Back to Table of Contents.

Through a Foreign Corrupt Practices Act (FCPA) hypothetical situation, this article analyzes the application of the OCEG Foundation’s Process component to a familiar corporate event—the “near-crisis.” As a practical matter, it sometimes requires experiences of this kind (or worse), with their operational disruption and unexpectedly large incremental costs, to produce the necessary internal support for adopting or revising a compliance program targeted at the distracting risk. Process guidance from the OCEG Foundation, selectively applied, can provide structure, practical process steps and resource savings for both reactive and proactive FCPA compliance scenarios.

You are the recently appointed Compliance Officer (CO) at U.S.-based, publicly traded Alternative Energy Resources Corp. Some weeks ago, you received a “heads-up” email. Your EVP-Sales was conducting a sales operations review at the company’s primary overseas project—a Brazilian wind farm financed by the World Bank. She had concerns about the roles and actions of certain consultants, and requested that you investigate the matter.

Before receiving this request, you were reviewing the OCEG Foundation as part of a general planning exercise for designing and implementing a comprehensive corporate compliance program. The Process component, you discover, is particularly applicable to both the particular Brazilian issue and the overall program. Process provides direction and insight on the “how”— the practical application of a compliance program’s general legal and operational requirements and related activities—and consists of five sub-areas: (1) Plan & Organize; (2) Prevent, Protect & Prepare; (3) Detect, Monitor & Evaluate; (4) Respond & Improve; and (5) Information & Communication. Within each of these are numerous Topics containing detailed guidelines and practices.

In consultation with the company’s GC and CFO, you adopt a two-phased strategy: first, on an admittedly reactive basis, the Brazilian matter must be thoroughly investigated and resolved; and second, to be better prepared for future issues of this kind (which tend to arise with significant overseas operations) a focused anticorruption compliance program needs to be designed and implemented as the first step in systematically addressing overall corporate compliance.

Phase I
Internal coordination and communication, appropriately protected, are the first response priorities. With the GC, you document the existence and application of applicable privileges, including the appropriate reporting relationships. You then create the investigation plan— with due attention to scope, the team to be involved in the actual investigation and the internal (management) and possible additional parties (professional service providers, the Board and regulators) that may need to be informed at various stages of the investigation. Process Topics Incident, Issue & Case Management and Special Investigation apply and help to provide a framework for issue consideration and systematically structuring activities.

On the plane to Brazil, you place the few known facts into the larger context of the company’s now apparent need for an FCPA anti-corruption compliance program. For purposes of both the immediate issue and the larger corporate situation, the Topics within Plan & Organize highlight the application of certain key compliance processes: formal risk assessment, business process mapping, mandated and voluntary boundary identification and root cause identification, among others.

There is no substitute for being on-site. After several days in Brazil, conducting numerous interviews and reviewing background documentation, you establish that the consultants perform legitimate services not involving improper payments to foreign governmental officials; but the associated books and records information is not sufficiently clear and transparent, and documentation process changes are required. Your GC, CFO and EVP-Sales concur with your findings and conclusions and are thrilled that the issues are non-material and correctable. All support the prompt implementation of an anti-corruption compliance program (to include FCPA, World Bank and local legal and business considerations.)

Phase II
Now back at your desk at company headquarters, you can apply Process as a proactive program design and implementation tool. Leading a cross-functional team, you’ve obtained support for an initial anti-corruption strategy and plan design, placing particular emphasis on books and records controls. Using Plan & Organize, the team methodically considers the company’s business model and operations, culture, attendant risks (including the World Bank’s new emphasis on voluntary disclosure as an alternative to debarment) and other factors to arrive at its recommendations.

As a positive indication of the degree of their engagement in this novel (for this company) proactive legal risk mitigation activity, several team members offer unsolicited program roll-out messages, based on ideas stimulated by consulting Information and Communication. They suggest clever ways of emphasizing, consistent with the corporate culture that they know well, both that management is committed to the anti-corruption program, and that the company’s many overseas agents are within the scope of covered persons and entities.

You are now at the stage of formulating the “nuts and bolts” of the program—developing, implementing and managing controls, policies and procedures; code of conduct treatment of the subject matter; training and education; and workforce management. You’ve heard from colleagues that the detailed Topics within Prevent, Protect & Prepare provide a practical framework for this exercise, and are designed to assist a CO to craft, explain to management and other stakeholders, and support a generally effective program. Among these Topics’ processes and tools are guidance on developing, implementing and managing controls, policies and procedures; code of conduct treatment of the subject matter; training and education; and workforce management.

The present emphasis, based on the Brazilian “near-crisis” experience, will be on local activities— employee and agent background due diligence and education (and periodic anti-corruption theme reinforcement by local and corporate management), accounts payable and expense treatment policy and controls modifications, and consistent incident management. For practical and legal (including Federal Sentencing Guidelines “effective compliance program” requirements) reasons, and as outlined in Detect, Monitor & Evaluate, the program will also include techniques for both “pulling” (monitoring and audit) and “pushing” (hotlines/helplines) information about actual or possible non-compliance.

Since the Brazilian incident has demonstrated that consideration of anti-corruption non-compliance “what if’s” are not necessarily an academic exercise, you will also prepare contingency plans for future recommended or required disclosures and other communications. You make a note to review Crisis Response & Communication, External Reporting & Filings, and Internal Reporting, as you turn back, with event-driven new focus, to the compliance planning tasks at hand.

For a variety of FCPA compliance program activities, both reactive and proactive, the OCEG Foundation’s Process component, selectively applied, can provide structure, practical guidance and resource savings.

OCEG is now developing supplemental guidance specifically addressing FCPA within the upcoming Fraud & Corruption Domain.

Worth Mac Murray served as co -chair of the 2005 OCEG Steering Committee . He is a principal of Compliance Initiatives LLC, which is a member of the OCEG Leadership Council . He can be reached at : wmacmurray@cox.net.