November marked the one-year anniversary of the release of the resource guide to the Foreign Corrupt Practices Act, and should serve to remind all defense contractors of the critical importance of keeping their compliance program current and effective.
While not binding, the guide provides insight into the Department of Justice and Securities and Exchange Commission’s views on the act’s enforcement. Jeffrey Knox, principal deputy chief of Justice’s fraud section, said at a conference after its release that officials will act consistently with the guide, and that it should be treated similarly to the U.S. attorneys’ manual.
With that in mind, one sentence from the guide is of paramount importance: “In appropriate circumstances, DoJ and SEC may decline to pursue charges against a company based on the company’s effective compliance program.”
Without an effective compliance program, enforcement agencies are more likely to pursue charges when violations occur. Key to any effective program is constant, ongoing assessment of specific risks and participants. This includes maintaining constant vigilance to ensure that every practicable step has been taken and is tailored to prevent infractions, and to flush out those that inevitably occur.
When violations surface, the enforcement agencies want to know if the incident was aberrational, or whether it was the result of a half-hearted or haphazard compliance program.
Here are some key areas that should be assessed in reviewing an FCPA compliance program.
First, one size does not fit all. It is clear in the guide that cookie-cutter compliance programs are generally ill conceived and ineffective because resources inevitably are spread too thin, with too much focus on low-risk markets and transactions to the detriment of high-risk areas.
There is no such thing as a universal anti-corruption compliance program. For example, the compliance policies for doing business in Europe or the Americas may not necessarily be directly applied in sub-Saharan Africa, and vice versa.
Sound policies must be developed, tailored and carefully adapted to each market or line of business, and even different regions within a business. Companies should always assess changes in their practices that may have an impact on a compliance program.
Has the company expanded into emerging markets? Has the company acquired other companies in risk areas? If so, make sure that the compliance program has taken these new risk areas into consideration. If a program that covers the United States is the same as the one for a highly corrupt, emerging market, then an adjustment is in order.
Next, conduct due diligence on third-party intermediaries.
One important tenet of any effective FCPA compliance program is an ongoing review of those who are doing business with and on behalf of a company and who have contacts with government officials in that role.
A company’s list of these third-party intermediaries changes over time. What is known about their business practices? They should have a reputation for being above board in their dealings in emerging markets. A company should know when the latest due diligence was performed, and who carried it out. References for each third-party intermediary should be in the corporate files.
When it comes to intermediaries, “we had no idea what he was doing” is little help as a defense.
Actions a company takes to prevent infractions will help reduce prosecution exposure should a violation occur.
Lastly, companies need to investigate potential violations.
Whenever a potential violation is discovered, a firm must have a game plan for how best to investigate and respond. Often, the initial facts brought to the attention of management do not involve a clear-cut violation, and not every circumstance will warrant a full-blown internal investigation.
However, a company must uncover the facts to allow it to analyze potential liability, and take proactive steps to remedy any issue discovered. Failure to respond typically makes matters worse, not better. The potential consequences of a head-in-the-sand approach are possible civil, criminal and regulatory penalties.
In addition, learn from any investigation conducted. Problems that surface in one division of a company, may call for investigation of other divisions. Likewise, the facts surrounding a potential FCPA violation may implicate other legal obligations.
For example, the Federal Acquisition Regulation mandatory disclosure requirements are triggered when a contractor has “credible evidence” of “a violation of federal criminal law involving fraud, conflict of interest, bribery, or gratuity violations found in Title 18 of the United States Code” or “a violation of the civil False Claims Act” in connection with a government contract.
Although the FCPA is not in Title 18, many violations such as bribery of a foreign official may also constitute a Title 18 offense.
In sum, companies constantly must reassess their risk, and then implement, or add to, their anti-corruption compliance program to prevent problems from reoccurring.Matt Cannon is a shareholder and Roger Scott is an associate in Greenberg Traurig LLP’s litigation practice group. Cannon is the former lead prosecutor for the LOGCAP working group. The opinions expressed are solely those of the authors.