In the alphabet soup of AML compliance, if FCPA doesn’t sound familiar to you, the Department of Justice (DOJ) and the Securities and Exchange Commission (SEC) may soon be stopping by to fill you in.
“The Foreign Corrupt Practices Act (FCPA) is the next major enforcement area where the feds will be zeroing in,” warned Hank W. Grant, Jr., CAMS, senior vice president and senior manager of corporate risk management for Bank of America in Charlotte, NC, during the Association of Certified Anti-Money Laundering Specialists 2006 national convention. But if your institution is like many financial services corporations, FCPA compliance may have taken a back seat to more recent AML and anti-terrorism regulation concerns.
One reason that FCPA issues may have slipped under your radar is that the burden of this anti-bribery regulation was traditionally most intensely felt by American corporate sectors outside the financial industry. For instance, military intelligence and communications provider Titan Corporation broke FCPA enforcement records when the DOJ and SEC ordered it to pay $28.5 million in penalties.
However, you can now expect similar federal interest in your FCPA practices. “I think the government has come to look at financial institutions relatively recently, but quite naturally. Federal enforcement agencies tend to see financial institutions as the gatekeepers for a lot of our business economy, so FCPA compliance would be a keen interest to them,” explains Kimberly Parker,partner at the Washington, DC office of WilmerHale and co-author of Complying with the Foreign Corrupt Practices Act.
“I have seen a dramatic increase in FCPA interest by examiners [of financial institutions]. This appears to be caused by the intersection of public corruption, terrorist financing and money laundering,” agrees Ellen Zimiles, chief executive officer of Daylight Forensic & Advisory in New York City.
So what exactly do you need to know to get your institution on the right side of FCPA compliance? Like so many other areas of banking regulations, a thorough understanding of the regulation followed by a risk-based assessment is the best place to start.
Analyze International Transactions To Establish Risk Level
The Foreign Corrupt Practices Act of 1977 makes it unlawful for any “issuer, domestic concern or person acting within the United States to offer or make payment of anything of value directly or indirectly to a foreign official, international organization official, political party or party official or any candidate for public office, for the purpose of influencing that official to assist in obtaining or retaining business.”
In short: You cannot bribe any foreign officials.
Furthermore, the FCPA contains accounting provisions that require covered entities to keep accurate records of financial transactions. In the past, U.S. companies who made payments to foreign officials often did so off the books or by recording transactions inaccurately. The FCPA now demands that corporations record all transactions in “such detail as would satisfy a prudent official in the conduct of his own affairs.” In other words, “reasonably accepted accounting methods for recording economic transactions are generally sufficient for FCPA compliance,” says Parker.
Once your institution has a full understanding of the regulations, assess your own level of risk for non-compliance. Clearly, if you have no international dealings at all, FCPA won’t be an issue. However, if you do conduct some business internationally, the following three questions can help you to determine your level of FCPA risk and pinpoint the areas that need most stringent controls:
- What countries do we conduct business with?
- What are those countries’ reputations for corruption?
- What is the extent of our interaction with government officials in those countries?
After answering these questions, you’ll be better equipped to establish an FCPA policy that is appropriate for your institution’s needs. Components of this policy might include:
- Zero tolerance for violations;
- A designated member of the Compliance Program to oversee FCPA issues;
- Training and signed certificates of compliance for key personnel; and
- Reporting mechanisms for violations that eliminate possibility of retribution against reporting employee.
Recognize Potential FCPA Pitfalls
While the requirements for FCPA aren’t necessarily complicated, corporations most frequently run into difficulty because compliance policies don’t filter through an entire organization. For instance, when a corporation acquires a foreign company and does not train the new management on its existing FCPA policies, that corporation can face considerable risk, cautions Zimiles.
In addition to acquisitions, “a lot of companies trip up when expand into new business areas, specifically emerging markets like China or Russia,” adds Parker.
Priority: When you expand, you must act quickly to put FCPA controls in place and begin training employees to spot issues. “The message needs to get across the entire organization that the corporation takes FCPA violations seriously,” advises Parker.
And a policy statement is not enough. The key to accomplishing this enterprise-wide compliance is comprehensive training of employees who interact with international clients, particularly government officials. “The DOJ and SEC want to see ‘living, breathing compliance programs,’ not just a document filed away on a shelf,” emphasizes Parker.
It’s not too late: If your institution does discover violations, quickly implementing controls along with developing this type of educational model can encourage federal examiners to look favorably on your compliance program and potentially mitigate what could be crippling penalties.
*Partner Kimberly Parker was a contributor of this article publichsed in the October 2006 issue of AML Compliance Alert, Vol. 3, No. 10 pp. 74-75