FCPA Compliance and Ethics Blog

September 14, 2011

Compliance Convergence: US Customs and Border Protection’s Importer Self-Assessment Program

Compliance convergence can have several variations. I have written about the convergence from export controls to anti-corruption controls. Last week I wrote about the Lacey Act, which regulates imports of certain types of wood, among other items. One of the valuable lessons of compliance convergence can be the cross-over of lessons learned from one area of compliance to another. I was reminded of this when reading an article in the September issue of the ACC Docket, entitled “Import Loopholes Avoiding the Customs Audit” by Tiffany Jones. Her article discusses the “Importer-Self Assessment” (ISA) program initiated by the US Customs and Border Protection (CPB). The ISA has a requirement for a company to perform a “self-assessment” which means auditing, reporting results and correcting mistakes and implementing process improvements. This ISA relates to imports but it can be very useful for the Foreign Corrupt Practices Act (FCPA) compliance practitioner.

The CPB looks at five criteria to evaluate whether a company is ISA-ready. These will be familiar to the compliance professional. The terminology is a bit different but the concepts are recognizable. These five criteria lay out a good way for a FCPA compliance practitioner to think through an assessment of a company’s FCPA, Bribery Act or other anti-corruption and anti-bribery program.

I.                   Control Environment

Under this criteria, a candidate must demonstrate its commitment to compliance at the highest levels of the organization. Can you say ‘Tone at the Top’? But more than simply the right words, a company must demonstrate this criteria by actually doing. Therefore, this will include written policies, training for key import personnel and company-wide cross training.

II.                Risk Assessment

At least annually, a company should perform a risk assessment to determine which areas of import compliance are the most subject to error or non-compliance. In addition to assessing traditional high risk areas, a company should consider risk which may “flow from changes in personnel or changes in internal controls.” Additionally both transactions and internal controls should be reviewed.

III.             Control Activity

This criteria is defined as the creation of procedures to ensure that the senior management directives as specified in Criteria I – Control Environment are carried out. While Criteria I speaks to overall policies, Criteria III focuses on the procedures to implement the policies.

IV.              Information and Communication

This criteria has two components. First, company personnel are charged with keeping themselves informed of changes to trade regulations and how any changes might effect a company’s operations. Second, this information must be communicated and disseminated throughout the company to all “departments touching on the trade function.” The author quotes from the ISA Handbook, “Pertinent information related to CPB activities is identified, captured and distributed to the right people in sufficient detail, in the right form and at the appropriate time to enable them to carry out their duties…”  I could not have said it better myself.

There are many aspects to compliance convergence. Many practitioners view it as requiring many different types of compliance. This is certainly a valid view. However it can also be used as an opportunity to bring in compliance expertise that may already exist in your company to assist in an anti-corruption compliance program. This Border and Customs Protection format for self-assessment is a guideline that the FCPA practitioner can use as a basis self-assess a company’s compliance program. If you are implementing an anti-corruption program or looking at an anti-bribery program required under the UK Bribery Act there may be resources which you can tap into which exist within your company.


They’re Back!!!!!! Howard Sklar and I discuss all things FCPA and compliance (well mostly all things) on the return of This Week in FCPA, Episode 16See and hear Howard go on several rants as we discuss Haiti Teleco, denial of the ICE Mandamus Petition, Oracle’s announcement of a FCPA investigation and the post-trial filings in the Lindsey Mfg. case.

On Thursday, Sept. 15, my colleague Mary Jones and I will discuss how a Best Practices  compliance program can assist you in a FCPA compliance investigation, in a webinar hosted by World-Check and Ethisphere. Mary will discuss her experiences at Global Industries in a multi-year, world-wide FCPA investigation and how Global Industries came out with a Non-Prosecution Agreement. For registration and information, click here.


This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: