Ed. Note-today we present a guest post from our colleague, Michael Volkov, Partner, Mayer Brown LLP
With Department of Justice officials ginning up DOJ’s aggressive enforcement of the Foreign Corrupt Practices Act, and the impending effective date of the UK Bribery Act, companies are scrambling to revise their compliance programs to address anti-corruption risks. DOJ’s message has been heard loud and clear: companies know they have to review their compliance programs and make sure they are effective.
For those companies wondering how to design and implement an anti-corruption compliance program, DOJ has provided a basic outline of the basic elements of a program. DOJ’s guidance adds to the principles outlined in the US Sentencing Guidelines. The legal and consulting community have welcomed DOJ’s guidance.
Companies can start with DOJ’s basic checklist. Of course, the specific design of the program will depend on numerous factors such as the company’s risk profile, the countries in which the company operates, and the nature and extent of interactions with foreign government officials. The programs should differ based on the company culture and the specific circumstances in which they operate. Cookie-cutter compliance programs should be avoided and are a recipe for disaster. DOJ attorneys see through them in a nanosecond as empty promises.
Companies should take their time in designing and implementing a compliance program. The entire program can take a year or even more to implement completely, depending on the size of the company. There is no need to rush and implement a program without carefully considering each element. It is okay to roll out elements in stages. Also, there is no need for companies to compete amongst themselves as to which company has the “best” compliance program. All too often, I hear from one company asking if they should change their policy because they “heard” that another company is applying a more stringent rule, particularly in the area of gifts, hospitality, or entertainment.
Compliance programs should not be designed in a vacuum or follow some rote formula. Of course, lawyers tend to seek and recommend “safe harbors.” Lawyers and other compliance professionals need to take a business practical approach. What does that mean? It means learning the company’s business operations, the needs of the sales and accounting staff, and the overall management structure, so that compliance can occur at the same time that business expands.
The key to an effective program is not just “a tone from the top” but extends to “buy-in” from the company. Compliance officials need to develop a working relationship with employees, and not an adversarial one. If lawyers and compliance staff are seen as problem solvers, figuring out a way to fix a deal or make it work, while flexibly meeting legal requirements, sales personnel will be more inclined to come back and seek help again.
Systematic breakdowns in compliance programs resulting in the mega enforcement cases against companies reflect a complete failure of compliance – one element of which is the absence of any “buy-in” or consistent communications between lawyers and compliance officers and business people in the company. With a new business practical approach, such results can be avoided.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The editor of this blog can be reached at firstname.lastname@example.org.