Writing about FCPA compliance and the reduction of FCPA risk is well tread territory on the Oversight blog. It’s also a big topic in the news and on social media if you run in the expense audit and compliance circles as we do. Unfortunately, reading about the topic isn’t enough: we have to take action and do it in such a way as to engage stakeholders and ensure compliance.
I really like this article from February 2015 in which Brian Mich lays out the blueprint for securing a favorable view from FCPA regulators. What I really like about Mich’s approach is that he segments the best practices into categories that reflect key objectives. Mich makes the case for leveraging these practices, while also pointing out how these best practices can be customized by the company in order to meet regulators’ desires. This type of FCPA compliance is anything but the standard cookie-cutter approach.
This also echoes sentiments of an article recently published by consultant Michael Rasmussen in which he talks about a shift in FCPA enforcement. Rasmussen writes, “If organizations self-report wrong-doing, cooperate with investigators, and can demonstrate that they have an effective compliance program the focus shifts to prosecuting the individuals and not the corporation (though in cases in which corruption is pervasive and executive management is involved this may not be the case).” Part and parcel of this new emphasis on organizations self reporting potential FCPA violations is to implement a monitoring system, which Rasmussen also recommends.
At Oversight, our view is that all organizations should “inspect what they expect” when it comes to compliance. This is true whether compliance is specific to the law, as is the case with FCPA, or compliance is specific to company policies and expectations, as is the case with purchasing and travel and expense policies. We believe that technology can be leveraged to provide more efficient and improved compliance; the flexibility of technology allowing for the needs of each organization to be met while ensuring effectiveness.
The Morgan Stanley case has proven that regulators will reward a well-defined, robust and dynamic compliance program. The degree to which organizations can achieve their own versions of a consistent culture of compliance, persistent training, and continuous adaptation without breaking the bank is generally contingent on determining how to leave as much of the heavy lifting as possible to automated solutions. Our customers tell us that the effectiveness of their anti-bribery and corruption programs is directly related to the amount of time compliance resources can spend on addressing risk as opposed to finding it.