This new landscape has altered the way corporations conduct international business, bringing serious long-term consequences for violations. Boards and executives who are unprepared to deal with this challenge are increasingly finding themselves in the crosshairs of regulators – and paying a steep price.

Over the past several years, government authorities have extended the focus of their investigations and prosecutions beyond corporate entities to include individual executives. Indeed, in 2009 nearly 70% of the 40 FCPA actions brought by the DOJ and SEC targeted individuals, resulting in fines, jail time, and other penalties – a noticeable increase compared with recent years (see table overleaf). In 2009, the DOJ prosecuted 44 individuals, significantly more than 2008 (11 individuals), 2007 (10), and 2006 (three) combined. The trend of targeting and prosecuting individuals has continued into 2010: in January, the DOJ arrested and indicted 22 individual defendants as a result of a wide-ranging sting operation focused on overseas bribery in the military and law enforcement products industry. Speaking in February this year, Lanny Breuer, Assistant Attorney General for the DOJ, stated: “The prospect of significant prison sentences for individuals should make clear to every corporate executive, every board member, and every sales agent, that we will seek to hold you personally accountable for FCPA violations.”

These developments have given corporate executives the added incentive to exert more oversight and due diligence regarding their company’s operations. Boards and senior executives must get up to speed quickly to protect their corporations – and themselves – from the effects of overseas business corruption and related enforcement actions. To be effective, forward-thinking and responsible board members and senior executives must gain a basic understanding of the FCPA, its application, and the repercussions of violations. Once equipped with this knowledge, board members should verify that their company has implemented the necessary steps to ensure compliance. By taking these actions, a company can avoid the costs associated with violations and, if corruption occurs, have more flexibility to navigate a government investigation.

[fti.special]

A Spike in Multinational Enforcement

Until the past several years, the prosecution of overseas business corruption was viewed as a U.S. phenomenon, and principally through the prism of the FCPA. Today, however, some 38 countries have adopted FCPA-like statutes, and many countries have domestic anticorruption legislation that applies to a foreign company and its employees doing business in their country. While the level of commitment to enforcement and collaboration varies among international jurisdictions, there’s no question that countries around the world have taken a more concerted and coordinated international interest in combating commercial corruption, as evidenced by multinational investigations and prosecutions of Alcatel, Siemens, and Statoil. Indeed, in May, a new bribery bill is expected to become law in the UK, which will be even stricter than the U.S. FCPA and will provide for more serious penalties.

In general, the FCPA and similar statutes have three essential elements. First, employees or representatives of companies are prohibited from offering money or anything of value to officials of foreign governments to obtain or retain business. Second, companies are required to keep books and records that are an accurate reflection of their transactions and payments (for example, a payment to a foreign government official must be reflected as such). Third, companies must design and implement internal controls to uncover and prevent FCPA violations. The first element, known as the antibribery provisions, are criminal violations enforced in the U.S. by the DOJ; and the remaining two, known as the books and records provisions, are principally enforced by the SEC.

While enforcement actions under the FCPA by government authorities against global corporations have been rising steadily for several years, prosecutions and penalties reached an all-time high in 2009. The DOJ brought a record 26 actions in 2009, the highest number ever, and the SEC brought another 14. Several recent trends have pushed overseas business corruption and fraud to the forefront:

• There is a growing global awareness that engaging in corrupt activity is an improper way to conduct business.
• Effective FCPA enforcement in the U.S. has required companies to do more to deter and detect overseas business corruption and investigate allegations of improper activity.
• Increased resources for enforcement combined with better cooperation among government agencies around the world have led to more vigorous prosecution.
• Law enforcement is now explicitly targeting individual executives, in addition to companies.
• Regulators are undertaking more creative legal theories to pursue and charge companies and executives.
• Law enforcement agencies are using more aggressive investigative tactics, such as sting operations and wiretaps, to detect and prosecute corrupt behavior.

As a result, government regulators are imposing higher fines while still committing comparatively modest (but growing) resources. Ten years ago, fines and penalties might have ranged from $100,000 to $10 million; they are now much larger. Siemens settled a case for $1.6 billion in 2008, and Halliburton paid a penalty of $559 million in 2009 to settle a case involving its former subsidiary KBR.

The Impact of an FCPA Investigation

Boards and senior executives have an opportunity – and the responsibility – to protect their companies and themselves in the face of increasing global investigation and enforcement of anticorruption legislation. The costs of being unaware or underprepared are substantial: as noted above, the penalties resulting from an FCPA investigation have increased exponentially.

Recent developments have only added to the total financial impact on companies. Government regulators are able to force companies to “disgorge” profits related to corrupt activity, and regulators are pursuing broader, more creative methods to calculate these profits and exact a higher price from companies. Furthermore, companies found guilty of bribery are barred from bidding on contracts with U.S. and European Union governments. (See sidebar, right, “Proactive compliance.”)

Beyond the already formidable fines and penalties, the organizational disruption of mounting a defense against FCPA or similar allegations can be significant, and the legal fees astronomical. There is also the specter of massive collateral litigation, including class-action lawsuits; costs of investigation and remediation, including forensic accountants, investigators and other consultants; reputational damage; and the unappealing and expensive prospect of a third-party monitor to oversee a company’s compliance and reporting efforts. In the Siemens case, U.S. investigators and the company’s own defense attorneys collected more than 100 million documents, necessitating the creation of special facilities in China and Germany to house them all. Siemens’ legal and compliance fees over the course of the litigation reportedly totaled $1 billion.

While more difficult to quantify, the effect of a public FCPA investigation or conviction on a company’s reputation can be substantial. From investors who see a tainted company as a risk not worth taking to executives who don’t want to be associated with corruption, the knock-on effects can be lasting. For the UK defense contractor BAE Systems, the investigation into alleged bribery of Saudi officials to secure a £43 billion defense contract first surfaced in the 1980s. After several years of negative press comment and allegations of UK government intervention in the investigation, the matter was finally brought to a close in 2010 with the payment of fines totaling $445 million.

Of course, a legal settlement is not the end of the story. Companies that have been the target of an investigation must then go to great lengths to rebuild their reputations and demonstrate their commitment to anticorruption measures.

Boards Must Take Action

To mitigate the huge costs and other negative consequences of enforcement actions, board members have a responsibility to ensure their company has taken appropriate measures to deter and detect overseas corruption. By instituting measures such as those outlined below, the organization will be in a good position either to avoid a protracted government investigation or, if one is inevitable, at least manage it on more palatable terms.

Board members and executives in industries targeted by regulators – such as medical devices and supplies, energy and pharmaceuticals – may already be well aware of the FCPA and its overseas equivalents. Leaders at other companies, however, are much less familiar with the risks. All board members and senior executives should be prepared, and should consider the following preventive measures:

Develop an Awareness and Basic Understanding of the FCPA

Board members should be aware that the statute, and foreign counterparts, exist and prohibit a far broader set of activities and conduct than it might initially appear. Proscribed actions go well beyond a simple payment of cash to a government official in exchange for the awarding of a contract. What many companies consider standard sales and marketing practices, for example, might violate the FCPA, especially in countries where the customer is a government agency, state-owned business, or nationalized industry. Similarly, board members and executives must understand their liability for FCPA violations that occur across the entire organization. Although board members and executives don’t need to be well versed in the intricacies and nuances of the FCPA, they should have a thorough understanding given the international regulatory environment. (See sidebar, “How well do you know the FCPA?”.)

Understand Which Parts of Your Organization Are at Greater Risk

This means determining which parts of the company have greater exposure to foreign governments. Anticorruption enforcement activities, by definition, focus on the parts of a company that interact with governments or government officials. Accordingly, board members should identify the company’s core businesses or business segments for which governments, government agencies, or state-owned companies make up a significant percentage of the customer base. Moreover, heavily regulated businesses or those that routinely have substantial “touches” with foreign government officials are inherently riskier and more susceptible to corrupt activity by virtue of their more extensive foreign government contact. Board members would be wise to identify the principal points of intersection between their company and foreign officials.

Certain industries have been singled out for FCPA investigation: oil and gas, pharmaceuticals and medical supplies. Companies that aren’t part of these industries shouldn’t consider themselves absolved from regulatory scrutiny. Indeed, any international business – such as multinational construction companies, real estate investment firms, or defense contractors – that shares key characteristics of the oil and gas or medical-device industries may be targeted in the future, and those companies should be more vigilant, particularly regarding partners, competitors, and third-party representatives.

Moreover, traditional multinational corporations aren’t the only organizations at risk. Large private equity firms might be exposed to increased risk by virtue of their portfolio of a diverse, international set of companies. Some private equity firms are highly decentralized, so the parent has less insight about the portfolio company’s daily operations and conduct. However, the parent has FCPA exposure because it’s legally liable for its operating companies. Given the enforcement climate, the deep pockets of private equity firms may present an attractive target for government regulators.

Understand Which Nations Are High Risk

Executives must be aware that the government officials of some countries have the reputation for accepting bribes as a matter of course to conduct business. Rightly or not, certain countries are commonly deemed to be “high-risk” jurisdictions – those more susceptible to corrupt business practices and the bribery of government officials. Countries that control the largest petroleum reserves, for instance, have been hot spots for foreign bribes. Similarly, in countries with state-run healthcare industries, the business contacts are often direct representatives of the national governments, making them likely targets for corrupt businesses.

Transparency International (TI), a nongovernmental organization, helps to promote awareness about global corruption. As part of its efforts, TI publishes an annual Corruption Perceptions Index that ranks the corruption levels of 180 countries. As the map opposite illustrates, certain countries in each region have gained a reputation for corporate bribery, so board members and senior executives of companies that do business in these places should be on alert.

Examine Company History and Any Previous Allegations

Board members – especially new ones – need to determine whether their company has ever faced significant allegations of overseas commercial bribery, regardless of whether a regulator has been involved.

Moreover, if the company had previously been the subject of an investigation related to the bribery of government officials, find out the underlying issues as well as the result or resolution. Since rooting out corruption in a multinational corporation requires a prolonged effort, violations that have occurred in the past can often indicate other problem areas.

Verify That the Company Has Appropriate Compliance Mechanisms in Place

Executives and board members at global companies with far-flung operations face the daunting task of being responsible – and potentially liable – for the actions of employees around the world. To address this challenge, an organization needs to adopt compliance mechanisms to ensure business conduct consistent with the FCPA, as well as the FCPA equivalents and local anticorruption laws of other countries in which the company has significant operations. Board members should be satisfied that a robust compliance program exists.

In general, CEOs and boards should verify that their company’s anticorruption compliance program is global, consistent, and effectively communicated. Where appropriate, the program should be customized to account for cultural differences and local anticorruption laws.

Board members should also ask whether the company is performing periodic risk assessments of its larger operations in high-risk jurisdictions. These assessments typically involve internal auditors or outside professionals interviewing key personnel in foreign operations, reviewing contracts and other relevant documents, and conducting transactional testing of certain accounts that are more susceptible to corrupt activity. Transaction types that should be tested for indicators of corrupt payment include:

• payments to agents/distributors;
• travel and entertainment expense reimbursement;
• petty cash;
• taxes;
• other expense accounts, such as gifts, political contributions, charitable contributions, seminars and trade shows, educational grants;
• free products; and
• after-the-fact credit memos.

Boards must also ensure their organization has the necessary personnel to address the issue. In many companies, the general counsel or chief financial officer oversees compliance activities. However, given the time required to monitor global operations effectively, and the stakes, larger corporations should have a dedicated global chief compliance officer.

Ensure Robust Due Diligence in Acquisitions of Overseas Businesses

It’s possible to literally “buy” a significant – and costly – FCPA problem, and a number of companies have inadvertently done so. As the global economy recovers and international M&A becomes more active, board members need to make sure their company is conducting robust due diligence on international companies in high-risk industries or countries.

This effort is twofold. First, companies should conduct external due diligence, focusing on the reputation of the target company, its principals and primary agents; understanding any history of improper business practices; and examining relationships with foreign government officials. Second, potential investors or acquirers should analyze the target company’s internal books and records, to identify any red flags for corruption, such as:

• customers that include government entities, such as state-owned companies;
• involvement in any joint ventures with government entities;
• details on the government approvals and licenses a company requires to operate;
• customs requirements in foreign countries; and
• relationships with third-party agents or consultants who interact with foreign officials on the company’s behalf.

Since a company can be liable for the FCPA violations of an acquired company or even a joint venture, companies should rigorously follow a standardized due diligence protocol and procedure for evaluating international growth opportunities.

Promote a Company Culture to Combat Overseas Corruption

The degree to which senior management is truly committed to conducting business honestly sets the tone for the entire organization. A board member can discern how much an organization values ethical conduct by probing, in an appropriate fashion, the views of senior management on the issue.
Companies that actively address global corruption use a wide range of measures to raise awareness among their employees. Encouraging a culture of transparency and vigilance – through a robust FCPA compliance and training program, staff handbooks, and annual training sessions, for instance – will help an organization avoid disregarding issues that could have serious repercussions down the line. If a company has significant operations in high-risk jurisdictions, such training should be done in person. As part of the hiring process, prospective employees should be screened for any relationships to government officials.

Successfully Navigating a Government Investigation

Should a company find itself the target of a government investigation related to overseas business corruption, CEOs and boards need to be aware of their options. By working with FCPA experts, companies can identify the best path forward. Although managing through a government investigation is complex and has many elements, board members and senior executives should engage in several ways:

Take Allegations Seriously

Companies can’t afford to dismiss internal reports of improprieties. Instead, upon the first indication of corruption, executives should dedicate the necessary energy and resources to understand the potential violations, conduct a preliminary and proportionate inquiry, and remediate corrupt activity if it is found to exist.

Assemble an Outside Team of Advisors

In the face of a credible allegation, a company should consider retaining an experienced team that might include legal counsel, a forensic accounting and investigative firm, and communications specialists with expertise in issues management. The board or audit committee should consider counsel and consultants that are independent from the company. It’s important that the forensic accounting and investigative consultant be multidisciplinary, experienced in FCPA and international investigations, and have capabilities across international jurisdictions. Many multinational companies have vetted and retained anticorruption counsel and advisors in high-risk foreign jurisdictions or regions to work proactively on compliance matters, but also in case credible bribery allegations surface. Even if a team of advisors does not need to be fully activated, it’s prudent to have them assembled and prepared.

Conduct a Parallel Investigation

If a government investigation does occur, the company and the board will want to do what they can to understand activity that might pose a problem. While conducting a parallel investigation is appropriate, it should proceed in a way that is not viewed as an act of obstruction by the government. The company must also preserve the evidence – whether witness statements, email and other electronic evidence, or physical documents. 

Weigh Up the Benefits of Self-Disclosure

If the company finds that corrupt activity has occurred, one of the key issues is whether to disclose information voluntarily to government authorities. Executives should begin to consider self-disclosure if a preliminary internal investigation uncovers a reasonable basis that the allegations of corruption have merit. The firm’s professional advisors will help the board weigh the pros and cons of disclosing to the government.

While such action is appropriate in many instances, it’s not always required or justified. If a company decides to disclose, however, it must be forthcoming about the violations it has uncovered. Moreover, while self-disclosure can offer a valuable opportunity to negotiate with the government and set parameters for the investigation, the scope of the government investigation is ultimately beyond the company’s control.

Understand Non Prosecution Agreements (NPAs) and Deferred Prosecution Agreements (DPAs)

If the government is inclined to pursue charges, the case may be resolved through an NPA or DPA. An NPA is a contract between the DOJ and a company stipulating that if the company fulfills certain requirements, the government won’t file criminal charges. In a DPA, the government files charges that are then withdrawn once certain conditions are met over a three- to five-year period. Both agreements create incentives for companies to cooperate with government authorities and implement reforms to prevent misconduct. By entering into either agreement, a company can avoid being convicted of a criminal offense. In both an NPA and a DPA, fines are assessed, and often a monitor is assigned to assure compliance with the terms of the agreement. While many aspects of NPAs and DPAs are unappealing, they may be better than having the lasting stain of a criminal violation on the company’s record.

These steps represent a starting point for board members and senior executives as they review their company’s anticorruption efforts. As recent prosecutions have shown, government authorities expect executives and board members to take an active role to ensure compliance. Ignorance of a violation at a subsidiary will not absolve a company – or its leaders – from substantial fines and further compliance measures.

By understanding the full reach of FCPA enforcement actions, board members can protect their company against the effects of overseas business corruption and put their company in the most advantageous position should a government investigation ensue.

Anyone who predicted in the beginning of 2008 that some of the world’s leading financial institutions would be wiped out, that others would require rescuing via massive government bailouts or that the global economy would teeter on the brink of a new Great Depression would have been laughed at.

The size and speed of the financial tsunami last fall illustrated how ill-prepared the corporate world was for such a meltdown. 

While there are now some early encouraging signs that the worst may be over, uncertainties still abound. This is precisely when organizations should assess their ability to handle the unforeseen and to make wise decisions in crisis environments. 

From a corporate perspective, the most common crises are generally found in three key areas:

• Natural disasters – including floods, fires, typhoons and earthquakes;
• Environmental and health-related problems – including epidemics, accidental spills, hazardous material issues, nuclear or chemical scares, sudden reversal of government policy or the intervention of NGO environmental groups;
• Man-made events – including arson, sabotage, terrorism, aggravated labor issues and the public exposure of substantial corporate fraud or corruption, resulting in threats to the enterprise.

In Asia, we are routinely exposed to all of these risks. Natural disasters have occurred and continue to occur in South Asia and elsewhere in the region, and there is always a threat that Tokyo or Osaka will experience a major earthquake.

China is particularly vulnerable to health-related problems, given its explosive growth and attendant environmental problems. Over the past year, China has experienced widespread chemical-related problems and issues involving tainted milk and other food products. These incidents have had a global impact since China is increasingly the workshop of the world. Within China, it was recognized that these issues could potentially pose a threat to the legitimacy of the ruling party, and possibly impact internal stability.

From a corporate point of view, these crises issues require careful planning, execution and sensitivity.

In Asia, one of the most common ‘man-made’ crises is in the area of significant and sudden corporate fraud. In the coming months, we are likely to see further disclosures and significant failures, particularly related to corporate malfeasance. Companies need to be able to react swiftly and effectively in order to preserve their brand, reputation or market valuation.

Many companies have developed plans to deal with business interruption and continuity plans, perhaps following the occurrence of a ‘set piece’ event (e.g. a natural disaster or environmental crisis). Unfortunately, most organizations are ill-prepared to deal with the practical implications of substantial corporate fraud, terrorism or other man-made crises. Our experience is that the larger the company, the less likely it will be able to respond effectively and in a timely fashion to avert the fallout of a major crisis.

Larger companies frequently seek to identify risks and combat them by utilizing risk registers and other mechanical measures. These are helpful but not sufficient. The key after having conducted this process/exercise is to develop practical and realistic plans to actually deal with the problem in a hands-on manner.

How Prepared is Your Company to Handle a Crisis?

Company directors should be asking a number of questions:
• Do we have systems and protocols in place now?
• Have they been tested?
• Can we respond quickly and efficiently to a crisis?
• Do we have an effective infrastructure in place?
• Can we find the designated people who are part of our crisis containment team?

Directors need to know that in times like these, the company has sufficient resources, both internal and external, to respond to any major corporate emergency or challenge.

In the experience of FTI-International Risk, the first 48 hours from the onset of any crisis or emergency is the most critical period. The key to success is to support senior management in mobilizing resources, focusing them on resolving the core issue while also minimizing the impact to personnel or disruption to day-to-day operations. It is important, therefore, that the crisis containment team is activated at the earliest possible opportunity.

Where it is evident that management does not have the necessary knowledge or experience ‘in-house,’ organizations should seek the support of an independent risk mitigation consultant. For the first few days of the crisis, there is a need for someone, often an external firm, to act as the ‘aggregate’ to hold together the various disparate elements involved in the corporate response to a crisis situation. Organisations with matrix management structures are often ill-suited to deal with sudden and unpredictable events, which to be correctly addressed require a defined leader, and a clear chain of command with no room for equivocation, internal politics or finger-pointing.

While the size and composition of crisis containment teams in corporations varies according to their size and geographic disposition, they are usually comprised of elements of senior management, finance, operations and legal. Externally, specialist consultants in both crisis containment and crisis communications are often retained. Many public relations firms are not specialists in crisis communications, and it is important to make this distinction.

The collective goal of the team should be to facilitate well-informed decisions that are implemented in a consistent and timely fashion. While crises come in all shapes and sizes, the response tends to follow a classic pattern: the initial step is to comprehensively assess ‘Ground Zero’ and to realistically estimate the damage or likely future or continuing damage to the entity. For example, in the event of a catastrophic fraud or corruption issue, this is often determined via the swift examination of relevant documents, including phone records, emails and other computer files, meeting schedules, travel patterns, and so forth.

Ninety-five percent of the world’s business records are estimated to be in some form of electronic medium. Therefore, electronic evidence recovery and e-discovery protocols are vital in the support of almost any corporate crisis.

Once the team has a better understanding of the situation, efforts can be made to identify possible options, and the relative merits and disadvantages of various courses of action can be discussed.

CEOs are unlikely to be able to manage a significant corporate crisis as well as normal business operations for more than five consecutive days, without failing at both. Therefore, it is imperative that senior management be presented with sufficient information and recommendations to make the best strategic decisions. It is equally important that they be kept sufficiently above the fray so as not to be over-involved in the minutiae to the detriment of the ultimate objective of ‘seeing through the crisis and visualizing its resolution.’

Crisis Containment and Resolution

Throughout the handling of any significant crisis, the designated crisis containment team should be regularly addressing and readdressing the following issues:

• Is this an enterprise-threatening issue?
• Do we have sufficient resources in-house to deal with it?
• What is the likely long-term financial impact on the bottom line?
• Have we plugged all immediate and identifiable gaps to prevent further losses?
• Can the losses be recovered, or are they covered by insurance – fidelity policies, bankers’ blanket bonds or a directors’ and officers’ policy?
• Which controls failed and are we still exposed?
• Who was involved / what damage has been done / what are we doing about it?
• Should an immediate report be made to the police or to other local authorities?
• Is there a requirement to report to regulators?
• Crisis communications – are we prepared to deal with the media even if we have not yet had time to plan?

Crises are, by their very nature, unpredictable, but with a well-designed and tested structure in place, companies can mitigate the damage to their reputations and their share value, while also preserving the loyalty of their customers and staff.