Three forces are converging to shape this new regulatory environment. First, regulatory bodies are employing sophisticated technology to detect and prosecute transgressions. The U.S. Securities and Exchange Commission’s Office on Market Intelligence, for example, has equipped its new task force on market abuse with the technology to conduct “Facebook investigations,” essentially mining data on traders’ personal relationships and communications to flag potential incidents of insider trading. Second, a “whistle-blower lotto” provision in the Dodd-Frank Wall Street Reform and Consumer Protection Act offers informants a bounty of 10% to 30% of any fine of more than $1 million resulting from a tip. And third, penalties for paying bribes in foreign markets are poised to escalate significantly under the U.K. Bribery Act of 2010.

The Importance of Being Integrated

This trend of intensifying exposure to myriad regulatory actions around the globe strongly suggests a need for multinational corporations — the most likely targets for government enforcement action — to develop integrated compliance programs that collect and monitor data in real time. Such systems could, for example, automatically monitor vendors and transactions, flagging those involving people or firms on government watch lists. If a company suspects a particular kind of violation, a custom inquiry can be written to mine the data and identify transactions for internal and compliance review. Deterring violations or detecting them early through a comprehensive, integrated program is a crucial first line of defense. Yet many large multinationals continue to employ piecemeal, often incompatible systems. That’s particularly likely when a company has grown through multiple acquisitions or has taken a decentralized approach to managing foreign subsidiaries. For example, if a U.S. company using Oracle’s financial management software buys a European firm running SAP and then buys a company in Asia that relies on a proprietary or a bespoke financial system, it may hope to avoid the thorny issue of integrating the three systems. But that leaves its internal audit team facing the manual and ad hoc challenge of collecting and interpreting data from each system. In today’s regulatory environment, that kind of disjointed effort is unlikely to succeed because companies need an effective way to deter and detect violations enterprisewide.

New technology provides a better solution, letting a company connect the dots — collecting and analyzing transaction data from disparate financial systems in real time. Responding to government investigations often costs millions of dollars in time and resources — and any resulting penalties, or criminal and civil judgments, can double or triple the bill, not to mention the impact on a brand or a corporate reputation. Establishing effective realtime automated compliance controls can also reduce external audit and insurance fees. And penalties may be lighter when a company can show it has an effective compliance program in place. That might have saved DaimlerChrysler, which settled a U.S. Foreign Corrupt Practices Act charge by the SEC for approximately $185 million, almost half of that penalty. An effective compliance program is a defense under the new U.K. Bribery Act.

Understanding Good Practises

In May 2010 the Organisation of Economic Co-operation and Development released “Good Practice Guidance” for antibribery compliance programs. The document outlines what companies are expected to do regarding antibribery policies, training, internal controls, reporting systems, discipline for violations, compliance incentives and accountability for program management. It also emphasizes the importance of having periodic third-party audits of compliance measures and reviews to ensure that programs keep up with evolving technology and with national and international standards. For multinational companies operating in this increasingly aggressive regulatory environment, now is the time to rethink their approach to compliance on a global scale.

In 2010 the United Kingdom’s Bribery Act went into effect, superseding 19th-century legislation that was widely regarded as no longer fit to tackle overseas corruption. The new legislation, one of the world’s toughest anticorruption laws, makes it a criminal corporate offense to fail to stop bribes from being paid on a company’s behalf. Ian Trumper, senior managing director with FTI Consulting in London, explains what the law, which will start being enforced sometime this year, means both to companies based in the United Kingdom and to foreign firms doing business there.

What was the impetus for these reforms?

There has been increasing international pressure for the U.K. government to introduce an effective anticorruption measure similar to the Foreign Corrupt Practices Act in the United States. The existing U.K. law had a very poor track record in prosecuting overseas corruption cases and had been criticized for failing to meet its obligations under the Organisation for Economic Co-operation and Development (OECD) Convention on Combating Bribery of Foreign Public Officials. Pressure increased when the U.K. Serious Fraud Office, citing concerns about national security, decided to abandon a major part of a case against BAE Systems concerning alleged corrupt practices in securing contracts with Saudi Arabia.

What are the key goals of the new law?

The primary objective is to create an effective legal framework to combat bribery in both the public and private sectors. The Bribery Act creates four prime offenses: two that cover offering, promising or giving an advantage, and requesting, agreeing to receive or accepting an advantage (Sections 1 and 2); one for bribing a foreign public official (Section 6); and a corporate offense of failing to prevent a bribe from being paid (Section 7).

The first two offenses cover bribes in both the public and private sectors, but a person (or corporation) is guilty only if there was an intention to induce another to do something improper or to reward someone for such an action. These types of bribes already were illegal, but under the new law it will be easier to bring charges. The offense of bribing a foreign public official brings the U.K. law into line with the OECD Convention, which criminalizes bribes intended to influence a public official in obtaining or retaining business. But if the first three offenses merely clarified or modified existing legislation, the fourth is entirely new. Under Section 7, any corporation with a business presence in the United Kingdom can be held criminally liable if any person associated with it, including any of its employees or agents anywhere in the world, is found guilty of giving or receiving a bribe. The only defense will be that the organization had put adequate procedures in place to prevent such bribery.

What does that mean for companies based in the United Kingdom?

You have to look at specific wording within Sections 6 and 7 to understand the new law’s significance. For example, in Section 6 there is no test for improper performance, so if you offer anyone working in a public capacity a financial reward with the intention of influencing that person to obtain or retain business, that is an offense — even if that person does nothing improper.

But there’s no definition of what constitutes a “financial or other advantage.” What if a company pays for a government official to fly overseas to inspect its manufacturing plant or to attend a business meeting? Where do you draw the line between bona fide marketing to display a company’s capabilities and more lavish expenditures that may influence the official’s decision? There also is no exemption for de minimis payments, including facilitation payments. In addition, companies are questioning what constitutes adequate procedures under Section 7 and how much responsibility they must take for the actions of overseas subsidiaries, agents and suppliers. What if you are working with an agent and you don’t know that person is paying a bribe? The new law has been drafted to enable prosecutions of bribery; the onus is on the company to prove its defense. The defense to a charge under Section 7 is the ability to demonstrate that the company had adequate procedures in place to stop bribes from being paid. [These provisions are similar to accounting rules in the United States that focus on ensuring that there are policies and procedures in place to prevent fraud or embezzlement.] It may be difficult, however, for a company to convince a prosecutor that its procedures were adequate.

What are the implications for companies based outside the United Kingdom?

The jurisdictional reach of this law is very wide. Anyone who is a U.K. resident and any company incorporated in the United Kingdom is subject to the act. Beyond that, though, if you have a place of business in the United Kingdom, Section 7 applies. For example, if a U.S. or Chinese company carried on only a small part of its business in the United Kingdom, say, through a small representative office, and that company is shown to have paid bribes in Africa, the company could be prosecuted in the United Kingdom. My own view is that enforcement will continue to focus on companies with extensive operations in the United Kingdom. But I think we can see the United Kingdom following the approach of the U.S. Department of Justice on Foreign Corrupt Practices Act investigations — many more cases being settled through large fines, with some individuals being prosecuted.

What procedures should companies implement to ensure that they remain in compliance with the new law?

The U.K. government has published draft guidance based on the Committee of Sponsoring Organizations model. [COSO of the Treadway Commission provides international guidance on organizational governance, business ethics, internal controls and financial reporting.] In essence the advice was to assess a business’s corruption risks, devise appropriate control and compliance procedures, and implement continuous monitoring. These principles were accompanied by some examples of appropriate procedures. Transparency International, with funding from FTI Consulting, also published guidance that sought to provide practical advice. In recent weeks there has been a lot of lobbying by businesses arguing that there is insufficient guidance on certain features of the act, particularly about facilitation payments and marketing expenditure. The government’s publication on the adequate procedures has been delayed, as has guidance from the Ministry of Justice on prosecution policy. As a result, the act, which was due to come into force in April, is more likely to become effective as of early summer.

As the head of investigations at the Manhattan District Attorney’s office for 15 years, my office brought case after case against companies and individuals seeking kickbacks, rigging bids, issuing false invoices and engaging in outright theft. This took place across a wide scope of industries and all manner of public projects. The theft routinely amounted to a tenth of the value of contracts. In fact, one group of insurance fraudsters went as far as to brand themselves the “Ten Percenters.”

With the equivalent of hundreds of billions of dollars being pumped into economies via a tangle of national, regional and local authorities, only the least ambitious thieves are not actively engaged in gaming stimulus systems. Take the U.S. bank bailout package, or Troubled Asset Relief Program (TARP). In its latest report to Congress, delivered in late January, the auditor of the $700 billion program noted that its confidential fraud hotline received nearly 10,000 tips in its first year of operation. The suspected frauds run the gamut, including “accounting fraud, securities fraud, insider trading, bank fraud, mortgage fraud, mortgage servicer misconduct, fraudulent advance-fee schemes, public corruption, false statements, obstruction of justice, money laundering, and tax-related investigations,” according to the audit report.

The auditor describes its fraud-fighting arm as a “sophisticated white-collar investigative agency.” This group contributes to a special task force created to fight financial fraud related to stimulus programs, with other members drawn from a variety of criminal and civil law enforcement agencies and regulatory bodies. This approach is not ideal. Government agencies have a tendency to take too long to staff up – for example, the financial fraud task force held its first meeting in December 2009.

A Little Goes a Long Way

The problem is not confined to the world of high finance. Significant shares of stimulus funds are being devoted to construction and infrastructure projects, areas highly susceptible to fraud (see table overleaf). Late last year, the U.S. Department of Energy’s inspector general published a report, Management Challenges at the Department of Energy, that lamented staffing shortages and other internal weaknesses. Similar agencies around the world face major challenges in keeping track of the flood of stimulus money meant to subsidize everything from large public works projects to small home-improvement measures. The influx of funds is putting already understaffed offices under great strain, providing opportunists with an easy route to ill-gotten gains.

The solution is to devote a small share of stimulus funds to fraud prevention and detection programs. This way, the authorities can protect projects without struggling to stretch already thin resources.

When it comes to fighting fraud, a little goes a long way. Meaningful prevention, detection and investigation can be funded with no more than 2% of the stimulus money dispensed. Thus, a local authority receiving $50 million for an infrastructure project should set aside $1 million to fund anti-fraud efforts. If, in the end, the fraud-fighting initiative costs less than this, the remainder can be returned to the project’s budget.

In addition to funding adequate prevention budgets, the effectiveness and efficiency of spending can be enhanced further by engaging private-sector players. Former government prosecutors, regulators and detectives with experience in investigations abound in private practices. If these resources are tapped, watchdog programs become both more agile and less costly, as greater competition among bidders drives down the overall price of prevention.

Some might object to a perceived windfall to private companies. But these concerns are easily addressed, as it should be seen as spending 2% in order to save 8% in forgone fraudulent waste. The alternative, however well intentioned, involves shuffling resources among law enforcement agencies that are already swamped with corruption cases growing as fast as governments can approve bills to boost stimulus spending.

The appetite of fraudsters to siphon off money from public projects is insatiable. Whatever the intentions or circumstances that surround a particular stimulus plan, by its nature these funds represent a pay day no criminal can ignore, particularly when times are tough. As a result, a precondition of putting honest people to work is putting fraudsters out of business.