A long-standing U.S. federal investigation into allegations of pervasive corruption at Wal-Mart Stores Inc.’s foreign operations uncovered possible evidence of bribery of varying magnitude in emerging markets all over the world, including India, China, Mexico, and Brazil. Although it remains unclear whether the company will face major charges under the Foreign Corrupt Practices Act (FCPA), the ongoing, multi-year investigation highlights the acute risks and profound costs of conducting business in emerging markets around the world.
Enacted in 1977, the FCPA is a criminal statute that prohibits companies from paying bribes to foreign government officials or entities for the purpose of obtaining or retaining business. The FCPA has two primary provisions. The first prohibits U.S. persons, entities, or any issuers of U.S. securities from making or offering payments to foreign government officials to obtain or retain business or a business advantage. The second requires that issuers maintain accurate books and records and internal controls. The FCPA is enforced by the Department of Justice (DOJ) and the Securities and Exchange Commission (SEC). Penalties for violations range from multimillion-dollar fines to jail sentences for company officials convicted under the statute.
The unique business environments of emerging markets pose complicated and formidable FCPA challenges for companies endeavoring to conduct business in these countries. On the one hand, the past 10 years have witnessed the growing attractiveness of several emerging markets as destinations for Western companies eager to invest and do business there. With growth rates surpassing the global average in many instances, the huge influx of investment into these countries, and their rapidly rising populations, these countries are full of potential for foreign firms.
Despite such potential, however, companies face a host of risks conducting business in these jurisdictions. Countries like India, China, Brazil, Mexico, and Russia all have a long-standing culture of corruption affecting virtually every level of their respective governments. The notorious bureaucracies of India and China make it difficult to obtain the necessary approvals to conduct business in the country, while byzantine regulations across all these states are ubiquitous and have resulted in procedures that lack transparency.
Unsurprisingly, regulators have already pursued FCPA enforcement actions against foreign companies operating in emerging markets around the world. In March 2016, Olympus Corporation’s Latin America unit agreed to pay $22.8 million to resolve criminal allegations that it violated the FCPA. Olympus Latin America provided “cash, money transfers, personal or non-Olympus medical education travel, free or heavily discounted equipment, and other things of value” to doctors working at government hospitals and clinics, according to the deferred prosecution agreement with the DOJ. The offenses occurred in Argentina, Brazil, Bolivia, Chile, Colombia, Costa Rica, and Mexico.
In February 2016, PTC Inc., paid $28 million to resolve FCPA violations committed in China. Two units of the Massachusetts-based software company in China entered into a non-prosecution agreement with enforcement authorities and paid a $14.5 million criminal penalty to resolve an ongoing DOJ investigation into payments for recreational travel by Chinese government officials that violated the FCPA. PTC Inc. also reached a civil settlement with the SEC by disgorging $11.8 million and paying nearly $1.8 million in prejudgment interest.
In August 2012, Oracle Corp., the California-based enterprise systems firm, agreed to pay $2 million in penalties to the SEC for violating the FCPA in India. The SEC alleged Oracle failed to prevent a subsidiary in India from secretly setting aside money off the company’s books and then using it to make unauthorized payments to phony vendors in India. Demonstrating just how expansively enforcement officials interpret the FCPA, the SEC did not allege that any payments were actually made to government officials in this instance; instead, it asserted that the third-party payments created the risk that the funds could be used for illicit purposes.
With penalties as excessive as these, any company seeking to conduct business in emerging markets should ensure it has an effective compliance regime in place, one that incorporates, at a minimum, the following six elements.
Six Elements of Compliance
The first is a clear, written articulation of a company’s policies regarding permissible and impermissible behavior under the FCPA and other applicable anticorruption laws. Governing standards must be well defined and specifically formulated to a company’s desired activities within the emerging market in question, focusing on reducing any potential violations of law. A good policy will include a duty to report known violations despite the level of severity at stake. A critical criterion of such a company-wide policy is a requirement of supervisory review and escalation.
Accountability and involvement by high-level company executives, also known as a “top-level commitment,” is the second component of an effective compliance program. Fostering a culture that promotes a commitment to compliance is a key feature of this element. Lower-level employees—oftentimes the ones most susceptible to violating the corruption and bribery laws—will not comply with even the most effective and most carefully crafted policies if they do not see senior management following these policies as well. An unambiguous way for senior management to illustrate their commitment is to adopt a consistently applied enforcement policy regardless of the level of offender within the company.
The next dimension of an effective compliance program is comprehensive training. This entails disseminating carefully crafted, relevant policies for the parent company and each one of its subsidiaries. Companies must ensure that all aspects of these policies, which should not be too complex or technical, are translated and made easily accessible to all employees firm-wide. The policies should be translated into local languages and any major dialects, if necessary. Specifically, within emerging market countries like India, where a multitude of languages are spoken, more than one translation may be required. Companies should also require training sessions, with periodic refresher courses, and mandate additional training for key risk employees, such as those who would be based in India and exposed to government officials there.
The fourth component of an effective compliance program focuses on auditing and risk assessment. In emerging markets, this necessitates robust due diligence of intermediaries acting on behalf of a company, which include customs brokers, freight forwarders, and external counsel. It is critical to obtain certifications from these third parties, certifying that they have not made payments to government officials, and, at the same time, to check reliable databases to confirm their past compliance.
This particular element also incorporates an adequate detection system capable of identifying potential FCPA violations. Critical features of such detection systems include global hotlines with multilingual operators capable of receiving anonymous tips regarding potential misconduct, whistleblower protections, email monitoring, and periodic, unannounced audits. Robust internal audit mechanisms can help drive effective firm-wide FCPA compliance as internal auditors can test and confirm that FCPA controls are working as intended. In addition, companies should have in place mechanisms capable of tracking complaints about potential violations, reviewing them, and providing final dispositions expeditiously.
Enforcement and discipline are the fifth component. Simply put, violations of compliance policies and procedures must be addressed promptly and consistently. Companies can find themselves in worse trouble with regulators when they learn of FCPA violations but fail to address them adequately. Absence of enforcement serves to undermine the efficacy of the very compliance program aimed at minimizing potential FCPA violations.
The final element of an effective compliance program is detection and remediation. For high-risk jurisdictions like those found in emerging markets, periodic, focused on-site FCPA compliance examinations should be used. No substitute exists for being on the ground examining records and talking directly to employees at all levels. This can result in fruitful returns, including uncovering fraud, detecting weak controls, and demonstrating to employees that strict compliance is a company priority.
In those instances where a violation of an established policy is uncovered, corrective action must be swift and effective. Both the DOJ and SEC have in the past demonstrated a willingness to forgo FCPA prosecutions or reach some other less severe settlement where the offending companies have taken prompt remedial measures, including terminating those responsible, strengthening compliance procedures, and enhancing their detection program.
The exorbitant costs associated with FCPA compliance should not be underestimated. According to regulatory filings, for example, Wal-Mart claims it has spent more than $685 million on conducting internal probes of its operations overseas, including in various emerging markets, and on instituting the requisite compliance mechanisms.
More striking still, the U.S. government has aggressively ramped up its enforcement of the FCPA. In a sign of things to come, it has collected dozens of billions of dollars in penalties from companies found to have violated the FCPA. Wal-Mart constitutes an instructive and revealing case for companies endeavoring to do business in high-risk environments of emerging markets. Adopting an effective compliance program can help those businesses avoid a similar fate.