DOJ on an Effective FCPA Compliance Program

Saturday, June 19, 2010

Thomas Fox

59d9b46aa00c70238bb89056cfeb96c0

At the recent Compliance Week 2010 Annual Conference one of the issues discussed by Assistant Attorney General, for the Criminal Division of the US Department of Justice, Lanny Breuer, was what the Department of Justice (DOJ) might consider as an “effective compliance and ethics program” under the Foreign Corrupt Practices Act (FCPA), if a FCPA violation occurs and a company’s compliance program comes under scrutiny from the Criminal Division of the DOJ.

We believe that Breuer gave the conference attendees quite a bit of information that can be utilized by companies in crafting and evaluating their compliance policies.

Breuer noted that the most effective type of compliance program is one that “prevents fraud and corruption in the first place but when such compliance program has not done so, there are defined policies in place to “quickly detect, fix and report the [FCPA] violations.”

Additionally, an effective compliance program should not be static but dynamic to meet changing business circumstances, such as when a company might move to doing business in a high risk country.

Effective compliance programs should also be ever-evolving through continued assessments, as the compliance world grows and matures. Breuer cited two source material references as benchmarks; he listed (1) the Principles of Federal Prosecution of Business Organization and its full section on corporate compliance programs and (2) the OECD Good Practice Guidance on Internal Controls, Ethics, and Compliance.

Breuer then delineated several elements that the Criminal Division would evaluate in assessing a company’s compliance program, should a FCPA violation occur.

• Does your company have an effective compliance “Tone at the Top”; so that the Board and CEO are demonstrated to be fully committed to an effective compliance program?

• A company’s compliance program should not only punish compliance violations, through termination, other disciplinary actions or reduction in or denial of bonus but should also reward good ethical behavior in a corporation by promotion of ethical employees or other rewards such as a significant component of an overall bonus program. Regarding employee discipline, Breuer emphasized the DOJ would review all circumstances surrounding a company’s decision regarding discipline but that any “superficial steps” would not impress the DOJ.

• A company should have a strong whistle-blower program through a hotline or other appropriate mechanism and protection for any employee who reports such conduct through anonymous reporting and a clear no-retaliation policy.

• The compliance function led by a person with senior level management authority, the overall compliance function should have clear reporting lines to such senior level employee and such person should have a direct reporting by a company’s compliance officer to the company’s Board of Directors.

• There should be periodic reviews of a company’s compliance program, utilizing internal resources such as a company’s Internal Audit function and outside professional consultants.

• A company’s effective compliance program should be extended directly into foreign business partners, such as agents, distributors, reseller and joint venture partners.

Breuer ended this portion of his talk by re-emphasizing that the DOJ was not only interested in your company’s compliance program but also other companies with whom you might be doing business with and the effectiveness (or lack thereof) of their compliance program.

This would not only extend to foreign business partners but also those companies in your Supply Chain and conceivably down to your customer base.

So do you have an “effective compliance program” as outlined by Lanny Breuer?

For a copy of the  full text of Breuer’s remarks, click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

Possibly Related Articles:
16116
General Security Awareness
Compliance FCPA
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.