Today I’d like to talk about FCPA compliance in a more general way. FCPA compliance software is the key to success to ensure risk mitigation, or at least prove due diligence has occurred to prevent compliance violations. The benefit of the software is that it automates the production of FCPA data analytics.
FCPA Compliance in Mergers & Acquisitions Part 4
What you don’t know CAN hurt you
Every organization should have well-established internal FCPA compliance policies and procedures in place for their employees to learn and follow. Likewise, internal controls should be established around these policies and procedures to ensure systems are functioning properly and employees are following the rules.
In the payments world, where I come from, these controls might consist of things such as providing supporting documentation for any master data changes and ensuring payment authority levels are appropriate for an approver’s position according to FCPA compliance policy. FCPA data analytics must be available and accessible to designated employees.
Controls may also include demonstrating an ERP system is following workflow protocols for invoice approvals or running queries to ensure invoice details are not changed post-approval.
You may be asking yourself, “What exactly do these types of controls have to do with compliance?” The answer is everything. In my last blog of this FCPA series, I want to focus on the importance of using data analytics and technology to ensure compliance. Not just for FCPA purposes, but for all spend risk.
I want to start with some data around corruption, taken from the ACFE’s 2022 Report to the Nations.
- Corruption was the most common fraud scheme in every global region.
- Corruption cases are most common in large companies.
- The frequency of corruption cases is on the rise – 33% in 2012 compared to 50% in 2022.
In cases involving corruption, the DOJ will always refer to a company’s compliance program to test its effectiveness. Do you remember what an “effective compliance program” looks like? Let’s refresh.
- Commitment from Senior Management and a Clearly Articulated Policy Against Corruption
- Code of Conduct and Compliance Policies and Procedures
- Oversight, Autonomy, and Resources
- Risk Assessment
- Training and Continuing Advice
- Incentives and Disciplinary Measures
- Third-Party Due Diligence and Payments
- Confidential Reporting and Internal Investigation
- Continuous Improvement: Periodic Testing and Review
- Mergers and Acquisitions: Pre-Acquisition Due Diligence and Post-Acquisition Integration
- Investigation, Analysis, and Remediation of Misconduct
Utilizing FCPA Data Analytics
One of the DOJ’s primary focuses is on continuous improvement through data analytics. And, as they rely more and more on data analytics for their own investigations, the Department expects companies to follow their lead.
Continuous monitoring is not enough to demonstrate the effectiveness of a compliance program. You must be able to show action has been taken on any issues identified through the FCPA data analysis process, and to do that requires keeping permanent records of how issues have been remediated.
Using data analytics to test FCPA compliance allows you to efficiently sort through data to help identify any potential FCPA “red flags.” These red flags require additional follow-up and due diligence from the company to ensure they are valid records or transactions.
Data analysis can also warn you of potential internal financial controls. Typical analyses can compare individuals or vendors in your database against known parties on government watch lists to help flag individuals or vendors who are classified as government contractors or foreign officials. Other analyses can help identify abnormal transactions that look suspicious or may constitute a bribe.
To summarize my series thus far, we started with a discussion of how FCPA compliance software fits into mergers and acquisitions, then moved into an explanation of what due diligence looks like in each stage of the process, and finally walked through some notable example FCPA case studies to demonstrate how the guidelines have changed over the years.
What you don’t know CAN most definitely hurt you. As it relates to M&A transactions, the failure to perform adequate due diligence related to bribery and corruption risk could result in serious consequences for the purchasing company. Not only could it lead to the purchase of an overvalued company, but also could have significant collateral ramifications including costly and intrusive post-transaction government investigations, restricted business opportunities, and reputational damage.
Continuous monitoring with FCPA compliance software and advanced FCPA data analytics can identify other types of payment and expense fraud. It can also help you determine if additional education and training is needed help reinforce your procurement and payment policies.
Fraud is going to happen. There will always be a new scheme around the corner that forces companies to take yet another look at their existing controls and figure out how to prevent the same issue from happening again in the future. Thank goodness there is FCPA compliance software available to help identify and mitigate the risk.
Here are a few other 2022 ACFE statistics to ponder:
- Lack of internal controls is the #1 control weakness that contributes to occupational fraud.
- The presence of anti-fraud controls is associated with lower fraud losses and quicker fraud detection.
- 81% of victim organizations modified their anti-fraud controls following a fraud event. 75% increased management review procedures; 64% increased use of proactive data monitoring analysis.
Remember Deputy Attorney General Lisa Monaco’s warning - a corporate culture that “fails to invest in compliance …leads to bad results.”
Isn’t it time to make data analytics a part of your compliance program? With corruption on the rise, you can’t afford not to.
A continuous transaction monitoring solution is an important part of any effective compliance program. The Oversight solution addresses the DOJ’s guidelines for compliance monitoring, communication with employees, compliance evidence, and audit trails.
If you would like to learn more about how the Oversight solution works, please visit our Monitoring Solutions Page.
The Foreign Corrupt Practices Act (FCPA), enacted in 1977, generally prohibits the payment of bribes to foreign officials to assist in obtaining or retaining business. The FCPA can apply to prohibited conduct anywhere in the world and extends to publicly traded companies and their officers, directors, employees, stockholders, and agents. Agents can include third-party agents, consultants, distributors, joint-venture partners, and others.
The FCPA also requires issuers to maintain accurate books and records and have a system of internal controls sufficient to, among other things, provide reasonable assurances that transactions are executed, and assets are accessed and accounted for in accordance with management's authorization.
The sanctions for FCPA violations can be significant. The SEC may bring civil enforcement actions against issuers and their officers, directors, employees, stockholders, and agents for violations of the anti-bribery or accounting provisions of the FCPA. Companies and individuals that have committed violations of the FCPA may have to disgorge their ill-gotten gains plus pay prejudgment interest and substantial civil penalties. Companies may also be subject to oversight by an independent consultant.
The SEC and the Department of Justice are jointly responsible for enforcing the FCPA. The SEC's Enforcement Division has created a specialized unit to further enhance its enforcement of the FCPA.6
2 https://www.justice.gov/criminal-fraud/file/1292051/download (pages 58-68)