Last month, the Criminal Division of the U.S. Department of Justice and the Securities and Exchange Commission published their long-awaited Resource Guide to the U.S. Foreign Corrupt Practices Act.
At 120 pages, this document is intended to assist companies to navigate seemingly arbitrary rules around what does and does not constitute legal behavior when dealing with overseas business practices. I have discussed it with a number of compliance departments and, on the whole, it has been well received by those who have read it. But since the FCPA is decades-old, why is it only now that this guide has been published? One theory is that the guide is intended to serve as a reminder that enforcement is still in fashion.
Hypothetical and real scenarios are played out in the document. Take for example the obvious case of the New Jersey telecommunications company who paid for 315 trips for Chinese officials to engage in “training” and “factory inspections” at its U.S. facilities. Gifts and payments for business trips are not prohibited under FCPA, but the company has no facilities in Hawaii, Las Vegas or Disney World. It strangely spent $670,000 on these vital exercises.
There’s also the case of an engineering firm who has won a contract to supply goods and services to an electricity company owned by a foreign government. Around the same time, the General Manager of the electricity company had just been married and so the supplying company bought a vase as a wedding gift. This is not prohibited, provided that the purchase and donation is clearly documented and accounted for. There are far more complex scenarios in the guide than these, so I get the impression that the SEC is playing ball and trying to help.
How would this help an analytics program? Well, for one thing, the guide actually does help to identify rules more clearly, meaning that analytics could be more focused. This would result in fewer false-positives being included in result sets that hitherto would have been kept ‘just-in-case’. This makes follow-up and reporting far more efficient but, more importantly, it really instills confidence in the analytics program if one exists.
One of the best and most obvious examples that I have come across recently needs no guidance from the SEC’s new publication. An executive at a software company selling to the internal audit department of a Saudi Arabian company told me about an interesting conversation with the Chief Audit Executive. The CAE said, “I approve the software purchase, so that’s not a problem. However, the decision on whether to issue a PO will ultimately come from the procurement department. Just make sure you give those guys something good for their trouble…”
Christopher Stewart-Smith is a data analytics consultant for ACL Services, a Vancouver-based technology company that provides audit and risk management software and services.