.jpg)
18 December, 2016
1. ENSURE COMMITMENT FROM SENIOR MANAGEMENT
If senior management is not already committed to compliance, ensure that a member of the senior leadership team takes overall control of the program to show your organization’s commitment and provide guidance. This includes the education of employees on important policies and relevant internal communications.
2. CONDUCT A RISK ASSESSMENT FOR EACH JURISDICTION YOU OPERATE IN
What types of transactions and business does your company and industry engage in? Typically how much interaction does your company have with government agencies and officials? Do you work with third party suppliers, distributers and agents and if so, to what degree? Do you know if your third party suppliers have opaque connections to state owned enterprises or government o cials? Does your industry have known speci c risks or particular regulatory requirements that you need to consider? Essentially, know and understand your own business.
3. IT IS NOT JUST THE FCPA
As well as the FCPA, know which other international and local anti-bribery and corruption laws apply to your company in each jurisdiction you operate in. Coordinated enforcement actions internationally allow the prospect of double jeopardy as the trend towards parallel investigations and penalties increases worldwide.
You will need to stay current on initiatives, regulations and changes to anti-corruption laws in the countries in which you conduct business.
4. COMPLIANCE PROGRAM FOR EACH JURISDICTION
For companies operating in global environments, it is important to have the compliance program tailored to each country in which you operate. This will take into account the cultural aspects and speci c risks inherent in each jurisdiction.
5. EFFECTIVE WRITTEN POLICIES AND PROCEDURES
Make sure all policies and procedures are clear and well-structured; they should be easy to understand, e ective, pragmatic and enforceable. It is no good creating policies that no one references or which are confusing. Your policies and procedures should cover all your employees, both local and international.
They should include – how sta can anonymously report suspected violations, the requirement to keep detailed and accurate records of all transactions and all dealings with foreign officials, particularly any gifts or payments made.
6. TRAINING AND COMMUNICATION
Once your policies and procedures are documented you will need to communicate and implement them on an on-going basis to your employees and relevant business partners (in some cases, including third parties – agents, vendors, suppliers, distributors, advisors and other business partners). You may decide that conducting all training in-house may not be su cient in some cases (particularly for some employees based overseas); training should take into account local culture, customs, local languages and speci c jurisdictional risks and in this case may be better provided by an independent external specialist risk firm. The training should also take into account what types of training speci c employee types will have (for example procurement, sales, internal auditing, legal and nance departments). After each training session you will need staff to confirm (in writing) that they have fully understood the training and will comply with the policies and procedures on which the training is based.
7. THIRD PARTY OVERSIGHT
Your organization should have ongoing oversight and audit rights of third party activities. This should include the right for you to provide ongoing materials and training in local languages to create a culture of compliance amongst your agents, vendors, suppliers, distributors, advisors and other business partners. The largest source of FCPA violations comes from third parties. Third parties should not be left unsupervised and any third parties that do not provide any legitimate business purpose should be scrutinized.
8. ENHANCED DUE DILIGENCE
You may also wish to consider whether to self-report to the regulatory authorities at some point during the process. Although there are mixed views on the benefits or otherwise of self-reporting, some commentators argue that it is better to rst conduct the investigation, then identify and fix the issues; then if the regulatory authorities come knocking on your door, be prepared to fully cooperate with a full prepared package detailing the issues, what investigations were conducted into the issues and what subsequent remedial action took place. However, your legal counsel will provide the best advice on this aspect.
9. WHISTLEBLOWER HOTLINE
Make sure that an appropriate whistleblower hotline is in place (or several depending on the jurisdictions in which your company operates; be considerate of local languages etc.). Whistleblower hotlines should be preferably administered by an independent specialist third party.
10. CONSIDER IT BASED POLICING TOOLS
Although not strictly part of FCPA compliance per se, the modern digital age presents numerous opportunities for organizations to help protect themselves from threats including malicious insider threats and potential FCPA issues. The latest cutting- edge technology includes sophisticated software that autonomously and discreetly monitors employees email communications across the board to identify risk indicators, based on algorithms centered on the psychology of language. Similar to body language, changes in our written communication subconsciously betrays our psychology. There is only one such proven system on the market, called SCOUT.
11. MONITOR AND CONDUCT REGULAR REVIEWS
Make sure that your policies and procedures are regularly reviewed and take account of any changes in regulatory or legal requirements as relevant for each jurisdiction. Ensure that all incidents are fully and accurately recorded and that a policy is in place to manage such incidents appropriately, along with an action plan for how violations will be handled and any resulting disciplinary action. Ensure, to the extent available, that you will be in a position to submit properly documented evidence of compliance breaches in the event of an investigation.
For further information, please contact:
Bill Sims, Managing Director, Stroz Friedberg
bsims@strozfriedberg.com
