Top Compliance Reminders from 2023 FCPA Enforcement
While 2023 was a relatively slow year in FCPA enforcement, the DOJ and SEC settlements announced throughout the year set out a list of important ethics and compliance reminders. While these may seem obvious to everyone, I hope they stimulate further reflection and analysis to inform FCPA compliance practitioners as they prepare for the next year.
Third-Party Risk Management: DOJ and the SEC FCPA enforcement actions revealed again “classic” third-party agent bribery schemes that were funded through high commissions and sham consulting arrangements. In particular, a number of these cases reflected that business executives questioned high commission rates, and whether to pay these demands. Or, in the Albemarle case, a third-party agent specifically informed the business officials that he needed higher commissions to pay bribes to the relevant government officials.
In these situations, usually involving the extractive industries (e.g., oil and gas and mining), the intent and the red flags were substantial and obvious. but nonetheless, the company went forward. In the Franks International case, the business made a conscious choice to pay the bribes for the “survival” of the business in Angola. In other words, the company chose bribery over exiting the market.
Underlying these third-party agent problems is another significant compliance weakness — the absence of meaningful financial controls covering the contract – invoice/puchase order- payment processes. All too often, when faced with obvious bribery schemes, financial representatives are forced to pay questionable invoices or purchase orders with no meaningful documentation or explanation for charges, or payments are made to shell companies in suspicious locations, along with questionable banking transactions.
In most cases, the third-party agents did not have a written contract at the time of the bribery scheme. In a few cases, engagement agreements were backdated to cover compliance failures. This is a basic requirement that companies continue to ignore, especially in high-risk industries and locations.
Ignoring or Obstructing Internal Lines of Defense: In a repeated theme in 2023 (and prior years as well), DOJ and SEC enforcement actions contain instances where internal audit or compliance reviews identify deficiencies or red flags pointing to illegal bribery payments. Notwithstanding these findings, companies that suffer enforcement actions often ignore these findings, fail to follow up at the board level, and ignore the need to dig further into potential problems. In the Clear Channel SEC case, the lead executive in China obstructed the auditors from securing additional information and resisted attempts to investigate.
Companies that fail to support their internal audit functions are creating real and serious risks. I have seen companies enforce internal audit findings as “suggestions,” instead of applying a best practice of listing all findings and enforcing such remediation on a specific schedule with definite deadlines. In most companies, the internal audit remediation measures are monitored and enforced by senior management and the board of directors/audit committee.
Senior Business Participation: In almost every FCPA enforcement action, it is common to identify senior business officials who willingly participate in bribery schemes. They are often motivated by the lure of additional business and willing to turn a blind (or even a knowing) eye away from the evident bribery scheme. In some cases, I would expect the business officials to claim they did not “know” that bribes were going to be paid. Such explanations are often self-serving — business executives are intelligent and fully aware of what may be occurring. Instead of putting a stop the conduct, the enforcement action cites business personnel who either actively participate in the scheme or willingly let the conduct occur without intervening.
In the end, companies suffer from a weak culture commitment to ethics and compliance. Money is the dominant motivator, despite the risk of enforcement and the obvious harm to the company’s culture. Bad actors may exist in a company but often they operate in an environment that permits such conduct to occur with impunity.