Driven by the mass globalization of business, the U.S. government is continuing to speed up its enforcement of the Foreign Corrupt Practices Act. Besides the greater compliance and legal risks to companies that the increased FCPA activity represents, it also presents the likelihood that CFOs will face mounting personal liabilities, experts say.
While just a few years ago there were only about 20 or 30 open cases at any one time, 19 new cases against companies were opened in the first half of this year, adding to the 100 or so under way as of the end of 2008.
That doesn’t mean there are 119 companies being prosecuted. Many are being pursued both civilly by the Securities and Exchange Commission and criminally by the Department of Justice, which counts as two cases in the government’s accounting of the numbers, according to Manny Alas, a partner and co-head of the FCPA practice at PricewaterhouseCoopers.
The number of FCPA actions against individual executives is also shooting up. The average number of such proceedings launched was 6 per year from 2002 to 2005, 14 annually from 2006 to 2008, and 13 in just the first six months of 2009, says PwC, which on Monday issued a report on the topic.
For their part, CFOs should be especially concerned about the stepped-up enforcement because they are “signing off on certifications saying that their financial reports are truthful and accurate,” says Wendy Wysong, a partner at law firm Clifford Chance, referring to CFOs’ personal liability for honest corporate reporting under the Sarbanes-Oxley Act. “And the compliance function is often within the CFO’s responsibilities, which should be another huge concern.”
In a case settled in 2006, the SEC held liable David M. Pillor, a former senior vice president for sales and marketing and a board member of InVision Technologies, who neither made nor approved bribes but was merely in charge of internal controls that failed to spot violations. (Without admitting or denying guilt, Pillor agreed to pay a $65,000 civil penalty.)
Judging from a recent survey by Deloitte, companies are getting the message about the need for increased vigilance on potential bribery violations. Among 216 senior executives, 75% reported increasing concern about the potential for FCPA violations in the past three years, and 42% indicated that as a result, their companies renegotiated or canceled a planned business relationship or acquisition. But almost a third of respondents said their companies don’t always conduct background checks on business partners and third parties before committing to transactions outside the United States.
Such due diligence would be only one component of a rigorous FCPA compliance effort, consultants say. Others include formulating a code of conduct for employees, suppliers, and agents; conducting compliance training; developing effective internal controls; creating record-keeping systems to properly account for all overseas transactions; and providing a hotline for whistle-blowers to anonymously report possible violations. “The hardest part of all,” says Alex Viall, group executive at Complinet, which advises financial-services firms on regulatory matters, “is ensuring that there is the right culture within the organization. The messaging and the energy behind an initiative like this really needs senior management to buy into it.”