FCPA Compliance and Ethics Blog

January 18, 2011

The Swiss Compliance House: a Model for FCPA Compliance?

Filed under: compliance programs,FCPA — tfoxlaw @ 6:45 am
Tags: , ,

In an article in the January/February issue of the ACC Docket entitled “Five Fundamentals for Taking Management Compliance Seriously, author Daniel Lucien Buhr discusses a model for a compliance system which he describes as the “Compliance House”. The Compliance House is a model which has been developed by Swiss businesses to use as the foundation of effective compliance management by ensuring that by “binding values and appropriate compliance management they can safeguard their integrity, and avoid or contain breaches of the law.” Buhr believes that it is the basic legal responsibility of any company board of directors to make certain breaches of law are either avoided or, if they occur, are detected early enough so that the company may remedy the situation.

Buhr begins with a very basic understanding of the term compliance, which he defines it as “ensuring law abidance.” However, the author goes on to expand this definition by noting that both private and public stakeholders of a company will expect that the company shall comply with applicable standards, therefore compliance may also be defined as “the state of integrity expected by stakeholders on the basis of civic responsibility of the companies.” This is a far different version than most US companies would state. Most US companies would try and obey the law but not include a complete culture of integrity.

Buhr states that whatever the size of the company, it all begins with a strategic risk profile or what he terms a “risk map”. This sounds quite similar to the UK Bribery Act’s First Principle of Adequate Procedures, that being a risk assessment where a company regularly and comprehensively assesses the nature and extent of the risks relating to bribery and corruption. It is also the same as the Department of Justice’s (DOJ) admonitions that to follow the US Sentencing Guidelines for a best practices Foreign Corrupt Practices Act (FCPA) compliance program, a company should begin with a risk assessment. Buhr stresses that while there is no single model which will apply to every company, there are five common elements to build the “Compliance House” and they are:

  1. A written Compliance Policy and Code of Conduct is the ‘roof’ of an effective compliance policy. Under this element, the corporate management commits to complete integrity, through complying with FCPA, the UK Bribery Act or other compliance laws and regulations. This must be a key component of corporate culture and the foundations of its business operations.
  2. The structure of the compliance organization is the first pillar upon which the Compliance House is built. This is one of the side walls of the Compliance House. Management must ensure that the company’s Code of Conduct or other implementing statements are effectively implemented by the company’s compliance group. This requires that management fully empower the compliance group with adequate staffing, material and financial resources. This structural component must guarantee that an independent body is created, through a hotline or other mechanism, which allows compliance concerns and violations to be reported in confidence.
  3. The compliance processes are the second pillar of the Compliance House. Together with the confidential reporting mechanism, the compliance processes make up the other pillar of the Compliance House. The pillar includes planned systematic processes such as the regular analysis of compliance risks, the publishing and implementation of internal compliance policies and procedures, training the appropriate staff on compliance issues and the detection and investigations of possible compliance violations.
  4. Appropriate compliance incentives and sanctions. While most US companies are fairly well versed in sanctioning employees for compliance violations, they are less progressive in compliance incentives. This prong requires that a company reward particular achievements relating to compliance. Conversely, compliance breaches must be punished; however a company must make clear that the compliance program will not be sacrificed for commercial incentives. Finally, there should be complete transparency in both rewarding those who do business in a compliant manner and punishing those who violate the company compliance program.
  5. Testing the effectiveness of the Compliance House. As noted by Lanny Breuer, Assistant Attorney General, for the Criminal Division of the US DOJ, a compliance program must be dynamic, not static. This requires constant improvement of the compliance program through measurement and regular testing for effectiveness. Breuer has advocated an annual compliance program assessment by each company. Under the Compliance House model this would allow a company to determine weaknesses in its compliance program and remedy them or take into account changes in a company’s business model, such as moving into a high risk business area. The fifth element completes the Compliance House model.

The Compliance House model provides to the compliance practitioner, whether in a Swiss company or a person who is governed by the FCPA or the Bribery Act, a conceptual framework to develop an overall compliance program. It can also be used as a format to present to a Board of Directors to help them to understand a company’s compliance obligations and how those obligations are being satisfied.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

 

 

3 Comments »

  1. Two quick comments.

    First, on the issue of risk assessments, I’m amazed how this is universally recognized as a requirement, but so badly implemented. I’ve benchmarked a whole bunch of companies, and there really isn’t a good risk assessment at an issue level. By that I mean that a lot of companies have a global risk four-box-type assessment that just says, “wow, FCPA is a high risk,” but within FCPA risk, they have no idea what or where their risk lies. On a “gut” level, sure, but if you say “can I see your FCPA risk assessment,” you’ll inevitably get something substandard, at least from what I’ve seen.

    Second, I’m a big believer in the idea that “what gets metric-ed gets done.” So when it comes to evaluating a program, the first thing I ask is, “how do you metric your sales people?” The answer I’ve always gotten is, “how much they sell.” I am in total agreement with the idea that you have to reward good compliance behavior. I think that’s even more important than sanctioning bad behavior. The end state is to include compliance as a sales metric. I only know of one company that does it, but it’s a powerful incentive.

    The over Compliance House model, it seems to me, is just another way of saying what we’re all trying to accomplish, which is a recognition that how you achieve results is important.

    Comment by Howard Sklar — January 18, 2011 @ 8:04 am | Reply

  2. Thomas,

    The points you are making are excellent and an organization should follow it in spirit. However, I see a mumber of practical difficulties which will make the Bribery Acts something on paper only. For example, the Indian Revenue Services and other government bodies survey shows that nearly 80% of the officers are corrupt. That means bribery and kickbacks are extremely prevalent. Yes, there are a number of organizations who have a no bribery policy and that message does go through. However, they are very few. And even vendors give kickbacks to expats to get contracts. So how is the act going to become applicable in India? If let us say an American or British expat takes a kickback in India, who is going to report and what really can happen? How is the act going to be implementable and really be used is something which I can’t figure out.

    Sonia

    Comment by Sonia Jaspal — January 18, 2011 @ 8:34 am | Reply

  3. [...] The Swiss Compliance House: a Model for FCPA Compliance? by Thomas Fox [...]

    Pingback by Compliance Bits and Pieces for January 21 | Compliance Building — January 21, 2011 @ 7:02 am | Reply


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 4,591 other followers

%d bloggers like this: