What are the Essentials for a FCPA/Bribery Act/OECD Compliance Program?

In a recent article entitled, “Bribery and Corruption Compliance: the Playing Field Levels”, Timothy Coleman and Paul Lomas, attorneys from the law firm of Freshfields Bruckhaus Deringer discuss what they term the “tectonic shift” in anti-bribery and anti-corruption compliance internationally. The authors posit that increased enforcement of the US Foreign Corrupt Practices Act (FCPA); the release of the Organization of Economic Cooperation and Development (OECD) Good Practice Guidance on Internal Controls, Ethics and Compliance (OECD Good Practices); and the impending July 1 implementation date of the UK Bribery Act, have all acted to place “new burdens” on companies to have the highest standard of anti-bribery corruption programs in place.

The requirements of the FCPA are interpreted through the US Sentencing Guidelines, various Deferred Prosecution Agreements and Department of Justice Opinion Releases. The Bribery Act is interpreted through Guidance released by the UK Ministry of Justice. The OECD Good Practices contain its own commentary on interpretation. Using these documents, collectively called “the Sources” we will discuss the authors’ ten essential elements an anti-bribery and anti-corruption compliance program. The ten elements formulation is as follows:

1. Risk Assessment-as all three of the Sources, speak to the need for risk assessments, the authors recommend that a company annually assess its risk for bribery and corruption and use this assessment as a guidelines to take steps to reduce the overall risk of such conduct.
2. Implementation Generally-while the OECD Good Practices does not specifically address this element, it is contained within the FCPA and Bribery Act. The FCPA most generally says that an anti-corruption policy should be implemented while the Bribery Act more specifically recommends the embedding of “reasonable policies and procedures throughout the organization with an eye towards practical business issues.”
3. Participation-this means involvement by all levels of an organization; including (a) appropriate ‘tone at the top’; (b) senior level involvement; (c) individual responsibility and (d) company-wide culture.
4. Policies and Procedures-all three Sources require that written policies and procedures form the cornerstone for any anti-corruption and anti-bribery program. Care should be taken that it be written in plain English and not “by lawyers-for lawyers.”
5. Enforcement-this is defined as internal company enforcement and here the authors point to not only ongoing monitoring, auditing and assessment but also granularity down to the individual employee level. There should be both a ‘carrot and stick’ approach so that employees are disciplined for compliance failures but also rewarded (and seen to be rewarded) for doing business through appropriate compliance avenues.
6. Reporting and Response-under the FCPA, an anonymous reporting Hotline should be a component of a company’s overall compliance program. The Bribery Act calls it a ‘speak up’ line but whatever it is called, there should be recognized reporting mechanisms in place that allow an employee to report allegations of bribery and corruption and protections in place to guard against retaliation for such reporting.
7. Third Party Compliance-all robust anti-bribery and anti-corruption programs discuss the risk of third parties. They all agree that this risk must be properly evaluated, investigated and managed going forward. Appropriate due diligence must be performed and compliance terms and conditions are important with all third parties. General oversight after the contract is signed is also a key element.
8. Training-all the Sources of guidance state that training of a company employees, with an annual certification, is an important part of an effective anti-bribery and anti-corruption program. The Bribery Act extends this training to third parties.
9. Periodic Review-it is important for a company to engage in a review on no less than an annual basis. The Sources list several areas that should be assessed. A company should determine if its overall program in effective both internally and externally. Additionally, if there are new best practices a company should assess whether those concepts should be brought into its anti-bribery and anti-corruption program. If a company moves into a new business areas or a new geographic area, these new risks should be assessed, evaluated and managed as well.
10. Record Keeping and Internal Controls-both the FCPA and Bribery Act have language that makes clear that not only must books and records adequately reflect a company’s expenses but that internal controls are key defense and preventative measure against bribery and corruption.

The authors then advocate a three step implementation plan for an anti-bribery and anti-corruption program. This three step approach being with (1) Strategic Planning-where risks are assessed and then resources are dedicated to ameliorating or managing the risks; (2) Written Compliance Policy-every company should commit its entire anti-bribery and anti-corruption program to writing and distributed company-wide and to appropriate third parties; and (3) Implementation Plan-after risks are assessed a company-wide implantation plan should be created to begin to implement the policy beginning with the highest risks first and moving step-by-step throughout the company.

We congratulate the authors for a thoughtful paper which is great use to the compliance practitioner. If your company is implementing a compliance program, this article lays out a clear road map that you can follow. However the paper is equally of value to the company which needs to assess or review its overall anti-bribery and anti-corruption program. The authors use of the FCPA interpretations, the Bribery Act Guidance and OECD Good Practices are references point throughout the piece which provide an excellent resource for the compliance practitioner to gauge an ongoing compliance program. We welcome the authors’ contribution.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011