Can Your Company Withstand Scrutiny?

by Deloitte CFO Insights, 20 May 2012
When two top executives – including the chief financial officer (CFO) – of a US company were found guilty of bribery charges in May 2011, it marked the first time that both a company and its employees had been convicted under the US Foreign Corrupt Practices Act (FCPA). The high-profile case was dismissed in early December 2011 due to prosecutorial misconduct, but the fact that the case went to trial at all should give CFOs pause.
Although this may be the first time top executives came close to jail time for FCPA violations, it may not be the last as several other executives face upcoming bribery trials.
In fact, given the increased scrutiny of alleged corruption, the US government’s emphasis on holding individual executives accountable, and the effects of the whistler-blower rewards created by the Dodd-Frank Wall Street Reform and Consumer Protection Act, it would not be surprising if the number of executives prosecuted for bribery rises over the next year.
In addition, if more executives take their chances in court, instead of settling cases as companies have historically done, the likelihood of future convictions and jail sentences may also increase.
For CFOs, that makes it all the more important to have robust anti-corruption programs in place – and have evidence that the programs are operating effectively.
Unfortunately, recent research conducted by the Deloitte Forensic Center (Anti-corruption practices survey 2011: Cloudy with a chance of prosecution?) suggests that is not necessarily the case.
In fact, only 29% of the 276 US executives surveyed were very confident their company’s anti-corruption program would prevent or detect corrupt activities. And given the high potential impact of an adverse event of this sort — criminal exposure for the company and its executives and fines that in the past have climbed as high as US$1.6 billion — it suggests that now is an appropriate time to evaluate and consider upgrading anti-corruption programs.
We examine how the enforcement landscape for corruption activities has changed, consider why there may be such a low level of comfort in existing programs and suggest how CFOs may improve their prevention efforts.
All eyes on corrupt activities
To say that the enforcement landscape has been stepped up would be an understatement. Prosecutions and fines under the FCPA -- which makes it illegal for US citizens or companies to attempt to bribe foreign officials in order to gain a business advantage -- have increased dramatically in recent years. While in 2004 the U.S. Department of Justice (DOJ) and Securities and Exchange Commission (SEC) had only five enforcement actions, that number rose to 40 actions in 2009 and 74 in 2010.
The size of penalties has also increased. Based on data through December 31, 2010, eight of the 10 largest FCPA-related settlements occurred in 2010 with penalties ranging from US$56 million to US$800 million.

The increased focus on preventing corrupt activities is not confined to the United States. The UK Bribery Act of 2010, which became enforceable on July 1, 2011, expands the criminality of bribery beyond acts involving government officials to include bribery between private entities and domestic as well as international bribery. Moreover, the UK Bribery Act applies to all companies, including U.S. companies that do business in the United Kingdom.
Meanwhile, there is also other global activity in this area. In May 2011, for example, China expanded its anti-corruption law to cover bribery of foreign officials. That same month, the Russian legislature expanded that country’s existing anti-bribery law to include bribery of foreign government officials by Russian nationals, and imposed fines up to 100 times the value of the bribe.
And while the effectiveness of these new laws remains to be seen, the idea that efforts to crack down on corruption are tightening worldwide increases the possibility of foreign governments being able to prosecute U.S. firms for corrupt activities that take place globally – and heightens the need for robust anti-corruption programs.
Where deficiencies may lie
In this environment, just having an anti-corruption program is almost table stakes.
According to the Deloitte survey, almost 90% of respondents said their company had an anti-corruption policy, one part of an anti-corruption program, in place. The policies covered a wide range of potentially corrupt activities including:

    bribes (91%)
    gifts to foreign government officials (85%)
    expenses related to government business/government relations (75%)
    facilitating payments (74%)
    political contributions (73%)

Having policies in place, however, does not guarantee their effectiveness in practice. And while there is no single reason for the current lack of confidence, the study identified several potential contributing factors, including:
Lack of stand-alone anti-corruption policies: Only 45% of the companies surveyed had a stand-alone anti-corruption policy while the rest had a policy that was part of a broader code of conduct. In Deloitte’s experience, anti-corruption issues may not receive adequate attention unless they are addressed by a policy specifically focused on corruption.
Infrequent anti-corruption audits: Although roughly 80% of executives said their company conducted internal audits of its foreign operations to identify corrupt activity, only 32% said these audits were conducted annually or more often. Also, Deloitte has found some companies rely on their standard internal audits, which these days may not be sufficient if not, at least in part, planned and executed with procedures that are designed specifically to detect corrupt activities.
Lack of consistent due diligence and monitoring of third parties: The use of third parties was considered to be a significant risk by 52% of executives. Similarly, 43% of executives considered identifying and managing third-party relationships to be a significant challenge, more than for any other issue.
Despite these concerns, only 41% of executives said their company regularly conducted due diligence on third parties in foreign countries that interact with foreign government officials and just 9% said they conducted very detailed monitoring of third parties to ensure they complied with the company’s anti-corruption requirements.

Increased corruption risk in emerging markets: Companies face a greater potential for corrupt activities as they expand into places such as Brazil, Russia, India, and China (BRIC countries). In fact, some 55% of executives said their company was extremely concerned about corruption in China, while 43% said the same about Russia, 39% about India, and 26% about Brazil. The variations here may reflect companies’ different expansion targets as well as differences in perceived levels of risk, however.
The rewards of robust procedures
There are good reasons for CFOs to want effective anti-corruption policies. For one, they save on costs. According to the US Department of Justice, companies implementing effective anti-corruption programs are much less likely to incur substantial penalties levied for FCPA violations. In addition, the costs to companies of investigating and defending FCPA allegations can often run into the tens of millions of dollars based on the size of the matter.
Moreover, when a corruption case is settled, regulators may appoint a monitor to oversee the company’s compliance activities – at the company’s cost, which, in Deloitte’s experience, can easily total millions of dollars or more.
If a company can demonstrate to the SEC and the DOJ that it has a robust compliance program and responded appropriately once it discovered the corrupt activity, the government has stated that appropriate credit will be given for effective compliance programs and cooperation in assessing fines and penalties. But what constitutes a strong program and what can CFOs do to up their confidence in them?
There are many key elements in an effective FCPA Compliance program. Two that CFOs should consider particularly carefully are:
Transaction monitoring: In the past, you instituted anti-corruption policies, trained your people, told them not to pay bribes, and crossed your fingers. Now with FCPA analytics software monitoring your company’s financial systems, you can have a sentry mechanism that can help to raise an alert to transactions that look suspicious.
Roughly one-quarter of executives said their company used software applications to identify suspicious or anomalous payments or transactions that may indicate corrupt activity. And almost 80% of the executives at companies that used such software said it had identified suspicious transactions that required further investigation.
M&A risk assessment: Ordinary due diligence is not enough when it comes to foreign operations – and especially when expanding there through merger or acquisition. One reason is that a company can easily inherit criminal liability for any FCPA violations committed by the acquired business.
Consequently, during the due diligence process, CFOs should work with legal counsel to perform focused anti-corruption due diligence on acquisition targets. This might include transaction testing on sensitive areas of operations and background checks on the managers at the acquired firm as well as the vendors and agents they use and the laws and regulations they operate under.
Such scrutiny can help prevent CFOs from entering into an expansive network of local relationships fraught with conflicts of interest.

How sophisticated is sophisticated?
Figuring out if your anti-corruption program is sophisticated enough to achieve your company’s risk mitigation goals is a difficult process. That’s partly because the determination typically requires analysis by FCPA or anti-corruption specialists.
But any company can make conscious choices about the degree of sophistication that they invest in for their anti-corruption program.
Do you want the lowest level required to comply with legal requirements, or do your reputational and financial risk management goals call for something more robust?
While cost is a consideration, some program elements can be performed well or poorly for similar costs, so why not choose the higher quality option?
For the CFO who oversees risk, the cost of not having adequate controls in place can be much greater in terms of the monetary and reputational damage if a violation is found. Moreover, having a low level of confidence is obviously out of line with the fact that companies have created their anti-corruption programs and their disclosures may be telling shareholders, the SEC, and DOJ that these programs are sufficient.
In this elevated enforcement environment with competition heating up for opportunities in the few growing markets, it behooves CFOs to revisit their anti-corruption programs. Enhancing anti-corruption programs may help a company avoid becoming the subject of a prosecution, but equally important, it may also help to safeguard its hard-earned reputation.