By Alexandra Wrage
It is possible to be too anxious about compliance.
The convergence of the new UK Bribery Act, the Dodd-Frank whistleblower bounty provisions, the growing number of enforcement actions in more countries and the apparent contest for the largest fines and longest prison sentences leave the business community anxious. Understandably so.
But I predict that these developments will not ultimately be as problematic as they currently seem.
First, the UK Bribery Act has not yet come into force. When it does, we’re likely to find that the hysteria (and for many companies, significant expenditure) was unnecessary. Companies that have made anti-bribery compliance a priority already have robust controls. They’re already addressing compliance weak spots like gifts, travel and hospitality for foreign officials with sound, global policies that account for the vagaries of local law. They have already made their choices about facilitating payments, for example, and whether they can manage the risk of violating local law, the accounting challenges and the slippery slope that such payments entail.
The UK law tills new ground in that it addresses private-to-private “commercial bribery,” but commercial bribery has never been a good idea and has long been illegal under other, non-FCPA, laws in the United States. The jurisdictional reach of the UK enforcement authorities is startling, but it isn’t matched by the resources they would need to investigate and pursue all violations caught in their virtually global net. It’s encouraging to see the British join the anti-bribery community whole-heartedly at last with their robust new law, but any company that has been taking the FCPA seriously has little to fear from the new UK law.
Dodd-Frank worries many companies and their compliance officers. Well-governed companies have worked for years to develop internal reporting mechanisms whereby employees could report, either anonymously or confidentially, known or suspected violations of law or corporate policy. Substantial portions of international training sessions were devoted to ensuring employees knew how to access these tools, toll-free and in their preferred language. The more robust of these programs worked and, anecdotally at least, enabled companies to investigate problems and implement steps to tighten up their programs. Employees reported for many reasons, from irritation at a colleague for gaming the system to a desire to protect the value of their own shares. But now Dodd-Frank has changed that calculation.
We hear about employees now who explore the potential value of a report to the SEC before reporting what they would have reported internally without hesitation just last year. Plaintiffs’ lawyers are inundated and the SEC has reported receiving an average of one credible FCPA case each day.
There doesn’t seem to be much relief in sight, but consider this: the federal government is under a budgetary freeze, the SEC is understaffed and the reports they’re receiving are not the thoroughly-investigated and skillfully-presented matters that companies report as a part of voluntary disclosure. Instead, they’re buried amidst thousands of other complaints – both valid and frivolous. If the whistleblowers do have lawyers, they’re unlikely to be FCPA lawyers and unlikely to act as a filter for the overworked enforcement agency. In addition, companies that have voluntarily disclosed in the past have done so because they wanted to settle rather than fight. Dodd Frank is going to introduce a whole new community of companies to this process and some, perhaps many, are likely to want to proceed to trial. It isn’t clear how this wave of cases will be resolved, but the first few enforcement actions based on bounty-seeking whistleblowers will begin to reveal the limits of the federal resources. I predict that the SEC will either have to settle large numbers of matters at a substantial discount or choose its battles very carefully indeed.
Multiple prosecutions for the same general conduct is also worrying, but just as prosecutors across borders are having to cooperate more during the upstream, investigative stage, there will have to be greater cooperation, and certainty, on the downstream end. Companies will not continue to settle with one enforcement agency if there’s a pattern of follow-on suits from other jurisdictions. Enforcement agencies with too few resources to investigate even widely reported cases will simply tag along behind their counterparts in other countries. The recent Siemens, Halliburton and Saipem settlements with the Nigerian Government serve as examples. Companies ready to settle will want reasonable assurances that the settlement will bring the matter to a close.
So the three greatest areas of concern for the anti-bribery community in the year ahead are all, I believe, overblown.
There’s still a lot of work to be done, but there are a lot of sound, cost-effective tools available, too. The TRACE Compendium is a publicly available database of international anti-bribery matters worldwide. The Compendium lists all anti-bribery cases and most investigations in a fully searchable format. There are search categories, as well as a general word search. The Compendium contains more than just FCPA cases. If a matter crosses a border, it’s in the Compendium. In addition, the data is collated annually in the TRACE Global Enforcement Report (“GER”), which can be found on the Compendium webpage. This report shows trends over time, by country and by industry. Every data point in the GER is supported by a full description of each matter on the Compendium.
The OECD has published a Good Practice Guidance on Internal Controls, Ethics, and Compliance, agreed by the 38 States Parties to the OECD Anti-Bribery Convention. Consensus on anti-bribery compliance guidance is a real achievement and shouldn’t be overlooked. The OECD guidance sets forth good, basic advice on the elements of a robust program. Click here to download the Guidance document.
Benchmarking anti-bribery programs is a key to keeping companies in the middle of the compliance pack, but many companies don’t have access to the information that they need. The United Nations Office on Drugs and Crime (“UNODC”), with the support of the Government of Sweden and PriceWaterhouseCoopers, has developed a potent but little known tool: A collection of anti-bribery programs of the Fortune Global 500, which can be found here.
These and other free or very cost-effective resources should provide reassurance to an increasingly anxious anti-bribery community, but nothing is as effective as a clear expression of serious intent on the part of the top leadership. The “tone at the top” matters most in strengthening the compliance culture of a company, and that can be conveyed at little or no cost. I predict that companies that concentrate more on getting that message right will fare better and experience less legal difficulty than ones that make a mad dash to invest enormous sums on faddish programs or scorched earth investigations.
