What Is FCPA Compliance Program?
In the mid-1970s, an investigation by the Securities and Exchange Commission (“SEC”) revealed that over 400 U.S. companies admitted to making over $300 million in questionable or illegal payments to foreign government officials. These admissions created concerns among the U.S. government and people regarding the integrity of U.S. markets and the global economy. To address these concerns, Congress enacted the Foreign Corrupt Practices Act (“FCPA”) in 1977.
The FCPA is enforced by the Department of Justice (“DOJ”) and the SEC and has two primary provisions: (1) the anti-bribery provision, which makes it unlawful for a U.S. company or citizen, and certain foreign issuers of securities, to make a corrupt payment to a foreign official for the purpose of obtaining or retaining business, and (2) an accounting provision which requires companies with securities listed on stock exchanges in the United States to make and keep books and records that accurately and fairly reflect the transactions of the corporation and to devise and maintain an adequate system of internal accounting controls.
Compliance with the FCPA is particularly important for companies and individuals transacting business abroad, particularly in countries where bribery is common. As a result, these businesses and individuals should ensure that rigorous systems of internal compliance and accounting measures are in place to prevent FCPA violations and to mitigate fines and penalties imposed in the event of a violation.
Creating and Implementing The FCPA Compliance Program
An essential part of doing business outside the U.S. is creating and implementing an FCPA compliance program. According to the DOJ, a well-designed compliance program should include policies and procedures that give both content and effect to ethical norms with the aim of reducing corruption risks identified by the company as part of its risk assessment programs. This includes appropriately tailored trainings, certifications, and communications to all directors, managers, officers, and relevant employees.
The program, at minimum, should include the definition of bribery, appropriate legal payments and gifts and the circumstances under which they can be offered, procedures to maintain records of the corporation’s foreign transactions, and procedures for reporting and addressing potential FCPA violations.
Failure to have an FCPA compliance plan that addresses issues identified by the DOJ and SEC increases the risk of an FCPA violation and can result in severe criminal and civil penalties against the organization and its members in the event of an FCPA violation.
What Are DOJ Compliance Program Factors?
The DOJ previously used a 10-pillar system to evaluate whether corporate compliance programs were effective. In June 2020, the DOJ updated the factors they consider when assessing the adequacy of an organization’s compliance program, which are directed at DOJ prosecutors that prosecute FCPA violations. The fundamental factors that the DOJ considers now are:
- Is the corporation’s compliance program well designed?
- Is the corporation’s compliance program adequately resourced and empowered to function effectively?
- Does the corporation’s compliance program work in practice?
Factor #1: Is the Corporation’s Compliance Program Well Designed?
The critical factors in evaluating any program are whether the program is adequately designed for maximum effectiveness in preventing and detecting wrongdoing by employees and whether corporate management is enforcing the program or is tacitly encouraging or pressuring employees to engage in misconduct. The program must clearly state that misconduct is not tolerated by the corporation.
Factor #2: Is the Corporation’s Compliance Program Resourced and Empowered to Function Effectively?
Even a well-designed compliance program may be unsuccessful in practice if the implementation is lax, under-resourced, or otherwise ineffective. The DOJ instructs prosecutors to probe specifically whether a compliance program is a “paper program” or one “implemented, reviewed, and revised, as appropriate in an effective manner.” DOJ prosecutors are also told to determine whether the corporation has provided for a staff sufficient to audit, document, analyze and utilize the results of the corporation’s compliance efforts.
Factor #3: Does the Corporation’s Compliance Program Work in Practice?
According to DOJ, they recognize that no compliance program can ever prevent all criminal activity by a company’s employees. Still, if the compliance program effectively identified misconduct, including allowing for timely remediation and self-reporting, a DOJ prosecutor should view the occurrence as a strong indicator that the compliance program was working effectively. The DOJ tells prosecutors to consider whether the program has evolved to address existing and changing compliance risks and whether the company undertook an adequate and honest root cause analysis to understand what contributed to the misconduct and the degree of remediation needed to prevent similar events in the future.
Create a Compliance Program With Us!
Creating an efficient compliance program can be complicated and cumbersome. The team at Sequoia Legal has substantial experience drafting and implementing FCPA compliance programs and advising businesses regarding potential FCPA issues. Our team can help develop robust FCPA compliance programs to aid in preventing FCPA violations while also encouraging the internal disclosure of suspected violations.
This article is designed to help you better understand FCPA compliance programs. If you or your company would like more information or assistance in creating or reviewing an FCPA Compliance program, please contact us.
This publication does not necessarily deal with every important topic or cover every aspect of the topics with which it deals. It is not designed to provide legal or other advice.