- Basic Principles
- Companies should proactively prevent violations by designing and implementing an effective compliance program. Compliance programs should be tailored to address the specific risks faced by the company’s specific business, operations, and/or industry.
- Companies should adopt formal, written corporate policies that demonstrate their commitment to comply with all applicable laws including the FCPA. Corporate policy statements should be distributed to all employees, including those located overseas.
- Senior management should actively promote the company’s compliance program as a reflection of the company’s core values. The key is to show that company management is involved in ensuring compliance.
- Thus, the government expects, at minimum:
- Compliance principles pushed down from senior management and infused throughout culture;
- Meaningful controls and oversight.
- Regular training programs and FCPA compliance information provided to all relevant employees;
- The anti-bribery component of an overall compliance regime should include:
- A senior officer who is specifically trained and focused on FCPA compliance.
- Policies to ensure that any payments made to foreign officials must be approved in advance by the company’s legal counsel or senior management.
- A system to encourage the reporting of any activities that might give rise to violations of the FCPA or other business practices, without fear of retribution.
- Agreements with consultants or third-party representatives that include provisions to ensure their awareness of, and commitment not to violate, the FCPA.
- Due diligence on the company’s agents, consultants, joint venture partners and other third-party intermediaries prior to retaining them to conduct business with the company or on the company’s behalf. All due diligence efforts should be documented.
- Regular audits of the compliance program itself and of books and records relating to areas of the business facing FCPA risk.
- The Company should develop and conduct regular training programs and provide FCPA compliance information to all relevant employees. Due to the sensitive nature of anti-corruption discussions, training is most effective if conducted on-site by in-house counsel. The key is to show that company management is involved in ensuring compliance.
- U.S. authorities require more than mere “paper” controls or policies that are easily circumvented. Indeed, the DOJ has indicated that providing training materials on the company’s intranet without follow-up to make sure policies are understood and being followed by employees is insufficient to constitute adequate training for FCPA awareness.
- Training should include, at minimum, a discussion of the FCPA and local anti-bribery laws, red flags, penalties for violations, and contact information for the person to whom any future questions should be directed. Training should also cover practical instructions on how to handle real-world scenarios.
- Attendance at training sessions should be documented and employees should sign certificates of completion.
- In non-U.S. operations, training should be conducted in, and policies and procedures should be translated into, local languages.
Ch. 27 Foreign Corrupt Practices Act
IV. Best Practices
* Not Yet Admitted