In our most recent posting, we discussed the Non-Prosecution Agreement (NPA) entered into by the Department of Justice (DOJ) and RAE Systems Inc., on December 10, 2010. In this NPA, RAE agreed to pay a criminal penalty of $1.7 million to the DOJ and in an agreement with the SEC to pay $1,147,800 in disgorgement and $109,212 in prejudgment interest. RAE also “accepted responsibility for violating the internal controls and books and records provisions of the FCPA arising from and related to improper benefits corruptly paid by employees” of two RAE joint ventures in China. In addition to the financial fines and penalties agreed to by RAE, it agreed to implement a corporate compliance program to address the deficiencies in its internal controls, policies and procedures which led to or allowed the violations of the Foreign Corrupt Practices Act (FCPA). This post will review the Corporate Compliance Program which RAE agreed to enter into and discuss the factors detailed in the NPA which allowed RAE to escape the implementation of a Deferred Prosecution Agreement (DPA).
The Corporate Compliance Program is found on Appendix B to the NPA. In addition to the FCPA compliance policies and procedures specific to RAE, this NPA provides to the FCPA compliance practitioner significant information on the most current DOJ thinking on what constitutes a best practice FCPA program. Hence, this information is a valuable tool by which companies can assess if they need to adopt new or to modify their existing internal controls, policies, and procedures in order to ensure that their FCPA compliance program maintains: (a) a system of internal accounting controls designed to ensure that a Company makes and keeps fair and accurate books, records, and accounts; and (b) a rigorous anti-corruption compliance code, standards, and procedures designed to detect and deter violations of the FCP A and other applicable anti-corruption laws.
The Preamble to the RAE Corporate Compliance Program notes that these suggestions are the “minimum” which should be a part of a Company’s existing internal accounting controls, which should be designed to ensure that RAE makes and keeps fair and accurate books, records and accounts and that RAE maintain “rigorous” anti-corruption policies, and procedures which should be designed to deter and detect violations of the FCPA “and other applicable anti-corruption laws.”. The RAE Corporate Compliance Program had thirteen points which are:
1. Code of Conduct. RAE should develop and promulgate a clearly articulated and visible corporate policy against violations of the FCPA, including its anti-bribery, books and records, and internal controls provisions, and other applicable foreign law counterparts (collectively, the “anti-corruption laws”), which policy should be memorialized in a written compliance code.
2. Tone at the Top. RAE will ensure that its senior management provides strong, explicit, and visible support and commitment to its corporate policy against violations of the anti-corruption laws and its compliance code.
3. Anti-Corruption Policies and Procedures. RAE should develop and promulgate compliance standards and procedures designed to reduce the prospect of violations of the anti-corruption laws and RAE’s compliance code, and RAE should take appropriate measures to encourage and support the observance of ethics and compliance standards and procedures against foreign bribery by personnel at all levels. These anti-corruption standards and procedures shall apply to all directors, officers, and employees and, where necessary and appropriate, outside parties acting on behalf of RAE in a foreign jurisdiction, including, but not limited to, agents and intermediaries, consultants, representatives, distributors, teaming partners, contractors and suppliers, consortia and joint venture partners (collectively, “agents and business partners”), to the extent that agents and business partners may be employed under RAE’s corporate policy. RAE shall notify all employees that compliance with the standards and procedures is the duty of individuals at all levels of the company. Such standards and procedures shall include policies governing:
b. hospitality, entertainment, and expenses;
c. customer travel;
d. political contributions;
e. charitable donations and sponsorships;
f. facilitation payments; and
g. solicitation and extortion.
4. Use of Risk Assessment. RAE should develop these compliance standards and procedures, including internal controls, ethics and compliance programs, on the basis of a risk assessment addressing the individual circumstances of RAE, in particular the foreign bribery risks facing RAE, including, but not limited to, its geographical organization, interactions with various types and levels of government officials, industrial sectors of operation, involvement in joint venture arrangements, importance of licenses and permits in the company’s operations, degree of governmental oversight and inspection and volume and importance of goods and personnel clearing through customs and immigration.
5. Annual Review. RAE should review its anti-corruption compliance standards and procedures, including internal controls, ethics and compliance programs, no less than annually, and update them as appropriate, taking into account relevant developments in the field and evolving international and industry standards, and update and adapt them as necessary to ensure their continued effectiveness.
6. Sr. Management Oversight and Reporting. RAE should assign responsibility to one or more senior corporate executives of RAE for the implementation and oversight of RAE’s anti-corruption policies, standards, and procedures. Such corporate official(s) shall have direct reporting obligations to RAE’s Legal Counsel or Legal Director as well as RAE’s independent monitoring bodies, including internal audit, the Board of Directors, or any appropriate committee of the Board of Directors, and shall have an adequate level of autonomy from management as well as sufficient resources and authority to maintain such autonomy.
7. Internal Controls. RAE should ensure that it has a system of financial and accounting procedures, including a system of internal controls, reasonably designed to ensure the maintenance of fair and accurate books, records and accounts to ensure that they cannot be used for the purpose of foreign bribery or concealing such bribery.
8. Training. RAE should implement mechanisms designed to ensure that its anti-corruption policies, standards and procedures are communicated effectively to all directors, officers, employees, and, where necessary and appropriate, agents and business partners. These mechanisms shall include: (a) periodic training for all directors and officers, and, where necessary and appropriate, employees, agents, and business partners; and (b) annual certifications by all such directors and officers, and, where necessary and appropriate, employees, agents, and business partners, certifying compliance with the training requirements.
9. Ongoing Advice and Guidance. RAE should establish or maintain an effective system for:
a. Providing guidance and advice to directors, officers, employees, and, where necessary and appropriate, agents and business partners, on complying with RAE’s anti-corruption compliance policies, standards and procedures, including when they need advice on an urgent basis or in any foreign jurisdiction in which RAE operates;
b. Internal and, where possible, confidential reporting by, and protection of, directors, officers, employees and, where necessary and appropriate, agents and business partners, not willing to violate professional standards or ethics under instructions or pressure from hierarchical superiors, as well as for directors, officers, employees and, where appropriate, agents and business partners, willing to report breaches of the law or professional standards or ethics concerning anticorruption occurring within the company, suspected criminal conduct, and/or violations of the compliance policies, standards and procedures regarding the anticorruption laws for directors, officers, employees and, where necessary and appropriate, agents and business partners; and
c. Responding to such requests and undertaking necessary and appropriate action in response to such reports.
10. Discipline. RAE should have appropriate disciplinary procedures to address, among other things, violations of the anti-corruption laws and RAE’s anti-corruption compliance code, policies and procedures by the Company’s directors, officers and employees. RAE should implement procedures to ensure that where misconduct is discovered, reasonable steps are taken to remedy the harm resulting from such misconduct, and to ensure that appropriate steps are taken to prevent further similar misconduct, including assessing the internal controls, ethics and compliance program and making modifications necessary to ensure the program is effective.
11. Use of Agents and Other Business Partners. To the extent that the use of agents and business partners is permitted at all by RAE, it should institute appropriate due diligence and compliance requirements pertaining to the retention and oversight of all agents and business partners, including:
a. Properly documented risk-based due diligence pertaining to the hiring and appropriate and regular oversight of agents and business partners;
b. Informing agents and business partners of RAE’s commitment to abiding by laws on the prohibitions against foreign bribery, and of RAE’s ethics and compliance standards and procedures and other measures for preventing and detecting such bribery; and
c. Seeking a reciprocal commitment from agents and business partners.
12. Contractual Compliance Terms and Conditions. RAE should include standard provisions in agreements, contracts and renewals, thereof, with all agents and business partners that are reasonably calculated to prevent violations of the anticorruption laws, which may, depending upon the circumstances, include: (a) anticorruption representations and undertakings relating to compliance with the anticorruption laws; (b) rights to conduct audits of the books and records of the agent or business partner to ensure compliance with the foregoing; and (c) rights to terminate an agent or business partner as a result of any breach of anti-corruption laws, and regulations or representations and undertakings related to such matters.
13. Ongoing Assessment. RAE should conduct periodic review and testing of its anticorruption compliance code, standards and procedures designed to evaluate and improve their effectiveness in preventing and detecting violations of anticorruption laws and RAE’s anti-corruption code, standards and procedures, taking into account relevant developments in the field and evolving international and industry standards.
The information provided in this Corporate Compliance Program provides the FCPA compliance practitioner and any company assessing its FCPA compliance program with the DOJ’s most current thinking on FCPA compliance best practices. A professional third party assessment of your company’s FCPA compliance program, using this format as a guide, would be a very strong first step to put your company into the mainstream of FCPA compliance and hopefully prevent or quickly detect and then remedy any FCPA compliance issue which might arise. As demonstrated by the relatively minor fine and penalty assessed against RAE, the benefits can be significant.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at firstname.lastname@example.org.
© Thomas R. Fox, 2010