The cost of complying with anti-corruption laws is growing. Millions of dollars are being spent to avoid investigations, indictments, and multimillion-dollar fines, not to mention the accompanying reputational costs.
Compliance committees on corporate boards, as well as dedicated corporate compliance and ethics departments, are springing up to help ensure that companies are in line with anti-corruption laws.
The Foreign Corrupt Practices Act, it seems, has only recently become a source of great anxiety for many large public companies, but the law actually was enacted in 1977. Securities and Exchange Commission officials believed that a law banning the payment of overseas bribes would be difficult to enforce, so it added provisions requiring companies to maintain internal controls and to keep accurate books and records to the anti-bribery provision. A quarter century later, Congress passed the Sarbanes-Oxley Act in response to large corporate accounting scandals. The act requires companies to create internal controls to ensure the accuracy of their financial reporting. Like the initial FCPA passage, the new rules brought issues forward about potential violations of the FCPA that were uncovered internally as companies began to comply with Sarbanes-Oxley implementation.
FCPA RULES
There are two general efforts contained within the FCPA: anti-bribery provisions, and accounting and internal controls provisions. Although distinct, companies in violation of the anti-bribery provision are often in violation of the books-and-records provisions too.
• Anti-bribery provisions. The anti-bribery rules generally prohibit payments to any foreign officials or any foreign political parties for the purpose of obtaining or retaining business. Those prohibited from making payments include any issuer under the SEC Act of 1934, including any officer, director, employee or agent of such issuer or any stockholder acting on behalf of the issuer. Foreign officials could include any officer or employee of -- or any person acting in an official capacity or on behalf of -- a foreign government or any department or agency thereof, or of a public international organization.
What constitutes a payment is not absolutely clear. The drafters of the law understood that payments could take many forms, and defined it as money, offers, gifts, promises to give, or authorization of the giving of anything of value.
In theory, this could include cash payments, scholarships, travel and entertainment, rebates and commissions, favorable loans, offers to pay off obligations, charitable donations, overpayments, jobs, political contributions, investments and discounts.
To add to the complexity, there are exceptions. To avoid putting American corporations at a competitive disadvantage, this provision permits modest payments to low-ranking foreign officials, political parties, or party officials that are made to facilitate routine government actions.
Referred to as "grease" or facilitation payments, they are generally permitted if they affect the "timing" of official action rather than influencing the "outcome."
• Accounting and internal controls provisions. Often referred to as the Books and Records Provision, this section of the FCPA says that a company must keep complete and accurate books and records, maintain a proper system of internal controls, and not knowingly falsify records or circumvent controls, or else face consequences for the company and employees.
The SEC has been prosecuting offenders on these provisions since the FCPA law was enacted. Often, the government brings an action against a company under the anti-bribery provisions, and in those instances where a company may have tried to hide the payment in the company's books and records, the SEC will allege a books-and-records violation as well.
RISK ASSESSMENT
Running afoul of the FCPA, or other anti-corruption regulations, can be costly. Corporate penalties have been known to exceed a billion dollars. Siemens Corp. was fined $1.6 billion for its violations, and that doesn't include the added costs of investigating potential violations, costs to correct the violations, and the costs of ongoing monitoring imposed by the government to ensure the violations do not re-occur. Siemens, for example, was forced to appoint a monitor for 48 months to ensure that the company corrected its violations and implemented controls to avoid repeating them.
A misstep and unforeseen ensnarement is too easy. Organizations should not be tempted into believing that anti-corruption violations can be easily avoided. Perhaps all top-level executives are familiar with the anti-corruption provisions, management has been trained, and they are confident that violations could never happen within their organization. Even if they are 100 percent correct in their assumption -- and they probably are not - their organization is still at risk.
Businesses are becoming more global, and operations are occurring in more obscure locations and countries where corruption may be embedded. Their own organization could remain free of violations, but there is a chance that they acquired a company that has violated the provisions. Now it's their problem. Also, their company may work through distributors or third-party agents in foreign countries.
These third parties may, unbeknownst to the company, violate various anti-corruption provisions. If these third parties act as the company's agent, then the company is responsible for their violations.
This hypothetical example illustrates the point: Assume an organization is doing business in a foreign jurisdiction. A decision is made to exit that jurisdiction. As a result, the foreign jurisdiction provides a final tax bill payable upon exiting. The organization believes that this tax liability is excessive, and it engages a local tax accountant to negotiate with the taxing authorities of this foreign jurisdiction. The local tax accountant reports back that a settlement has been reached and that the tax liability is significantly reduced.
The organization is billed for the accountant's services. The local employees within the foreign jurisdiction understand that the tax accountant's invoice includes an embedded charge to reimburse the accountant for payments that he made to individuals within the foreign jurisdiction's taxing authority as part of the settlement, but they do not understand the legal ramifications. The home office staff unknowingly records the entire charge as professional services expense in the organization's books and records.
The above company is now in potential violation of both the anti-bribery and the books-and-records provisions of the FCPA. The local tax accountant essentially "bribed" a foreign government official to render a favorable decision.
Further, the company has hidden, though unintentionally, the nature of the expense by classifying it as a professional service expense in its records.
This second hypothetical involves something that occurs more commonly: An organization sells electronic components. Some sales are made to foreign governments through foreign distributors. The company does not have actual sales offices located in the foreign jurisdictions, and it pays the distributors commissions for the sales.
Unbeknownst to the organization, part of the commissions to these foreign distributors is forwarded to certain employees of the government entity procuring the electronic components. The local organization simply charges all paid commissions as sales commission expense.
The second example also contains potential violations of both the anti-bribery and the books-and-records provisions of the FCPA. Many organizations with global operations have third-party agents such as sales professionals, distributors, and so on, doing business on the companies' behalf. The SEC and the Department of Justice aggressively pursue these cases, so violations are a serious matter that can lead to criminal and civil prosecution.
NEWLY ISSUED GUIDANCE
On Nov. 14, 2012, the Criminal Division of the DOJ and the Enforcement Division of the SEC jointly issued A Resource Guide to the U.S. Foreign Corrupt Practices Act. Robert Khuzami, director of the SEC Enforcement Division, noted that the guidance should "clear up some myths about the types of conduct that get prosecuted."
Critics of the guidance say that it is merely a collection of previously available information and that it does not effect changes in policy. Federal officials have said that it does not represent policy changes, but maintain that the value in the guidance is in its transparency and having previously dispersed information from case law and enforcement actions all in one document.
PREVENTIVE MEASURES
What follows are several preventive measures that companies can take to help avoid getting unexpectedly ensnared in an FCPA-related action.
• Risk profiling. Perhaps the most critical component to an anti-corruption compliance program is the initial risk assessment. An adequate risk assessment methodology is particularly important to companies with large-scale global operations.
Every company is subject to different risks, so it is vital that each company develops its own individual risk profile prior to employing measures to mitigate that risk. Not only does a proper risk assessment methodology manage exposure, but it is also a factor considered by the DOJ and SEC during their evaluation of the effectiveness of a company's compliance program.
Evaluation of a company's risk profile includes, among other factors, consideration of the industry, level of sales to government customers, use of third-party partners to generate sales, and the jurisdictions in which the company operates. (Transparency International's Corruption Perceptions Index provides the perceived levels of public sector corruption of nearly 180 countries.)
Operations with higher percentages of sales to government customers and a larger reliance on third-party partners to generate revenue are considered at greater risk. Regulated industries tend to have a higher incidence of government involvement and have been the focus of U.S. enforcement activity for the past several years. Risk industries include oil and gas, pharmaceuticals, medical devices, telecommunications, and defense contracting. Companies should also consider other government touch points and the need to interact with government officials for product registration, licensing, or customs services.
After consideration of all the risk factors, a company will be able to prioritize the global operations most in need of precautionary measures, such as anti-corruption risk assessments and increased training.
• Training. Education and training are vital and proactive measures that help ensure that a company's anti-corruption compliance policies are followed. It is another gauge used by the Department of Justice and the SEC in evaluating the strength of a compliance program. Regular training of employees through both Web-based and in-person methods and certifications of completion are recommended. Third-party partners (especially those interacting with government customers or officials on the company's behalf) also should be trained on compliance issues and the company's anti-corruption policies. On top of the training requirements, periodic communication from top management on the importance of compliance and adherence to policies will help establish the company's compliance culture. Any method to increase awareness throughout the company, and among those representing the company in the field, can help to avoid problems down the line.
• Due diligence. An often-overlooked, yet necessary, piece of a compliance program is third-party due diligence. The most common avenue of providing improper benefits to government officials is through third-party intermediaries. It is surprising how many employees believe that their company is not at fault if a third party who is selling on the company's behalf engages in bribery. Justice Department and SEC enforcement actions contradict this notion.
A risk-based due diligence approach should be standard practice, and it is suggested by enforcement regulators. Companies should perform varied levels of due diligence on their third-party partners, depending on factors such as type of services provided, location, industry, volume of business, interaction with government officials, and payment terms or arrangements.
A preliminary screening may involve a review of public records, while more in-depth due diligence could include site visits, interviews, and discreet local source inquiries. Due diligence efforts should be tracked, documented and re-assessed on a regular basis. Additional third-party risk management procedures include obtaining anti-corruption certifications, adding compliance language to contracts, and increasing training and communication.
• Risk assessment procedures and testing. Another measure to help prevent an unwanted government investigation is to supplement a company's compliance and audit program by integrating anti-corruption procedures. The internal audit function may already review general ledger revenue and expense transactions as part of its standard workplan.
To gain efficiencies, a more corruption-focused review of those transactions can go a long way to identifying potential red flags. A judgmental selection of expense transactions for testing is necessary to determine the nature of payments to distributors, sales agents, and consultants, and to ensure that the company's books and records accurately reflect the substance of a transaction. Revenue testing is meant to uncover preferential pricing arrangements through methods such as unusual commissions, higher-than-standard discounts, and provision of free goods. In combination with transactional testing, anti-corruption interviews of select sales, marketing, finance, and top-level management provide more details on company operations that can be used to identify corruption risk areas.
Several other measures can be undertaken at the corporate level that will assist in the development of a fully operational compliance program:
- Creation of compliance committees on corporate boards, and compliance and ethics departments within corporations.
- Enactment and enforcement of corporate anti-corruption policies, including disciplinary measures for violations such as improper or extravagant travel, entertainment or gifts.
- Rewards for whistleblowers that extend beyond anonymous tip lines.
- Mechanisms to report back on the resolution of investigations related to whistleblower concerns.
These measures will help create the appropriate corporate tone that violations are not tolerated and provide the company opportunities to investigate and comply with laws prior to regulators getting involved. If the government's enforcement arms do come calling, it is imperative to respond quickly and with full cooperation.
BENEFITS OF PREVENTIVE MEASURES
Operating in a global marketplace opens up organizations to new risks. The decision to implement anti-corruption measures, as well as the extent of these measures, must be subjected to a cost/benefit analysis, but don't let scarce resources create short-sightedness. There is potential liability for anyone who fails to pay attention to these issues, and the costs to investigate and fix problems that come to light are significant. Anti-corruption laws cannot be ignored. There will be a cost to ensuring compliance, but it should be looked at as an opportunity to ensure that the organization benefits from the implementation of appropriate oversight.
Steven Blum, CPA, CFE, CFF, is the managing director of SGB Consulting in Plymouth Meeting, Pa., and a member of The Pennsylvania CPA Journal Editorial Board. Reach him at
