Page 74 - U.S. FOREIGN CORRUPT PRACTICES ACT
P. 74
A Resource Guide to the U.S. Foreign Corrupt Practices Act. Second Edition.
Confidential Reporting and Internal Investigation best practices, and detect new risk areas. Other
An effective compliance program should companies periodically test their internal controls
include a mechanism for an organization’s with targeted audits to make certain that controls
employees and others to report suspected or on paper are working in practice. DOJ and SEC will
actual misconduct or violations of the company’s give meaningful credit to thoughtful efforts to create
policies on a confidential basis and without fear of a sustainable compliance program if a problem is
retaliation. 340 Companies may employ, for example, later discovered. Similarly, undertaking proactive
anonymous hotlines or ombudsmen. Moreover, evaluations before a problem strikes can lower the
once an allegation is made, companies should applicable penalty range under the U.S. Sentencing
have in place an efficient, reliable, and properly Guidelines. 341 Although the nature and the frequency
funded process for investigating the allegation and of proactive evaluations may vary depending on
documenting the company’s response, including the size and complexity of an organization, the
any disciplinary or remediation measures taken. idea behind such efforts is the same: continuous
Companies will want to consider taking “lessons improvement and sustainability. 342
learned” from any reported violations and the Mergers and Acquisitions: Pre-Acquisition Due
outcome of any resulting investigation to update
Diligence and Post-Acquisition Integration
their internal controls and compliance program and In the context of the FCPA, mergers and
focus future training on such issues, as appropriate. acquisitions present both risks and opportunities.
Continuous Improvement: Periodic Testing and A company that does not perform adequate FCPA
Review due diligence prior to a merger or acquisition may
Finally, a good compliance program should face both legal and business risks. 343 Perhaps most
constantly evolve. A company’s business changes commonly, inadequate due diligence can allow a
course of bribery to continue—with all the attendant
over time, as do the environments in which it
harms to a business’ profitability and reputation, as
operates, the nature of its customers, the laws
well as potential civil and criminal liability.
that govern its actions, and the standards of its
In contrast, companies that conduct effective
industry. In addition, compliance programs that do
FCPA due diligence on their acquisition targets
not just exist on paper but are followed in practice
are able to evaluate more accurately each target’s
will inevitably uncover compliance weaknesses and
value and negotiate for the costs of the bribery
require enhancements. Consequently, DOJ and SEC
to be borne by the target. In addition, such
evaluate whether companies regularly review and
actions demonstrate to DOJ and SEC a company’s
improve their compliance programs and do not
commitment to compliance and are taken into
allow them to become stale.
account when evaluating any potential enforcement
An organization should take the time to review
action. For example, DOJ and SEC declined to take
and test its controls, and it should think critically enforcement action against an acquiring issuer
about its potential weaknesses and risk areas. when the issuer, among other things, uncovered
For example, some companies have undertaken the corruption at the company being acquired as
employee surveys to measure their compliance part of due diligence, ensured that the corruption
culture and strength of internal controls, identify was voluntarily disclosed to the government,
66
