Does your company do business internationally? If so, then the business and legal risks of dealing with corruption should be top of mind. It does not matter whether you work for a U.S.-based or an international firm; enforcement of anti-corruption laws has increased significantly in recent years as other countries have begun to follow the lead of the United States in seeking to prevent bribery of government officials. Moreover, dealing with corruption is not just a concern for corporate lawyers. Supply chain, operations, procurement, and logistics organizations—both in-house and contract providers—can sometimes find themselves in risky situations.
In the United States, the U.S. Department of Justice and the Securities and Exchange Commission are spearheading the fight against global corruption. The principal weapon in their arsenal is the U.S. Foreign Corrupt Practices Act (FCPA). The anti-bribery provisions of the FCPA make it unlawful for U.S. persons and companies to pay bribes to non-U.S. government officials for the purpose of obtaining or retaining business. The FCPA also requires U.S. and non-U.S. companies with securities listed in the United States to meet its accounting provisions. These accounting provisions, which were designed to operate in tandem with the anti-bribery provisions of the FCPA, require companies to make and keep books and records that accurately and fairly reflect transactions, and to devise and maintain an adequate system of internal accounting controls. Such laws generally pertain not only to a company's employees but also to its investees, agents, and contractors. Therefore, supply chain managers and logistics companies face distinctive risks where bribery is concerned. When land, raw materials, or services are supplied by state-owned enterprises, in part or in whole, a company with a global supply chain may inadvertently run afoul of the FCPA.
A supply chain manager or logistics company may find it difficult to determine, for instance, whether its overseas executives or intermediaries are making inappropriate payments to customs officials to expedite the movement of goods. Relations among various business entities may not be transparent, making it difficult to know whether a payment represents a legitimate "facilitation fee" or a bribe. Facilitation payments are narrowly defined within the FCPA as payments to government officials for routine and nondiscretionary action that do not violate the FCPA. In practice these payments are generally small amounts. Since there is no clear definition as to what constitutes a facilitation payment, any payment to a government official poses a potential FCPA risk.
An "out of sight, out of mind" approach to antibribery compliance may lead to serious consequences. Under the "willful blindness" doctrine, a prosecution can be brought against a party that had no knowledge of corrupt payments if the company was aware of potential warning signs and consciously failed to conduct adequate due diligence. If allegations of corruption prove to be true, then the company may be subject to sanctions that can cost millions of dollars and could immeasurably damage its reputation. Individuals involved also face consequences, including financial damages, loss of reputation, and even imprisonment. In the United States, even a company that accepts an independent monitorship in exchange for deferred prosecution or reduced penalties—an increasingly common arrangement—will still face significant legal costs.
Another common risk involves third-party agents, whose activities may create FCPA liability for the companies for whom they act. A number of recent, high-profile cases involved bribes paid by third parties to government officials, which resulted in large fines levied on the companies the third parties represented.
Given the high-stakes risks of running afoul of antibribery laws, it makes sense to set up a compliance program for your supply chain. The program should include the following actions:
With a thoughtful assessment of bribery risks, adoption of inclusive policies, and implementation of appropriate controls, your company will be able to mitigate its risks. An effective anti-corruption program will convey the company's position on FCPA and anticorruption compliance and deter wrongdoing. It will make noncompliance far less likely, and in the event of a violation, will more favorably position your company in interactions with regulatory authorities.
Adopt an anti-corruption policy
The increasing globalization of companies and related expansion into high-risk countries creates additional risks. This higher risk level is due to many factors, including cash-based economies and cultures of facilitation and/or bribery payments.
In higher-risk areas, for example, extended supply lines that leave little room for cargo delays can give leverage to government officials who threaten to delay shipments in exchange for monetary as well as nonmonetary benefits. In these high-pressure situations, officials sometimes offer alternatives that may lead to serious breaches of the FCPA and local laws. Anti-corruption policies are critical in identifying and mitigating these risks.
A sound corporate anti-corruption policy should consider including the following:
1. Develop a companywide policy requiring compliance with the FCPA. This policy should explain that risks associated with making illegal bribes and facilitation payments not only impact the company but individuals as well. For example, there are both criminal and civil liabilities for individuals and companies under the FCPA. Make it clear that the policy covers illegal bribes and facilitation payments made through third parties, and that blindness to the activities of agents, brokers, and other third parties in the area of corruption carries the same risk as making the payments directly.
2. Create policies that address the risk that third parties may pay or offer to pay bribes on the company's behalf. The policies could include mandates that the company perform FCPA due diligence on vendors, require a written contract with anti-bribery representations and warranties, receive periodic compliance certifications from the vendor, and demand in the contract the right to audit the vendor for FCPA compliance. Consider evaluating and applying the same scrutiny to key suppliers in risky locations.
3. Include contract clauses stating that the agreements terminate immediately and all payments that are due (or have been made) will be forfeited if, in rendering services, illegal payments are made or any part of the fee or expense payable under the agreement is used for an illegal purpose.
4. Implement regular audits for third parties that focus primarily on countries with high corruption risk and specific areas of risk (for example, customs clearance).
5. Develop a policy that requires anti-corruption due diligence in any contemplated merger, acquisition, or joint venture. Statements that accurately disclose any past FCPA violations should be included in the seller's representations and warranties related to the transaction or as part of the merger or joint venture contract.
6. Compliance with the anti-corruption policy should have a prominent place in the overall compliance regime. Set clear compliance standards and promote consultation and reporting of potential violations. One way to do this is by establishing a "hotline" for employees to report possible violations, making sure that all employees are aware of the hotline's existence. And finally, be sure to implement appropriate investigative procedures and disciplinary actions.
Identify high-risk countries
Supply chain managers and logistics companies face a particular risk because they often operate in countries that have developing economies and therefore may be more likely to encounter corruption.
Certain countries have higher corruption risks than others. A number of factors indicate that a country may be high-risk, including a developing economy and legal framework, a cashbased economy, heavily punitive penalties for minor documentation errors, country culture, and centralized power in the hands of a number of powerful individuals in certain service areas (such as granting of contracts and customs clearance). One useful source of information is Transparency International's Annual Corruption Perceptions Index, which is co-authored by Ernst & Young LLP. This report provides information about the perceived levels of public-sector corruption in 180 countries.1
Be sure to assess operations in the countries in question, identify key areas of risk, and address those areas. Pay particular attention to operations where your company has government customers or significant interactions with the government, consultancy arrangements, and contracts for services.
Your company also needs to understand the ownership and business relationships of its trading partners. Is there indirect or direct ownership by government officials and politicians? Does the partner subcontract any of the work or services to other companies? Can it assess the ownership and risks of dealing with those companies? Are trading partners providing full documentation for all transactions and acting in a transparent manner? Is there any evidence of trading partners dealing with shell companies?
Supply chain managers and logistics companies face a particular risk because they often operate in countries that have developing economies and therefore may be more likely to encounter corruption.
Develop due diligence procedures
Due diligence provides a means to assess the risk in retaining certain suppliers, vendors, and consultants. It is not worthwhile to take shortcuts here; it is easier to exclude a potentially risky trading partner during the tender process than to try to fix the problem later.
Conducting due diligence helps to effectively convey the ethics and culture regarding the company's approach to FCPA and anti-corruption efforts, both within the organization and to the third parties. This should be part of the internal controls procedures. It should focus on the ownership of the organization, previous issues in the public domain (if any), and risk factors within the industry and/or country.
Consider applying FCPA due diligence procedures for all new joint venture partners, third-party suppliers, vendors, agents, and consultants. Ask them to confirm that they will comply with your organization's FCPA policies. You can test their compliance by exercising your audit rights.
Acquisition targets are another area of particular concern. (See the sidebar "Dangerous liaisons?") It is becoming increasingly apparent that companies need to focus more scrutiny on acquisitions. There are a number of questions to ask that can help to identify associated risks. What are the policies currently in place? Are there specific risk areas? Are the companies to be acquired testing their suppliers' compliance with the FCPA? Is their FCPA compliance program actually being used? Have they identified past problems? What are their internal controls? Do they have written contracts with third parties that address FCPA and anti-corruption?
Manage customs clearance
The customs clearance process is especially exposed to risk. Each country has its own laws and regulations that can be onerous to navigate, and many government employees and outside agents may be involved in managing the process. It is vital that a company understand the nature of the work of its customs clearance agents and brokers to make sure it does not have FCPA exposure.
Be aware, too, of local laws and behaviors. For instance, relatively minor documentation discrepancies may lead to significant customs clearance delays, and in some countries, the fines for minor discrepancies may exceed the value of the goods. This provides the customs officials with potential leverage for obtaining a bribe. In industries where the delivery of materials and services is especially time-sensitive, moreover, unscrupulous customs and government officials may also gain leverage. For example, in the oil services industries, the delay in repairing a rig could lead to losses of millions of dollars per day due to lost production.
In some cases, a customs clearance entity may offer expedited clearance. It is important to clearly understand the nature and components of this service offering. In some countries, there is the potential that the customs clearance entity may be making illegal payments in order to expedite the shipment.
If your overseas supplier is responsible for customs clearance, the risk may be reduced. However, if you become aware of your supplier's potential improper activity, then you may have a risk of breaching anticorruption laws, particularly if your company directly or indirectly funds those activities.
Control gifts and third-party deals
It is vital to implement strong internal controls over the use of cash, travel, entertainment, gift-giving, and the retention of third parties. These internal controls should be consistently monitored and tested. Strong internal controls must be present to address the following types of risks:
1. Cash payments are often the preferred method for the payment of bribes. In some countries, the risks are higher if the country is a cash-based economy and most transactions are made in cash.
2. The establishment of bank accounts must be controlled. Off-balance-sheet bank accounts are often used to pay bribes.
3. Are suppliers or consultants providing legitimate goods and services? There have been cases where third-party firms have been involved in facilitating bribes by providing invoices in an effort to legitimize the payments.
4. Travel, entertainment, and gift-giving require strong controls. Education and training can prevent employees from unknowingly making a mistake. They may not know, for instance, that in certain countries, a majority of medical professionals is effectively employed by the state; as a result, traditional gifts that are legal in some jurisdictions may be illegal in other jurisdictions.
5. Charitable donations may be used as a front for funneling payments and/or bribes to government officials.
6. Credit notes or rebates to government-owned companies and departments must be strictly monitored, as they may pose a particular risk of being misused.
7. Donations to political parties are an area of high risk, and all such donations should be scrutinized.
8. Third-party companies may be used as a way to funnel bribes and/or benefits to government officials.
9. Controls over the retention of third parties are critical, particularly for consultancy services, contracts for services, and key suppliers.
Routine employee training
Although many companies have very strong written compliance policies, written instructions are not sufficient to manage corruption and fraud risk. Training of employees worldwide is equally important. More than half of the respondents to Ernst & Young's 10th annual global fraud survey, in fact, said that increased training and awareness assisted in reducing risks.2
The training should apply to as many employees as possible, depending on the various risk factors, and it should be conducted in all of a company's locations. Keep in mind that although a particular country is not considered a high risk, it does not mean employees in that location will not experience FCPA issues. If they are dealing with agents, brokers, and third parties who are conducting business in high-risk countries, then they are likely to encounter such concerns.
Be sure to maintain a signed or electronic record of the completion of the training for each employee. Some companies have been able to attain this objective by providing an electronic training option. Any training, regardless of method, should be repeated on a consistent basis. Depending on the area's risk factors, you may need to conduct training in some areas more frequently than in others. Individuals who consistently work with government officials, for example, should receive updated training annually.
Newly hired employees should not only be trained as soon as practically possible, but their employment contracts should also contain a written confirmation that the employee will follow the company's FCPA and anti-corruption policy. In addition, every company should either confirm that there has been appropriate training, or provide training itself, for all of its consultants, brokers, agents, and customs agents. Finally, consider training key suppliers if the risk factors suggest it.
Test the controls
You may have the best-designed controls, but if you are not testing those controls in operation, then you are unlikely to have an effective program for combating FCPA risks. It is important to have a multiyear testing plan that effectively addresses your company's risks. It is also a good idea to appoint an FCPA "champion" with the appropriate level of authority. This sets the correct tone and sends a message about the company's commitment and focus on FCPA compliance.
Aim for 100-percent compliance but develop a plan for dealing with potential problems the testing might identify. Managing compliance issues may be best handled with the help of legal counsel and outside consultants.
You should also continually monitor for other warning signs, including: unusual payment patterns or financial arrangements, unusually timed or high commissions, delay or refusal to provide a certification of FCPA compliance, a lack of transparency in expenses and accounting records, "success fees" paid to a third party for securing a contract, joint ventures with a foreign government entity, and potential penalties for failing to complete certain elements of a contract by a specified deadline.
In addition to monitoring controls, establish policies and procedures for addressing FCPA concerns, including ensuring the preservation of documents and other materials, prompt and timely investigation, proactive and effective response, and involvement of the board of directors and audit committee, as appropriate.
Act before it's too late
As the number of FCPA cases has increased dramatically in the last 10 years, it has become critically important that companies proactively address the risks of noncompliance rather than wait for negative consequences to prompt them to action. The legal costs on both the civil and criminal levels can be severe. When a potential FCPA issue is identified, address it immediately and effectively. This is a considerably better choice than becoming the target of an investigation and reacting after the fact.
1. Transparency International's Annual Corruption Perceptions Index, with Ernst & Young LLP (2008)
2. Corruption or compliance—weighing the costs: The 10th global fraud survey, (2008)
Ernst & Young's Corruption or compliance—weighing the costs: The 10th global fraud survey, issued in May 2008, found that nearly half of the prosecutions under the U.S. Foreign Corrupt Practices Act (FCPA) in 2007 arose because companies had been involved in mergers and acquisitions. A checklist approach to anti-corruption due diligence and a reliance on representations and warranties by the companies being acquired are unlikely to be sufficient protection from legal risk and possible damage to the acquiring company's reputation.
The survey showed, however, that companies are increasingly waking up to the risks that corruption presents. More than half of the respondents said they are increasing the amount of training they do on this subject, and 45 percent said they conduct some form of anti-corruption due diligence before making corporate acquisitions.
Authors's note: The views expressed herein are those of the authors and do not necessarily reflect the views of Ernst & Young LLP.