The CEOs, CFOs, COOs and Chief Compliance Officers we meet with are well aware of the FCPA and are working to put in place compliance programs to keep their companies on the right side of the law, but they are not terribly concerned about their own personal exposures. Their logic: If I’m not physically handing over a bag of money to a corrupt government official, I’m clean.
This, of course, is not true. According to this great analysis from Chadbourne & Parke (in pdf here), 53 of the 61 individuals charged with violating the FCPA over the past six years were senior corporate officers, not bag men. Moreover, 8 of these individuals were charged despite committing no direct action in the corrupt act.
Based on our own analysis of hundreds of FCPA cases, meetings with C-level managers and FCPA screening programs implemented around the world, we’ve come up with a five question reality check for senior execs who don’t think they need to worry about their personal exposure to the FCPA:
Is your company doing business in Mexico, Nigeria, Brazil, China or India?
Operations in countries with less mature corporate governance laws/regulations are more likely to create a compliance breach for a multinational firm. It is critical to segment vendors, suppliers and marketing partners on a continuum of high-to-low risk based on their country of origin. China, for example, has seen a 50% increase in vendor, supplier and procurement fraud between 2010 and 2011 according to our annual Global Fraud Report.
Are you in the energy, manufacturing, pharmaceutical, defense or telecom sectors?
Based on total fines and recent enforcement trends, these are the highest risk industries. Since the FCPA was passed in 1977, companies in the Energy sector have been fined $2 billion; Defense and Aerospace contractors have been fined $443 million; Manufacturing firms have been fined $225 million;and Telecom companies have been fined $218 million. The DOJ has also been vocal about its plans to target more Pharmaceutical companies, which currently account for $84 million in total fines.
Do I know what I need to know about who I know?
The nature of emerging market expansion is such that multinationals typically assemble networks of vendors and agents to rapidly put boots on the ground in these regions. Perhaps not surprisingly, subsidiaries, agents and vendors are often a corporation’s weakest link in foreign corruption cases. These corporate outsiders, most of whom were probably not screened or background-checked like full-time employees, need to be vetted.
How can I standardize the process of compliance-checking everyone everywhere all at once?
As every 21st century CEO knows, good systems make good managers. Unfortunately, the process of vetting compliance measures in fast-moving emerging markets has historically been done in an ad-hoc, incomplete fashion with some regions collecting some data on vendors and partners, others collecting altogether different information and others collecting none. To avoid data overload, it is critical to build a systemic approach to fraud risk analysis.
What do I do when I find a violation?
We see this most commonly in the mergers and acquisition process: due diligence will reveal a series of inappropriate payments or other questionable accounting that raises serious red flags. What managers do with this information can be the difference between a reputation for courageous leadership and potential personal liability. History has proven again and again that companies who spot a problem early and self-report it are far less likely to find themselves tangled in a long, painful investigation and, if they do, they are much more likely to avoid major sanctions.