FCPA Compliance & Investigative Due Diligence


EthicsPoint sponsored a webinar with Ellen Zimiles of Daylight Forensic and Advisory LLC, talking about FCPA Compliance & Investigative Due Diligence. This presentation is supposed to provide an overview of current FCPA trends and highlight elements to implement an effective FCPA compliance policy. These are my notes.

Ellen started off with a summary of current FCPA activity showing a surge in the number of enforcement actions underway by the DOJ and SEC on global corruption and bribery. There is also increased global coordination on corruption investigations and prosecutions. She also noted that there is a focus on individuals. In 2008, 60% of the FCPA defendants were individuals.

The first element of an effective FCPA compliance program is a risk assessment. You need to look at whether a foreign government is your customer or whether you need government intervention as part of your business operations. Obviously, there are some countries that are more prone to fraud. You also need to revisit this assessment periodically.

Next you want to establish and document your FCPA compliance policy. It needs to be clearly documented and understood at all levels in the company. The policies can vary from business unit to business unit and region to region.

You need a designated FCPA compliance officer. The person needs enough authority to make the sales and marketing people listen.

You need internal accounting controls. It is not just anti-bribery. There are also penalties for failure to properly maintain books and records, thereby disguising potential bribery. Your FCPA policy needs to reference the controls over accounting maintenance.

You need enterprise-wide training. Ellen thinks that your overseas employees are the ones more likely to get you in trouble. In part, some countries have a culture of corruption and your employees may have grown up in that culture.

Ellen recommends having a periodic independent audit. Large multi-nationals are increasingly having specialized FCPA compliance personnel.

Your FCPA compliance program should have a plan for dealing with investigations. Obviously, prevention is better than the cure. Make sure you have a good case management system, with document translations.

Ellen moved on to Investigative Due Diligence which is the proactive identification of risks not ordinarily apparent from financial or legal reviews.

a. Application of exploratory techniques developed by law enforcement agencies
b. Analyze large volumes of publiclly available information
c. Identification of red flags

See also: