ETHICS CORNER DEFENSE CONTRACTING
Small, Mid-Sized Firms Face Ethics Hurdles
Photo: iStockIndustries, and the companies which operate within them, adapt to changing market conditions. Companies that fail to heed this central tenet of business management often fail.
The extractive industries adapt to changing consumer demands on their products, and they go wherever the natural resources are to be found. Pharma looks for new markets for its products, which can result in product driven expansion or a movement of sales emphasis more generally to where growth opportunities exist.
Transport looks to newer and growing urban markets, where the investment dollars exist for large transit infrastructure programs. The defense industry is no different, and time has shown that it responds quickly and intelligently to changing market forces and demands. Increasingly, this has required looking into new and often opaque international markets.
The largest defense contractors have significant personnel and administrative resources devoted to meeting changing industry demands. They have people in place to assess changing markets and they have developed methods of redeploying their resources to meet the new demands. They also have legal, compliance and risk personnel who are positioned to navigate these changes and to protect the company from the new risks, which may attach to the new markets or market conditions.
Risk assessment is effectively the genesis of all intelligent compliance programs, and risk must be reassessed when the company and its markets change.
Smaller and mid-sized contractors may not have the luxury of these legal, compliance and risk resources when market conditions change for them, but they face the same potential legal, regulatory and enforcement risks. The risks and associated consequences may even be greater in fact, because while a large company can absorb the costs of regulatory or enforcement inquiries, these costs and the business disruption they create can be critical to a smaller company. They can in fact put the smaller company out of business.
These concerns are ripe for smaller and mid-sized defense contractors as today’s markets increasingly move into more and more diverse and challenging overseas markets. Here, the risks of corruption, financing, cybersecurity, privacy and other laws may become more immediate, and it is not good to ignore them or look the other way. Smaller companies must not simply plan for how to take advantage of new international markets, they must also determine how best to position themselves against the new risks.
No amount of effort, whatever the size of a company, can completely insulate it from bad things happening. But regulatory and enforcement authorities expect effort and they will look for best practices. This does not mean that a contractor with 200 employees will be expected to have the same compliance systems and procedures as Lockheed Martin or Raytheon, but there must be a system and it should be right-sized and developed to meet the risks that a small or mid-sized company reasonably expects to face.
The defense industry in particular finds itself midstream in efforts to adapt to the constant evolution of rules and regulations which apply to their markets; to whom can you sell and what can you sell. The new international markets, more and more, are not the traditional and familiar ones, and they are often markets with particular and identifiable risks.
Contractors must show that they have made their own intelligent risk assessment of the challenges they face, and put in place policies and procedures that address those risks. As noted above, this does not mean that the policies and procedures must be burdensome or address every potentiality, but they must be developed to meet a contractor’s particular risks.
The simplest steps are the best. Does the company have a code of conduct, and one which addresses the specific risks that it faces? Is it written in plain English, and does it indicate clearly the company’s expectation for ethical and honest conduct in all operations? Is that message delivered firmly and transparently by senior management?
If the contractor operates, or expects to operate in markets with substantial corruption risks, are the Foreign Corrupt Practice Act or U.K. Bribery Act proscriptions against making or offering payments to get or retain business spelled out? Is the Code of Conduct translated into additional languages where necessary for non-U.S. employees? Is training on the Code of Conduct routine and freshened when the Code is revised to address new issues? Are there sufficient resources devoted to legal, risk and compliance support?
The difficulty is negotiating an approach to anti-corruption, money laundering, cybersecurity and other risks in light of all the additional concerns facing a contractor. For example, are there systems in place to warn of a cybersecurity breach, and would systems contain such a breach? Do internal controls take into account local data privacy laws? How do such restrictions affect information flow across the contractor’s systems? How are suspicious transactions flagged, and who is notified? Is the contractor in jurisdictions where blocking statutes, state secrets restrictions, or other access or data laws would inhibit an internal investigation?
As smaller defense contractors adapt to changing international markets, and in particular look for new customers, it will often lead them to new countries that have increased corruption, money laundering and security risks. They must plan not just for the new personnel they will need to sell or manufacture their product, but also for implementing best practice policies and procedures which address the new risks. Contractors that take the simple steps and create a record of having taken seriously their legal and compliance responsibilities will be best positioned to operate successfully in the new markets.
Robertson T. Park and Timothy P. Peterson are shareholders with Murphy & McGonigle (www.mmlawus.com) in Washington, D.C., with expertise in developing right-sized compliance programs which meet company risk profiles. Contact them at: RPark@mmlawus.com and TPeterson@mmlawus.com