New companies are often frenetic – the power of the idea is what motivates everyone. The corporate culture is defined by creating a new organization around an idea. The key motivation is to be successful.
In this environment, compliance is never a priority. That makes sense – if the company does not make money, the company will quickly die. Compliance is irrelevant if there is no company.
On the other hand, the longer the “start-up” phase continues, the more firmly a corporate culture becomes rooted and changing that culture becomes more difficult. It is hard to figure out when and how compliance should become a higher priority for the company.
There are certain actions that a company should take in its infancy.
First, from its inception, the company should have a designated Chief Compliance Officer. The individual may share that title with another but the company has to designate someone responsible for this function. By creating a CCO at the beginning, the company sends a message for the future – as we grow, compliance will be a priority. It instills in the company culture a value in compliance.
Second, the company culture should ensure that the CCO is part of the business team, meaning that business decisions incorporate compliance. The message has to be clear — no one wants to break the law and the company will not cut corners or ignore the law. It is easy to ignore compliance when everyone is scrambling to lift a company off the ground.
In this context, FCPA compliance may or may not be a high priority if the company does not have any international operations. If the company is in the global marketplace, then anti-corruption compliance has to be addressed in some fashion. But compliance has to be done in the context of a business reality – as a start-up the company can dedicate some resources to “some” FCPA compliance elements.
The essential elements of a start-up FCPA compliance plan should include, depending on financial circumstances, the following:
- An FCPA Compliance Policy – A basic statement of compliance with the FCPA should be adopted. The document does not need to be akin to the Declaration of Independence; it should be basic, and cover all of the issues. The CEO needs to announce the adoption of the policy.
- Internal Controls – For start ups, money is the key. Money should not used unless it is for a legitimate purpose. Financial controls can play a significant role in compliance in the beginning of a business. In effect, the controls take the place of a detailed policy. The guardian of the money must coordinate with the CCO to make sure expenditures are legitimate.
- Training & Communication – a training and communications program on the basics of FCPA compliance should be developed and delivered in a low-cost and simple fashion. There are many on-line or “canned” FCPA training modules which can be arranged. Alternatively, the CCO can take 30 minutes to write a basic compliance presentation.
As the company grows, new compliance elements should be added. The above list contains the basic building blocks for a start up company. It is easy to point out the missing elements of a basic compliance program but compliance must reflect reality. A start up company, by definition, does not have the resources needed to implement a full blown compliance program and no one should expect the company to do so.