Last November, Lanny Breuer, the assistant attorney general for the criminal division at the U.S. Department of Justice, promised to provide detailed new guidance on the Foreign Corrupt Practices Acts (FCPA) enforcement provisions. Those willing to make predictions say well have delivery of this guidance within the next two months. The Securities and Exchange Commission and DOJ are currently hosting roundtable discussions with members of the antibribery compliance community, but even if both organizations work to get this exactly right, its an impossible task. As it turns out, that may be good news for in-house compliance experts.
Last year, the U.K.s enforcement agency delivered its guidance document after grand fanfare excited keen expectations. At last, the standards were to be spelled out in detail. In the end, the U.K. guidance exhorted companies to monitor their programs and make improvements where necessary. And now here we are getting our hopes up, too.
More clarity around any law is an undeniably good thing. Were all fans of transparency, after all, but the FCPA itself dwells in the foggy world of cross-cultural commerce, non-monetary exchanges, persuasion, and shakedowns. If compliance were a mechanical task, the DOJ could reduce its guidance to a simple blueprint. But the bright line tests work only at the extremes with compliance, and while more predictability is welcome, it is likely to move these lines only slightly.
Due diligence on third parties, for example, is far more interesting and controversial than many may suspect. There are endless possible combinations of worrying red flags in countries where false media stories and fraudulent business documentation can be bought for about $50. For its part, in its Laypersons Guide to the Foreign Corrupt Practices Act, [PDF] the DOJ advises companies to exercise due diligence and to take all necessary precautions to ensure that they have formed a business relationship with reputable and qualified partners and representatives. The Bribery Act 2010Guidance, issued by the U.K. Ministry of Justice, says that due diligence should be proportionate to the identified risk. While true, neither statement can be considered a compliance roadmap. Any document that attempted to answer all due diligence questions that can arise would be unwieldy and quickly outdated.
In a room full of compliance experts, a single slide listing ten facts about a proposed third-party intermediary can excite an hour of debateending in a vehement thumbs up from some, a violent thumbs down from others, and stony silence from those who remain undecided. Within compliance departments, reasonable people disagree. Across industries and markets, consensus is almost unimaginable.
The first task is to find the information; the second is to determine what weight to give it. Should one hire a sales agent for a key market if he has had three convictions for drunk driving? Driving drunk probably doesnt indicate a greater propensity for bribery, but it does speak to both judgment and respect for the law more generally. What if the applicant filed for bankruptcy ten years ago? Been convicted of tax evasion three years ago? Was charged recently with procurement fraud? Procurement fraud probably crosses that bright line, but hundreds of companies struggle with thousands of questions like this, and the DOJs guidance is likely to offer little relief.
Grappling with gifts and hospitality is not much easier. Who decides what tips the balance from reasonable to lavish? Is a more expensive gift bearing the companys logo less risky than a less expensive gift with an acknowledged resale value on the street?
There are defense companies that require law department approval of a deli lunch eaten in a grim conference room, and there are financial services firms that dont require legal oversight until the bill tops $500 per person. Both will argue that their standards are reasonable and customary, and neither can say with confidence whether the enforcement agencies are likely to agree.
Unlike due diligence or gifts and hospitality, training should be straightforward. Its entirely within the control of the company, and the process is measurable. The U.K. guidance states, again, that training should be proportionate to the risk, which isnt really helpful.
Online training can reach a large number of people at relatively low cost and create a great electronic record at the same time, but its difficult to assess the participants level of engagement, and they have no opportunity to ask questions.
In-person training is generally thought to be the gold standard, but the audiences comfort will vary depending on whether the trainer is a lawyer from headquarters, a local ethics officer or an outside expert. More markedly, their engagement will vary depending on whether theyre trained only with peers or together with their managers. Very few employees will raise their hand with a difficult real life compliance question with their boss looking on. In some communities, it would embarrass the boss by implying hes done an inadequate job of communicating company expectations, and in some settings there would be fear of retribution for airing dirty laundry, and apprehension that the questions could precipitate an investigation.
And challenges with anonymous hotlines are similar. Some companies boast that they have a great number of calls to their hotline or helpline, while others brag that they have very few.
When it arrives, the FCPA guidance will be dissected and whole articles will be written about the significance of each point. It is certain to contain some useful information for FCPA practitioners, but it wont be a roadmap. Again, this is all actually good news for in-house antibribery practitioners. Compliance is subtle and judgment-laden. In the end, compliance counsel must make decisions based on very specificand often complicatedconfluences of facts. As the enforcement agencies themselves like to say, this is not a box-checking process. As such, we should not expect a box-checking solution. In-house compliance counsel should recognize instead that the great value that professionals bring to this job is the ability to make tough calls, on short notice, when the companys reputation is on the line, and often with no precedent and without exhaustive regulations.
Alexandra Wrage is the president of TRACE, a nonprofit antibribery compliance organization offering practical tools and services to multinational companies. She also serves on the Independent Governance Committee of the Fédération Internationale de Football Association (FIFA), footballs governing body. Prior to founding TRACE, Ms. Wrage was international counsel at Northrop Grumman.
See also: Compliance Lessons for the Sports and Business Worlds, CorpCounsel, April 2012.