The Board’s Role in FCPA Compliance

David A. Katz is a partner and Laura A. McIntosh is a consulting attorney at Wachtell, Lipton, Rosen & Katz. This post is based on a Wachtell Lipton publication by Mr. Katz and Ms. McIntosh.

For directors of public companies with foreign operations, “FCPA” is a dreaded acronym. In recent years, compliance with the Foreign Corrupt Practices Act has become a key area of focus for boards and management. Enforcement of the FCPA has increased markedly since 2004, and the U.S. Securities and Exchange Commission and the Department of Justice have made it clear that they intend to prosecute individuals as well as public companies. The stakes can be enormous for companies, with penalties reaching hundreds of millions (or billions) of dollars, and they are frightening for individuals, who face the possibility of multi-year prison sentences along with substantial financial penalties.

Overseeing FCPA compliance is no easy task. It is time-consuming, expensive, challenging, and essential. As a legal matter, boards are required to create and follow procedures designed to ensure compliance with applicable laws. Directors succeed in this task by fostering a culture of high ethical standards, by prioritizing compliance oversight, and often by personally investing time and effort in the company outside the boardroom.

Culture of Ethics

The values and ethics that are promoted by the board and top management are essential to creating an environment where compliance is expected, achieved, and appreciated. Based on our experience, there are several practical ways for boards to inspire a culture in which both the letter and the spirit of the law are respected and followed. Ethics and compliance should be near the top of the agenda at every board meeting, just as safety and environmental concerns often are. It is all too common for compliance review to be considered a “routine” item on the board agenda, associated with annual reviews of codes of conduct and other corporate governance staples. If the board instead makes ethics and compliance a high-profile topic, devoting time and thoughtful discussion to it at each meeting, it will generally drive management to prioritize ethics and compliance as well, with a domino effect down the company’s chain of command. A company culture of compliance will provide employees in foreign countries—where customs and practices may differ significantly from those in the United States—a value system by which to judge conduct that may not be clearly addressed in guidelines or by their local management. A values-oriented approach to responsible business is far more effective than a checklist or rule-oriented approach and should provide benefits to a company well beyond FCPA compliance.

Compliance Oversight

The entire board of directors is responsible for compliance oversight and responsibility, whether or not a compliance or risk committee exists. It is becoming less common for boards to use risk committees or audit committees to manage FCPA compliance. Indeed, many directors feel uncomfortable delegating any aspects of anti-corruption oversight to a committee. Whether or not a separate board committee is used, the effectiveness of the board’s compliance oversight should be evaluated as part of the board’s annual performance review process.

For certain large public companies, however, a compliance or risk committee may be appropriate, or even required. If a board does have a compliance or risk committee, it is important for the committee to have a clearly defined role, both with respect to the board as a whole and with respect to management. Directors who serve on compliance or risk committees should bring substantive experience to their roles and continue to develop their expertise in proactive ways. Ideally, a compliance committee serves to sharpen, rather than blunt, the board’s engagement with compliance issues. In other words, the work of the committee should enable the discussions of the full board to be more focused, more productive, and more informed.

It is essential for directors to stay current on developments that affect compliance. Shifts in the regulatory environment, updated best practices, issues that recently have arisen in the company or the industry, changes in laws, the hiring or firing of key personnel abroad, the company’s merger and acquisition activity—all of these elements are potentially significant to compliance oversight. The board should be briefed on relevant internal and external developments as well as on the details of recent FCPA prosecutions, which can be informative. This can be done by the general counsel or by outside counsel. As developments warrant, board updates should be frequent, rather than simply relying on an annual review. That said, effective oversight depends upon a thoughtfully curated flow of information. Too much information can be as useless as too little, and management and directors should ensure that the materials and reports distributed to the board are relevant, useful, and current, particularly in the compliance context.

Personal Involvement

The personal engagement of directors can be an effective tool to create a culture of ethical compliance and further the board’s compliance oversight. For example, when directors undergo the company’s internal FCPA training, they become more educated on the issues, they understand how the employees themselves are educated, and they signal their deep commitment to the compliance function. When directors visit company sites in person, in the United States and abroad, they have the opportunity to meet key employees and get a sense for what is happening on the ground, personally deliver their message of core values, and demonstrate that the board is prioritizing a culture of proactive compliance.

A board’s success in focusing the attention of directors and management on ethics, compliance and appropriate levels of risk is likely to have a significant effect on the entire organization. Inspiring employees throughout the organization to do business in an ethical and responsible manner should reduce the likelihood of criminal misconduct (and the resulting costly and stressful impact of FCPA prosecutions). Beyond compliance, a strong, ethical corporate culture has been shown to improve financial performance, enhance a company’s image and reputation, and increase employee commitment and customer loyalty. The boards of today must be prepared to meet this challenge.

Both comments and trackbacks are currently closed.