Tuesday, May 24, 2011

Starting from Scratch on an Anti-Corruption Compliance Program

What if – and this is a big what if – your company is starting from scratch on its anti-corruption compliance program? Your company’s Code of Conduct includes a paragraph prohibiting foreign bribery and mandating accurate books and records, and says little more. Some companies are able to relate to these questions.

At the outset, your company has to recognize a couple of reality checks – your compliance program will take a year to two years until it is fully implemented. You cannot roll out your entire program with one big announcement, expect buy in or expect the program to be effective.

So, what do you do first? How do you prioritize your effort?

First, you take a deep breath and work within the realities. Second, you have the Board and/or top management authorize and direct the design and implementation of the a compliance program. And, of course, you have to secure a commitment to resources. With these assurances in hand, now we get to the fun part.

The tone-at-the-top is your launching pad, whether it comes from the Board or from senior management. The message has to be communicated effectively and throughout the organization.

With the message, comes a commitment to design and implement a new anti-corruption compliance program that is comprehensive and important to the organization. The compliance officer now needs to act and act quickly to create a framework for the program, with the assistance of internal auditors and other key players in the company.

The most important task ahead is the risk assessment – a broad examination which examines all of the components of the company, the nature and extent of government interactions, the existence of financial controls, policies and procedures for gifts, meals, travel and entertainment, as well as general due diligence of third parties, joint venture partners and merger and acquisitions.

The risk assessment must be carefully conducted in order to identify the risks which will then be used to develop the overall compliance program and what issues need to be emphasized. Too often, the risk assessment is viewed as a mechanical exercise more than a careful and deliberate review mechanism which provides a solid foundation for a compliance program.

In future posts we will examine in greater detail the risk assessment and the subsequent steps which need to occur as you develop and roll out your compliance program.


  1. Glad you're back. The blog is great!

  2. Thanks I appreciate your support

  3. Great o see more responses than "0" comments to this invaluable resource, Having followed for quite some time this plus the FCPA Blog and the FCPA Professor, I am appalled by the lack of interaction online, especially as a WB myself. There is a desperate need for dialogue before corporate America swallows up this medium. Michael, have you had a takeover offer yet from Microsoft, GE or Chevron?

  4. My apologies, poor typing, "Great "to" see more ....."

  5. Thanks for your support -- no takeover offers yet but with the right price I am ready to jump. So you are a WB -- hope it turned out well.

  6. Unfortunately no, its a lonely world, take one day at a time, the worst offenders are investigative counsel who sit and watch the victimization, one day that in-house will be GC who remembers.

  7. Well hopefully it will work out for you. With the new WB rules, more attorneys will be there to help people in your situation.

  8. Unfortunately I was walked out of the building claiming I was unethical in taking an ethical stance. Not a nice experience though it is over for the immediate future, now I can hopefully exercise my rights via the WB rules