Which rules does your organization play by in the competitive global marketplace where, in some markets, foreign officials expect to be rewarded for influencing a favorable outcome on matters of importance?
Organizations that are domiciled in, or have securities registered in, the United States, or that are required to file periodic reports with the U.S. Securities and Exchange Commission (SEC) under the Securities and Exchange Act of 1934, must comply with requirements of the Foreign Corrupt Practices Act (FCPA). The FCPA prohibits bribery of foreign officials for purposes of obtaining or retaining business.
The other 29 member countries of the Organization for Economic Cooperation and Development, as well as five other countries, have adopted similar conventions for combating bribery of foreign public officials in international business transactions to level the playing field, essentially, so everyone is playing by the same rules.
Anti-corruption has become a major global initiative, as evidenced by efforts of organizations such as the World Trade Organization (WTO), European Union, Organization of American States, Association of Southeast Asian Nations, Caribbean Community and African Union, among others, to require their members to address it. Still, it is naive to expect that legislators, regulators, international trade organizations and other parties can eradicate customs and behaviors that have evolved over many centuries. This issue of The Bulletin focuses on the management of corruption risk and uses the FCPA as a framework for this discussion.
Why should we care?
Over time, only the affluent can afford the cost of influence payments. The practice compromises the fundamental rules of fair play. Corruption leads to inefficiencies in the distribution of goods and services because the procurement attributes around quality, timeliness and lowest cost take a back seat to the expectation of illicit payments. Such graft often leads to waste, despair and lost confidence as a government’s ability to provide basic services and attract foreign investment is undermined, especially in developing countries.
From a business perspective, corruption is much more than a morality play and a national policy issue that threatens public confidence in the integrity of business activities. In some countries, noncompliance has become a life-and-death matter. In China, for instance, government officials have been executed for taking bribes in other countries.
Corruption can also cost companies, and their shareholders, a great deal of money. For example, under the FCPA antibribery provisions, corporations and other business entities are subject to fines of up to $2 million. Officers, directors, shareholders, employees and agents are subject to fines of up to $100,000 and imprisonment for up to five years. The U.S. Department of Justice has pointed out that under the Alternative Fines Act the actual fines may be higher. In fact, the total fine may be up to twice the benefit that the defendant sought to obtain by making the corrupt payment. Even the largest companies can end up feeling the pain.
There are other potential penalties as well. First, there is the threat of disgorgement of profits from the business obtained through illicit payments. Second, the firm’s right to do business with the U.S. government could be suspended – a significant penalty for many large companies. While examples of this extreme consequence are rare, the threat nonetheless exists. In addition – and not surprisingly – payments made to a foreign government official that are unlawful under the FCPA cannot be deducted under the tax laws as business expenses.
As if all of this is not enough to think about, there is another consideration: Perpetrating employees must face the consequences of their actions on their own since fines imposed on individuals cannot be paid by their employer. As noted earlier, the employees can also incur considerable jail time for their actions.
In December 2008, Munich-based Siemens AG and three of its subsidiaries agreed to pay more than $800 million in fines to settle long-standing corruption charges in the United States and another 395 million euros (over $500 million) to European authorities for making payments to secure business. These costs do not include the price of legal advice and the accounting fees supporting forensic investigations of the illegal activity. (These additional costs can be substantial.)
An investigation commissioned by Siemens found evidence of corruption violations across the company and in several countries. Siemens sued two former chief executives and nine other former executives for alleged supervisory failings in its corruption scandal. These developments can be embarrassing to an organization, not to mention costly to its shareholders and reputation.
What is required?
U.S. Department of Justice investigations involving the alleged bribery of foreign officials by U.S. organizations are on the rise. At the same time, penalties and disgorgements associated with FCPA violations have escalated dramatically. While it is a significant challenge for any company to prevent every instance of bribery or corruption, compliance with the FCPA is nonetheless required.
The FCPA has two sets of key provisions. The so-called “books and records” provisions set forth requirements to “make and keep books, records, and accounts, which, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the issuer.” They impose criminal liability on those individuals who “knowingly circumvent” or “knowingly fail” to implement a system of internal accounting controls or “knowingly falsify any book, record, or account.”
In accordance with the FCPA, issuers must design and maintain a system of internal accounting controls sufficient to provide reasonable assurances that certain objectives are achieved, including (a) executing transactions in accordance with management’s authorization, (b) recording transactions as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles and maintain accountability for assets and (c) permitting access to assets only in accordance with management’s authorization. The purpose of these accounting provisions is to make it difficult for organizations to use so-called off-the-books “slush funds” to hide corrupt payments.
The “anti-bribery” provisions make it unlawful to bribe foreign officials in order to obtain or retain business. Because so few FCPA cases have been litigated, the interpretation of the law comes primarily from settled enforcement actions against companies and individuals. In its “lay-person’s guide,” available at www.usdoj.gov/criminal/fraud/fcpa/, the U.S. Department of Justice provides a general explanation of these provisions. According to the guide, five key elements must be met to constitute a violation of the FCPA:
- A Perpetrator – The FCPA potentially applies to any individual, firm, officer, director, employee or agent of a firm and any stockholder acting on behalf of a firm. Individuals and firms also may be penalized if they order, authorize or assist someone else to violate the anti-bribery provisions or if they conspire to violate those provisions. U.S. parent corporations may be held liable for the acts of foreign subsidiaries where they authorized, directed or controlled the activity in question, as can U.S. citizens or residents who were employed by or acting on behalf of such foreign-incorporated subsidiaries.
- A Corrupt Intent – The person making or authorizing the payment must have a corrupt intent to induce the recipient to misuse his or her official position to direct business wrongfully to the payer or to any other person. The emphasis on “intent” means the FCPA does not require that a corrupt act succeed in its purpose. The offer or promise of a corrupt payment, by itself, can constitute a violation of the statute. Regarding payments to foreign officials, the FCPA draws a distinction between bribery and “grease payments,” which may be permissible under the FCPA, but may still violate local laws. The primary distinction here is that grease payments are made to an official to expedite or facilitate his or her performance of the duties he or she is already obligated to perform. This fine distinction is one that obviously warrants advice of legal counsel. As discussed further below, such payments may be illegal in some countries.
- A Payment or an Offer to Pay – The FCPA prohibits paying, offering or promising to pay (or authorizing to pay or offer) money or anything of value.
- A Recipient – The FCPA prohibition extends only to corrupt payments to a foreign official (regardless of rank or position), a foreign political party or party official, or any candidate for foreign political office. A “foreign official” means any officer or employee of a foreign government, a public international organization, or any department or agency thereof, or any person acting in an official capacity. For example, such officials or officers may work for government-owned banks, or may be physicians and laboratory employees of government-owned hospitals, or even engineers of state-owned oil companies. The prohibition also runs to corrupt payments through intermediaries knowing that all or a portion of the payment will go directly or indirectly to a foreign official. In this context, the term “knowing” includes conscious disregard and deliberate ignorance. Therefore, companies using agents and other representatives in foreign countries must take appropriate steps to maintain knowledge of those agents’ and representatives’ activities.
- A Business Purpose – The FCPA prohibits payments made in order to assist the firm in obtaining or retaining business for or with, or directing business to, any person. The U.S. Department of Justice interprets “obtaining or retaining business” broadly, such that the term encompasses more than the mere award or renewal of a contract.
As noted above, there are exceptions to the FCPA antibribery provision for “facilitating payments for routine governmental action.” Such routine actions include: obtaining permits, licenses or other official documents; processing governmental papers, such as visas and work orders; providing police protection, mail pickup and delivery; providing phone service, power and water supply, load-
ing and unloading cargo, or protecting perishable products; scheduling inspections associated with contract performance or transit of goods across the country; and other similar actions. “Routine governmental action” does not include any decision by a foreign official to award new business or to continue business with a particular party. Obviously, these matters may not always be black and white and can be subject to interpretation. Furthermore, they may be illegal under the laws of some countries. Failure to record them as facilitation payments would constitute a violation of the FCPA. For these reasons, many companies do not allow facilitating payments under their corporate policy.
Understanding who is considered a “foreign official” can be difficult in today’s global business environment, especially given the investment that many overseas governments have recently made in private industry to help stabilize local economies. It is therefore critical for companies to ensure that those doing business on their behalf are aware of the individuals and organizations categorized in this manner.
In summary, it is unlawful for individuals and organizations to corruptly promise, offer, authorize or pay money or anything of value to a foreign official for the purpose of obtaining, retaining or directing business. As a result, the actions of any individual, firm, officer, director, employee or agent of an organization – as well as any stockholder acting on behalf of an organization – involving a corrupt payment may create potential corruption risk, exposing the organization to regulatory action and liability.
What to look for
Even routine business transactions overseas often give rise to opportunities for the occurrence of corruption risk involving foreign officials. As coordination grows between law enforcement and regulators in an individual country and abroad, local bribe payers are being interrogated to divulge the individuals and companies responsible for facilitating the illegal payments. That information, in turn, is then used for both in-country investigations and prosecutions, and is referred to the appropriate foreign jurisdiction, most notably the United States and European Union, for further prosecution in the responsible company’s home country.
Accordingly, management of multinationals need to be mindful of the warning signs when negotiating business relationships in foreign countries. This is especially important for those organizations – public, private and not-for-profit alike – that conduct business with state-owned or state-controlled entities in the international marketplace.
Listed below are seven broad categories of illustrative questions companies should be asking about their international business activities. While the questions use the FCPA as a construct, any country’s equivalent anti-corruption legislation and regulations can be substituted to provide a countryspecific context. The questions follow:
- Country risk profile:
- What is the cultural, political and regulatory environment of the countries in which you conduct business? Is your organization operating in countries with a history of corruption?
- How much control do you have over your foreign operations? (Note: The more disconnected you are from your foreign representative, the higher your risk of violating the anti-bribery laws. For example, one U.S. company was liable for the acts of a Jordanian company, acting on behalf of a Lebanese company, which was hired by a French subsidiary of the U.S.-based entity.)
- Extent of the due diligence performed on potential foreign business partners and representatives:
- Does your foreign joint venture partner or representative refuse to provide a written certification that it will not take any action in furtherance of an unlawful offer, promise or payment to a foreign public official and not undertake any act that would cause the U.S. firm to be in violation of the FCPA?
- Is there an apparent lack of qualifications or resources on the part of your joint venture partner or representative to perform the services offered?
- Is your joint venture partner or representative related to, or recommended by, an official of the potential governmental customer?
- Do you provide awareness training for foreign partners, agents and other representatives?
- Nature of payments and expenditures in foreign countries:
- What gifts, meals and entertainment are provided to those with whom you do business in overseas markets?
- What charitable donations or political contributions are made “in-country” by your organization and its representatives?
- What types of leasing agreements has your organization arranged in foreign countries?
- Are there unusual payment patterns, unusually high commission structures or special financial arrangements involving your organization or its foreign subsidiaries and related third parties?
- Business model and relationships:
- How does your company transact business in foreign countries? (Note: Sourcing and buying foreign goods in the United States from a U.S. company that imported the goods into the United States is much lower in risk than, say, maintaining sales or marketing offices overseas, selling to state-owned businesses or selling to foreign government agencies. While the first scenario is not without risk, it is normally the least risky of alternative business models. The latter scenarios increase the company’s involvement in a foreign country, which in turn increases corruption risk. The greater the involvement with foreign governments or their instrumentalities, the higher the risk.)
- What is the nature of your business relationships with public international organizations, state-owned business enterprises, foreign governments, foreign municipalities, foreign legislative bodies, foreign political parties and/or royal families?
- Do you hire foreign officials and/or members of their families as employees or contractors?
- Control over cash accounts and books and records:
- How are your organization’s bank accounts, petty cash funds and inventory monitored in non-U.S. locations? What controls are in place with respect to these assets?
- Is there a lack of transparency in expenses or accounting records within your organization and its third-party intermediaries (e.g., joint venture partners, agents, consultants, distributors)?
- Legal, regulatory and contractual matters:
- What business licenses, permits, certifications and inspections are required of your organization in order to conduct business in overseas locations?
- Who has been granted power of attorney for your organization in non-U.S. jurisdictions?
- What terms and conditions do you include in written contracts with related third parties?
- How does your company monitor contract compliance?
- Policy and procedural matters:
- What policies and programs are currently in place to support compliance with the FCPA?
- What training initiatives are currently in place to create and sustain awareness of everyone’s responsibility to comply with the FCPA?
- What process has been established for employees or third-party intermediaries to obtain advice on questionable or sensitive matters involving foreign officials?
While the above questions are not intended to provide a complete diagnostic, answers to them may raise red flags requiring immediate attention of executive management and the board of directors.
Managing FCPA compliance
Firms that paid bribes to foreign officials have been subjected to criminal and civil enforcement actions, resulting in large fines, and suspension and debarment from federal procurement contracting. In addition, their employees and officers have gone to jail. It is not a pretty picture. To avoid such consequences, many firms have implemented detailed compliance programs intended to prevent, deter and detect improper payments by employees and agents. Again, using the FCPA as a context, a robust compliance program and anti-corruption controls typically include:
Board oversight – Proactive understanding of potential corruption risks and oversight of anti-corruption controls or the FCPA compliance program by the board.
Executive management supervision – Coordination and management of the FCPA compliance program by a designated senior executive.
Policies, standards, procedures and reporting mechanisms – Documented “anti-bribery,” “anti-corruption” or “FCPA” policy and standards, along with communication of same to employees. An affirmation procedure requiring that critical employees, vendors and contractors provide written statements that they are in compliance with the requirements of the FCPA. Effective mechanisms for individuals to report criminal conduct, concerns and other complaints involving potential FCPA violations.
Risk assessment and due diligence activities – Risk identification process that includes explicit consideration of the risk of corruption involving foreign officials and employees or agents who operate out of the home country, especially at locations known for unethical business practices. Due diligence of employees, joint venture partners and third-party agents. FCPA compliance language and representations incorporated in all third-party contracts.
Effective internal controls and monitoring – Internal controls for books and records, as well as proper accounting. Active monitoring of anti-corruption controls within financial and operational processes to identify and report potential red flags. Periodic audits of the FCPA compliance program policies, procedures and controls to assess their effectiveness at ensuring compliance at all levels and across the entire organization. Areas of noncompliance and recommended solutions to enhance the organization’s FCPA compliance reported to senior management and to the board. Critical transactions, such as those related to consulting services, reviewed for propriety.
Training and awareness programs – FCPA awareness education and training for employees, third-party agents and consultants conducting business on behalf of the organization out of the home country to ensure they are knowledgeable of the appropriate behavior and legal requirements.
Investigatory and disciplinary mechanisms – Thorough investigation and remediation of reported potential FCPA violations. Disciplinary mechanisms that are consistently enforced for those who violate FCPA compliance policy.
The above elements may be applied to companies domiciled in any country with anti-bribery laws equivalent to the FCPA. Large multinational corporations cannot monitor every transaction of every dollar amount by every employee. However, companies do have a due diligence obligation to establish policies and procedures that provide reasonable assurance the organization is adhering to the provisions of the anti-corruption laws of the countries in which they are domiciled and to implement adequate systems with sufficient internal controls. In the United States, this includes establishing a compliance program that meets Federal Sentencing Guidelines standards.
Civil and criminal fines stemming from anti-corruption noncompliance can be costly. Firms that paid bribes to foreign officials have been subjected to criminal and civil enforcement actions, resulting in large fines, as well as suspension and debarment from federal procurement contracting. Their employees and officers also have gone to jail. In addition, reputation damage due to negative media attention can devastate the bottom line and impair shareholder value.
To avoid such consequences, many firms have implemented detailed compliance programs intended to prevent, deter and detect improper payments by employees and agents. It is critical for management to ensure that a robust anti-corruption compliance program, including anti-corruption controls, is in place. A robust program provides a critical “road map” for any organization conducting business in today’s global business environment. Anti-corruption compliance and other corresponding internal control capabilities should be considered as part of a holistic strategy to address all issues that could arise from intentional illegal acts within the organization.
Key Questions to Ask
Key questions for board members:
- Are you satisfied the company has assessed its risk of corruption issues by considering such matters as the countries in which it does business, how business is conducted within each of those countries, the level of involvement with government officials, the percentage of gross revenues dependent on business with foreign governments and the manner in which the company is connected to foreign markets?
- Based on the extent of business conducted in a highrisk country, has management assessed the level of exposure if there were corruption violations in that country? (Exposure arises in several forms – for example, disgorgement of all “tainted” gross profits earned from that country, potential fines and penalties, or the loss of the right to do business going forward.) Is the exposure material? Does it make more sense to cease engaging in high-risk business in the country, or to investigate and correct any problems, or to determine with certainty that there are no problems? How material a risk would be posed by the reputational damage associated with public disclosure of paying bribes in the high-risk country?
Key questions for management:
- Does management understand how the organization is exposed to foreign officials in the normal course of business?
- Does the organization conduct due diligence prior to entering into agreements with third parties of foreign countries, especially acquisition candidates?
- Are the company’s anti-corruption controls and compliance program within its financial and operational processes actively monitored by management to identify potential red flags that warrant attention? Is the compliance program periodically audited to ensure compliance at all levels and across the entire organization?
- Periodically, does management identify and prioritize the organization’s key corruption risks? If so, does management use that understanding to enhance the company’s prevention, deterrence and detection capabilities?
Protiviti helps clients address corruption risk by understanding where it can occur and implementing strategies to combat it. Our services include FCPA compliance and education/awareness programs, FCPA compliance audits, FCPA compliance program assessments, corruption/FCPA risk assessments and FCPA investigations. Learn more about Protiviti and read our FCPA Point-of-View, titled “Corruption Risk – Playing By the Rules in a Global Market,” by visiting our website at www.protiviti.com.
The Bulletin (Volume 3, Issue 9)