Don’t Cover Up, Fess Up!
Companies that violate the Foreign Corrupt Practices Act (FCPA) can be fined massive amounts. The record so far is $800 million for Siemens AG as a punishment for payoffs to officials in Latin America, Bangladesh and the Middle East for government contracts. There have been a number of other penalties too, in the hundreds of millions of dollars. But these extremely large fines are avoidable, even when a company already has run afoul of the FCPA. A prompt and thorough program of remediation can reduce potential fines and strengthen business operations at the same time.
Enormous Fines Are Becoming More Common
The FCPA was enacted by the U.S. Congress in 1977 after the Securities and Exchange Commission (SEC) found that more than 400 U.S. companies had paid over $300 million in questionable or illegal payments to foreign government officials, politicians and political parties during the 1970s.
The act was created to halt bribery and to restore public confidence in the integrity of the American business system.
While few companies were charged in the FCPA’s early years, the number of companies investigated in recent years has increased dramatically. By 2004, the U.S. Department of Justice (DOJ) had charged only two people under the act, collecting fines of $11 million. In 2009, more than 50 individuals were charged, and nearly $2 billion were collected in fines. A list of the top 10 corporate defendants on FCPA charges as of the end of 2011 is shown in the table below, ranked according to the magnitude of the penalty.
This list shows that enforcement efforts are not directed solely at U.S. companies since nine of the top 10 corporate defendants are from outside the United States. The so-called long- arm provision in the FCPA covers not only a U.S. person or business but also foreign subsidiaries and affiliates of a U.S. entity. So the message is clear: The U.S. government is serious in its efforts to clean up how companies do business in foreign countries. Moreover, these efforts are expected to intensify because:
- Investigative approaches and techniques are becoming more proactive and aggressive;
- More attractive bounties are being offered for whistleblowers;
- Prosecution of individual defendants has become a top enforcement priority;
- Cooperation across jurisdictions is expanding.
FCPA, incidentally, is not the only anti-corruption legislation that multinational corporations (MNC) have to look out for: The U.K. Bribery Act has been in effect for more than a year. There has been only one prosecution to date, but recent activity suggests that the U.K. Serious Fraud Office is beginning to ramp up enforcement.
Table 1: List of Top 10 FCPA Corporate Defendants as of December 31, 2011
Can Large Fines Be Avoided
Whether or not huge fines can be avoided by self-reporting or voluntary disclosure recently has been the subject of heated discussion. Some studies suggest there is no correlation between voluntary disclosure and reduced monetary penalties1. Other reviews suggest the DOJ provided discounts of between 3% and 67% in cases where companies disclosed voluntarily and negotiated resolutions2.
In order to clarify best practices protecting against liability under the act, the DOJ and the SEC released in November 2012 “A Resource Guide to the Foreign Corrupt Practices Act,” which makes clear that regulators take the following into account when deciding whether to prosecute and determining the level of penalties:
- The company's diligence and internal self-detection of the unlawful conduct;
- The company's voluntary remedial conduct, including conduct preventing the payment of a potential bribe, prompt initiation of an internal investigation, termination of culpable employees, voluntary disclosure to the DOJ and SEC, strength of existing internal controls and compliance programs, and undertaking substantial steps to improve such programs;
- The company's constant and real-time cooperation with the DOJ and SEC.
Companies, therefore, should be proactive about investigating transgressions and move aggressively to put measures in place to prevent such activity from happening again. This applies even to inherited problems or to violations involving relatively small sums of money— both issues that count for little in mitigating the severity of the offenses. A company that initiates an independent investigation, reports the findings and takes the necessary corrective measures demonstrates its determination to strengthen its governance and compliance culture. This can help avoid the severe condemnation and penalties that befell the companies listed above.
Here is one case that illustrates the wisdom of being proactive. During an investigation in Indonesia for a U.S.-based multinational corporation that recently had purchased a plant in Indonesia, anonymous allegations surfaced regarding under-the-table payments to local government officials. It also was suggested that the acquired company was destroying accounting records and creating replacement documents to disguise the payments.
The acquired company’s general manager and financial officer confessed that they knew about the payments to government officials and that they had tried to conceal these payments from the company’s new owners. The U.S.-based head office made the decision to launch its own FCPA investigation and engaged a team of forensic accountants and external legal counsel to conduct the inquiry. The company eventually settled with the SEC for approximately US$500,000 for violations in several countries, including Indonesia—a very light penalty compared with those in the table above.
The Hazards Of Doing It Wrong
BAE Systems (BAES), which paid a $400 million fine, the third largest, took the opposite approach. The British defense and aerospace company pleaded guilty to making false statements regarding its FCPA compliance program, and, according to the DOJ:
“After May 2001, BAES contracted with and paid certain advisors through various offshore shell companies beneficially owned by BAES. BAES also encouraged certain advisors to establish their own offshore shell companies to receive payments from BAES while disguising the origins and recipients of these payments. BAES admitted that it established one company in the British Virgin Islands to conceal its marketing advisor relationships, including who the advisor was and how much it was paid; to create obstacles for investigating authorities to penetrate the arrangements; to circumvent laws in countries that did not allow such relationships; and to assist advisors in avoiding tax liability for payments from BAES.” Clearly, the penalties only increase when a company tries to conceal wrongdoing and hinder investigations into possible violations. On the other hand, self-initiated investigations and proactive remediation steps are viewed favorably as mitigating factors. As mentioned earlier, companies with robust compliance and ethics programs tend to be treated more leniently.
A Step-By-Step Approach
So how does a company that suspects bribery move to assess its potential impact, investigate it and correct it?
The first step is to determine the extent of the problem by uncovering the number, frequency, amounts and recipients of suspicious payments. That often means combing through large amounts of data such as e-mails, documents and accounting information. Accounting data can include hundreds of thousands, if not millions, of transactions. Reviews should be conducted by people with forensic accounting and e-discovery expertise. They can develop keyword search terms that will find the relevant documents with a minimal number of irrelevant ones. Or they can bring more sophisticated tools such as predictive discovery to the investigation.
The reviewers then will gather information to determine which departments and employees were involved. Investigators will review payments to customers, vendors, employees and third parties, including those made through petty cash; look for suspicious activity in sales transactions, contract negotiations and bids; and watch for suspicious disbursements made by others acting on the company’s behalf—the use of agents and distributors to conduct business is common in Asia, where negotiations rely heavily on relationships. Investigators also will look at sales rebates and discounts, consulting fees, overseas trips and training expenses—all potential trouble spots. Reviewers will ask for explanations regarding unclear, unsupported or otherwise questionable transactions. Incidentally, some business practices that appear suspicious may be perfectly normal in a particular setting; for example, the giving of moon cakes during the Mid-Autumn Festival in the People’s Republic of China.
Once investigators have determined the extent of a problem, the company should prepare and implement a remediation plan as soon practicable. The specifics should include an evaluation of FCPA compliance and new internal controls to ensure conformity of operational transactions such as payments and the appointment of different vendors. It may include, as appropriate, training for company employees on FCPA compliance and the establishment of a whistleblower hotline.
Once the remediation has been implemented, periodic independent assessments should be undertaken to test its effectiveness. Both the proactive remediation plan and the subsequent periodic assessments usually will go a long way in convincing regulators that the company is sincere in dealing with the FCPA violations.
The potentially high cost of FCPA penalties and the increasing frequency of investigations are well-established. Yet, according to a 2012 FTI Consulting study, less than half (47 percent) of company directors are worried about being investigated. These companies may be poorly prepared to prevent or manage violations by their own personnel.
Even companies that want to fix things themselves may not be equipped to do so. They may not have the expertise, and it may not be clear which people or departments have no part in the problem and, therefore, can execute remedies objectively. Outside specialists can fill the expertise gap, avoid conflicts of interest and sidestep the hazards of employees investigating other employees with all the potential strains that that entails.
FCPA compliance reviews, investigations and remediation are significant undertakings. But such activities usually are less painful than a regulatory agency investigation and prosecution. As U.S. and other agencies increase their enforcement efforts in Asia, companies there would do well to evaluate their internal controls, strengthen them as necessary, be vigilant for transgressions, and respond decisively as soon as any occur.