Here are some basic propositions that surround FCPA compliance. It is often underplayed that the FCPA contains more than just a bribery prohibition – the FCPA contains broad provisions, requiring accurate books and records and internal controls. When it comes to bribery, wrongdoers have to find ways to “steal” or gain unauthorized access to money often by circumventing internal controls. Thus, bribery conduct often goes hand-in-hand with weak internal controls.
The FCPA consists of anti-bribery and accounting provisions. The accounting provisions consist of two components: (1) The “books and records” provision requires issuers to keep books, records and accounts that, in reasonable detail, accurately and fairly reflect an issuer’s transactions and dispositions of an issuer’s assets. (2) The “internal controls” provision requires issuers to devise and maintain a system of internal accounting controls sufficient to assure management’s control, authority and responsibility over the firm’s assets.
The accounting and internal controls provisions govern a range of conduct well beyond the anti-bribery prohibition. These provisions have been used to punish and prohibit a range of financial misconduct prosecuted by DOJ and the SEC.
Bribery and other financial misconduct occurs in companies that suffer from weak accounting and internal control cultures. Internal controls govern a range of conduct beyond just books and records. For example, internal controls govern financial reporting and are designed to provide reasonable assurances regarding the reliability and preparation of financial statements.
An effective compliance program overlaps with an issuer’s internal accounting controls. An ethics and compliance program is an essential part of a company’s “control environment.” The lingo may be different but the concepts of compliance and controls are very familiar.
A company’s control environment contains numerous concepts familiar to ethics and compliance professionals: an organization’s ethics and integrity tone is obviously the same as a company’s commitment to a culture of ethics and compliance; financial accounting and compliance are dedicated to risk assessment processes; policies and procedures are just another way to mandate “control activities;” and must extend to accounting policies and procedures governing management directives and financial activities — e.g. approvals, authorizations, reconciliations and segregation of duties); information and communication; and monitoring.
Like, ethics and compliance programs, the internal controls requirement is not fixed or rigid; indeed, companies need flexibility to develop and maintain a system of controls tailored to their particular needs and circumstances, taking into account operational realities, risks and practical solutions.
When it comes to potential sources for misconduct, financial controls overlap with ethics and compliance functions in at least three important activities: (1) third-party financial activities, including invoices, discounts, rebates, and marketing promotion funds; (2) gifts, meals, and entertainment; and (3) charitable contributions.
Bribery payments are often funded through circumvention of a combination of financial controls governing these activities. Slush funds and misuse of corporate funds provide the financial lifeblood for bribery and other fraud schemes.
The close inter-relationship of these functions and purposes should bring compliance, the CFO, Internal Audit and representatives together to maximize control and compliance activities, including monitoring and audit functions.
As companies push forward with new initiatives in the ethics and compliance field, and as DOJ continues to push heightened ethics and compliance requirements, companies should revisit these important financial issues as an investment that is essential.