile phone company based in the Netherlands, agreed to pay $397 million to the U.S. for Foreign Corrupt Practices Act violations, and an additional $397 million to the Dutch government for the same activities. In a speech on March 4, 2016, Leslie Caldwell, head of the U.S. Department of Justice’s Criminal Division, explained that prosecutors in 10 countries were directly involved or “provided significant assistance” in this case.
It is exponentially more expensive and challenging to investigate and defend allegations in multiple countries. Ms. Caldwell acknowledged that “in many cases multiple regulators each seek to prosecute companies and individuals . . ., sometimes for what essentially amounts to the same or closely related conduct. We recognize that this raises legitimate questions about fairness.” The cost of investigating and defending several investigations in several countries is itself exponentially greater than the cost of responding to one agency from one country. As Ms. Caldwell put it, “companies that voluntarily operate in multiple countries certainly know that by doing so, they subject themselves to those countries’ laws and regulatory schemes.”
The bottom line: any company that operates in multiple countries should be building or enhancing its capability in the world of compliance and its formal compliance program.
Although each country has its own spin on what makes a compliance program effective, they use complimentary concepts and, for now, there are not major contradictions among them. One critically important common element is that a compliance program must be built as a real part of the company’s culture, and not just a paper exercise.
The trend toward requiring formal compliance programs is likely to spread, just as antitrust and anti-corruption enforcement have spread around the world. As it does, the importance of building and implementing an effective compliance program will only grow.