One of the least understood aspects of anti-corruption compliance outside the compliance community is that perfection isn’t required. Compliance involves people, and whenever people are involved, things get messy. Compliance professionals know it and so do the feds.
None of the federal guidance for anti-bribery compliance mandates a perfect score. Instead, what’s required are compliance programs that can help prevent FCPA violations, and if violations happen, can help detect, remediate, and report them.
There’s a world of difference between a compliance program that’s required to prevent FCPA violations and one that can help prevent violations. A program required to prevent violations would be successful only if it prevents all violations. A program that can help prevent violations can still be successful even if violations occur.
The can help prevent formulation comes from the DOJ-SEC FCPA Resource Guide – the best primary resource for compliance professionals.
A company’s compliance and ethics program can help prevent, detect, remediate, and report misconduct, including FCPA violations, where it is well-constructed, effectively implemented, appropriately resourced, and consistently enforced.
For federal prosecutors, primary resources about compliance include the DOJ’s Evaluation of Corporate Compliance Programs, the Justice Manual (the handbook for U.S. Attorneys), and the U.S. Sentencing Guidelines.
They all make it clear that not even the best compliance programs can or will prevent all FCPA violations, and therefore not all violations should lead to prosecutions.
Here’s guidance to prosecutors from the DOJ’s Evaluation of Corporate Compliance Programs under the question: Does the Corporation’s Compliance Program Work in Practice? It cites both the Sentencing Guidelines and the Justice Manual:
[I]t is important to note that the existence of misconduct does not, by itself, mean that a compliance program did not work or was ineffective at the time of the offense. See U.S.S.G. § 8B2.1(a) (“[t]he failure to prevent or detect the instant offense does not mean that the program is not generally effective in preventing and deterring misconduct”). Indeed, “[t]he Department recognizes that no compliance program can ever prevent all criminal activity by a corporation’s employees.” JM 9-28.800.
So, stuff happens. Of course, recurring violations might mean a compliance program is faulty. In real life, though, not even the greatest compliance program can guarantee zero violations.
And here’s my point. When compliance professionals are talking to each other, they understand all that. Nothing I’ve said up to now would come as a surprise to them.
But people from outside compliance — in the C-suite and boardroom — might have unrealistic expectations. They might expect the compliance program to prevent all FCPA violations. So that when violations happen, they’ll blame their compliance officers and compliance program even when the feds wouldn’t.
That’s why an ancillary but important task of compliance leaders should be to bring expectations down to earth. Without making excuses in advance or blaming problems on others, they can lay out real versus unreal expectations. They can explain the difference between compliance programs required to prevent all FCPA violations and programs that can help prevent FCPA violations.
Everyone hopes FCPA violations won’t happen. But if they do happen, the unpleasant aftermath will be more manageable when executives and directors start out with realistic expectations about what compliance officers and their programs can and can’t do.
Comments are closed for this article!