The year 2016 has set the record for FCPA enforcement; 27 companies paid about USD 2.48 billion to resolve FCPA cases. Indeed, prosecutors rely on large criminal fines for companies and jail time for executives to deter corruption offences. These direct costs, together with indirect damage to the company’s reputation and lost business opportunities, make compliance the more attractive alternative to lengthy investigations and possible criminal prosecution. In effect, putting in place an effective compliance program would, ideally, prevent companies and their employees from committing corruption offences. Realistically, a well-established and efficient compliance program should allow for the early detection of offences and, in turn, allows companies to take remedial action.
But what components should chief compliance officers focus their compliance programs on?
According to the Department of Justice (DOJ) and the Securities Exchange Commission (SEC) FCPA Resource Guide; senior management support, adequate resources, clear policies, training, periodic evaluation, enforcement of policies, third party due diligence and sensitization, all constitute an effective compliance program. Ultimately, though, this boils down to one factor: corporate culture. A culture where management supports and engages the company’s compliance efforts, and where employees from the entire organization are committed to these efforts. Commitment and engagement manifest in educating and training management, employees and third parties in compliance with the company’s anti-corruption policies and procedures. Establishing a culture of compliance also means providing a forum for feedback, regular monitoring and assessment of risk activities and regular evaluation of the compliance program. Last, but not least, establishing channels that allow for anonymous reporting and guidance about prohibited conduct without fear of retaliation.
Corporate culture typically applies (albeit quietly in most cases) to a variety of different company activities – from the benign to those decisions directly affecting the conduct of present and future business, e.g., everything from community-building social events (Friday trivia quizzes over email and employee birthday celebrations, for example) to significant commercial strategic considerations (e.g., financial and non-financial priorities when entering a new market, including the critical element of risk tolerance). It is important to note, however, that creating a supportive corporate culture means sustaining an environment in which employees care not just about the risk of getting caught, but, even more importantly, about the importance of acting legally and ethically in the first place. Hence, establishing and sustaining a corporate culture of compliance equals endorsing all the values and beliefs that relate to the term.