8 actions for FCPA compliance at services firms

New competitors and business models are boosting the competitive pressure in professional services firms. This creates a pressure for performance that can drive some desperate decisions.

Under the Foreign Corrupt Practices Act (FCPA), the advertising agency WPP recently faced charges for its actions in India, China, Brazil and Peru. The agency was charged with using bribery and paying vendors to secure contracts, acting as a conduit for bribes and using bribery to avoid taxes. Infractions were reported seven times before the agency began an internal investigation. Ultimately, the agency had to pay a $19.2 million settlement for violations.

To ensure that your firm maintains ethical practices and FCPA compliance, you need to understand, establish and maintain an effective compliance program.

Understand your compliance

The FCPA addresses wrongdoing by companies, actors within companies and agents of companies that have some nexus to the U.S. Related federal legislation also provides whistle blower protections.

“Fundamentally, the FCPA is a recognition that ‘no problem does more to alienate citizens from political leaders and institutions and to undermine political stability and economic growth than corruption’,” said Grant Thornton National Managing Partner Frederick Kohm. This belief has continued to animate anti-corruption efforts, including recent initiatives by the Biden administration. FCPA enforcement is shared by special FCPA units within the Department of Justice and the SEC.

Services firms must ensure that they have internal procedures and controls to address two types of FCPA provisions:

1. Anti-bribery provisions
   
   The act states that it is unlawful to offer, pay or promise to pay any foreign official or intermediary for the purpose of obtaining or retaining business. This applies to direct actions as well as actions through intermediaries.
   
   The bribe doesn’t have to be successful to be criminal — incompetence is no defense. There are exceptions for payments that facilitate routine governmental activity like permits, processing fees and scheduled inspections. However, Grant Thornton Senior Associate Mary Bohrer emphasized, “Exceptions do not include a government or political party’s decision to award or continue business.”
   
   Ignorance is no defense, either — if you know that a payment to a local agent will go toward violating the FCPA, you have implicitly approved it.
   
   
2. Accounting provisions
   
   The accounting provisions of the FCPA cover what are broadly called “books and records” and “controls.”
   
   The books and records requirement mandates reasonably current documents and information, such as annual and quarterly reports. It also requires that you keep books in reasonable detail. To eliminate room for mischaracterization of bribes as routine expenses, all transaction records should conform to standard and acceptable methods of financial recordkeeping. The books and records provision can trigger prosecutions in and of itself. Proof of corrupt intent through falsified records is often enough evidence to pursue prosecution for anti-bribery violations.
   
   The internal control provision requires firms to develop an internal compliance system to make reasonable assurances that, among other things, assets are compared with plans at reasonable intervals. Your intent matters here, as the FCPA does not impose criminal liability for bookkeeping and internal control failures unless the party knowingly fails to implement internal systems, circumvents internal systems in place, or falsifies books or records.

Violations of these FCPA provisions can come with significant penalties. Bribery violations can trigger criminal penalties of up to $2 million per violation for entities, and fines of up to $250,000 per violation and five years in prison for individuals. Civil penalties can reach $16,000 per violation. Accounting violations can prompt criminal penalties of up to $25 million per violation for entities, and fines of up to $5 million per violation and up to 20 years in prison for individuals.

These payments can be required in addition to forfeiting profits and, in egregious cases, twice the profits. Other consequences include being barred by the federal government from bidding on government contracts and having export privileges revoked.

To protect your firm’s business, it’s important to have a comprehensive program that addresses these provisions.

Establish and maintain a compliance program

To establish and maintain an effective FCPA compliance program, professional services firms should take eight actions:

1. Define your risk profile and align your compliance program with it.
   Consider the following factors about your firm’s business:
   
   1. Your industry structure
      
   2. Competitiveness of your market
   3. Your regulatory landscape
   4. Potential clients and business partners
   5. Transactions with foreign governments and officials
   6. Use of third parties
   7. Role of gifts, travel, entertainment expenses, charitable and political donations
   Pay special attention to location, advised Grant Thornton Manager Keith Mellott. “Whenever I’m beginning a new compliance audit in a new country, I look at the scores that the Corruption Perceptions Index is giving the country.”
2. Elicit commitment from senior management.
   Senior management needs to make statements that encourage compliance, and reinforce that talk with real action.
3. Ensure compliance leaders enjoy adequate authority and stature.
   Give compliance leaders enough resources and personnel to do their jobs. Leaders should be senior and autonomous, with direct access to the board of directors or audit committee.
4. Promulgate a code of conduct and policies.
   Give employees specific, actionable content which apply to all employees, and to their day-to-day operations.
5. Establish incentives and disincentives.
   Grant Thornton Senior Manager Alexander Verbich recommended, “Reward employees with promotions or bonuses when they plan or improve programs.” As a disincentive, firms can plan to publicize violations.
6. Appropriately tailor training and communications.
   Include agents where needed. Training can include case studies, access to ethics advice and targeted training sessions. Cover any prior violations. Measure the effectiveness of your efforts.
7. Apply risk-based due diligence to third-party relationships.
   Understand the qualifications and certifications of your third-party partners. Ensure that your contract specifies what they can do, mandates that they do the work themselves and provides for appropriate compensation.
8. Improve and evolve.
   Implementation will reveal new risks, audits will reveal emerging weaknesses, and reviews will reveal changing business needs. Make sure that the board follows up on any pressing findings.

Outlook on prosecutions

Recent staff turnover and the ongoing pandemic have made it difficult for the DoJ and SEC to conduct investigations outside of the U.S. However, these factors do not reflect a diminished appetite for enforcement in the future.