Lawyers, compliance professionals and senior management at companies can be obsessive when it comes to the threat of criminal liability.  Please do not get me wrong, I am not minimizing the risk of criminal prosecution, nor I am suggesting that everyone go out and start paying bribes overseas.

That being said, it is important to keep things in perspective.  The most significant FCPA prosecutions – Siemens, Daimler, KBR, Weatherford, and others were the result of “systemic” breakdowns in compliance.  Meaning that there was little to no ethical culture or any attempt to control the behavior of managers and employees so long as they were producing, making money for the company.

A culture of lawlessness does not just spring up one day in response to the behavior of a few individuals.  Rather, like a cancer, it grows and spreads, eventually taking over the organization.  Such a disease can only spread in the right environment.  That is when it comes down to culture – if there is no commitment to ethics, it does not matter how many policies you have or the controls that are developed, the company will inevitably choose the wrong road.

What I have described is one extreme.  If your company makes good faith attempts to design and implement an ethics and compliance program, with a commitment from leadership and the board, chances are that the worst result you could ever face would be a problem in a country or region, especially if the country or region was acquired but never fully integrated into the home company.

For a company to be considered a “criminal,” it has to act like a criminal – meaning secrecy, evil intent and all the surrounding attributes of a criminal.

That is why I stress two important values for a company – act in good faith by documenting everything you do and the rationale behind any action, and act transparently.  Companies that adhere to good faith and transparency are not acting with the requisite criminal intent.

This is a point that is worth stressing – even in the face of significant risks, if a company acts in good faith and transparently, there is little likelihood that it can ever be prosecuted criminally.

So what about the rogue employee who does act with criminal intent, hiding his behavior and seeking to line his pockets with the benefits of bribes?

While a theoretical claim of a “rogue” employee seems facially appealing, the truth is there is no such thing as a rogue employee.  Everyone in the business points to Morgan Stanley as the perfect example of a rogue employee, but that is plain wrong.

In the Morgan Stanley case, the Justice Department shoehorned the facts (and ignored others) to make an important point – if you build a great compliance program, and you suffer an isolated set of violations (not just one person but an office, division or region), we may decline to prosecute the entire matter.

The powerful message sent by the Justice Department was successful in energizing companies to improve their compliance programs.  It was a shrewd and very effective move by the Justice Department, in a very politically risky time.

With transparency and good faith, companies still face risks of country-specific or regional operations that may veer off for a little while.  No company will ever face a systemic breakdown so long as they have the essential two values needed to avoid a major catastrophe.

The worst-case scenario can still occur – a region or a country may have a breakdown but those are usually detected, cleaned up and problems fixed.  Companies still need to be vigilant in auditing, monitoring and conducting frequent assessments.  With that recipe, companies can safely avoid any serious systemic violations.