Summary
- Discusses global efforts to reduce corruption in contracting.
- Discusses compliance challenges for small businesses.
- Analyzes opportunities to improve compliance in supply chains.
Over the past decade, the anti-corruption, ethics, and compliance landscape has changed dramatically. This is a direct consequence of a global anti- corruption enforcement effort led by the United States through its enforcement of the Foreign Corrupt Practices Act. The increase in enforcement has also been spurred by the adoption of several multilateral anti-corruption agreements, such as the Organization for Economic Co-operation and Development (OECD) Anti-Bribery Convention and the United Nations Convention Against Corruption (UNCAC). These agreements have spurred several countries to enact anti-corruption laws, such as the U.K. Bribery Act, Brazil’s Clean Company Act, and France’s Loi Sapin II. The laws prohibit, among other things, the bribery of foreign government officials. They also encourage companies to dedicate resources to developing anti-corruption compliance programs and maintaining robust internal controls.
The increase in anti-corruption enforcement has profoundly impacted large, multinational corporations. Many of these companies have responded to the enforcement increase by investing heavily in sophisticated compliance programs designed to prevent or mitigate liability for anti-corruption violations. The development of rigorous internal compliance programs has been particularly pronounced in the defense industry, especially among large, U.S. defense contractors.
Unlike their large counterparts, many small government contractors are largely unable to keep up with the rapidly evolving trends and best practices in ethics and compliance. Their inattention to this critical area leaves them at risk for compliance failures, fraud, and corruption. As a result, small contractors are more likely than their large counterparts to be debarred from the U.S. procurement system. Despite the harsh consequences of compliance deficiencies, few small contractors are likely to dedicate resources to the development of vital compliance policies and internal controls because of the reality of limited resources. This has created a critical gap in the defense industry supply chain, as many large contractors may partner with small companies that lack the sophistication and resources necessary to ensure compliance with the many government contracts compliance requirements.
One solution to this growing problem is to incentivize large government contractors to help their small subcontractors develop compliance programs. The incentives, of course, must be substantial enough to convince large contractors to share their confidential and proprietary compliance programs and best practices.
Fortunately, a model for this type of arrangement exists in the U.S. procurement system. The “mentor-protégé” program is designed to help small businesses navigate the immense government contracts regulatory system. Under this program, generally a larger, more experienced contractor serves as a “mentor” to a smaller contractor (the “protégé”). The mentor, among other things, guides the protégé through the complex procurement regime by sharing expertise and resources. In return, the mentor is provided with contractual opportunities and incentives by the U.S. Government. This model could benefit companies in the compliance space by providing a mechanism for contracting parties to exchange information and ensure transparency throughout all levels of the procurement process.
This article recommends incentivizing large businesses to utilize their vast resources to assist their small business partners with the development of internal ethics and compliance programs in order to improve the overall integrity of the government procurement system. Part II of this article analyzes the development of global anti-corruption compliance standards through an overview of noteworthy changes in laws, regulations and enforcement. Part III analyzes the current compliance risks that large companies face when contracting with smaller companies who lack robust compliance systems and internal controls. Part IV recommends the adoption of a corporate mentor-protégé program that incentivizes larger companies to dedicate resources to helping smaller contractors develop anti-corruption compliance programs. Part V offers some concluding thoughts.
Over the past decade, there has been a global shift in perceptions and approaches towards public corruption. Enforcement has increased dramatically, the sharing of information and resources among governments has improved, and global best practices in corporate anti-corruption compliance have continued to evolve. In response, dozens of countries have made multilateral commitments to combat corruption and have enacted anti-corruption legislation to fight bribery and foster a new era of corporate anti-corruption compliance.
Anti-bribery enforcement agencies, non-governmental organizations, and civil society organizations have developed compliance guidance to assist companies with the prevention and deterrence of corruption. In addition, large, multinational companies are now incentivized to invest in ethics and compliance programs to avoid expensive anti-corruption enforcement actions and long-term reputational harm that may result from public knowledge of their misconduct.
Enacted in 1977, the Foreign Corrupt Practices Act (FCPA) has provided the foundation for today’s global anti-corruption enforcement activities. The U.S. statute has two pillars: it criminalizes the bribery of foreign government officials, and it requires persons and entities to maintain accurate books and records and robust internal controls. Working in tandem, these two pillars not only combat bribery, but also ensure that companies and individuals do not hide bribes and improper transactions in off-book accounts and slush funds. FCPA enforcement has increased dramatically over the past decade and a half, resulting in hundreds of enforcement actions — a significant increase from previous decades of enforcement.
The FCPA is famous for its broad jurisdiction — often ensnaring both U.S. and foreign companies that run afoul of its prohibitions — and its broad knowledge standard, which has resulted in significant fines and penalties for companies that rely on third parties to help them develop business opportunities abroad. “The statute’s knowledge standard . . . is designed to ensure that companies do not hide behind their agents or other third parties to avoid liability for the bribery of foreign government officials.” “Indeed, the vast majority of FCPA cases have been [triggered by] third parties bribing government officials on behalf of a particular company.” “To reduce the risk of liability that may result from the actions” of third parties, companies have developed “robust due diligence and oversight procedures for the selection and monitoring of their third” parties. Companies that ignore bribery “red flags” in the vetting or monitoring of third parties proceed at their own peril.
Although the United States remained alone for twenty-five years in its fight against the bribery of government officials in international business transactions, the anti-corruption landscape began to change in the late 1990s.
In less than a decade, dozens of countries [had] signed on to treaties requiring them to criminalize transnational bribery of foreign officials in similar terms to the anti- bribery prohibition of the FCPA, requiring criminalization of money laundering where the predicate offense is a corrupt practice, and requiring cooperation with other counties in investigations and enforcement.
Moreover, multilateral agreements, such as the OECD Anti-Bribery Convention and the UNCAC, have spawned implementing legislation across the globe designed to, among other things, combat bribery in international business.
Signed in 1997, the OECD Anti-Bribery Convention is aimed at reducing corruption in developing countries by encouraging sanctions against bribery in international business transactions. The Convention largely mirrors the provisions of the FCPA, prohibiting the bribery of foreign government officials and requiring companies to maintain stringent internal controls.Thirty-six OECD member countries and eight non-member countries have adopted the Convention.
The OECD Working Group on Bribery monitors the implementation of anti-corruption legislation and assesses anti-corruption law enforcement efforts. Over the past decade, active implementation of the OECD Anti-Bribery Convention has led to the criminal sanctioning of 560 individuals and 184 entities for foreign bribery.
The UNCAC requires signatory states to implement a variety of anti-corruption measures, which affect their laws, institutions, and practices. As of June 26, 2018, there are 186 parties to the Convention. The UNCAC provides a holistic approach to combatting corruption, focusing not only on traditional law enforcement techniques, but also on methods of enhancing international co-operation and preventative measures directed at both the public and private sectors. Similar to the OECD Anti-Bribery Convention, the UNCAC requires states to impose “civil, administrative or criminal penalties” on individuals or companies that engage in acts of corruption to dissuade other entities from propelling or encouraging similar patterns of corruption. Through its “Conference of the States Parties,” the UNCAC provides a mechanism designed to encourage cooperation among state parties and to promote the Convention’s implementation. Its provisions also address the “promotion of corporate codes of conduct, best practices, and compliance programs for business and the professions, [and] measures to promote corporate transparency.”
In recent years, numerous countries have implemented these multilateral agreements by enacting robust anti-corruption laws. These laws, such as the U.K. Bribery Act, Brazil’s Clean Company Act, and France’s Sapin II, not only prohibit bribery, but also reinforce the importance of anti-corruption compliance programs. As these countries (and others) ramp up the enforcement of their new laws, companies will face greater pressure to ensure their anti-corruption compliance programs meet the emerging global compliance standards.
The dramatic increase in anti-corruption enforcement by the United States and (increasingly) other countries demonstrates a growing global commitment to combatting corruption. Many household company names have run afoul of the FCPA, resulting in time-consuming, expensive, and embarrassing enforcement actions. For example, in 2019, Walmart, Inc. (Walmart) agreed to pay a combined total of $282.7 million to resolve a years-long investigation into the retail giant’s FCPA violations for failing, despite numerous red flags, to ensure sufficient global anti-corruption internal controls. Not only was Walmart required to pay both approximately $138 million in criminal penalties and approximately $144.7 million in civil penalties, it was compelled to hire an independent compliance monitor to assist the company for an additional two years. Not surprisingly, the negative consequences stemming from similar enforcement actions have incentivized large, multinational companies to invest in compliance programs that will detect, prevent, and deter illicit activities. Moreover, governments, international organizations, and civil society have also championed the role of ethics and compliance in helping to prevent and mitigate corporate corruption.
In fact, the U.S. Department of Justice (DoJ) has publicly recognized and rewarded companies that implement robust compliance programs even where allegations of corruption arise. For example, in 2011, Johnson & Johnson (J&J) entered into a deferred prosecution agreement with the DoJ to resolve corruption allegations. The government made clear that it had reduced the company’s criminal penalty to $21.4 million and did not require it to retain a corporate monitor “[d]ue to J&J’s pre-existing compliance and ethics programs, extensive remediation and improvement of its compliance systems and internal controls. ” In 2012, the DoJ took the unprecedented step of publicly announcing that it had declined to prosecute Morgan Stanley for the bribery of a Chinese government official because of the company’s strong, pre-existing compliance program. Instead, the DoJ limited its prosecution to the rogue employee who committed the wrongdoing.
In addition, since 2017, the DoJ has included a formal “FCPA Corporate Enforcement Policy” in its Attorneys’ Manual, which considers, among other things, the “implementation of an effective compliance and ethics program” as a key criterion in determining whether a company may receive a reduced fine or penalty (or even declination) when settling an FCPA matter.
Moreover, an international consensus has developed regarding best practices in corporate ethics and compliance programs. Several government enforcement agencies, non-governmental anti-corruption organizations, industry groups, and civil society organizations have released compliance “best practices” guides that provide proactive guidance to companies designing risk-based, anti-corruption compliance programs. For example, in 2010, the OECD published a framework to help companies design their compliance programs entitled “Good Practice Guidance on Internal Controls, Ethics and Compliance.” In 2012, the DoJ published “A Resource Guide to the U.S. Foreign Corrupt Practices Act,” designed to outline both the government’s policies regarding FCPA enforcement and “the hallmarks of an effective corporate compliance program.” In 2019, the DoJ updated its “Evaluation of Corporate Compliance Programs,” a formal resource exploring significant factors and questions used by prosecutors in evaluating the effectiveness of corporate compliance programs. Similarly, the United Nations Office on Drugs and Crime (UNODC), published “An Anti-Corruption Ethics and Compliance Programme for Business: A Practical Guide,” which outlines preventative measures to detect and deter foreign bribery during international business transactions.
In each guide, companies are encouraged to employ measures designed to prevent and detect misconduct. Although the recommendations are designed to be flexible and are tailored to each company’s particular risks and resources, they provide similar recommendations, applicable to all companies, regardless of size, industry, or risk. For example, most guides consider the following to be necessary components of an effective ethics and compliance program: (1) visible commitments from senior management; (2) a clear corporate policy prohibiting bribery and misconduct; (3) a code of conduct; (4) risk-tailored compliance policies and procedures; (5) risk assessments; (6) robust due diligence and oversight of third parties; (7) confidential reporting and internal investigation procedures; (8) dedication of sufficient resources to the implementation and oversight of the compliance program; (9) ongoing training for employees and relevant third parties; (10) transparent financial and accounting procedures; (11) effective communication and documentation; (12) periodic review and testing of internal controls; and (13) incentives and disciplinary measures for violations of company policies and the law.
In light of the numerous compliance resources available to companies, “government regulators and enforcement agencies have little sympathy for companies that claim ignorance about the necessity of an effective compliance program.” For example:
They are equally harsh with companies that do compliance ‘on the cheap,’ such as downloading and adopting the policies and codes of conduct found on the internet, dedicating little to no resources to compliance activities, failing to provide ethics and compliance training to employees, or ignoring red flags of corruption or unethical behavior.
The DoJ’s own published guidance makes clear that there is little tolerance for companies that lack an effective program. Companies that fail to invest in compliance or merely maintain a “paper” compliance program will eventually violate a law — resulting in huge fines, penalties, investigative costs, reputational damage, and other related consequences.
Although state-of-the-art compliance programs have grown recently in the commercial sector, as discussed above, robust compliance policies and procedures have always been critical for U.S. government contractors, given the myriad of laws regulating government procurement activities. Ensuring that compliance officers keep compliance programs consistent with regulations requires tracking and analyzing changes in regulations, which in turn requires significant technology and manpower. Compliance officers must be knowledgeable and retain a skilled staff in order to maintain up-to-date policies and procedures. A contractor’s failure to comply with government requirements and obligations can devastate the company’s reputation and government revenue streams. Not only does a contractor risk the termination of its current contracts, it also faces a multitude of administrative remedies and civil or criminal penalties. Given the staggering consequences of non-compliance, it is no surprise that the United States’ largest contractors have invested heavily in developing robust and effective ethics and compliance programs. Indeed, some of the country’s largest contractors have been leaders in developing comprehensive and innovative anti-corruption policies and procedures.
In light of their significant compliance obligations, the comprehensive compliance guides are a significant resource for contractors designing, implementing, and refining their internal compliance programs. They are of particular importance because most government contractors are legally obligated to implement a “Contractor Code of Business Ethics and Conduct.” This requirement is designed to ensure contractors “conduct themselves with the highest degree of integrity and honesty” and maintain a “written code of business ethics and conduct.” To promote compliance with these policies, the Federal Acquisition Regulation (FAR) requires contractors to employ an “ethics and compliance training program and an internal control system” that: “(1) [is] suitable to the size of the company and extent of its involvement in [g]overnment contracting; (2) [f]acilitate[s] timely discovery and disclosure of improper conduct in connection with [g]overnment contracts; and (3) [e]nsure[s] corrective measures are promptly instituted and carried out.”
Implementing these “best practices” guidelines and ensuring a comprehensive compliance and ethics program requires substantial integration throughout all levels of a company. Large contractors often have a dedicated ethics and compliance staff that can oversee internal investigations and ensure that internal controls are functioning properly. Firms are under significant pressure to ensure that they dedicate ample resources and staffing to their compliance department or face tough questions from regulators. Further, companies must invest a significant number of hours providing ethics training to employees to ensure that all employees understand the company’s legal obligations, as well as its commitment to ethics and compliance. For example, a “typical aerospace and defense employee receives several hours of training each year on ethics and compliance with government contract requirements” — beyond what is typically required of government employees. The cost of training alone can easily result in any defense contractor spending “tens of millions of dollars annually” to ensure that all employees have a sufficient understanding of the interplay between government regulations and the daily operations of the business.
Although many of the U.S. Government’s largest contractors have invested heavily in developing robust and sophisticated compliance programs, the smallest contractors lag far behind. Small businesses may be contractually required by FAR 52.203-13 to maintain a “code of business ethics and conduct” but are exempt from establishing a compliance program and an internal controls system. Although it is recommended that small businesses invest in these important compliance and internal control systems, the small business exemption is a recognition of the burden this requirement places on small businesses. Specifically, unlike larger companies, small businesses “lack the financial resources or the market power to enforce their zero tolerance policies” towards corruption. Small businesses have less capital and smaller profit margins to implement and maintain robust compliance programs and thus may feel more pressure to take shortcuts or engage in corrupt practices to obtain greater profit margins. Although the exemption of small businesses from a legally required compliance obligation is understandable (given the resources required to comply with this requirement), the exclusion continues to perpetuate weaknesses in the procurement system.
Small businesses’ difficulty in complying with compliance regulations, and the effects of that difficulty, are well-documented. A 2012 report by UNODC found that the failure of small and medium-sized businesses (SMEs) to invest in ethics and compliance signals a significant failure in the system, and a 2018 OECD report found that SMEs typically struggle more than large firms with handling many regulatory norms. In contrast to their larger counterparts, SMEs have been much slower to implement or even acknowledge growing best practices in anti-corruption ethics and compliance programs. The most common (and obvious) reason for the lack of SME commitment to compliance is cost. Most small businesses spend their resources just trying to survive and view compliance as a luxury — not as an essential aspect of doing business. In 2010, a report compiled for the Small Business Administration (SBA) reported that small firms with less than twenty employees paid $10,585 per employee to comply with all federal regulations, while firms with between twenty and 499 employees paid $7,454 per employee. Given the high cost of compliance, many small businesses have found working outside regulatory requirements to be more profitable. Indeed, “corruption in business is an economic issue, and it will continue as long as the gains from corrupt [behavior] exceed the expected losses that are, in turn, closely connected to the probability of being caught.”
The failure of small companies to design and implement successful compliance programs may also be attributed to the complexity of the current compliance guidelines. The “hallmarks of effective compliance programs” are often designed with large, multinational companies in mind. Although all the guides make clear that policies and procedures should be tailored to the risks and resources of each particular company, the guidance can be overwhelming to resource-strapped SMEs. The guidance is also decidedly less helpful to small businesses that lack the resources and sophistication necessary to meet these aspirational standards. Many best practices are simply not feasible because the costs required to implement them are too high for resource-constrained entities. Regardless of the financial burden and infeasibility of implementing a robust compliance program, the legal risks remain the same. Thus, many small businesses face the same corruption and compliance risks as their large counterparts, but do so without the same level of protection.
Although these compliance deficiencies of small businesses are bound to create problems, the failure of small businesses to invest in ethics and compliance creates significant risks for large companies as well. A vast majority of large companies rely heavily on third parties or vendors to perform contracts, which in turn creates new oversight and monitoring obligations to ensure compliance with the law. This is particularly true in the defense industry, where large, multinational contractors depend on small businesses to perform contracts. Although large companies may value and invest in expensive compliance programs, these efforts may be moot when a small company in their supply chain does not have the resources, knowledge, or even willingness to invest in compliance.
Although commercial companies may be inclined to avoid risky small businesses that do not invest in ethics and compliance, large government contractors do not have the same luxury. The U.S. Government has injected socioeconomic policies into its procurement system to help develop small businesses; indeed, Congress has been clear it is the responsibility of the procurement system to protect and promote small business interests. Through the Small Business Act of 1953, Congress dedicated an entire agency — the SBA — to implementing and encouraging policies that “aid, counsel, assist, and protect . . . the interests of small-business concerns in order to preserve free competitive enterprise, to insure that a fair proportion of the total purchases and contracts or subcontracts for property and services for the [g]overnment. ” More importantly, Congress memorialized its support for small businesses by requiring agencies to meet small business contracting goals — targets designed to ensure that a fair proportion of federal contracts are issued to small businesses. Specifically, federal law requires agencies to meet a twenty-three percent small business contracting goal each year. To meet these goals, Contracting Officers (COs) are required to reserve a certain percentage of total contracts so only small businesses may bid on the opportunities. Typically, a CO must determine whether two or more small businesses exist offering proposals that do not exceed the market price, quality, and delivery. If the CO determines that this is the case, he or she must “set aside” the contract for small businesses.
In addition to prime contract set-asides, under certain circumstances, large prime contractors must also preference small businesses as their sub- contractors. Specifically, under certain circumstances, prime contractors “must agree in the contract that small business, veteran-owned small business [(VOSB)], service-disabled veteran-owned small business [(SVOSB)], HUBZone [Historically Utilized] small business, small disadvantaged business [(SDB)], and women-owned small business [(WOSB)] concerns will have the maximum practicable opportunity to participate in contract performance consistent with its efficient performance.”
Defense contractors have enhanced small business obligations under the Defense Federal Acquisition Regulation Supplement (DFARS). Further, the DoD is required to ensure that certain techniques such as “bundling,” which may preclude small businesses from bidding on a particular contract, are minimized, or, when used, are supported by sufficient rationale. Thus, although there is a perception that the defense industry excludes small business contractors from the market, in reality, the industry has an affirmative obligation to work with small firms.
Because of the important role small businesses play in the procurement system, their compliance failures can undermine the system’s integrity, create liability for their large-contractor partners, and result in their exclusion from the procurement system. Although the U.S. Government does not collect data on the number of small businesses excluded each year due to compliance failures, it is well-known in the industry that small business are more susceptible to debarment because of their limited knowledge of regulatory requirements and “less-developed compliance and ethics programs.” Moreover, when misconduct is discovered, small businesses “often lack the resources to respond to and remediate harm ….” When the U.S. Government has attempted to reverse this trend by proposing enhancements to small business compliance programs and internal controls, the government contracts industry has pushed back vehemently, arguing that the costs would be too burdensome for the small companies.
Small businesses have borne the brunt of the negative consequences of their their compliance deficiencies, but those compliance deficiencies can also create
significant risk for the large, prime contractors that partner with small supplier firms. Thus, in an effort to minimize risks stemming from compliance
deficiencies in their supply chains, many sophisticated contractors would do well to dedicate significant resources to the monitoring and oversight of subcontractors. Large contractors may also invest in ethics and compliance training for some of their small subcontractors or suppliers to ensure that their business partners throughout the supply chain are aware of the extensive compliance obligations required under their subcontracts. Unfortunately, oversight and training is not enough to prevent compliance failures — especially where subcontractors have failed to invest time or resources in developing their own compliance programs. This is source of great concern for prime contractors, which could be held liable for the actions of their subcontractors.
Although large contractors continue to work with small businesses in order to meet statutory goals, it is rare that a large company’s commitment to small businesses extends beyond their minimum requirements. Indeed, many large corporations have typically “shied away from small suppliers because of the sense that they are untested, less reliable and more likely to go out of business….” This not only undermines the government’s long-term strategic goals of enhancing opportunities for small businesses, it handicaps opportunities for large businesses to partner with new and potentially more innovative firms.
The defense industry has made very visible commitments to elevating ethics and compliance in the industry. Many of the world’s largest defense contractors are establishing global ethics and compliance standards by participating in organizations and forums dedicated to these issues. For the past nine years, the aerospace and defense industries have held an annual conference attended by over eighty individuals from the industry, government entities, and non-governmental organizations in an effort to share compliance “best practices” and to “promote trust and integrity.” Further, the Defense Industry Initiative (DII) has fostered an annual forum of over 300 industry professionals and government officials to share best practices and discuss cur- rent issues related to ethics and compliance. DII has developed a “Model Supplier Code of Conduct” designed to establish the “expectations” the Initiative holds for suppliers throughout the industry. It also serves as a resource for small and medium-sized contractors “seeking to streamline the processes by which they agreed to individual contractors’ codes of conduct when doing business with other DII members.” DII has also developed a “supplier toolkit” that is “designed to give SMEs the necessary guidance on creating effective ethics and compliance programs.” These examples make clear that the defense industry is actively collaborating with other industry leaders to share anti-corruption, ethics, and compliance best practices.
Although these forums and public initiatives certainly convey a willingness to share information about ethics and compliance practices, the specific details of company compliance programs are not always publicly available. A 2012 Transparency International study found that almost half of the companies involved provided little or no evidence of basic anti-corruption systems, and two thirds provided inadequate levels of transparency in their systems. By 2015, the same annual Transparency International study found some improvement — only about one quarter of companies provided absolutely no evidence of anti-corruption programs — but again found that two thirds still provided only limited evidence of their anti-corruption systems. Adding to these disclosure issues, these defense forums are closed events where only conference participants (typically industry members) are permitted to attend the discussions.
The ongoing hesitancy to share this information publicly is understandable. Large contractors make significant investments in their ethics and compliance programs, and some view their programs as proprietary and confidential. Many contractors fear that competitors will exploit this information if they share it publicly. Yet, by depriving small businesses access to this information and resources, the large contractors may ultimately be harmed if the suppliers suffer from compliance deficiencies or failures.
The entire supply chain benefits when contractors at all tiers view ethics and compliance as a critical component of their business. Although enhanced supply chain integrity may incentivize some large businesses to share compliance best practices with their suppliers, many large contractors continue to keep this information confidential. The defense industry is increasingly committed to sharing guidance and resources with small business and suppliers; however, the amount and type of information shared varies greatly among industry members.
Some large U.S. government contractors have invested resources into the ethics and compliance programs of their suppliers. For example, Lockheed Martin has created an “Ethics Supplier Mentoring Program,” which includes a suite of self-serve resources, the evaluation of a supplier’s existing ethics program, a live webinar series during which “Lockheed Martin Ethics staff walk participants through setup and implementation of each element of an effective [compliance] program,” and the option for one-on-one mentoring by a Lockheed Martin Ethics Officer. As of 2017, over fifty companies have participated in the program as mentees.
Lockheed’s effort to encourage the implementation of suppliers’ ethics and compliance programs reduces the risk of a compliance failure in the supply chain and enhances the overall integrity of the procurement system. If other large and sophisticated contractors were to invest resources into improving their suppliers’ ethics and compliance programs, it could strengthen the integrity of the U.S. government contracts regime. Unfortunately, not all contractors are willing to spend the time and resources necessary to mentor their suppliers on ethics and compliance best practices. It is clear that additional incentives are necessary to foster increased information sharing among the companies. Fortunately, a template for incentivized information sharing already exists in the U.S. procurement system: the “mentor-protégé program.” If implemented in the ethics and compliance context, this model could provide lasting benefits to the entire procurement system.
In 1991, the mentor-protégé assistance programs were created to provide small businesses with resources and support in the federal procurement sector.
A mentor-protégé program is an arrangement in which mentors — businesses, typically experienced prime contractors — provide technical, managerial, and other business development assistance to eligible small businesses, or protégés. In return, the programs provide incentives for mentor participation, such as credit toward subcontracting goals, additional evaluation points toward the awarding of contracts, an annual award to the mentor providing the most effective developmental support to a protégé and in some cases, cost reimbursement.
Ideally, mentors and protégés work in conjunction to create a “developmental assistance” agreement. The purpose of this agreement is to ensure that the large business trains the smaller business on industry specific subjects, provides assistance in obtaining government and commercial contracts, advises on issues related to contract administration, and guides the smaller company on general business and organizational management skills. Through these initiatives, the U.S. Government hopes to develop and produce businesses that are able to function independently in the federal contracting system.
Since the mentor-protégé program depends on the willingness of experienced and sophisticated contractors to serve as mentors to smaller companies, the government incentivizes large businesses to participate in the program. These incentives are typically financial and contractual advantages that may be used to obtain or enhance procurement opportunities. This may include credit towards a prime contractor’s mandatory subcontracting goals, additional evaluation points that increase a prime contractor’s likelihood of winning a contract, or an annual monetary award to mentors that prove their support has benefitted the protégé.
Certain agencies may provide additional incentives. For example, the DoD allows prime contractor mentors to collect reimbursements for certain costs incurred while mentoring their protégés. The U.S. Department of Energy (DoE), the U.S. Department of Veterans Affairs (VA), and the National Aeronautics and Space Administration (NASA) provide prime contractors with award feesthat recognize successful mentor protégé developments. Additionally, the SBA’s program permits large companies to work on contracts that are specifically set aside for small businesses if they serve as a mentor to the small business in the contract. These incentives are designed to sweeten the deal for large companies assisting small businesses by providing prime contractors with opportunities normally barred by other federal contracting policies. When the arrangements are executed properly, “[mentors benefit] from a strengthened cadre of subcontractors and [the agency benefits] from a resultant robust and competitive supplier base.”
The existing mentor-protégé program template could meaningfully narrow the compliance gap that currently plagues the procurement system. This model of information sharing in exchange for financial and contractual incentives is a proven concept that could be implemented in the compliance context with modest effort and resources. The application of this program in the ethics and compliance setting could encourage the sharing of expertise and resources by large contractors with their small, less sophisticated counterparts.
The mentor-protégé template could benefit both small and large companies for several reasons. First, the protégé will benefit from the compliance guidance and resources shared by the mentor. By sharing resources and offering guidance, the mentor can elevate the protégé’s ethics and compliance program to better reflect industry best practices. The partnership will also help the protégé self-identify potential areas of corruption risk, which will benefit the entire supply chain.
Although specific ethics and compliance goals would be established at the outset of the program, mentors would be expected to help the protégé do the following: (1) design a compliance program tailored to the protégé’s specific size, industry, and risk profile; (2) develop a comprehensive and effective training program; and (3) draft tailored policies and procedures. Mentors would also be expected to share resources and guidance on an ongoing basis, thus eventually enabling the protégé to maintain an effective, internal compliance program.
Although the small contractors would undoubtedly benefit from this program, mentors would also be rewarded for the time and energy spent guiding protégé firms. In addition to the incentives inherent in reducing supply chain risk, the program would provide mentors with significant financial and contractual incentives, such as award fees and access to certain set-aside contracts. Large companies would benefit from additional contracting opportunities while simultaneously promoting a more ethical and compliant procurement process. Large companies in particular could benefit given the significant resources they already allocate to compliance functions: the costs of sharing best practices would be minimal and the financial incentives and enhanced market access could be quite lucrative.
Developments in the defense industry suggest that this approach could be embraced as a positive movement towards a more collaborative and transparent system. Organizations such as the DII and the International Forum on Business Ethical Conduct (IFBEC) provide resources to small businesses to encourage ethics and compliance, such as model supplier codes of conduct and information on how to implement an effective ethics program. Moreover, as previously noted, Lockheed Martin offers ethics and compliance resources and optional mentoring to its suppliers in order to ensure best practices are implemented throughout their supply chains.
Significant strides could be made if large contractors regularly mentored small contractors to help them enhance their ethics and compliance programs. Mentoring could include: (1) comprehensive reviews of the small business’ existing ethics and compliance programs; (2) recommendations for improvements; (3) assistance implementing compliance enhancements; (4) providing training to the protégé firms; (5) assistance evaluating and testing the programs; and (6) ongoing mentorship from the large companies’ experienced ethics and compliance staff.
Of course, to maximize the proposed program’s effectiveness, the government would need to dedicate resources to ensure that mentor firms provide sufficient guidance and assistance to protégés. It is also critical that mentors are properly screened to ensure they are joining the program to further the program’s policy goals — not to exploit incentives at the expense of protégé firms. Although no government program is immune from abuse, safeguards like these will prevent and deter potential program manipulation.
Fortunately, lessons can be drawn from audits of the existing mentor- protégé program. A 2007 audit of the DoD’s mentor-protégé program found that some mentor firms benefited from the program’s procurement and financial incentives, but failed to provide adequate procurement guidance to their protégés. Dissatisfied protégé firms have pointed to a “lack of mentor commitment to the program, mentor failure to meet the objectives of mentor-protégé agreements, and costs to the protégés that exceeded the return from participation.” Although some concerns with the mentor-protégé program do exist, the audit found that the DoD’s mentor-protégé program enhanced the overall capabilities of ninety-three percent of the forty-eight protégés that were involved in the program and participated in the audit survey. Similarly, GAO conducted an audit in 2017 of the DoD’s pilot mentor-protégé program and found that while the program assisted participants during their participation, it was difficult to measure and track the effectiveness of the protégés when they left the program. GAO determined that the DoD required additional measures to develop more concrete goals and indicators of program effectiveness during the protégé’s participation. The lessons learned from past experiences in the mentor-protégé program, coupled with contemporary developments in industry ethics and compliance mentoring programs, demonstrate that this model could be extremely beneficial in the ethics and compliance setting, so long as sufficient safeguards are put in place. Not only would front-end screening of prospective participants be an essential component of the program, the government would need to install a back-end verification process to ensure all parties have maintained their commitments. With screening and oversight mechanisms in place, the impact of this pro- gram on small business compliance programs could be significant.
A “compliance mentorship program” could successfully foster the development of small business ethics and compliance programs. With appropriate safeguards in place, the potential improvements to the overall integrity of the procurement system could be significant. The program could greatly reduce supply chain risks and enhance the overall ethics and compliance practices of a chronically weak segment of the procurement system. By incentivizing ethics and compliance at all levels of the supply chain, a “compliance mentorship program” could substantially enhance the U.S. procurement system by ensuring that the government’s business partners, large and small, are responsible, ethical, and compliant.