FCPA ups the risk

 

Federal prosecutors who have already been increasing their pursuit of violators of the Foreign Corrupt Practices Act (FCPA) — a stringent U.S. law that bars corrupt corporate practices overseas — are gearing up to be even more diligent in that regard. This means that directors and other executives at companies with even a small international footprint have to be particularly attentive to this risk and now have to go beyond merely implementing policies that prohibit banned practices.

The price for not taking a highly aggressive loss-prevention approach to this largely uninsurable risk can have life-changing consequences for directors and executives, and can be costly for organizations, both financially and in the court of public opinion.

The FCPA operates by prohibiting U.S. companies and foreign companies with operations in the United States from bribing foreign officials either directly or through third parties while securing overseas business. In addition, FCPA amendments, which modified the Securities and Exchange Act of 1934, bar publicly traded companies from hiding such illegal payments through misleading or inaccurate accounting practices. These so-called “books and records amendments” also require companies to implement stringent internal accounting controls.

- Advertisement -

For each willful violation of the “books and records amendment,” companies face a $25 million criminal fine; individuals face 20 years of imprisonment and a $5 million fine. Each conviction for a willful violation of the FCPA's antibribery provision carries a $2 million criminal fine for companies; individuals face five years of imprisonment and a $100,000 fine. For non-willful violations, individuals face civil penalties of up to $10,000.

While the FCPA was enacted in 1977, the U.S. Department of Justice, along with the Securities and Exchange Commission, has significantly increased its enforcement operations in recent years.

According to the Justice Department, more than 120 companies were investigated for FCPA violations in 2009, as compared with 100 in 2008. Moreover, last year prosecutors indicted a record number of 20 individuals, and since then have taken three cases to trial and have won all three.

At the recent Global Ethics Summit in New York, the head of the Justice Department unit that investigates and prosecutes FCPA violations projected that the unit would expand by approximately 50% over the course of the next two years. Meanwhile, laws similar to the FCPA are being enacted and enforced abroad.

The greatest challenge to a company, however, is not preventing its own personnel from acting illegally. Rather, the biggest exposure to a company stems from 1) its foreign suppliers and vendors (since companies can be held accountable for the actions of third parties); and 2) past activities of previously unrelated entities that have been acquired by the company in a merger or buyout.

Perhaps the most effective approach to a corporate FCPA compliance program is the same approach that companies generally take to comply with the requirements of the Sarbanes-Oxley Act (SOX). Like SOX, the FCPA does not lend itself to a “check-the-box” program that can be forgotten in a month's time.

What are some key elements that directors and executives should consider to develop a dynamic FCPA compliance program?

At the outset, a compliance program has to be seen by prosecutors and employees as driven from the top of the organization. Beyond including a strong statement of support from management in an FCPA policy statement, companies should also consider appointing a senior executive as the FCPA compliance officer and scheduling various executives to speak at employee training sessions.

If a company has business arrangements with third parties abroad, the agreements should be conducted in a formal setting with reputable companies that readily submit to the compliance program. Additional safeguards can include performing diagnostic testing of third-party commissions, contract terms, and expenses.

Prior to a merger or an acquisition, due diligence should be faithfully conducted specifically to include potential exposure to FCPA violations. The review should evaluate the target company's internal controls, look for any red flags, and be tailored to the business operations, especially if they operate in any high-risk countries.

If a potential FCPA violation arises, the company must alert the board and should aggressively investigate the underlying facts, all the while preserving all relevant materials. If a violation did indeed occur, prosecutors are likely to look more favorably upon a company that has demonstrated a strong compliance initiative, self-reports an incident, and moves swiftly to correct an identified problem. Since insurance protection for this risk can be limited, it is even more critical for directors to ensure that the company has appropriate procedures, controls, and people in place.                                      â– 

The author can be contacted at erosenberg@chubb.com.

About the Author(s)

This is your 1st of 5 free articles this month.

Introductory offer: Unlimited digital access for $20/month
4
Articles Remaining
Already a subscriber? Please sign in here.

Related Articles

Navigate the Boardroom

Sign up for the Directors & Boards weekly newsletter for the latest news, trends and analysis impacting public company boardrooms.