V.S. Naipaul died last week. He was a Trinidadian born grandson of Indian indentured servants sent to the island to work in the sugar plantations. From those humble beginnings, Naipaul rose to the heights of the literary world, winning the Nobel Prize for Literature in 2001. While Naipaul drew some criticism for his harsh and perhaps cruel portrayal of colonials in the British Empire, his fiction opened up a world for me as a Southerner which I was familiar. Rachel Donadio, writing his obituary in the New York Times (NYT), said of Naipaul, he “documented the migrations of peoples, the unraveling of the British Empire, the ironies of exile and the clash between belief and unbelief in more than a dozen unsparing novels and as many works of nonfiction.” The priorities in his work were multi-faceted.

The first Naipaul novel I read was his “fourth novel, “A House for Mr. Biswas” (1961). Set in Trinidad, it is the story of a middle-aged journalist’s efforts to free himself of his dependence on his wife’s wealthier, domineering family and lay claim to his own corner of the world.” The most memorable novel to me was his 1971 work for which he won the Booker Prize, “In a Free State”,  a three-part “novella about a gay English civil servant and a “compound wife” who take a road trip through an unnamed African country that closely resembles Idi Amin’s Uganda.” Naipaul later turned to non-fiction with equal greatness. His book “Among the Believers” was a long form study of four non-Arab, Islamic countries, in which he explored these questions, “To what extent had “people who lock themselves away in belief shut themselves away from the active, busy world?” “To what extent without knowing it” were they “parasitic on that world”? And why did they have “no thinkers to point out to them where their thoughts and their passion had led them?””

Naipaul’s work was provocative but useful and perhaps even necessary to help understand the post-colonial world, certainly from the British perspective. While not as provocative but certainly very useful was a recent article by Valerie Charles, writing in a SCCE Magazine piece entitled “Making the most of the FCPA Corporate Enforcement Policy”. I was interested in Charles’ article from the perspective of the topic Mike Volkov will discuss in an upcoming Everything Compliance podcast, (Episode 32 to be released on August 16). In it, Volkov said the new FCPA Corporate Enforcement Policy was the product of several years of evolution by the Department of Justice (DOJ) both in terms of its thinking and through the DOJ’s experience in investigating and enforcing the Foreign Corrupt Practices Act (FCPA). Charles’ approach seemed to draw inspriation from this DOJ approach to enforcement but in a different direction, that of corporate enforcement programs.

Charles identified five priorities from the new FCPA Corporate Enforcement Policy to have a more fully operationalized and more effective compliance program. More importantly these five priorities will help you take advantage of the new FCPA Corporate Enforcement Policy if your company finds itself under investigation. Charles said using these will allow a Chief Compliance Officer (CCO) to “embrace the [new FCPA] Corporate Enforcement Policy to the fullest extent.” Her five priorities are as follows.

Make risk assessments contextual

Charles believes your risk assessment should turn, in large part, on “where and how” your organization does business. Do you sell through third parties such as agents or distributors? Or do you sell through an employee salesforce? Both sales channels present risks but those risks are different. Charles stated, “For example, if the company relies heavily on third parties in emerging markets, it should know which parties are the most at risk for corruption. Or, if the company has decentralized approvals for spending, it should know which executives handle transactions in high-risk markets.”

Make the connection between risks and policies, procedures and controls

It is axiom that compliance is an interplay between policies, procedures and controls. Charles’ insight is that it must be tied to the risk your organization faces. If your sales model is third party based, how robust is your due diligence? How many levels of third parties down does your due diligence go; does it go to the sub-agent level? Do you perform updated due diligence? In the recent Panasonic Avionics FCPA enforcement action, this was the issue that neither the company nor its due diligence provider performed any follow up due diligence on the company’s third parties to see if new sub-agents had been created. If, however, your company has its own sales force, what protections are in place around employee reimbursements, gift-giving or charitable donation, all hidden under the ubiquitous ‘marketing expense’ line item?

 Cooperate fully

Obviously, this is a key requirement from the DOJ. Yet here Charles is focusing on your compliance program and its readiness to provide this full and thorough cooperation in turning over all the facts. Charles wrote, “the company needs strong policies for litigation holds, e-discovery, and data preservation. Even if the investigation itself is done by auditor or outside counsel, the compliance program must foster an environment that supports strong investigation ability.” I would only add that it begins with a mantra of Document, Document, and Document the actions in your compliance program to demonstrate to the DOJ the lack of intent by your organization if some bad actors override internal controls or otherwise violate company policy.

Communicate a strong culture of compliance

Nick Saban has said that the purpose of discipline is to change behavior. This means that your compliance program must have the teeth to strongly and forcefully discipline employees who violate your compliance regime; all the way from the Boardroom to the Shop Floor and everyone in between. It also includes third parties your organization may employee who may be high producers for your company. This means senior management must be committed to compliance through word, deed and action. As Charles noted, “Foremost, a strong culture of compliance leads to what the FCPA Enforcement Policy wants above all: self-disclosure of FCPA violations.”

Find and fix weaknesses

The remedy prong of a tripartite compliance solution (prevent, detect & remediate) has long existed. However, the new FCPA Corporate Enforcement Policy formalized the requirement for a root cause analysis (RCA). This means companies must literally get to the root cause of an issue that became a FCPA violation and not engage in any cosmetic patching. Here Charles wrote, “an effective compliance program (possibly working with Internal Audit, outside counsel, or other advisers) must have a “diagnostic capability” that can lead to new policies, procedures, or controls as warranted.” Once again this means your organization must be prepared not only to respond to the requirements of the new FCPA Corporate Enforcement Policy but more importantly have the underlying structure in place as a part of your compliance program.

Naipaul considered the basis for the British post-colonial experience from the perspective of both the British and their subjects. Charles has laid out not only how the compliance function must respond to reap the benefits of the new FCPA Corporate Enforcement Policy but also, equally important, how your compliance program should be structured should you find yourself in an investigation. It is an excellent insight and one every CCO and compliance practitioner should take to heart and incorporate into their compliance regime.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2018