This is the second in a two-part series on the Foreign Corrupt Practices Act. You can read Part 1, which covered how the FCPA became an industry unto itself, here. Thomas Kase spoke with Mike Koehler, the FCPA Professor, whose recommendations are presented here in Part 2. This is not legal counsel.
Let’s illustrate – when Global 2000 company X gets a DOJ or SEC visit, what happens next? Here’s the typical scenario if you choose the red pill, that is, to fight. The media and the stock market get wind of this. Count on the share price and market cap to take a substantial beating (read this story on Walmart in Mexico). Further, your bond rating can take a hit, complicating financial activities. Any mergers or acquisitions might grind to a halt if you’re in court with the enforcement agencies. There’s general business opportunity loss as other companies shy away from working with you. And then there is the time sink of having to be involved in depositions, fact finding, and other disclosure activities. This circus goes on for one to two years – let’s say five to 10 quarters in business terms. That’s a lot of time. Enter the blue pill: just “pay the man” to make it go away – an attractive option even if it costs dozens or even hundreds of millions. Look at the enforcement agencies’ easy win record again.
Exacerbating the issue – institutionalizing it really – is the fact that companies (as best practice dictates) always retain external counsel to get an impartial look at what they are and have been doing. Billed by the hour of course. So, the first move by external counsel is to recommend one to two years of extra legal discovery and analysis.
Any house call from the DOJ or SEC also triggers the fact-finding process described above, which will generate a lot of work for the law firm(s) retained, as their default recommendation is to go on a company-wide witch hunt leaving no stone unturned. It’s costly and time-consuming – and according to Professor Koehler, this can turn into a boondoggle for many involved. Remember that nearly all violations are highly isolated to certain countries, regions, and verticals – rarely are they endemic. All that is really needed is to examine the part of the forest that is burning, so to speak.
This is apparently a view that is shared by Jeffrey Knox, the DOJ’s chief of the fraud section of their criminal division. In a June 24 article in the Wall Street Journal (“Foreign Corruption: Do the Penalties Exceed the Crime?”), Mr. Knox is quoted as stating that “[companies’] global investigations are undertaken not at our insistence, but because they have decided that they need to get on top of their assets and their employees.” Add to that the inherent law firm bias toward recommending more billable work rather than less.
Interestingly, in the same WSJ article, Mr. Knox states that “the earlier that the company engages with us, the better of a position it is going to be in to control costs in an investigation.” We interpret that as being able to use the DOJ to focus on the areas at hand.Mr. Knox also claims to be “reasonable” and that anyone doubting him should “ask firms that have been through this process recently” and talk to “firms that have self-disclosed” to validate his assertions. Professor Koehler mentioned this angle as well and added that the official enforcement agency stance is “if you show us, we will be lenient” but, and he stressed this is a big caveat, with the near absence of transparency involving many aspects of FCPA enforcement it is hard to get any perspective on how much that really helps.
Now you wonder what else you can do, what program can you implement to be safe? Well, you can’t. There is no “adequate procedure defense” allowed in the FCPA like in many other peer nations such as the United Kingdom – one person somewhere among all your employees and third parties can put you in violation, no matter how many software belts and procedure suspenders you wear. Allegedly, if you have programs, training, dedicated staff, and so on, you can lessen the impact of an FCPA violation. However, here again, the lack of transparency in FCPA enforcement makes this a difficult claim to validate. What we can say with certainty is that you will not be able to find a bulletproof FCPA vest.
What does the professor recommend? Mike Koehler says, “This is like parenting. You spend time, money, and effort to get things right, but children will still do what children do.” In other words, they get themselves in trouble despite your best efforts and intentions. As an example of how much money some companies spend, Professor Koehler mentions Walmart – “they spend $1 million per working day on FCPA related activities.” He suggests that this is overkill even for a giant like Walmart and that less than half that amount ought to suffice, even for them.
We should point out that the vast majority of incidents are internally discovered and self-reported to the SEC/DOJ. And of them, the lion’s share come from third-party conduct. In other words, you need to know your third parties – and the individuals that control them. It needs to start before engagement – who is this, who are we going to work with, what are their skills, what is their value-add? Is it an obvious pass-through arrangement? Then you need to apply the same thinking during and even post engagement.
Since this comes down to individuals taking actions, the professor suggests looking at areas such as prior employment, banking relationships, family ties, and political connections. This clearly requires extensive audit rights in contracts and also favorable termination rights. That’s the pre-engagement phase.
During an engagement, you need to stay on top of any people changes, conduct annual re-certifications, address any red flags early, and pay particular attention to the money flow. For example, do commissions change, such as one deal suddenly requiring a 10-percent add-on instead of the regular 5-percent markup?
As you can see from the above, it all comes down to knowledge. The professor says that some companies out there operate with woeful ignorance or even reckless disregard of this area. Don’t be that company!
Training is obviously a big area. Some of Professor Koehler’s recommendations include these areas:
- Sales, marketing, procurement – three groups of decision makers that must be aware of this issue
- Establish incident reporting routes before anything happens
- Localize all information – this will most likely not happen in Kansas
Professor has an online FCPA training tool – take a look at it here. He has also created an FCPA Institute to help further understanding of these issues and how to work with the law (as well as FCPA Inc.). And as for that treasure trove of FCPA information alluded to in Part 1, that would be Professor Koehler’s FCPA Professor website. Check it out for a more informed and sophisticated understanding of the FCPA.