Back in December 2010, we noticed a tweet by Jonathan Marks where he mentioned that he had developed a 13-step action plan for Foreign Corrupt Practices Act (FCPA) compliance programs. We were certainly intrigued by this information but, alas, there was no link to the document or information, so we took the direct approach and DM’d Jonathan to ask if he would be willing to share with us the 13-step action plan, which he was willing to do. So today’s blog will begin with a reminder of the incredible tools that are available to the FCPA compliance practitioner through today’s internet.
I met Jonathan (virtually) through LinkedIn and his hosting of the LinkedIn group ‘Fraud Pentagon.’ Through his profile I was able to discover Jonathan’s interesting professional journey, he is the Partner In-Charge of the Fraud, Ethics and Anti-Corruption practice at Crowe Horwath and has worked with the US Attorney’s office, the FBI, the IRS Criminal Investigation Division and US Customs officials during his career. Jonathan has also served as the Chief Audit Executive at several public companies and is a Certified Public Accountant, Certified Fraud Examiner and is certified in financial forensics.
I spoke to Jonathan to find out how he developed this plan and he told us that from his meetings with clients on the issue of compliance over the years, he wanted to develop a non-legalistic approach that he could easily convey to clients. So he studied the available literature, talked to others in the compliance arena and sought counsel from US government agencies tasked with enforcing the FCPA to come up with a framework by which a company could review its FCPA compliance program, assess where the program is in terms of best practices, and then use the same action plan as a guide for implementing some or all of the best practices.
Jonathan’s 13-step action plan includes the following:
1. Assisting in obtaining top-level commitment from boards and senior executives, setting the “tone from the top”
2. Executing a Corruption and Bribery Risk assessment that drives the compliance program and modifies it accordingly
3. Improving/Strengthening Internal Controls
4. Structuring and Defining Roles & Responsibilities
5. Performing Risk-based Third Party Due Diligence
6. Developing Clear, Practical, Current and Accessible Policies and Procedures
7. Documenting a Detailed Multi-year Compliance Plan
8. Defining Appropriate Disciplinary Procedures
9. Ensuring Robust Monitoring and Review (Utilizing Internal Audit)
10. On-going Training
11. Violation Reporting System is in Place and Multi-lingual
12. Reviewing Ancillary Risk Mitigation Procedures
13. Performing Independent Compliance Program Testing Annually
During our phone conversation, Jonathan indicated that while his 13-step action plan was designed with the FCPA in mind, it is also a solid basis for any company to use when reviewing, creating or implementing an “adequate procedures” program under the UK Bribery Act. Jonathan also shared with us some of the literature and references he had used to put his 13-step action plan together. These included the US Sentencing Guidelines, the OECD Good Practices, blog postings and articles discussing best practices and information he had gleaned from attending seminars and conferences. We applaud Jonathan for developing his action plan and making it available for discussion in our blog. We hope that it can be of assistance to the FCPA compliance practitioner.
We also want to take this opportunity to emphasize the wealth of material which is available, at no charge, to the FCPA compliance practitioner. The genesis of this posting came through Twitter, which has an active group of FCPA compliance and ethics professions tweeting throughout the day. We have also been able to obtain a large amount of helpful material through joining only a portion of the LinkedIn groups which discuss issues related to the FCPA compliance practitioner; which include: FCPA – Foreign Corrupt Practices Act – Anti-Corruption Compliance Group; Society of Corporate Compliance and Ethics (SCCE); Dow Jones Risk & Compliance; Anti-Corruption Professionals; AML, FCPA, and Investigative Due Diligence Thought Leadership; The Forum for Chief Compliance Officers and Chief Risk Officers and Anti-Corruption Compliance Asia. This list is by no means complete but is a small sample of what is available to you and sometimes you are able to meet like-minded professionals such as Jonathan Marks.
Jonathan Marks can be reached via email at email@example.com and phone at 267-261-4947.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at firstname.lastname@example.org.
© Thomas R. Fox, 2011