Beyond the Basics: Implementing an Anti-Bribery Program that Works
By Kent Schmidt, Dorsey & Whitney, LLP

The U.S. Foreign Corrupt Practices Act (FCPA), which prohibits commercial bribery of foreign officials around the world, has been a part of the legal landscape for over three decades. With few exceptions, companies engaged in international commerce have responded to its requirements. Individuals charged with compliance responsibilities now realize that their first line of defence is to implement some type of corporate policy prohibiting bribery in connection with commercial transactions.

But recent cases and at least one study raise serious questions concerning just how effective these anti-bribery measures are in preventing commercial bribery. A recent study by an international audit firm (Confronting Corruption: The business case for an effective anti-corruption programme, PricewaterhouseCoopers Report, 2008) revealed that, among the leading international companies surveyed, only 22% of the respondents believed that their company’s anti-corruption program effectively identifies and mitigates the risks of corruption. Confirming this less-than-impressive figure are numerous examples of companies that have been prosecuted for FCPA violations that occurred while a carefully crafted anti-bribery policy sat in the perpetrator’s desk drawer.

Prosecutors are, of course, aware of the shortcomings of most compliance programs. At one time, the government may have been sufficiently impressed with the fact that a company had an anti-bribery policy in place. In today’s environment, the question is not whether the policy exists, but how robust and effective are the company’s ongoing efforts in combating corruption.

Any member of management who intends to move his or her company beyond the basics of anti-bribery efforts to implement a program that really works should ask the following three self-assessment questions.

Question No. 1: Does the Company Culture Have the Aroma of Ethics or the Stench of Corruption?

An effective compliance program is about corporate culture, not merely reciting for employees a list of “dos and don’ts.” Many companies have spent significant resources hiring audit firms and law firms to craft a detailed policy that outlines the prohibitions of the FCPA and similar anti-bribery laws. Unfortunately, they then neglect the equally important task of advancing the broader objective of creating an ethics-oriented culture. Although this is a complex area, what it requires is a simple message that the company embraces transparency in its business activities and will not tolerate questionable sales practices.

Special attention must be given to presenting these concepts in a manner that will be well received. While the core of the FCPA is a prohibitory commandment—thou shalt not bribe foreign officials in thy land in order to obtain their business—the message can be conveyed positively. For example: “this company is not merely against bribery but is for a high standard of integrity in all of its transactions.”

The culture of integrity can be conveyed in conjunction with other messages about the company’s identity and vision. Most companies are not shy about promoting, both internally and externally, positive messages about management’s strong belief in the quality of the company’s products and services. An FCPA compliance message complements such positive statements. For example, such a message could say that, because the company takes pride in the inherent quality of its products and services, it does not need to rely on cheap tricks to attract sales, unlike some less-scrupulous competitors.

Most companies want to be viewed as forward looking rather than stuck in the paradigms of the last century. An anti-corruption message fits with this corporate culture. In this context, the business should be advancing a message that, while shady side-deals between unscrupulous salesmen and greedy government buyers may have been the norm in the past, this company recognizes that today’s shareholders expect a higher level of integrity and transparency, as well as a strong sales performance.

In appropriate contexts, the culture of integrity can be conveyed beyond the company employees and to the marketplace. The message to customers, shareholders and the public is that the company is committed to a business practice that is above reproach and will not embarrass itself or associated entities and individuals with a scandal. Consistently encouraging this corporate culture discourages bad actors on both sides of the fence from pushing the limits and involving the company in a damaging investigation.

These positive messages about corporate culture stand in stark contrast to compliance programs that consist of little more than a two-page anti-bribery policy tucked away in a seldom-read employee handbook. Those companies that fail to promote this positive culture will inevitably succumb to a system in which what matters is the achievement of sales at all costs. Companies should step back from the intricacies of the regulations and abstract discussions of what is and is not prohibited by the FCPA and take in the aroma of the company to determine if a culture of compliance has been achieved.

Question No. 2: Do the Company’s Infrastructures Support the Corporate Culture of Integrity and Transparency in Commercial Transactions?

Of course, it is not enough to have employees committed to the concepts of a culture of integrity—the company must also create an infrastructure that facilitates these goals. There are three basic substructures that must be implemented to effectively advance the goal of FCPA compliance: educating employees; financial controls; and reporting and responding to violations.

Educating Employees: The most important thing to know about educating employees on anti-corruption is that the school of anti-corruption has no graduates—it is an ongoing and continuous process. While certainly every new employee must be informed of the anti-bribery policies and an annual refresher course is usually advisable, the employees should receive regular updates and refresher materials. These ongoing messages keep anti-bribery efforts at the forefront of employees’ minds rather than a distant memory.

One of the most important tasks for an effective compliance officer is to make herself and others aware of the chilling stories that emerge on a regular basis when other companies are caught in a bribery scandal. The only thing that is better than learning from one’s own mistakes is to learn from another’s mistakes. These tragic new accounts can be summarized and used to illustrate what went wrong and why corruption occurred. A company that takes the opportunity to educate and remind employees in this manner is miles ahead of the company that relegates anti-bribery training to a brief mention on the employee’s first day.

Financial Controls: While the anti-bribery component of the FCPA seems to get most of the attention, its twin—the books and records provision—deserves an equal level of respect. The company that is serious about implementing an effective compliance program should employ accounting professionals to regularly conduct a financial audit. This is to confirm that the books and records of the company are being maintained and that there are no red flag indicators of corruption. It is rare that an audit reveals an account labelled “Corruption Fund” or an expense report with the description “bribery payment,” so the inquiry must be thorough and deep with a special emphasis on undocumented marketing expenses, excessive consulting fees and cash transactions. The chief financial officer of the company should sign off on periodic statements confirming that internal and external audits have been completed.

Reporting and Response: The third important substructure of an effective FCPA compliance program relates to reporting and response. What happens when, notwithstanding these and other efforts, something goes wrong? Who is involved and what is their role?

A hypothetical story will illustrate the challenges in this area. Suppose a sales representative has recently joined the company and is adequately trained in the company policies against bribery. After training, she reports for work at a lonely outpost far from the corporation’s headquarters. She reports to the regional manager who is himself several levels below the director of sales. She has never met the compliance officer of the company and regularly interacts only with other sales and support staff. Following the close of a lucrative sale by one of her colleagues, she attends a celebratory dinner at which she learns that a bribe has been paid in order to seal the deal. At this point, does this employee know how to report the problem, assuming that she has the courage to do so? Does her fear of retaliation outweigh her desire to do the right thing? What reporting infrastructure has been implemented to support her in doing the right thing by making the report?

A direct hotline to a compliance officer might be provided. The chain of command that may promote organizational efficiencies in other contexts is counterproductive to internal reporting because, with each middle manager involved, there is an increased possibility that the report will be dismissed and the reporter stigmatized. Thus, the employee learning of wrongdoing must know that she can make a direct call to a senior compliance officer who will treat the report in confidence and respond appropriately.

It is equally essential that the whistleblower be given protection for making the report. Suppose our hypothetical sales representative courageously makes a report and an internal investigation is launched. In the following days, two principle questions will emerge: whose head is going to roll and who reported this to management? Efforts must be made to prevent inquiries leading to the identity of the whistleblower and protecting her if it becomes known among her peers that she made the report.

A company’s response to confirmed instances of bribery is one of the most important factors in determining whether there will be further instances. The response must be swift, appropriately severe and transparent. The discipline should extend not only to the perpetrators but to those who knew or should have known what happened and whose negligence resulted in the corrupt payment. Everyone in the company must understand that no one is invincible or immune.

Question No. 3: Do the Employees Know that Management Is Willing to Make the Hard Choices?

Does your company’s senior management exhibit the backbone and courage to do what is right, irrespective of the consequences? Do the employees understand that the mandate comes not just from the compliance officer and the legal department but also from the very highest levels of the company? A natural tension often exists between members of the sales force and what some might cynically call the “anti-sales” force: those in the legal and compliance department whose cautionary statements and warnings, though unwelcome, may save the company millions of dollars. Management must signal that the legal department and compliance personnel serve a function that is vital to the success of the company.

The message that some managers may unwittingly convey is that the deal must be closed at all cost and the less that management knows about how the result was achieved, the better. This wilful ignorance does not bode well for management after the bribery has been uncovered. The FCPA requires that management actively and aggressively make it their business to know how sales are achieved and combat commercial bribery at all levels.

The challenges in launching and cultivating an effective FCPA compliance program, or any anti-bribery program, are daunting. The risks are great even for the most careful participants.

Ten Self-Assessment Questions
Moving beyond the paper policies and symbolic prohibitions to implement a robust and effective compliance program requires work, perseverance and vigilance. How does your company fare under the scrutiny of these ten questions?

1. When were your anti-bribery policies written or updated?

If your anti-bribery policies were written more than two years ago and have not been updated, you should consider a review.

2. How often are your employees required to participate in training that includes an overview of anti-bribery policies?

Less than once a once a year is not often enough. Training should take place at least annually, although every six months is ideal.

3. Does your compliance program provide illustrations that correspond with your business?

Relevant illustrations help to explain to employees exactly what is required of them. The illustrations should be tailored to resemble situations the employees may realistically face.

4. Are your anti-bribery policies adapted for the various jurisdictions in which you conduct business and are applicable translations provided?

Certain international treaties and laws in specific jurisdictions exceed the prohibitions of the FCPA. For example, some countries prohibit all forms of commercial bribery rather than merely prohibiting a bribe paid to a governmental entity.

5. Does your compliance officer regularly send updates relating to current trends and recent investigations into commercial bribery activities?

Updates should be sent out every three months and be included in training programs.

6. How often does senior management convey a positive corporate culture message concerning anti-corruption?

This message should be incorporated as a sub-theme each time senior management conveys a message to the employees.

7. Has your company engaged outside auditors experienced in detecting improper payments in connection with sales?

At the very least, you should do this once a year.

8. What percentage of the employees in your company know who the appropriate contact is for reporting corruption?

If you didn’t answer “100%”, you should start an anti-corruption program immediately.

9. What assurances are provided to employees that reporting improper payments or other illegal activities will not result in repercussions to the reporter?

The company’s whistleblowing procedure should make it clear what steps will be taken to protect the identity of the whistleblower.

10. Do your customers (including governmental representatives) perceive your company as having a strong anti-corruption ethic?

Your anti-corruption ethic should be as well-known as your speed of service, value for money and high quality product.
Confronting Corruption: The business case for an effective anti-corruption programme can be found online at the website of PriceWaterHouseCoopers.

Kent J. Schmidt is a partner in Dorsey & Whitney LLP’s Trial Department. Kent conducts internal investigations and provides advice relating to securities compliance and other white collar crime matters including Foreign Corrupt Practices Act and insider trading.

Contact Details:
Tel: + 1 949 932 3646

©2008 Dorsey & Whitney LLP >> Help Form >> Contact Us >> Privacy