Reason #1. Ignorance. Some companies don’t discover their own FCPA problems. It sounds improbable, but it happens. The usual scenario is this: One or more employees in a foreign outpost draw cash by manipulating the company’s accounts-payable or expense-reporting system. They use the money to bribe government officials to obtain business for the company. Sometimes it’s one employee in a sales job or government-relations role, or a small group whose pay and bonuses depend on the office’s performance. The expatriate supervisor, if there is one, is crooked or clueless, so the phony accounting and illegal payments remain a local secret.
Reason #2. Silence. When organizations learn of their own FCPA problems, they have a choice — to self-disclose or keep quiet. Public companies ought to be disclosing just about everything these days. Sarbanes Oxley targets illegal conduct anywhere, including overseas bribery. So the number of issuers choosing not to report potential FCPA offenses — both antibribery and books and records violations — should be small. Privately-held companies, however, are more likely to stay silent. That’s most common, we suspect, where founding-family members are still in charge. Sadly for them, someone in the conspiracy of silence usually plays ball with the DOJ to save their own skin. The former insiders — now known as Co-operating Witnesses — can drive a stake through the heart of the organization.
Reason #3. Compliance. How many potential FCPA violations are discovered, self-disclosed to the DOJ or SEC, but never publicized or prosecuted? Nobody on the outside knows the numbers. But here’s what can happen. A compliance-minded organization reports its own potential violation to the feds. At the same time, it submits evidence demonstrating that:
(1) It had an effective compliance program before the problem occurred;
(2) There are no prior offenses;
(3) Although the compliance program didn’t prevent the conduct this time, it detected it quickly;
(4) This was an isolated event — a rogue employee broke the rules for personal gain and not for the company’s sake;
(5) The culprit has already been fired and the company is suing for restitution of misused corporate funds;
(6) Supervision over the problem office has been reorganized and managers replaced;
(7) The company’s compliance program has been reviewed and tweaked to prevent similar incidents from happening;
(8) The company reported the problem to authorities in the U.S. and the host country right away, and is eager to help them with their own investigations; and
(9) Management’s commitment to compliance has never been stronger.
A year goes by, maybe more. One day the company’s lawyers receive a call from the DOJ. It’s off the record. “We’re satisfied justice has been served,” the caller says. “Case closed.”