Ed. Note-as most of you will recognize, Henry Mixon is a frequent guest commentator, focusing on internal controls as a part of a best practices compliance program. He recently called me and said that he thought he could provide some information which might help my This Week in FCPA co-host Howard Sklar get some sleep by suggesting a way to deal with his “Nightmare Scenario”. I asked Henry to write up a blog post and this is what he delivered.
In his Nightmare Scenario posted on his OpenAir Blog, Howard Sklar wrote about a very bad dream in which a $5 payment to a customs official in a foreign country by a business development employee might result in the employer filing an 8-K to report a violation of the FCPA. The employee who paid the USD 5 to the customs agent included the payment in his expense report as “tips.”
Howard references the examples in SEC Staff Accounting Bulletin 99 in which a transaction can become material for SEC reporting purposes, even though it falls well below the typically-used percentage thresholds used by auditors and preparers of financial statements. Two of the considerations from the Staff Accounting Bulletin which can transform a small misstatement into a material one are:
- whether the misstatement affects the registrant’s compliance with regulatory requirements, and
- whether the misstatement involves concealment of an unlawful transaction.
I agree with Howard’s concerns about the potential impact of transactions typically considered immaterial. The risk of the 8-K being required may not result from a single USD 5 payment, but can certainly result from a pattern of individually immaterial illegal payments made over time.
When processing reimbursement for transactions occurring outside the US, I believe a different mindset for internal controls is needed. First, the amount of a transaction is not as important as the nature and whether the transaction has proper business purpose. Many approvers in US companies do not focus on that important difference.
Second, internal controls in many US companies do not focus on the prevention of illegal payments, but instead focus on detection.
Expense report reviewers should be trained to look for Red Flags and to question suspicious items, or items for which proper business purpose is not clearly documented, regardless of perceived materiality. For example, standard procedure for expense reports is to describe who, what, where, when, and why. Failure to provide such transparent description should be a Red Flag, whether the requested reimbursement is for meals, hotel, taxi, car rental or any other “common” expense report items.
I would certainly never advise a client to develop internal controls specifically designed to deal with very small dollar items. However, in the FCPA world, controls should be designed on the basis of the risk profile of the transaction, not the dollar amount. Expense reports of employees traveling to high corruption risk locations outside the US should be high on any risk profile.
Relatively small amounts paid frequently can result in violations of meaningful proportions, especially if all adopt the belief that small illegal payments are permitted and concealment can be rationalized.
In particular, creating the wrong mindset in the business development function can lead to Nightmare Scenario II: illegal payments made when they result directly in obtaining or retaining business, rather than a payment made to a customs official to be allowed to cross a border.
If nobody questions the concealed illegal payment to a customs official, might an employee see opportunity, and rationalize misbehavior, when a potential customer asks for a bribe in exchange for business advantage?
So, while Nightmare Scenario might not occur for one payment made to be allowed to cross a border, how many payments to government officials concealed in expense reports are required before Nightmare Scenario II becomes reality?
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author.
FCPA Compliance and Ethics Blog 