A record 735 FCPA enforcement actions were filed in fiscal year 2011 – with over $2.8 billion in associated penalties. (source: SEC)
78% of Global 2000 organizations did not include partners/suppliers in their Code of Conduct practices. (source: Business Ethics Management Group)
The FCPA and Anti-Bribery acts consist of two provisions: the anti-bribery provision and the internal records and process standards. The anti-bribery provisions prohibit companies from bestowing money, gifts, or anything else of value in order to obtain, or retain, business. The internal records and process standards require meticulous records and the maintenance of clear, accurate, and adequate controls with both employees and trading partners (e.g., suppliers, intermediaries, subsidiaries, etc.) to protect against improper payments or influence.
As the scope of trading partners is broad, the FCPA / Anti-Bribery regulations extend well beyond employees, and cascades throughout the supply chain into subsidiaries and any third parties acting on behalf of the organization. Companies are, therefore, faced with the daunting task of providing proper due diligence across a variety of relationships – and it’s no easy task for most.
Further, as organizations are fervently trying to tackle this regulation, similar regulations (e.g. the UK Anti-Bribery Act, the Austrian Anti-Bribery Act, etc.) are broadening the scope, blurring lines, and adding to the burden. Organizations are finding that each country’s privacy laws present unique challenges to overcome. One area of example is the segregation of duties on a country-specific basis and the corresponding complexity of process and governance. Yet, as new regulations are passed, enforcement of the existing FCPA / Anti-Bribery regulations continue to increase dramatically.
The focus areas, based on common risk areas, include:
- Consultants and agents;
- Suppliers and vendors;
- Introducers and promoters;
- Travel and entertainment;
- Gifts, sampling and promotional items; and,
- Public/private partnerships or joint ventures.
A broad range, across a broad set of internal stakeholders. Yet, without overcoming these regulations, the consequences can include, but are not limited to:
- DOJ and SEC criminal prosecution, which may include both company and executives;
- Injunctions for the company and where/how they conduct business;
- Financial penalties;
- Shareholder suits;
- Loss of business licenses and/or debarment; and,
- Negative publicity and the corresponding loss of opportunities and/or shareholder value.
So, where does one start?
Unfortunately, FCPA / Anti-Bribery compliance programs necessitate certain key elements, across a broad range of activities and functions, such as:
- Inclusion of employees, suppliers, and all third parties within the program;
- Clear communication and training of the FCPA / Anti-Bribery program to all employees;
- Access to anti-money laundering and terrorist financing statutes and regulations;
- A single system where employees can report compliance violations, automated with workflow, auditability, and reporting;
- A management plan for addressing, investigating, and remediating issues that arise;
- Oversight on economic and trade sanctions administered by the U.S. Treasury Office of Foreign Asset Control (OFAC);
- Restrictions on transactions, and block asset-transfers, between U.S. persons and designated individuals/entities named on OFAC’s Specially Designated Nationals List (“SDN List”);
- Restrictions on country-based investment activities (e.g., Myanmar, North Korea, Cuba, Iran, Sudan) through U.S. persons;
- Central reporting to monitor the effectiveness and compliance within the program;
- Periodic, risk-based reviews of systems and controls;
- Audit capabilities to provide a systematic, and transparent, method for maintaining and auditing books and records;
- Timely updates for the monitoring body and board of directors; and,
- Last but certainly not least, executive support.
Is your organization ready and able to successfully address an audit across these dimensions? As well, can your organization perform these actions smoothly and efficiently? If not, there are number of provider organizations who have created their own interpretation of a FCPA Compliance solution – ours included.
Instead of a “one size fits all” approach, or customized from the bottom up, I have found that the ideal solution offers some “out of the box” templates, but is quickly configured to your specific environment so that you can:
- Centralize control of FCPA/Anti-bribery initiatives for the collection of information, across the various dimensions (e.g., employees, third parties, intermediaries, partners, and subsidiaries);
- Track and manage policies, and business practices, with your third-party contractors, government officials, and transactional partners;
- Access a central repository which contains all supplier information, trading partner profiles, contacts, relationships, facilities, and contracts;
- Automate and centralize collection of credentials, whether trading partner information (e.g., policies, contracts, etc.) or agreed-upon compliance standards;
- Automate escalation and notification when compliance standards are not agreed to;
- Measure and score risk on compliance, as well as gain visibility on high-risk areas / operational exposure;
- Maintain full auditability of records – from data change, to communication of policies, to training; and,
- Leverage integration with other systems for necessary information transfer.
FCPA / Anti-Bribery is not a new regulation, but no sooner than organizations starting to tackle this task, other regulations, such as Dodd Frank, were passed. The landscape for the foreseeable future looks to be difficult, but one can take comfort in the fact that many have successfully overcome their FCPA / Anti-Bribery hill through the use of intelligent systems, made specifically to handle the types of activities and functions as mentioned above.
To learn more about how HICX Solutions can help meet your FCPA / Anti-Bribery challenges, as well as other areas of compliance, please contact us at your convenience at email@example.com