Never has the need for anti-corruption compliance programs for American companies been greater than it is today. This is not only for large multi-national companies, but for small to medium-sized businesses, particularly those doing business abroad and in high-risk countries.
The position of a compliance officer and the roll out of an integrity compliance program with the objective to educate, prevent, detect, and remediate corruption, collusion, and fraud may be viewed as the exclusive domain of large businesses. But small and medium-sized businesses must address compliance in a way that is appropriate to both the size and risk profile of the business in order to fairly and lawfully compete in an inter-connected marketplace, obtain financing, and avoid the costs and consequences of corruption. Although the specific implementation of a compliance program will look different for each small and medium-sized business, certain core principles should be part of any integrity compliance program.
There are any number of resources that describe the hallmarks or guidelines for an effective compliance program. When we consult with businesses, we generally focus on seven bedrock categories. We will discuss three in this Alert and the others in a future installment.
- Risk Assessment. Preventing corruption effectively and proportionately requires an understanding of the risks a company may face, which may differ significantly based upon the company’s size, products or services, geographic markets, government interaction, distribution channels and other identifiable factors. A thorough risk assessment will lead to an effective program.
- Management Buy-in and Tone at the Top. There is no substitute for the board of directors and senior management’s commitment to integrity and to the creation of a culture of compliance – and it comes at no cost. Company management must unambiguously prohibit unethical conduct, articulate clear standards of integrity, communicate and promote those standards throughout the organization, and uphold them rigorously and consistently. Appropriate incentives should be included to encourage the observance of the Code of Conduct and related policies and procedures at every level. When infractions are alleged or identified, the company must have a thorough and consistent policy of investigation. If violations are found, appropriate disciplinary measures must be consistently applied from the boardroom to the back office, and the corrective action for violations must be consistent, regardless of what level within the organization it occurs.
- Code of Conduct, Policies, and Procedures. Such an unambiguous prohibition on unethical conduct must be clearly reflected in a Code of Conduct. An unwritten “do the right thing” corporate culture will not suffice for a company of any size in today’s environment. The functional aspects of the Code must be included in written policies and procedures that are concise, practical, and accessible to all employees. Those policies will reflect the values being set at the top of the company and expressed in its Code of Conduct. Such policies must include: internal controls; due diligence in hiring; third-party due diligence; travel, entertainment, and meal expenses and receipt and giving of gifts; documentation; and disciplinary procedures, among others.
Stay tuned for the remaining four categories in next month's alert.
Heather Hatfield represents clients in corporate investigations, white-collar crime investigations and defense involving the Foreign Corrupt Practices Act (FCPA), complex contract disputes, oil and gas litigation ...
Blake Runions assists clients with broad range of business disputes and investigatory matters, including partnership disputes, internal investigations, and commercial litigation.
Prior to joining the Firm, Blake worked in the ...
Jamie Godsey represents public and private corporations, partnerships, and small companies on a broad range of complex business and commercial litigation. Her experience includes a wide variety of matters such as contractual ...
- Best Practices to Prevent Internal Fraud and Embezzlement
- Cybersecurity Best Practices: Disclosure Requirements for Risk Management, Strategy, and Governance
- Cybersecurity Risk Management Practices for Small and Midsize Businesses
- Overview of New Cybersecurity Disclosure Rules for Public Companies
- Increased Focus on Cybersecurity Warrants Review of Policies and Procedures
- DOJ Issues Expedited FCPA Opinion Procedure
- Companies Must Review Compliance Policies Following New Sanctions of Russian Financial Institutions and Individuals
- Anti-Corruption Enforcement: 2021 Year-In-Review
- Credit Suisse Settlement Carries Broader Lessons about Reputational Risk
- World’s Largest Advertising Group Settles with SEC for $19.2 Million After Ignoring Red Flags
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- November 2019
- October 2019
- September 2019
- August 2019
- July 2019
- June 2019
- May 2019
- April 2019
- March 2019
- February 2019
- January 2019