In a global economy, companies can’t afford to overlook the risks that come with doing business abroad, even if those risks are carried by third parties.
The case of Hewlett-Packard, which was ordered to pay $108 million to settle civil and criminal cases related to violations of the Foreign Corrupt Practices Act (FCPA), underscores just how costly those risks can be.
The Securities and Exchange Commission found the technology company’s subsidiary in Russia paid more than $2 million through agents and shell companies to a Russian government official to retain a multi-million dollar contract with the federal prosecutor’s office.
“Hewlett-Packard lacked the internal controls to stop a pattern of illegal payments to win business in Mexico and Eastern Europe,” said Kara Brockmeyer, chief of the SEC Enforcement Division’s FCPA Unit, in a news release. “The company’s books and records reflected the payments as legitimate commissions and expenses. Companies have a fundamental obligation to ensure their internal controls are both reasonably designed and appropriately implemented across their entire business operations, and they should take a hard look at the agents conducting business on their behalf.”
The case, one of several multi-million dollar anti-corruption cases settled so far this year, demonstrates law enforcement is increasingly holding both companies and individuals accountable for FCPA violations. In 2013, the Department of Justice brought 14 enforcement actions against companies and individuals, and the SEC brought 10.
The enforcement of corrupt practices doesn’t stop with U.S. agencies. In recent years, other countries, including Brazil, China and Mexico, are implementing stronger anti-bribery legislation of their own. Brazil’s legislation, the Clean Companies Act, allows companies based in Brazil or doing business there to be fined up to 20 percent of their gross revenue in the year prior to the investigation.
Then there’s the U.K Bribery Act, which has created controversy with a scope that’s even broader than the FCPA. It includes bribes offered or given not only to foreign officials, but any person, and it punishes those who accept the bribe as well as those who offer it.
So how can companies protect themselves by managing compliance risks?
Take The Threat Seriously
International Paper Chief Compliance and Ethics Officer Steve Donovan, who regularly advises executives on the FCPA and international anti-corruption, said first and foremost, businesses need to approach the legislation with the respect it demands.
Consider it an issue that impacts every aspect of the company.
“Don't look at it just as an issue of paying bribes to government officials,” Donovan said. “ If you've got employees prone to paying bribes to government officials, you probably have employees who are prone to engage in commercial corruption as well; either demanding kickbacks from suppliers or offering kickbacks to customers. It needs to be dealt with on a broader anti-corruption basis, which would include fraud, commercial kickbacks and commercial bribes.”
Approach It Systematically
The FCPA and other anti-corruption laws are so extensive it can be overwhelming to consider them as a whole.
While it’s important to be familiar with all the policies, start by focusing on the business practices likely to raise FCPA problems specifically at your company.
If you do a lot of work with customs brokers, for instance, know the high-risk markets. Review transactions particularly in those high-risk markets, and be sure you have a strategy for assessing the risks going forward.
If you work more closely with tax officials and tax consultants, focus on that. Don't waste your time on developing a policy on a business practice that's only a minor or insignificant activity for your business; figure out where your contacts with government officials are, whether it's your own or whether it's through a third party.
Be sure you have appropriate training in place so any employees involved in import or export are well aware of the red flags and how to respond to them.
Do Your Due Diligence With Third Parties
Perform a thorough risk assessment of all suppliers and vendors. Make sure they understand your company’s policies and the serious consequences of corrupt practices.
As a company that imports and exports millions of dollars in products each year, The Hershey Company’s compliance officers work closely with the Trade Department and its own Global Customs Compliance Program to identify red flags from third parties. The company has strong trade and anti-corruption compliance language in its contracts with customs brokers and manuals.
Some companies use a risk matrix to screen third-party vendors. Others use a software system such as Compliance 360 to manage those relationships. No matter what the approach, your company needs to closely evaluate its third parties. Find out who the principals are and what relationships they may have with government regulators. Identify any business interests or potential interests within the company, as well.
Realize that educating third parties may be an ongoing process, depending on the risk profile and the industry in which they operate. A third party company may or may not have its own compliance program, and it may or may not meet your standards. That’s why it’s incumbent upon you to clearly communicate those standards, check for understanding and, as always, get it in writing.
Rather than viewing the plethora of new global regulations as a burden, compliance officials should see them as a sign that business practices are improving across the globe. Stronger enforcement of ethics demands more effective compliance processes, which ultimately help retain more profit for your company. It also demands building a compliance department that's structured for success, which often includes hiring compliance officers.
To learn more about what four global companies are doing to comply with anti-corruption laws, download our guide, “How to Build a World-Class Compliance Department.”