Companies Need to Adapt to Heightened Regulatory Vigor
On October 14, 2020, a Brazilian meat and agriculture conglomerate agreed to pay nearly $27 million to the U.S. Securities and Exchange Commission to resolve charges of books and records and internal accounting controls violations by its U.S. subsidiary, a leading poultry company. The two Brazilian nationals who own the parent company were also assessed $550,000 each in civil penalties.
On the same day, the U.S. Attorney’s Office for the Eastern District of New York announced in a press release that the parent company had agreed to pay a fine of more than $256 million to resolve charges of bribes paid to Brazilian government officials through, among other means, bank accounts based in New York.
These settlements, totaling nearly $285 million, signaled a milestone achievement for the Foreign Corrupt Practices Act (FCPA): 2020 now holds the record for total FCPA settlement amounts, with $2.94 billion in combined resolutions. The previous record was set in 2019, with $2.9 billion in total settlements.
This may be somewhat surprising to the casual observer, especially considering the current business climate, particularly in the United States. Why was there so much momentum, in a year that presented such significant challenges to global businesses, to carry out such vigorous enforcement of a legal framework that some might regard as an obstruction to companies’ competitiveness and growth prospects?
And, looking at it from another angle: The list of companies involved in the SEC’s 2020 FCPA cases contains quite a few that, if not exactly household names, are nevertheless well-known global enterprises. Why would they have had such difficulty avoiding FCPA violations? Don’t they have competent, well-staffed compliance teams tasked with protecting their companies from such dramatic missteps and penalties?
Complexity Complicates Compliance
Let’s consider the first question. Yes, 2020 was the year of COVID-19, a year of severe challenges to businesses of all sizes. But even assuming the possibility of reduced appetite for government enforcement of anti-bribery and anti-corruption regulations, the enforcement actions that culminated in 2020 would generally have been started pre-COVID, in 2019. They were already “in flight.”
As to the second question — yes, the companies that incurred FCPA-related penalties appear to be large, successful and well-resourced. But large, well-resourced companies can find it difficult to adopt a consistent, global approach to regulatory compliance across the whole organization.
With size often comes complexity; companies may be able to set policies and provide the right type of employee training, but enforcing compliance at scale is another matter. How does a company headquartered in Chicago police its sales organization in Chennai? How do you create a consistent culture across multiple continents? It’s very challenging trying to set the right priorities from thousands of miles away — to make your people understand that before they do the deal, they need to be sure that they’re doing things by the book.
Regulatory Momentum on the Ascent
Another factor is regulatory vigor, which has increased in a number of jurisdictions and is outpacing companies’ ability to ensure regulatory compliance on a steady, global scale. For many years, the level of FCPA enforcement activity had stayed pretty consistent. But over the last 10 or so years, the U.S. regulatory regime adopted more of a zero-tolerance approach to bribery and corruption. (There are arguments for and against the premise that the uptick in FCPA enforcement was triggered by the global financial crisis in 2008-2009.) The balance of power and influence shifted perceptibly; regulations were tightened, and regulators got more and better tools for proving and winning cases. Where companies used to have ways of “managing around” anti-corruption and anti-bribery enforcement, the SEC and U.S. Department of Justice are in a much better position to ensure that their evidence against their targets is watertight.
Simply said, a combination of internal and external changes is making it harder for major companies and their executives to avoid violating FCPA requirements. But there are steps that companies can take to better ensure compliance — not just with the FCPA, but other anti-bribery/anti-corruption laws like the UK Bribery Act 2010 — and provide themselves with more effective tools for managing third-party risk and avoiding costly penalties.
Better Data + Better Analytics = Better Visibility
First, companies need to have access to the right information about their customers, suppliers, and third-party associates. They need data that has both breadth and depth — not just data in quantity, but data that can drive actionable intelligence with regard to third parties. Ideally, the data needs to encompass firmographic, operational and financial detail to enable businesses to “see” just who they’re doing business with — and whether those parties are currently, or perhaps were previously, engaging in conduct prohibited by the FCPA.
But the best-caliber data only has limited value by itself; you also need an appropriate mechanism for obtaining insights from it. An analytical tool or platform is necessary to ingest that data and perform operations with it that allow companies to conduct various functions, such as third-party screening and monitoring, to track suppliers and partners, identify and verify the people behind them, and screen those people and businesses for adverse information.
Even better, the platform should enable automation of these functions, improving speed and accuracy and leading to faster, better business decisions concerning third parties.
Prioritizing Internal Controls
The second prong, after having the right data and doing the right things with it, is demonstrating a genuine commitment to delivering an effective due diligence process.
More and more companies are shifting to a view of due diligence as an operating expenditure, not a one-time capital investment. The goal should be to have consistent, defensible internal controls in place to drive the right policies and procedures. The problem isn’t so much when one “bad apple” is discovered in your basket; the problem is when you have weak, inefficient due diligence processes that allow issues to snowball. That’s when you start running the risk of incurring the level of fines that will contribute to the next record-setting year for FCPA penalties.
Speaking of which — as previously noted, 2020 broke the 2019 record for FCPA settlements, and if current trends continue, 2021 could be the next record-breaking year. The U.S. regulatory regime, with the wind clearly in its sails, seems to be well positioned to make this a plausible outcome. Forward-looking compliance leaders will need to step up their third-party risk management capabilities to keep pace with active enforcement, and to better ensure that their companies won’t be contributing to the next punitive milestone.
The opinions, information and advice provided by Dun & Bradstreet in articles and blog posts (collectively the “Information”) are provided “as-is”. Nothing stated or implied in the Information should be construed to be legal, tax, or professional advice. Dun & Bradstreet makes no representations or warranties, express or implied, with respect to such Information and the results of the use or reliance on such Information. Please contact an attorney or tax professional if you are in need of legal or tax advice.