5 Ways to Better Manage FCPA Risk

The Foreign Corrupt Practices Act (FCPA) is a federal anti-bribery statute that makes it “unlawful for certain classes of persons and entities to make payments to foreign government officials to assist in obtaining or retaining business,” according to the U.S. Department of Justice website.

The FCPA has been around since 1977, and has received greater attention and increased enforcement in the past few years, leading to increased corporate penalties for violations. Consequences of violating the FCPA include:

• SEC and DOJ criminal investigations for organizations and individuals
• Criminal and civil penalties, including multimillion-dollar fines for both corporations and individuals, and prison terms for individuals
• Government-mandated external FCPA compliance monitoring personnel
• Inability to be considered for future government contracts
• Permanently tarnished reputation

What can your organization do to protect itself? Start by implementing or refining your FCPA compliance program.

Conduct a risk assessment.

Know your own business — what types of business and transactions your company engages in, who your company engages with, where these transactions take place, the amount of interaction your organization has with government officials and agencies and your industry’s regulatory environment. Segment this information by level of risk and the amount of control you have over each situation. Be sure to do your homework (due diligence) before entering an agreement with a new business partner. Know the laws of each country you do business in and which anti-bribery laws may apply to your organization.

Gain commitment from upper management.

Have someone in an executive leadership position spearhead the program to show your organization’s dedication to compliance and serve as a guide when other managers have questions or concerns. Not only should the senior employee oversee the program, but he/she should be personally involved in the creation of written policies and procedures, as well as the communication and education of employees on important policies.

Create effective, written policies and procedures.

There’s no use in creating policies that no one follows or references. Have a plan for how policies should be researched, drafted, scrutinized, implemented, evaluated and improved. Give policy drafters guidelines for how policies should be structured, formatted and styled so they’re readable, easily understood, practical, effective and enforceable. Set goals for each policy, and show drafters how unclear policies can affect processes and create inefficiencies within the organization.

More specifically, the policies and procedures should cover your entire workforce — U.S.-based and overseas employees — and address working with foreign officials and representatives, particularly gifts, payments and bribes. They should also cover how to keep accurate, detailed records, and how to report suspected violations anonymously.

Communicate and educate.

Simply creating and having policies is not enough — your organization needs an implementation strategy. Determine how policies will be communicated to your workforce and business partners. Establish what kind of training employees (especially sales, legal, internal auditing, finance and accounting departments, as well as management) need on policies and what steps your organization can take to ensure their attestation and compliance.

Monitor and review regularly.

Keep accurate records of policies, procedures, incidents and financial reports. Develop a schedule to repeat the above tasks routinely, led by an FCPA compliance team consisting of legal, finance and internal audit personnel. Regularly review and update policies and procedures, and create an internal “checks and balances” system, with a course of action to manage incidents and a whistle-blower hotline to anonymously report incidents. Create a disciplinary action plan, and determine how violations will be addressed. Conduct routine risk assessments, compliance program reviews and third-party audits.

By following these tips, your organization takes the first step towards FCPA compliance. With the implementation of and revisions to policies and procedures, your organization will need a robust policy management system and employee training program to manage these processes. ConvergePoint can automate these processes with Policy Management Software and Employee Training Software to help further strengthen your compliance efforts.

Next step: See how an effective policy management system drives stronger compliance programs.