The shocking news last week about Jack Stanley’s guilty plea teaches again that not all FCPA violations can be prevented. No compliance program or compliance training would have kept Mr. Stanley on the right side of the law. Leaders with bad intentions — with criminal intent — can always find a way to cheat, and putting a compliance program in their path won’t help.
But Jack Stanley isn’t a typical company leader. Unlike him, most want to comply with the FCPA. They want to stay in their jobs and out of jail. They want to protect their companies and the people in them. They want to be proud of the way they do business. For the overwhelming majority of executives, compliance is the goal and compliance training is the tool — because it works.
That’s why regular, repeated training is required for an effective compliance program. The 2005 Federal Sentencing Guidelines say:
The organization shall take reasonable steps to communicate periodically and in a practical manner its standards and procedures, and other aspects of the compliance and ethics program, to the individuals [responsible for compliance] by conducting effective training programs and otherwise disseminating information appropriate to such individuals’ respective roles and responsibilities.
The Sentencing Guidelines don’t dictate content or format. That’s up to each organization. But the objective is clear: make sure everyone knows what the Foreign Corrupt Practices Act says, requires and prohibits, and do that through training.
Aside from filling heads with knowledge, training sessions sometimes start a dialogue with weird surprises. Schnitzer Steel Industries Inc., the story goes, learned about its public bribery problem after an employee came back from a company-sponsored FCPA training course. He told his supervisors that he and his co-workers were doing all the things the trainers just said were illegal. That triggered Schnitzer’s internal investigation, which led finally to a company clean-up and a favorable settlement with the government.
During training sessions, it’s best if senior executives are part of the program. They can tell everyone face-to-face that the company really and truly expects 100% compliance. No kidding. And if someone decides on their own not to follow company policy but instead to do something illegal, then they’ll likely end up unemployed and facing the full wrath of the law.
Employees working outside the U.S. are especially susceptible to the notion that more sales are always the goal. They need to hear that the first priority is compliance — and that sales landed illegally aren’t wanted. A general counsel told us last month that her CEO often says he isn’t interested in being in a market where the company can’t operate legally. The CEO has stayed out of at least one rich but dicey African country, sending his compliance message to everyone, loud and clear.
One more thing. FCPA training doesn’t need to be elaborate to be effective. In fact, sometimes less formal settings produce the best results. Even the Federal Sentencing Guidelines say organizations, especially smaller ones, can train employees “through informal staff meetings, and monitoring through regular ‘walk-arounds’ or continuous observation while managing the organization.” In other words, effective FCPA training can be woven into the fabric of the organization. That, after all, is the hallmark of a real compliance culture.
We hear from managers, sales people, engineers and others about the daily pressure in the marketplace to win. The temptation to take shortcuts is always huge. Jack Stanley couldn’t resist. But most people want to stay straight. They want to avoid hurting themselves, their families, colleagues and companies. Compliance training helps them do that.
View Chapter 8 – PART B – §8B2.1. (“Effective Compliance and Ethics Program”) of the 2005 U.S. Federal Sentencing Guidelines here.
.
1 Comment
There seems to be an ongoing debate about the usefulness of FCPA compliance programs in avoiding corporate liability for violations. On the one hand, it is true that some court decisions have applied the doctrine of respondeat superior to allocate FCPA liability to the employer, notwithstanding its establishment of a compliance program. On the other hand, there is the hard-to-quantify belief that some companies which have avoided a full-blown prosecution may have used the presence of a robust corporate compliance program to do so by proving that the employee was truly a “rogue”.
It seems to me that there at at least two ways that an FCPA compliance program reduces the risk of prosecution. One is the impact in negotiations, after a voluntary disclosure is made. “We establish policies, we establish controls (including but not limited to training), we test- and we found a violation, which we are reporting” is a much better posture than being told by the government that you have a violation.
But the second way that the program helps is prophylactic. Interviews with staff of some of the headline FCPA violators show that they worked in a culture which viewed corruption in developing countries as “just the way of the world”. If management signals “that’s how the game is played in Ruritania”, the chances of an employee playing the corruption game are vastly increased. A publicized anti-corruption compliance program posts a message that such activity is discouraged. While employees don’t necessarily believe all such corporate messages, this should at least create enough of a question about what management really wants to provoke the employee to ask.
The big FCPA prosecutions have involved schemes that- for better or worse- required significant team commitment. Sales/Marketing, budgeting, finance, accounting, probably legal, all need to work together to create and hide a large program of corrupt payments in a public company. If one or two players stop and ask “Does management really want us to do this?”, it should be possible to avoid the sort of train wrecks that lead to the large FCPA prosecutions.
The lesson, I believe, is to use a robust FCPA/ anti-corruption compliance program to create and publicize the culture that keeps the firm out of the problem in the first place.
James Rouen
FCPA Compliance Head
Citigroup
These observations are my own and are not necessarily the opinion of my employer
Comments are closed for this article!