How to Develop A FCPA Compliance Policy
“Do you have questions about FCPA? I would love to help. I formerly prosecuted FCPA cases at the DOJ as a trial attorney. I now serve as external Counsel and CCO on all types of FCPA investigations and compliance matters for governments and corporations.”Samer B. Korkor – Head of FCPA Group
Click here to view Samer’s bio or send a text to 714-294-2000 to setup a call with Samer and Dr. Nick Oberheiden.
- A compliance policy identifies, prevents, detects, and corrects risks regarding bribery and corruption. It also safeguards a company’s reputation.
- Compliance policies are important because the DOJ considers them when making charging decisions.
- An effective FCPA compliance policy is tailored to the specific needs of the company, such as the nature of its business, identified risks with third parties or foreign officials, and market changes.
- Examples of features that should be included in a company’s compliance policy include a strong company code of conduct, risk assessment procedures, employee compliance training, due diligence, adequate internal controls, and evolving compliance policies.
- Consider hiring a team of FCPA compliance attorneys to advise you on an effective compliance policy that is hand tailored to the needs of your company.
Experienced FCPA Defense Team
If you need advice about your FCPA compliance policy or are under investigation for having inadequate standards, now is the time to take prompt action.
It is imperative for companies to maintain robust and effective compliance policies, as they can play a critical role in regulatory authorities’ charging decisions.
Securing experienced counsel to assist you in evaluating your compliance policy and preparing for a possible investigation is the best action you can take in your defense.
Our attorneys include former FBI agents, former U.S. attorneys, and former prosecutors, all experienced in handling FCPA compliance policies and standards.
Do not wait to get in touch with a qualified FCPA attorney today. Put Oberheiden, P.C. on your side to fight for your reputation.
What is a Compliance Policy?
A compliance policy imposes anti-corruption standards that identifies, prevents, detects, and corrects risks. Its objective is to promote an organizational culture that promotes anti-corruption and encourages ethical conduct.
Having an effective compliance policy safeguards a company’s reputation, reduces uncertainty in the company’s business operations, and demonstrates an effort to comply with the law—namely, the FCPA.
Factors such as strong internal controls, open communications with management and employees, and clearly defined anti-corruption standards are essential to constructing a compliance policy.
The Importance of a Compliance Policy
The Foreign Corrupt Practices Act (“FCPA”) prohibits individuals and companies from bribing foreign officials to obtain or retain business and requires companies to maintain adequate books, records, and internal controls.
Creating and maintaining an effective compliance program is a critical feature of a company’s corporate culture. It helps companies detect FCPA violations.
A compliance policy applies to all employees of the company, including high level management, officers, directors, all employees, and third parties and agents who transact with the company or represent the company.
Compliance policies are important because they are a factor that the DOJ considers in making charging decisions. Because a company’s compliance policy is considered by regulatory agencies, having a strong compliance policy in place can help reduce fines.
Violations of anti-corruption legislation can lead to civil and criminal penalties. Therefore, it is critical that companies understand the importance of implementing and monitoring its compliance policies.
A FCPA attorney can help explain these complexities. In the following section, we will briefly describe key components of an effective FCPA compliance policy.
Key Components of an Effective FCPA Compliance Policy
An effective FCPA compliance policy is tailored to the specific demands of the company, including the nature of its business, identified risks, and market changes.
For instance, companies that are exposed to a high level of corruption risk or who engage in multiple transactions with foreign parties will need to design more robust internal controls compared to a company with less risk.
Companies should make sure they establish a compliance policy that includes the following:
- Strong company code of conduct and code of ethics: The code of conduct and code of ethics are essential to a strong compliance policy because they set the tone of the company and ensure that information on anti-corruption remains easily accessible to all employees.
- Senior management and director engagement: It is critical that higher level employees such as management and directors lead by example. A strong compliance policy begins with the dedication and practice of adhering to strong ethical policies by senior management and directors.
- Open company communications and culture: All company personnel should be made aware of its company’s compliance policy, the need for such a program including monitoring and audits, and the imperative for independence and transparency. They should also know the definition of bribery and what it means to bribe a foreign official under the FCPA. An open communications policy further includes an easy, anonymized way for employees to report suspicious behvavior within their company without fear of reprisal.
- Risk assessment procedures: A company must develop a system of assessing risk as a part of its compliance policy. These procedures should not be a one-size-fits all program but instead should encompass resources that are specific and tailored to the nature of the company’s business. For instance, regarding a M&A transaction, the company should conduct both pre-acquisition and post-acquisition due diligence. Additionally, factors such as a volatile market, third party contracts, and foreign transactions will mandate a more robust risk assessment.
- Employee compliance training: Employees should be trained in anti-corruption compliance on an annual basis. Such training may differ depending on the employee involved. For example, those who have regular contact with foreign parties should undergo more training.
- Regular and thorough due diligence: Due diligence is particularly important to undergo before the company enters into a transaction, especially one regarded as high risk such as those with third parties. At a minimum, due diligence should encompass the following:
- an evaluation of the credentials and qualifications of the party seeking to transact business with the company;
- document the reasons for entering into the transaction with that party;
- employ more stringent verification standards where the party is a foreign official;
- identify and promptly respond to red flags;
- clearly document contract terms including payment terms;
- outline methods to monitor the transaction;
- make sure records are consistent throughout the terms of the arrangement;
- ensure that there are ongoing monitoring policies in place regarding third parties; and
- require that the company and the other party to the transaction utilize regular audits and compliance certifications on at least an annual basis.
- Develop an anti-corruption compliance team: This team should assist employees in understanding the importance of anti-bribery and maintaining strong internal controls to prevent and detect bribery. Some of the duties that the anti-corruption team should be tasked with include auditing the company’s compliance policies, investigating possible instances of bribery, and offering solutions to promptly remedy the situation.
- Special emphasis on third parties and foreign officials: A company that does business with third parties and foreign officials must have a particularly robust compliance program that scrutinizes the other party’s reputation and ensures that the other party consents to and agrees to follow the company’s anti-corruption policies.
- Maintain adequate internal controls: Internal controls are a part of a company’s accounting practices. A company must maintain thorough books and records and ensure a proper audit trail for all transactions. This is a monumental component of a company’s FCPA compliance policy. Its purpose is to detect improper payments such as bribes and other illegal payments, impermissible gift-giving, and the transfer of funds abroad.
- Continuous and regular monitoring: It is essential for the company to regularly monitor its transactions in order to have an effective compliance policy. Monitoring ensures that the company’s internal controls, auditing processes, and anti-corruption standards are all in place and properly functioning. It also ensures that employees as well as parties to the company’s various transactions are made aware of the company’s anti-corruption policies and are adhering to them.
- Evolving compliance policies: A company’s business requirements constantly evolve; so too should its policies on anti-corruption to better adapt to new business relationships, internal structures, and the results of due diligence and risk assessment procedures.
- Detailed recordkeeping: Having strong ethical standards and monitoring is only as good as the company’s procedures for documenting everything. An effective compliance policy must maintain detailed logs of all transactions including the more sensitive transactions involving foreign parties.
Need Advice About Developing a FCPA Compliance Policy?
Being investigated for FCPA violations can result in substantial criminal and civil penalties as well as imprisonment. A critical feature that the DOJ takes into consideration when deciding whether to make its charging decisions is the company’s compliance policy.
Therefore, it is imperative that you retain qualified counsel to advise you on a strong FCPA compliance policy for your company.
At Oberheiden, P.C., we have an experienced team of FCPA lawyers that can advise you on what is required for an effective compliance policy and how such a policy can be tailored to the demands and needs of your company.
Call us today or contact our office for a free consultation.