Paul McNulty, former United States Deputy Attorney General has provided perspective that there are three general areas of inquiry the Department of Justice (DOJ) would assess regarding an enforcement action. First: “What did you do to stay out of trouble? Second: “What did you do when you found out?” and Third: “What remedial action did you take?” He also discusses that as a key component, a company must document its overall compliance efforts.
Former federal prosecutor Stephen Martin, currently the General Counsel of Corpedia, discusses the key component of documentation when he and I speak across the country on current compliance best practices in our World-Check sponsored Foreign Corrupt Practices Act (FCPA) events. To respond to any of these inquiries a company must document what it does for its compliance efforts. However, more than simply the ability to document the results of your company’s compliance efforts is the ability of a company to quickly and efficiently respond to a prosecutor’s request for information in a timely manner.
We recently wrote about the proactive use of the results of your compliance program, as advocated by William Athanas in his article “Demonstrating “Systemic Success” in FCPA Compliance: Identifying and Maintaining Evidence to Respond to Government Investigations . . . Before They Begin.” From this article I derived three key take a ways; which are document, document and then document. If your compliance program does not document its successes there is simply no evidence that it has succeeded. In addition to providing to your company support to put forward to the DOJ, it is the only manner in which to gage the overall effectiveness of your compliance program. Put another way, if you don’t document it, you cannot measure it and if you cannot measure it, you cannot refine it.
One of the mechanisms to help both in your documentation and delivery of this documentation is audit analytics. ACL Services, in a White Paper entitled “Don’t Get Bitten by the FCPA”, advocated the use of audit analytics to assist in creating and accessing the necessary documentation to enable your company to continue to compare and update its compliance program and provides a readily assessable written record to present to any DOJ official.
Another company, Visual Risk IQ, has a software product which performs continuous controls monitoring involving the monitoring of data. This system will enable your company to not only record and analyze a large amount of financial information but will allow you to readily document whether any payments are outside of any established norm. This established norm can be derived from against a businesses’ own standard or an accepted industry standard. Therefore if a payment, distribution or other financial payment, or remuneration into a foreign business partner is outside an established norm, thus creating a Red Flag, such information can be tagged for further investigation and such record is documented and readily accessible.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at firstname.lastname@example.org.
© Thomas R. Fox, 2011