In what the FCPA Blog termed a day of making history “for the most companies to simultaneously settle FCPA-related violations, [the] Global logistics firm Panalpina and five of its oil-and-gas services customers resolved charges with the DOJ and SEC, and another customer settled with the SEC only”, the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) announced settlements which totaled fines, penalties and profit disgorgements of over $236.5 million. The FCPA Professor noted that while the “DOJ and SEC enforcement actions principally focused on customs and related payments in Nigeria, but also including alleged improper conduct in Angola, Brazil, Russia, Kazakhstan, Venezuela, India, Mexico, Saudi Arabia, the Republic of Congo, Libya, Azerbaijan, Turkmenistan, Gabon and Equatorial Guinea.” He also noted that since July, “the U.S. government has brought FCPA enforcement actions totaling approximately $1.1 billion” in fines, penalties and profit disgorgement.
However more was announced yesterday than simply raw dollars. Each resolved enforcement action provided to the FCPA compliance practitioner significant information on the most current DOJ thinking on what constitutes a best practice FCPA program. Each of the Deferred Prosecution Agreements released yesterday, included an Attachment C, a document entitled “Corporate Compliance Program”. Each Corporate Compliance Program was the same in all the DPAs announced yesterday. Each Corporate Compliance Program detailed the latest best practices its internal controls, policies, and procedures regarding compliance with the Foreign Corrupt Practices Act (FCPA). (This same information was also attached to the Noble Non-Prosecution Agreement as “Attachment B”.)
The information included these collective Corporate Compliance Programs provides the FCPA compliance practitioner with the most current components that the Department of Justice believes should be included in a FCPA compliance program. Hence, this information is a valuable tool by which companies can assess if they need to adopt new or to modify their existing internal controls, policies, and procedures in order to ensure that their FCPA compliance program maintains: (a) a system of internal accounting controls designed to ensure that a Company makes and keeps fair and accurate books, records, and accounts; and (b) a rigorous anti-corruption compliance code, standards, and procedures designed to detect and deter violations of the FCP A and other applicable anti-corruption laws.
The Preamble to each Corporate Compliance Program noted that these suggestions are the “minimum” which should be a part of a Company’s existing internal controls, policies, and procedures. Each Corporate Compliance Program had twhirteen points which are set out below. They are:
1. Code of Conduct. A Company should develop and promulgate a clearly articulated and visible corporate policy against violations of the FCPA, including its anti-bribery, books and records, and internal controls provisions, and other applicable foreign law counterparts (collectively, the “anti-corruption laws”), which policy should be memorialized in a written compliance code.
2. Tone at the Top. The Company will ensure that its senior management provides strong, explicit, and visible support and commitment to its corporate policy against violations of the anti-corruption laws and its compliance code.
3. Anti-Corruption Policies and Procedures. A Company should develop and promulgate compliance standards and procedures designed to reduce the prospect of violations of the anti-corruption laws and the Company’s compliance code, and the Company should take appropriate measures to encourage and support the observance of ethics and compliance standards and procedures against foreign bribery by personnel at all levels of the company. These anti-corruption standards and procedures shall apply to all directors, officers, and employees and, where necessary and appropriate, outside parties acting on behalf of the Company in a foreign jurisdiction, including but not limited to, agents and intermediaries, consultants, representatives, distributors, teaming partners, contractors and suppliers, consortia, and joint venture partners (collectively, “agents and business partners”), to the extent that agents and business partners may be employed under the Company’s corporate policy. The Company shall notify all employees that compliance with the standards and procedures is the duty of individuals at all levels of the company. Such standards and procedures shall include policies governing:
b. hospitality, entertainment, and expenses;
c. customer travel;
d. political contributions;
e. charitable donations and sponsorships;
f. facilitation payments; and
g. solicitation and extortion.
4. Use of Risk Assessment. A Company should develop these compliance standards and procedures, including internal controls, ethics, and compliance programs on the basis of a risk assessment addressing the individual circumstances of the Company, in particular the foreign bribery risks facing the Company, including, but not limited to, its geographical organization, interactions with various types and levels of government officials, industrial sectors of operation, involvement in joint venture arrangements, importance of licenses and permits in the company’s operations, degree of governmental oversight and inspection, and volume and importance of goods and personnel clearing through customs and immigration.
5. Annual Review. A Company should review its anti-corruption compliance standards and procedures, including internal controls, ethics, and compliance programs, no less than annually, and update them as appropriate, taking into account relevant developments in the field and evolving international and industry standards, and update and adapt them as necessary to ensure their continued effectiveness.
6. Sr. Management Oversight and Reporting. A Company should assign responsibility to one or more senior corporate executives of the Company for the implementation and oversight of the Company’s anti-corruption policies, standards, and procedures. Such corporate official(s) shall have direct reporting obligations to the Company’s Legal Counsel or Legal Director as well as the Company’s independent monitoring bodies, including internal audit, the Board of Directors, or any appropriate committee of the Board of Directors, and shall have an adequate level of autonomy from management as well as sufficient resources and authority to maintain such autonomy.
7. Internal Controls. A Company should ensure that it has a system of financial and accounting procedures, including a system of internal controls, reasonably designed to ensure the maintenance of fair and accurate books, records, and accounts to ensure that they cannot be used for the purpose of foreign bribery or concealing such bribery.
8. Training. A Company should implement mechanisms designed to ensure that its anti-corruption policies, standards, and procedures are communicated effectively to all directors, officers, employees, and, where necessary and appropriate, agents and business partners. These mechanisms shall include: (a) periodic training for all directors and officers, and, where necessary and appropriate, employees, agents, and business partners; and (b) annual certifications by all such directors and officers, and, where necessary and appropriate, employees, agents, and business partners, certifying compliance with the training requirements.
9. Ongoing Advice and Guidance. The Company should establish or maintain an effective system for:
a. Providing guidance and advice to directors, officers, employees, and, where necessary and appropriate, agents and business partners, on complying with the Company’s anti-corruption compliance policies, standards, and procedures, including when they need advice on an urgent basis or in any foreign jurisdiction in which the Company operates;
b. Internal and, where possible, confidential reporting by, and protection of, directors, officers, employees, and, where necessary and appropriate, agents and business partners, not willing to violate professional standards or ethics under instructions or pressure from hierarchical superiors, as well as for directors, officers, employees, and, where appropriate, agents and business partners, willing to report breaches of the law or professional standards or ethics concerning anticorruption occurring within the company, suspected criminal conduct, and/or violations of the compliance policies, standards, and procedures regarding the anticorruption laws for directors, officers, employees, and, where necessary and appropriate, agents and business partners; and
c. Responding to such requests and undertaking necessary and appropriate action in response to such reports.
10. Discipline. A Company should have appropriate disciplinary procedures to address, among other things, violations of the anti-corruption laws and the Company’s anti-corruption compliance code, policies, and procedures by the Company’s directors, officers, and employees. A Company should implement procedures to ensure that where misconduct is discovered, reasonable steps are taken to remedy the harm resulting from such misconduct, and to ensure that appropriate steps are taken to prevent further similar misconduct, including assessing the internal controls, ethics, and compliance program and making modifications necessary to ensure the program is effective.
11. Use of Agents and Other Business Partners. To the extent that the use of agents and business partners is permitted at all by the Company, it should institute appropriate due diligence and compliance requirements pertaining to the retention and oversight of all agents and business partners, including:
a. Properly documented risk-based due diligence pertaining to the hiring and appropriate and regular oversight of agents and business partners;
b. Informing agents and business partners of the Company’s commitment to abiding by laws on the prohibitions against foreign bribery, and of the Company’s ethics and compliance standards and procedures and other measures for preventing and detecting such bribery; and
c. Seeking a reciprocal commitment from agents and business partners.
12. Contractual Compliance Terms and Conditions. A Company should include standard provisions in agreements, contracts, and renewals thereof with all agents and business partners that are reasonably calculated to prevent violations of the anticorruption
laws, which may, depending upon the circumstances, include: (a) anticorruption representations and undertakings relating to compliance with the anticorruption laws; (b) rights to conduct audits of the books and records of the agent or business partner to ensure compliance with the foregoing; and (c) rights to terminate an agent or business partner as a result of any breach of anti-corruption laws, and regulations or representations and undertakings related to such matters.
13. Ongoing Assessment. A Company should conduct periodic review and testing of its anticorruption compliance code, standards, and procedures designed to evaluate and improve their effectiveness in preventing and detecting violations of anticorruption laws and the Company’s anti-corruption code, standards and procedures, taking into account relevant developments in the field and evolving international and industry standards.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at firstname.lastname@example.org.
© Thomas R. Fox, 2010