Revised FCPA Guidance: Effective Compliance Program and Internal Controls (Part V of V)
The initial FCPA Guidance included valuable compliance program guidance keyed to the heading, “Hallmarks of an Effective Compliance Program.” Issued in 2012, the outline of an effective compliance program was an important statement of policy.
The Revised FCPA Guidance includes additional information, some of which reflect recent changes made to the Evaluation of Corporate Compliance Programs. The Revised FCPA Guidance includes important statements on internal controls, the role of the chief compliance officer, and expectations concerning internal investigations. Most importantly, the Revised FCPA Guidance adds a new Hallmark of an Effective Compliance Program – Investigation, Analysis and Remediation of Misconduct.
Internal Controls (pp. 40-41)
DOJ and the SEC recognize that companies that engage in illegal bribery often have weak internal accounting controls. Companies with weak internal accounting controls often face increased risks and occurrence of theft, embezzlement, sanctions violations, bribery and other violations of law. The FCPA Guidance notes importantly that “[a]lthough a company’s internal accounting controls are not synonymous with a company’s compliance program, an effective compliance program contains a number of components that may overlap with a critical component of a company’s internal accounting controls.”
Criminal Liability for Accounting Violations (pp. 45-46)
The Revised FCPA Guidance clarifies the criminal intent requirement for accounting violations: “Criminal liability can be imposed on companies and individuals for knowingly and willfully failing (new language) to comply with the FCPA’s books and records or internal controls provisions.” To illustrate criminal enforcement of the accounting provisions, the Revised FCPA Guidance describes several enforcement actions in which companies mischaracterized payments to third parties, failed to implement appropriate due diligence requirements for third parties, such as documentation and verification of services, written contracts, and oversight of appropriate payment processes; and senior executive false representations concerning status of internal controls as part of the company’s Sarbanes-Oxley certification process.
Evaluation of Corporate Compliance Programs (p. 57)
To conform to recent changes made to the Evaluation of Corporate Compliance Programs, the Revised FCPA Guidance includes critical language asking “is the [compliance] program adequately resourced and empowered to function effectively?”
This language underscores: (1) the important role of the Chief Compliance Officer; (2) the requirement that the compliance function has to have access to adequate resources; and (3) empowerment of the compliance function with sufficient authority.
Investigation, Analysis and Remediation of Misconduct (p. 67)
The new element of an effective compliance program builds on prior statements of “root cause” analysis. “The truest measure of an effective compliance program is how it responds to misconduct.” This is a powerful statement.
An effective program has to include a “well-functioning and appropriately funded mechanism for the timely and thorough investigations of any allegations.” As part of an effective investigation program, an organization has to have “established means of documenting the company’s response, including any disciplinary or remediation measures taken.”
In addition, the organization has to build a mechanism to integrate “lessons learned” from the misconduct into the company’s policies, training and controls. As part of this companies will have to analyze the “root causes” of the misconduct to remediate the causes and prevent recurrence.