Now that the SEC has gotten involved with FCPA along with the DOJ they have interpreted the FPCA statute to mean that a company must maintain a system of internal accounting controls that monitors FCPA Compliance not only internally within the organization, but for all its third parties including customers and suppliers
With the average Fortune 50 company having over 75,000 suppliers and 300,000 large customers the enforcement is nearly impossible and deemed as “sneaky.”
Even former DOJ Leadership acknowledges the incredible challenge around FCPA Compliance, especially now that the SEC is stepped up its enforcement (See video like below at around the 14:40 mark).
However, there is a solution to avoid or mitigate FCPA fines/actions as well as damaging public press-releases by the DOJ/SEC due to third party violations. A robust but straightforward certification program can significantly mitigate this risk.
A Certification Program is primarily an attestation or assertion document that is acknowledged or signed by an employee/and all third parties delivered by email, a simple workflow software or even post mail. It is generally language-specific but is translators are not available English only works. The attestation or assertion document is asking an individual/entity/official to certify that they are Understand FCPA, Are FCPA Compliant, and Unaware of any violations.
You might be asking yourself that there is no way that all of my hundreds of thousands of suppliers/customers/colleagues will comply, and we will have with exposure?
In the case of colleagues, its a more straightforward answer as the certification process should be mandatory using internal email or workflow tools driven from the top of the organization. In the case of third parties where there is less control, the recommendation is to send the certification communication (via email/post) up to three times in 90 days. If there is no response, this is OK!
The key to this entire process is a robust documentation and controls process over the certifications – this includes the third parties that have not responded despite three attempts.
Essential elements to an FCPA Certification process are:
-How the Certification is written ensuring that there is an emphasis on full disclosure and awareness and understanding of the FCPA Statute and any potential violations
-Process for Disseminating to third parties and internal employees
-Tracking and reporting
It is proven that a robust Certification Program implemented in advance of a certification program has lead to reduced penalties and even eliminated penalties as well as damaging Public Relations from the announcement of an SEC/DOJ Investigation.
A robust FCPA certification program may be the most significant cost avoidance and reputation damaging you can implement within your organization.