FCPA Guide (Second Edition) Issued
In July 2020, the U.S. Department of Justice and the Securities and Exchange Commission, released A Resource Guide to the U.S. Foreign Corrupt Practices Act, Second Edition (the “Guide”). The Guide contains a detailed compilation of information and analysis regarding the Foreign Corrupt Practices Act (“FCPA”) and its enforcement. The Guide is an update to the version originally released in November 2012, and addresses a wide variety of topics.
In today’s global economy where most U.S. companies conduct some aspect of their business outside of the United States, the Guide is an important resource. Of particular relevance to the Association’s members, the Guide underscores the importance of implementing an effective compliance program to detect and prevent FCPA violations and discusses some of the elements typically contained in such a program.
Importance of an FCPA Compliance Program
While there is an initial investment of both time and resources in designing an effective compliance program, such a program is crucial to detecting and preventing potential FCPA violations (which can lead to massive financial penalties and criminal liability). An effective compliance program will identify a company’s most salient FCPA risks, provide the company with tools to detect and mitigate those risks, protect the company’s reputation, and reduce uncertainty in its business transactions. The Guide indicates that the enforcement agencies will also consider the adequacy and effectiveness of a company’s compliance program when deciding what, if any, enforcement action to take in the event there is an FCPA violation.
Designing an Effective FCPA Compliance Program
FCPA compliance is not an area where “one size fits all” and, to be effective, a compliance program should be tailored to the company’s specific business and to the risks associated with that business. The Guide does, however, set forth some of the basic elements DOJ and SEC consider when evaluating compliance programs.
Commitment of Management, Communication of Policies and Training
First and foremost, the regulators consider whether the organization has a culture of compliance with buy-in and support at the highest level of the organization. The organization should clearly articulate its policies, communicate them in unambiguous terms (both within and outside the organization) and consistently adhere to them. The Guide notes that the most effective programs are clear, concise, and accessible to all employees and to those conducting business on the company’s behalf (such as consultants and third-party agents). To ensure effective understanding, communication and implementation of policies and procedures, training is essential.
The types of FCPA policies and procedures implemented by a company will depend on the risks associated with the business and should be rooted in a deep understanding of the company’s products and services, its use of third-party agents, its customers, its government interactions, its industry risk and the geographic risks associated with the countries where it does business. The Guide recognizes that the amount of resources devoted to compliance will depend on the company’s size, industry, geographical footprint, and other business risks. Accordingly, understanding a company’s risk profile is fundamental to developing an effective compliance program and the policies and procedures should be designed to prioritize and address the highest risk areas.
FCPA Due Diligence on Third Parties
The Guide also underscores that third parties, including agents, consultants, and distributors, are commonly used to conceal the payment of bribes to foreign officials in international business transactions. If consultants, agents or other third-party representatives are used to conduct international business, this is a key risk factor and robust risk-based due diligence should be incorporated into the company’s compliance program. There should be a clear understanding of the business rationale for including the third party in the transaction, what work the third party is actually performing, and whether payment is commensurate with the work being provided and compare to typical terms in that industry and country. Finally, the company should inform third parties in its contracts of the company’s compliance program and its expectation of ethical and lawful business practices.
The development of an anti-corruption compliance program, by its nature, is a fact intensive and interactive process and the summary set forth above is not intended to be exhaustive. While the Guide sets forth elements common to most robust FCPA programs, to be truly effective a compliance program must be developed based on the company’s identified risks. Once those risks are identified the appropriate compliance tools can be identified, the policies can be communicated internally and externally, and the appropriate personnel can be trained to implement those policies in an effective manner.
About the Author: M. Sean Purcell is a partner in the Vorys Washington, D.C. office practicing corporate and international law with a focus on transactional matters, compliance counseling and international finance. Learn more at Vorys.com/Purcell.