A look back at 2020 – FCPA Compliance, a vital part of enterprise and supply chain risks
The Foreign Corrupt Practices Act or FCPA has been top-of-mind for risk and compliance teams since its origin. Compared to previous years, 2020 has set records for high-penalty FCPA cases. This year also saw a revised resource guidance from DOJ and SEC.
Our focus at Vertaeon has been to view FCPA from the perspective of its impact on our clients, be it for enterprise or value chain compliance risk. If we look back at the last couple of years, what are the highlights? Which geographies are at the top for ‘doing business in violation of FCPA’? What proactive measures need to be taken to address this?
Background
As a corporate development, legal or risk professional, you may have heard of the far-reaching impact of this regulation. According to the DOJ website, The Foreign Corrupt Practices Act of 1977, as amended, (“FCPA”), was enacted for the purpose of making it unlawful for certain classes of persons and entities to make payments to foreign government officials to assist in obtaining or retaining business. With the enactment of certain amendments in 1998, the anti-bribery provisions of FCPA now also apply to foreign firms and persons who cause, directly or through agents, an act in furtherance of such a corrupt payment to take place within the territory of the United States.
Non-compliance trends: 2019 vs. 2020
2020 has been a record-setting year in terms of enforcement actions and penalties imposed. Total numbers shot up in 2020 compared to 2019. At the same time, completed bribery payments were less in 2020 compared to those noted in 2019. From a country and incident perspective, China, Venezuela, Ecuador, and Brazil were the top locations where bribery payments were made.
In October, Goldman Sachs Group and it’s Malaysian subsidiary admitted to conspiring to violate the FCPA, and will pay over $2.9 Billion in combined penalties as part of a coordinated resolution with criminal and civil authorities in the United States, the United Kingdom, Singapore, and elsewhere..
Revised Resource Guide – what’s new?
In July 2020, DOJ and SEC released a revised resource guide. According to a recent article from Corporate Compliance Insights, the first change to note is the expanded definition to the question, “is the corporate compliance program being applied in good faith” with the addition of the query, “in other words, is the program adequately resourced and empowered to function effectively?”
They also mention that the biggest change is the addition of a new Hallmark, entitled “Investigation, Analysis, and Remediation of Misconduct,” which reads in full: “The truest measure of an effective compliance program is how it responds to misconduct. …To do so, a company will need to analyze the root causes of the misconduct to timely and appropriately remediate those causes to prevent future compliance breaches.”
What does this mean for organizations?
DOJ & SEC have also interpreted the FCPA statute to mean that a company must maintain a system of internal accounting controls that monitors FCPA compliance not only internally, but also for all its third parties, including customers and suppliers. FCPA compliance risk, particularly when expanded to include your supply/value chain, can thus be a key driver for legal and financial risks, and potential reputational damage. Comprehensive monitoring of FCPA compliance risk that also includes the supply chain can be challenging without the right program.
For global corporations with far-reaching operations and 1000s of vendors, JV and customer partners, this analysis or monitoring to prevent future breaches will be impossible without the help of data analytics and comprehensive visibility of these risks. This includes not only historic non-compliance data, analyzed to provide the trends in various sectors or at various companies, but also a probabilistic assessment of the potential for non-compliance in a new venture.
Certification or documentation of other aspects of compliance have been proposed as mitigation steps for value chain partners. While certification is effective and necessary, we think of this as a first step. Is it enough to have suppliers complete a certification process once every year or two years, or do we need to go beyond this for enhanced visibility and confirmation?
A more robust solution would be equivalent to a full risk assessment framework: from identifying potential foreign bribery incidents, to launching and tracking effective internal investigations, categorizing risk drivers and putting remedial actions in place. Having a strong analytics program in place highlights former enforcement actions and penalties. Additionally, it’s the ongoing monitoring of entities that will provide strong risk mitigation in this area.
The Vertaeon team and our comprehensive risk analytics platform can help you assess the above aspects and go beyond – be it for consolidating your own global compliance progress or understanding the status of your value chain network. We have the capability to lead or support data extraction from multitude of external data sources, combine with internal data, and conduct analytics to identify trends or hotspots. This will provide you with easy to understand, highly visible, dynamically updated, risk dashboards – vital in a world of increased uncertainty, geopolitical tensions, and a rapidly evolving global picture!
For more information on how Vertaeon can help you develop a customized solution to your specific situation, request a demo or ‘Follow Us’ on Vertaeon’s LinkedIn page.
Author: Rekha Menon-Varma