Compliance with the Foreign Corrupt Practices Act in the Post-Sarbanes-Oxley World
Every company with operations or sales overseas should carefully consider whether it has effective policies and procedures in place that adequately manage the company’s risks under the Foreign Corrupt Practices Act (“FCPA”). Recently, The Wall Street Journal reported that Enron Corp. is the target of a new U.S. Department of Justice criminal investigation involving allegations of FCPA violations. The allegations concern Enron’s pipeline, power and water-privatization projects in several foreign countries. Given the intense scrutiny federal regulators are placing on corporate conduct following passage of the Sarbanes-Oxley Act -- which places additional burdens on corporate officials to ensure that accounts and financial statements accurately reflect the financial condition of their companies -- Enron may not be the only company that finds itself the subject of a criminal FCPA investigation.
The FCPA has been law since 1977. While most business executives are aware of the FCPA’s basic objectives, fewer do an adequate job of protecting their companies and their employees from potentially disastrous consequences -- stiff fines and prison sentences -- that could result from a failure to comply.
Complying with the FCPA
Companies must proactively protect themselves against FCPA violations. The “Federal Sentencing Guidelines for Organizations,” issued by the U.S. Sentencing Commission and applicable to criminal violations of all federal statutes such as the FCPA, require federal courts handing down criminal sanctions to take into account the existence or absence of effective corporate compliance programs. The presence of an effective compliance program can significantly reduce a corporation’s sentence, in some cases by as much as 95%, while the absence of such a program can increase the sentence.
In the Caremark case, the Delaware Chancery Court held that the failure to have an adequate corporate information and reporting system in place could constitute a breach of fiduciary duty by the company’s board of directors. Among other things, this could leave directors liable for losses incurred by companies for non-compliance with applicable law. In re Caremark International Inc. Derivative Litigation, 698 A.2d 959 (Del Ch. 1996).
What We Recommend
In order to meet the challenge of the Sarbanes-Oxley Act and the standards of the Federal Sentencing Guidelines for Organizations, we recommend that companies take a number of actions with respect to the FCPA:
Adopt a Corporate Policy. The company should adopt a written corporate policy on FCPA compliance and distribute the policy to all employees, including those located in overseas offices. The FCPA policy should be carefully crafted to reflect the actual business and operations of the company (and not merely duplicated from another company’s policy or standards). The FCPA policy, as well as implementing procedures, should be updated regularly to reflect new developments in the United States, the widespread adoption of the OECD Convention on Combating Bribery, and rapidly evolving changes in anti-bribery laws around the world, especially in Europe.
Adopt Comprehensive Implementing Procedures. The company should implement its FCPA policy by putting in place comprehensive monitoring and reporting procedures. Possibilities include establishment of an executive-level FCPA Review Committee to manage and review FCPA issues as they arise, designation of an FCPA Compliance Officer or Ombudsman to whom FCPA referrals may be made by employees on a confidential basis, development of screening methods and checklists to identify when FCPA issues may occur during normal business operations, development of questionnaires for use internally and with third-parties, and development of appropriate contract language for inclusion in all agreements that may give rise to FCPA concerns. These procedures should be carefully crafted to reflect the company’s business and operations. Failure to do so may not only deprive the company of the legal benefits of having an effective compliance program, such failure can also stifle and disrupt normal business operations.
Communicate With and Train Employees. As important as it is to have an appropriate FCPA policy and procedures, it is equally important that they be communicated effectively to employees. The language used in the materials must be clear and understandable to employees at all levels of the organization. Affected employees should also receive adequate training regarding the FCPA policy and procedures. Each employee with substantive responsibilities that relate to overseas operations or sales should be required to attend periodic training sessions, incorporating practical guidance on how to deal with situations that may arise in the course of the employee’s work. Such training is best conducted in person by a company’s compliance officer or legal counsel so that issues particular to a group of employees can be addressed. The company should keep a detailed record of the employees who attend these training sessions.
Act Swiftly if FCPA Violations Occur. In the event allegations of FCPA violations are received, the company should take swift action to investigate. In the event actual violations have occurred, the company should have in place standard disciplinary procedures that apply to all employees who violate the FCPA policy. Prompt action must be taken with respect to actual abuses in an effort to avoid repeated occurrences. The company should also assess whether or not its policy and procedures need to be modified and its internal enforcement strengthened. In appropriate cases, the company should consider voluntary disclosure of apparent FCPA violations to the federal government in order to mitigate its exposure to enforcement action.
Review FCPA Matters Regularly. The company’s FCPA Review Committee or Compliance Officer should report, on a regular basis, to the company’s board of directors any policy violations, enforcement measures and disciplinary actions. The board of directors should periodically evaluate the effectiveness of the FCPA policy and procedures.
Link to article
Link to article