One of the complaints made about the Department of Justice (DOJ) is that companies are not made aware of the requirements of a best practices compliance program. However, since the summer of 2010, the DOJ has appended to each Deferred Prosecution Agreement (DPA) released an ‘Attachment C’ which lists and provides detail about is current thinking on what it believes to be a minimum best practices compliance program.
Additionally since at least 2004, the DOJ has provided very public guidance on what should compose a best practices compliance program. In Opinion Release 04-02, the DOJ reviewed the proposal by an investment group which was acquiring certain companies and assets from ABB Ltd. Certain assets being acquired by the investment group, ABB Vetco Gray Inc. and ABB Vetco Gray (UK) Ltd., had previously pled guilty to violations of the Foreign Corrupt Practices Act (FCPA).
The investment group desired to protect itself from further liability, to the extent possible, by proposing to the DOJ a comprehensive best practices compliance program. While the DOJ noted that this compliance program was not a shield against future violations, the DOJ would not “intend to take an enforcement action [against the investors] for violations of the FCPA prior to their acquisition from ABB.”
I recently read the components set out in Opinion Release 04-02 and compared then with the recent DPA Attachment C, best practices. I have put together the following chart to compare them.
|04-02 Requirement||13 Point Minimum Best Practices|
||1. Code of Conduct. To ensure against FCPA violations|
|B. Assignment of one or more corporate officials to report to the Compliance Committee of the Board of Directors||6. Senior Management Oversight and Reporting. Assignment of one or more senior corporate executives for implementation & oversight of compliance program and they shall report to Board of Directors.|
|C. Effective communications to shareholders (Private Equity owners) of FCPA training and annual certifications.||8. Training. A company shall effectively communicate compliance program through training and annual certifications.|
|D. Hotline reporting system to report suspected violations.||9(b)-internal and confidential reporting system.|
|E. Appropriate disciplinary procedures for violations of FCPA or compliance policy.||10. Discipline. A company shall institute appropriate disciplinary procedures to address violations compliance policy or ant-corruption laws.|
|F. Procedures to ensure company forms business relationships with reputable and qualified business partners.||No equivalent|
|G. Extensive pre-retention due diligence and post-retention oversight of agents and business partners; maintenance of complete files thereon||11(a) Properly documented risk-based due diligence and regular oversight of agents and business partners.|
|H. Clearly articulated procedures which ensure that discretionary authority is not delegated to persons who the company knows have a propensity to engage in illegal or improper activities.||No equivalent|
|I. A management review committee to monitor agents||No equivalent|
|J. Inclusion of compliance terms and conditions in all agent contracts.||12. Compliance terms and conditions which should be included in every agent agreement|
|K. Financial and accounting procedures designed to ensure that accurate books and records are maintained.||7. Internal controls including financial and accounting procedures which should ensure that the company has accurate and fair books and records, which cannot be used for or conceal bribery.|
|L. Independent audits by outside counsel and auditors at no longer than 3 year intervals to ensure effective compliance program implementation.||5. Annual Reviews. No less than annually, a company should review and update as appropriate to ensure continued compliance program effectiveness. 12. Ongoing Assessment. Period review and testing of compliance program to evaluate it and improve the program’s effectiveness.|
This comparison demonstrates the substantive policies that the DOJ has consistently advocated, since at least 2004. The items which do not have any current equivalents under recent best practices have to do with the FCPA violations of the ABB Vetco Gray entities which the investment group was acquiring. Nevertheless, they are still good suggestions to follow in your company’s compliance program. It is a good idea to review the source material that is available to you. Sometimes to know where to go, you have to know where you have been.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at firstname.lastname@example.org.
© Thomas R. Fox, 2011