Implementing FCPA best practices across your supply chain

Guest entry by Julie DiMauro

Companies understand the importance of strong vendor-compliance programs, but costly enforcement actions stemming from supply-chain mismanagement and advice from regulators on the topic have not compelled every company to implement best practices in this area.

Modern enterprises increasingly must rely on others for their success, thanks to the global demand for their business and competition, plus the need to satisfy prompt deliveries and maintain lean inventories. While globalization, extended supply chains, and supplier consolidation offer benefits in efficiency, they can add risk to business operations as the company bears the costs of missteps made by their contractors, subsidiaries and partners.

To avoid an investigation, enforcement action or other costly distraction, companies should take the time to evaluate their codes of business-partner conduct and the ongoing training and monitoring performed of these partners’ compliance regimes. In the United States, certain states have mandated a code of conduct relating to certain supply-chain procedures. The California Transparency in Supply Chains Act of 2010 (SB 657) went into effect in 2012, requiring retailers and manufactures above a certain size doing business in California to disclose measures used to track possible slavery and human trafficking in their supply chains. The disclosure is aimed at providing information to consumers, allowing them to make informed choices about the companies they support.

The Securities and Exchange Commission (SEC) has taken every opportunity to warn issuers about being diligent when it comes to their third-party risk controls.

In its Resource Guide on the Foreign Corrupt Practices Act, the SEC advises companies to be specifically aware of the risks posed in using third-party agents or intermediaries when it comes to the FCPA. Although agents located overseas may provide legitimate advice regarding local customs and help facilitate business transactions, the SEC reminds registered firms that a bribe paid by a third party does not eliminate the potential for criminal or civil liability.

In a well-known FCPA case, a four-company joint venture used two agents — a British lawyer and a Japanese trading company — to bribe Nigerian government officials to win a series of liquefied natural gas construction projects.

The four multi-national corporations and the Japanese trading company paid a combined $1.7 billion in civil and criminal sanctions for their decade-long bribery scheme. The prosecution even led to individual liability on the part of the British lawyer and the former CEO of one of the company’s subsidiaries, both of whom received significant prison terms.

The SEC has outlined some of the red flags companies should be on the lookout for in the FCPA arena, including:

  • Excessive commissions being required and paid to third-party agents or consultants;

  • Third-party “controlling agreements” that include vaguely described services;
  • The third-party consultant is in a difference line of business than that for which it was engaged;
  • The third party is related to or closely associated with the foreign official;
  • The third party became part of a transaction at the express request of a foreign official;
  • The third party is merely a shell company incorporated in an offshore jurisdiction.

Creating policies and procedures designed to maintain business practices that are legal and effective takes a commitment from the compliance team and upper management. Consider the following:

   1. Establishing a board-level committee dedicated at least in part to the creation and review of corporate policy when it comes   to the selection and maintenance of business partnerships.

   2. Creating training programs across business units to educate staff on red flags, how to report suspicious activity, and what  risk controls are in the place at the firm and should be used to certify whether certain companies, agents and products pose   too great of a risk to the organization.

   3. Conducting annual inspections of major business partners is essential to surveying their procedures for controlling risk. Impromptu, unscheduled visits can go even further in being able to assess the effectiveness of those procedures.

   4.  Reporting any suspicious activity on the part of third parties or their ineffective compliance protocols as promptly as possible to regulators can go a long way in gaining some measure of leniency from these agencies. Create a platform for problem resolution that every department in your organization can use to report and elevate such concerns to supervisors.

 

 Julie DiMauro is a regulatory intelligence and e-learning expert in the Governance, Risk and Compliance division of Thomson Reuters in New York and a contributing writer for FCPA Blog.

Follow Julie on Twitter @Julie_DiMauro.