FCPA Compliance and Ethics Blog

January 24, 2011

Evaluation of FCPA Compliance Training

One of the key goals of any Foreign Corrupt Practices Act (FCPA) compliance program is to train company employees in awareness and understanding of the FCPA; your specific company compliance program; and to create and foster a culture of compliance. The testing and evaluation of your FCPA compliance training program is recognized under the US Federal Sentencing Guidelines as a key component in the overall effectiveness of a FCPA compliance program. Indeed the overall effectiveness of a FCPA compliance program is one of the factors that the Department of Justice (DOJ) reviews in determining whether or not to charge a company. In their book entitled, “Foreign Corrupt Practices Act Compliance Guidebook”, authors Martin and Daniel Biegelman explore some techniques which can be used to inform a company’s FCPA compliance training.

The authors suggest an approach, which is formulized by the acronym SMART, which is defined as follows:

  • Specific: clear and concise training which can be understood by all employees;
  • Measurable: the training has defined metrics requirement such as post-training testing and pass rates;
  • Achievable: reachable, sustained and reasonable results such as training attendance;
  • Relevant: a program which will inform and/or measure the desired behavior; and
  • Timed: a realistic time frame for completion.

The authors also list several other considerations in the delivery of FCPA compliance training. What is the most effective type of training for your organization? Obviously live training is an important method of delivery. But this may not always be possible so computer based training, video training, web-based training or a combination of these different types of training can be useful to your organization. (For our prior two part series on Effective Compliance Training, see here and here.)

While most people tend to overlook the issue of attendance at training, it is an issue that should also be considered. You should determine that all senior management and company Board members have attended FCPA compliance training. You should review the documentation of attendance and confirm this attendance. Make your department, or group leaders, accountable for the attendance of their direct reports and so on down the chain. Evidence of training is important to create an audit trail for any internal or external assessment or audit of your training program.

The authors encourage post-training measurement of employees who participate in training. A general assessment of those trained on the FCPA and your company’s compliance program is a starting point. They list five possible questions as a starting point for the assessment of the effectiveness of your FCPA compliance training:

  1. What does the FCPA stand for?
  2. What is a facilitation payment and does the company allow such payments?
  3. How do you report compliance violations?
  4. What types of improper compliance conduct would require reporting?
  5. What is the name of your company’s Chief Compliance Officer?

The authors set out other metrics which can be used in the post-training evaluation phase. They point to any increase in hot-line use; are there more calls into the compliance department requesting assistance or even asking questions about compliance. Is there any decrease in compliance violations or other acts of non-compliance?

In addition to the training and the  evaluation you perform on your company and its employees, you should also consider the FCPA compliance training of your business partners. Companies need to consider the FCPA compliance training of its supply chain vendors, contractors, agents, resellers, distributors, joint venture partners and others with which it does business or in some way represent your company. This requirement for training of third party business relations is becoming a more critical component of a best practices FCPA compliance program.

The DOJ has made clear that it believes that both assessment and evaluation of FCPA compliance training as a best practice. This overall evaluation should become a standard part of your FCPA compliance program. The authors Martin and Daniel Biegelman have provided a valuable resource to guide you in following this best practice.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

 

January 21, 2011

What Can Your CEO Do for Your FCPA Compliance Program?

So what can your Chief Executive Officer (CEO) do for your Foreign Corrupt Practices Act (FCPA) compliance program? It turns out quite a bit. Both the US Sentencing Guidelines, which are used as the basis for FCPA compliance programs, and the Consultative Guidance, which is the basis for the adequate procedures defense under the UK Bribery Act, make it clear that top company leadership on compliance and ethics is a key component of any successful anti-bribery and anti-corruption program. Many CEO’s desire to be leaders in this area for their businesses but do not know some of the specific steps that they can take to achieve this. In a book entitled, Building a World Class Compliance Program – Best Practices and Strategies for Success” author Martin Biegelman provides some concrete examples in the chapter entitled “Tone at the Top and Throughout”.

In this chapter Biegelman cites to a list used by Joe Murphy of actions that a CEO can demonstrate to set the requisite tone from the Captain’s Chair of any business. The list is as follows:
1. Keep a copy of the Constitution on your Desk. Have a dog-eared copy of your company’s Code of Conduct on your desktop and be seen using it.
2. Clout. Make sure your compliance department has authority, influence and budget within the company. Have your Chief Compliance Officer (CCO) report directly to the Board of Directors.
3. Make them Accountable. At Senior Executive meetings, have each participant report on what they have done to further the compliance function in their business unit.
4. Sticks and Carrots. Have both sanctions for violation of company compliance and ethics policies and incentives for doing business in a compliant manner.
5. Don’t do as I say, Do as I do. Turn down an expensive dinner or trip offered by a vendor. Pass on a gift that you may have received. Turn down a transaction based upon ethical considerations.
6. Be a Student. Be seen at intra-company compliance training. Take a one or two day course or attend a compliance conference outside your organization.
7. Award Compliance. You should recognize outstanding compliance efforts with companywide announcements and awards.
8. The Board. Recruit a nationally known compliance expert to sit on your company’s Board and chair the audit or compliance committee.
9. Independent Review. Obtain an independent, outside review of your company’s compliance program and report the results to the Board’s Audit Committee.
10. Vendors. Mandate that all vendors in your Supply Chain embrace compliance and ethics as a business model. If not, pass on doing business with them.
11. Network. Talk to others in your industry and your peers on how to improve your company’s compliance efforts.

Many companies struggle with some type of metric which can be used for upper management regarding compliance and communication of a company’s compliance values. We are indebted to our colleague, Stephen Clayton for the following idea. It is to require the CEO to post companywide emails or other communications once a quarter on some compliance related topic. The CEO’s direct reports would then also be required to email their senior management staff a minimum of once per quarter on a compliance topic. One can cascade this down the company as far as is practicable. Reminders can be set for each communication so that all personnel know when it is time to send out the message. If these communications are timely made, this metric has been met.

Biegelman begins the chapter discussed in this posting with the statement “The road to compliance starts at the top.” There is probably no dispute that a company takes on the tone of its top management. As we recently noted in our FCPA Blog posting on BP and the Deepwater Horizon disaster, based on the book Drowning in Oil-BP and the Reckless Pursuit of Profit” by Houston Chronicle business reporter Loren Steffy; the CEO of BP wanted the company to adopt the financial discipline that Exxon had shown after its own environmental disaster, the Exxon Valdez spill. However, he failed to also understand that “as closely as Exxon’s management watched costs, it also made clear to every worker that the one cardinal sin was skimping on safety.” So safety was not made the priority for BP.

As the compliance professional within your organization you may well be asked by your CEO to provide concrete actions that he or she can take to lead the company in compliance. There may be suggestions you wish to make to the same CEO and the actions presented by Biegelman in his book, and by Clayton herein, provide some concrete steps and actions you can have your CEO take.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.
© Thomas R. Fox, 2011

Blog at WordPress.com.