New companies are often frenetic – the power of the idea is what motivates everyone.  The corporate culture is defined by creating a new organization around an idea.  The key motivation is to be successful.

In this environment, compliance is never a priority.  That makes sense – if the company does not make money, the company will quickly die.  Compliance is irrelevant if there is no company.

On the other hand, the longer the “start-up” phase continues, the more firmly a corporate culture becomes rooted and changing that culture becomes more difficult.  It is hard to figure out when and how compliance should become a higher priority for the company.

There are certain actions that a company should take in its infancy.

First, from its inception, the company should have a designated Chief Compliance Officer.  The individual may share that title with another but the company has to designate someone responsible for this function.  By creating a CCO at the beginning, the company sends a message for the future – as we grow, compliance will be a priority.  It instills in the company culture a value in compliance.

Second, the company culture should ensure that the CCO is part of the business team, meaning that business decisions incorporate compliance.  The message has to be clear — no one wants to break the law and the company will not cut corners or ignore the law.  It is easy to ignore compliance when everyone is scrambling to lift a company off the ground.

In this context, FCPA compliance may or may not be a high priority if the company does not have any international operations.  If the company is in the global marketplace, then anti-corruption compliance has to be addressed in some fashion.   But compliance has to be done in the context of a business reality – as a start-up the company can dedicate some resources to “some” FCPA compliance elements.

The essential elements of a start-up FCPA compliance plan should include, depending on financial circumstances, the following:

  1. An FCPA Compliance Policy – A basic statement of compliance with the FCPA should be adopted.  The document does not need to be akin to the Declaration of Independence; it should be basic, and cover all of the issues.  The CEO needs to announce the adoption of the policy.
  2. Internal Controls – For start ups, money is the key.  Money should not used unless it is for a legitimate purpose.  Financial controls can play a significant role in compliance in the beginning of a business.  In effect, the controls take the place of a detailed policy.  The guardian of the money must coordinate with the CCO to make sure expenditures are legitimate.
  3. Training & Communication – a training and communications program on the basics of FCPA compliance should be developed and delivered in a low-cost and simple fashion.  There are many on-line or “canned” FCPA training modules which can be arranged.  Alternatively, the CCO can take 30 minutes to write a basic compliance presentation.

As the company grows, new compliance elements should be added.  The above list contains the basic building blocks for a start up company.  It is easy to point out the missing elements of a basic compliance program but compliance must reflect reality.  A start up company, by definition, does not have the resources needed to implement a full blown compliance program and no one should expect the company to do so.