“Due diligence” should be the first two words you think of when your firm receives an FCPA complaint due to business done overseas. That due diligence, if completed correctly, will help mitigate your firm’s damages and prevent similar issues in the future. As many firms who do global business know, ignorance is not a defense when you have an issue with bribery or improper accounting practices. That’s why there are mitigation programs in place that you can take advantage of when you catch problems early.
Fines related to improper financial practices get extremely expensive. In some cases, they can become business-ending mistakes. By immediately jumping on any complaint with a thorough investigation, you’ll be able to minimize your damages and maintain your company’s reputation.
What is FCPA Due Diligence?
Due diligence is an entirely subjective term. Mainly, it indicates that someone took reasonable steps to ensure they didn’t violate the law. Reasonable steps can mean a lot of things. There’s the obvious, like that you should vet your employees and not hire someone with a history of problematic behavior. There’s also the less obvious, like that you should vet the vendors you use in third-party deals.
Specific to the FCPA, there are three components of due diligence:
- Detect – if you allow someone to do business with your company, you must take proper measures to ensure they are FCPA-compliant. That means reviewing their background, as well as the backgrounds of specific workers before you sign a contract with them. Also, you’ll need to go even deeper and check to see if that firm has had dealings with any other problematic agencies.
- Cease – Due diligence at the beginning of a contract is not enough. You must continuously monitor and check into the backgrounds of involved parties to ensure they are remaining FCPA-compliant. If there are any actions you believe might be non-compliant, you are required to cease all activities that might lead to a violation.
- Remediate – In this, you investigate the issue, report it as necessary and put out policies that show your company is actively working to end these irresponsible activities. At the same time, this is the step where you’d report all your efforts to the appropriate agency to show you’re making an effort to fix the issue.
These three components need to be documented and consistent to show that you’re doing your due diligence under the FCPA. If you’re considering this after you’ve received a complaint, your focus is going to be on remediation. You need to do an internal investigation.
How to Conduct an Overseas FCPA Investigation
Once you receive the complaint, you need to start working immediately to get to the root of the problem. That means getting your policies in order and conducting interviews with all involved parties. While the steps may change based on how large the investigation is, you’ll want to:
- Get legal to review your compliance policies – You need to look for loopholes that the individuals involved may have used to skirt your compliance provisions. Have your legal team do a thorough policy review. Collect any records showing compliance training and literature to prove the individuals involved were informed.
- Gather initial statements – Ideally, you want all potential involved parties to give verbal and written statements. These statements should cover all the facets from who was involved, to what happened and if the employees were acting maliciously or without knowledge. A good tool in this can be Remote Risk Assessment, which will allow you to conduct interviews and use biometric signal processes to assess for risk.
- Get boots on the ground – Once you have the statements in place, you need to get a team on-site to investigate the issue. Do not use an investigatory team at the location where the incident occurred. Instead, get a team together that is unbiased so they can gather the right information. That will ensure your investigation is viewed as an investigation and not a cover-up.
- Take action – At the completion of your investigation, you need to make some decisions. You may have to let employees go or end relationships with vendors. Ensure you do that quickly rather than waiting for the DOJ to tell you to. This is a powerful due diligence step that can really minimize the impact of the violation.
- Re-up on company policy – Following a violation, it’s highly recommended that you retrain employees in that location on compliance issues to ensure that similar situations won’t occur in the future. This again goes to show the investigating agency that you’re taking the problem seriously.
No one wants to be the focus of an FCPA investigation. Unfortunately, when you’re a large corporation with a lot of people and vendor relationships overseas, it can become a standard cost of doing business. If you react quickly, you should be able to reduce the damage and prove that your company takes these issues seriously.
AC Global Risk offers RRA as a solution for taking statements during a due diligence investigation. This telephone-based technology allows us to gauge the risk of your employees and get to the bottom of small issues before they become big. For more information, contact us.