Time to Tighten Your FCPA Compliance?

The Foreign Corrupt Practices Act (FCPA) has been a focus of enforcement efforts by the SEC and the U.S. Department of Justice ever since Congress passed it in 1977, but the last 18 months or so have seen a sharp increase in the number of FCPA cases. In 2006, only 15 cases were brought by the SEC and the DOJ; last year the total was 38, according to law firm Porter Wright Morris & Arthur in Washington, D.C.

The law has snared some big names, including Lucent Technologies Inc., which agreed last year to pay $1.5 million to settle a civil action brought by the SEC. The complaint alleged that Lucent had paid more than $10 million to enable Chinese foreign officials to travel to the United States and that some of those trips included disproportionate amounts for sightseeing, entertainment, and leisure. On top of which, the SEC argued, Lucent's FCPA training programs were inadequate.

The Lucent settlement was peanuts compared with the $26 million fine levied against four subsidiaries of British energy firm Vetco Gray in February of last year for bribing Nigerian officials to get preferential customs treatment. The fine was the largest to date in an FCPA case. The payments mainly went through the Houston offices of one of the subsidiaries.

So it comes as a surprise that in a recent Deloitte online poll of more than 620 executives only about one-third report that their organization is increasing its controls to prevent FCPA violations.

"There's always a time lag in recognition of new expectations and new concerns that are being raised in various enforcement actions," says Ed Rial, leader of Deloitte's Foreign Corrupt Practices Act consulting practice. But he's confident that recognition of the risk is growing and that "companies will really start to look at their compliance programs in a more detailed manner and make necessary adjustments. Depending on the company and the risk profile, those changes can be significant, requiring additional resources, or they may be more modest, requiring more of a specific FCPA focus in their testing."

Thirty percent of respondents in the Deloitte poll identified agent/consulting relationships as the area in which FCPA violations were most likely to arise. Foreign subsidiaries of U.S. companies were cited by 28 percent, and 22 percent cited joint venture or strategic alliance partnerships.

Rial notes that the number of FCPA cases related to acquisitions is on the rise, and U.S.-based buyers are looking at this risk more closely. "And that should really continue," he adds, "because the government has gone on record many, many times as saying that companies that buy other companies without performing anti-corruption due diligence are proceeding at their own risk."

Deloitte gives the following recommendations for companies looking to acquire assets in higher-risk locations:

• Deepen your due diligence. "If [a potential acquisition] is in a high-risk industry, in a high risk country, relying on government contracts, and using third parties -- for example, to interact with the government to help facilitate the sale -- there you have four potentially problematic areas," says Rial. "In that instance it would probably be wise to dig down deeper and ask for any type of anti-corruption program materials, any training they've done."

"Ask if they have any compliance files. Have there been any instances where they've faced some issues regarding allegations? Do they have some background on the senior people or those in sensitive positions within the company."

• Be wary of acquisition targets or potential partners that lack effective anti-corruption compliance programs. Even if the business hasn't been subject to the FCPA from a jurisdictional perspective, says Rial, "you're associating with a company that on day one will be your company, and you need to make sure that there's an effective compliance program or at least that steps have been made in that direction and there aren't any lingering problems that might lead to liability post-closing for the acquirer."

• Don't assume that some industries are safe. While the defense and energy industries have a higher perceived risk of corruption, cases have been brought against companies in all sectors.

Above all, though, businesses should make the effort to get the big-picture view of their FCPA compliance. "Companies need to take a step back and review their programs to make sure that they're properly addressing the risk," says Rial. "That doesn't mean there has to be a scorched earth policy where you go to every location in every risky jurisdiction every year. What it does mean is that there has to be a testable and reasonable approach to uncovering potentially questionable payments. And that could be structured in a way that could be part of the internal audit process."

It's an investment of time and money that may provide big returns, if only in peace of mind.