Monday, June 6, 2011
Getting Your Internal Controls Under Control
In reality, many companies do not have adequate internal controls for FCPA compliance. Of course, Sarbanes-Oxley imposed new and significant requirements on companies to implement adequate internal controls. Companies responded quickly to the SOX requirements. When it comes to the FCPA, the story is different.
There are certain basic requirements which need to be implemented. Assuming that a company is interested in preserving documents and has that capability, there are a number of steps a company can take to ensure that such documentation is maintained to preserve and prove how it handled certain issues. Here are my top five:
1. Internal Cooperation -- Internal auditors are critical gatekeepers in the FCPA compliance world. While there can be operational tensions among corporate counsel, compliance staff and internal auditors, they need to get past their egos and work together. There is nothing more debilitating to a corporation's compliance efforts then internal tensions and turf fighting among these key compliance actors.
2. Contract Approval and Payments -- When it comes to third party agents, consultants and vendors, companies need to coordinate payments made by the company only after all internal approvals of a contract have been confirmed. One hand has to coordinate with the other. All too often, payments to third parties will be made before (or even without any) internal contract approval by legal reviewing attorneys. It is difficult to argue that a company has an effective due diligence program for reviewing third party agents when money is paid to them before the full due diligence process has been completed.
3. Gifts, Meals and Entertainment -- Companies need to track these expenses with pre-approval thresholds and procedures requiring documentation of approvals. Relying on reimbursement requests to control such expenses is ineffective and too late. If a company does not meet the basic requirements, the company is inviting employees to engage in corrupt schemes.
4. Contacts with Government Officials -- Companies need to have the ability to generate information quickly and accurately of all meals, gifts, entertainment and/or travel between company employees and government officials. This informantion must be accessible and searchable by company employee and by government official, including the amount of every gift, meal, entertainment event and/or travel.
5. Looking Under "Non-Material" Transactions - Every company examines material transactions according to accounting standards. But potential bribes can be paid with non-material expenditures, especially those that can be aggregated to larger amounts. A number of significant FCPA enforcement actions involved petty cash expenditures and small amounts which were used for unlawful purposes.
My list can go on and on but these are ones that need to be nipped in the bud for effective anti-corruption internal controls.