Most countries have domestic and/or international anticorruption laws. Forty-four countries have implemented the OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions, which requires criminal international anticorruption laws. Even countries that have not signed the OECD convention have implemented, and are in recent years enforcing, their own anticorruption laws.
Thus, in designing a compliance program, organizations should consider the applicable laws, including the FCPA, the UK Bribery Act 2010, French laws and local anticorruption laws.
There is no one-size-fits-all antibribery and anticorruption (ABC) compliance program. The starting point for a prosecutor’s evaluation of whether a company has a well-designed compliance program is to understand the company’s business from a commercial perspective, and how the company has identified, assessed, and defined its risk profile, as well as the degree to which the program devotes appropriate scrutiny and resources to those risks.1
An effective ABC compliance program must be tailored to the organization’s structure, its sectors of business, the common interactions the business and its agents have with government officials, its sales channels, and the countries in which the organization operates. Other factors considered by the DOJ when assessing a company’s compliance program are the competitiveness of the market in which the company does its business, its regulatory landscape, potential clients and business partners, transactions with foreign governments, payment to foreign officials, use of third parties, gifts, travel, and entertainment expenses, and charitable and political donations.2
In assessing a compliance program, prosecutors are instructed to ask three fundamental questions, namely: (i) Is the compliance program well designed; (ii) Is the program being implemented effectively; and (iii) Does the compliance program work in practice.3
Prosecutors will particularly consider the effectiveness of the company’s risk assessment and the manner in which the company’s compliance program has been tailored based on that risk assessment and whether its criteria are periodically updated.4 Prosecutors are instructed to probe specifically whether a compliance program is a “paper program” or one “implemented, reviewed, and revised, as appropriate, in an effective manner” and “whether the corporation’s employees are adequately informed about the compliance program and are convinced of the corporations commitment to it.”5
More specifically, in assessing whether a compliance program is implemented effectively or not, the DOJ will evaluate the commitment by company leadership to a culture of compliance, including management’s messaging and promotion of compliance and the board of directors’ role in overseeing compliance. It will also assess whether the compliance function has sufficient seniority, resources, and autonomy commensurate with the company’s size and risk profile. Further, the DOJ will assess whether the company has clear disciplinary procedures that are enforced consistently, as well as whether and how the company incentivizes compliance.6
To analyze whether the compliance program works in practice, the DOJ will consider how the company has reviewed and evaluated it to ensure that it is current. The DOJ will also consider whether the company thoroughly investigated any misconduct, and whether any misconduct that was identified was appropriately remediated.7
Having an effective ABC compliance program is not a defense to most anticorruption laws, although it is for some, such as certain provisions of The UK Bribery Act 2010. However, an effective ABC compliance program may prevent violations from happening, and may allow employees and managers to identify and remediate quickly any problems that do occur. Moreover, in an enforcement proceeding, the effectiveness of the compliance program will be evaluated by authorities as a factor in determining whether to bring an enforcement action. Courts also consider an organization’s compliance program when determining penalties (such as through a remediation credit or a lower settlement negotiations),8 and so do enforcement authorities during settlement negotiations.
In designing its ABC compliance program, a company should consider how to implement the following elements:
- Tone at the top;
- Compliance structure, autonomy, resources, and qualifications;
- Code of conduct, policies, and procedures, including communication to employees and integration of the policies into the organization;
- ABC training and communications;
- Risk assessment and management;
- Due diligence for third parties and mergers and acquisitions;
- ABC contractual safeguards;
- Confidential reporting and investigation;
- Employee incentives and disciplinary measures;
- Compliance monitoring, such as internal audit and controls testing; and
- Periodic review and updates to the ABC compliance program.
1 Memorandum, Evaluation of Corporate Compliance Programs (updated April 2019), at 2.
2 Memorandum, Evaluation of Corporate Compliance Programs (updated April 2019), at 2-3.
3 Memorandum, Evaluation of Corporate Compliance Programs (updated April 2019), at 2-3.
4 Memorandum, Evaluation of Corporate Compliance Programs (updated April 2019), at 3.
5 Memorandum, Evaluation of Corporate Compliance Programs (updated April 2019), at 9.
6 Memorandum, Evaluation of Corporate Compliance Programs (updated April 2019), at 9-13.
7 Memorandum, Evaluation of Corporate Compliance Programs (updated April 2019), at 14-17.
8 Memorandum, Evaluation of Corporate Compliance Programs (updated April 2019), at 2.