Last month I discussed the potential risks that a company faces under the U.S. Foreign Corrupt Practices Act of 1977 (FCPA) and the U.K. Bribery Act of 2010 (UKBA) when conducting business in foreign countries. This month, I’ll present the key components of an effective FCPA/UKBA compliance program.
There are seven key components to an effective FCPA/UKBA compliance program. They are the following:
1) Establish standards and procedures to prevent and detect criminal conduct and ensure compliance with government regulations and industry standards.
2) Create a culture of compliance led by the company’s senior management. This means that senior management must:
– Be knowledgeable about the content and operation of the compliance program;
– Exercise reasonable oversight of the implementation and ongoing review of the effectiveness of the compliance program;
– Assign specific senior level manager(s) overall and day-to-day operational responsibility for the program; and
– Provide the necessary authority and resources to enable successful implementation and ongoing review of the program.
3) Use reasonable efforts to exclude known violators from activities that could lead to program violations. This also requires that the company exercise due diligence in the screening of current and prospective employees for past illegal or improper conduct.
4) Provide reasonable ongoing communication and training to senior management, employees and third-party agents regarding the standards and procedures of the compliance program.
5) Monitor, audit and evaluate the effectiveness of the compliance program on a regular basis. Included within this component are:
– The establishment of a monitoring/auditing program to verify that the compliance program is being followed, which will necessitate the use of internal audit staff or external forensic auditors;
– Evaluation of the effectiveness of the compliance program at regular intervals, including analysis of monitoring/auditing results as well as use of feedback from senior management, employees, third-party agents and others; and
– The use of hotlines to enable employees, third-party agents and others to anonymously or confidentially report or seek guidance about potential criminal conduct without fear of retaliation.
6) Establish of appropriate performance incentives and disciplinary measures that are promoted and enforced consistently within the company to support the compliance program.
7) Establish appropriate response to detected criminal conduct, and subsequent reassessment of the compliance program to reduce the risk of the same conduct occurring again. This requires that the company take the appropriate steps to report detected criminal conduct and cooperate with law enforcement. In addition, the company must take reasonable steps to modify, if necessary, its compliance program to prevent similar conduct in the future.
Of course, no program can prevent rogue employees or agents from violating the FCPA or UKBA, but a well-designed and implemented compliance program — with effective communication and training as well as regular monitoring and evaluation — can minimize the risk of a company and/or its employees violating the FCPA or UKBA. In addition, the existence of such a program can mitigate punishment of the company in event of violation of either statute.