It’s the time of year for compliance planning and scheduling. Here are three steps to consider to assure that your organization is meeting its FCPA compliance obligations during 2015.
Step one: Review and update your risk plan. A risk plan should be updated annually. Creating and maintaining an up-to-date and evolving FCPA plan that identifies the current risks and compliance controls of the organization is a vital component in preventing failures.
The plan should specifically describe internal controls in place to prevent, identify and root out bribery and corruption problems and how they function. It should address the key tools of compliance including: communications, in-person and on-line training, policies and procedures, audits, and due diligence.
An effective plan describes manufacturing, sales, logistics, finance, and related activities in sufficient detail to show the basis for organizational policies. The plan should identify where and how vendors are being used to further the organization’s interests outside the U.S., describing how and why your third party compliance protocols are effective.
If acquisitions, joint ventures, partnerships or other new relationships have occurred or are occurring, the plan should address how these new partners are being integrated into the organization’s compliance functions. Using Transparency International rankings as one tool, the risk plan should note how the organization is dealing with bribery and corruption risks in each place where the organization is active, and especially in higher risk geographies.
Step two: Schedule key FCPA compliance activities for the year. Training of employees and key third parties, audits of business units and third parties, pre-acquisition due diligence activities, communications, and third-party due diligence, need to be scheduled for the upcoming year. This often requires coordination among a diverse set of groups in and outside the business, including legal and compliance, sales, logistics, strategic planning, audit, finance, and outside parties including sales agents.
Step three: Focus on higher risk activities and geographies. Our firm recommends that after fleshing out the risk plan and scheduling compliance activities, you take a second look to prevent your “biggest risk” from causing months or years of heartache. For example, if your organization is going to expand or has recently expanded in a high-risk country in Asia, where corruption and bribery are common, it might be time to take a second look at a new plant or a joint venture partner.
It might be appropriate to use some of the following to meet your objectives: in person training of senior management in Asia, scheduling additional audits, raising the level of third-party diligence for sales agents in Asia, and visiting the new facilities to develop insight into the compliance risks that might be present.
Jeffrey Klink is the CEO of Klink & Co., a risk consultancy active in high risk geographies. He is also an adjunct faculty member at the University Of Pittsburgh Katz Graduate School Of Business, for which he created and teaches the first University course on FCPA compliance.