An aspect of Foreign Corrupt Practices Act compliance that likely drives many compliance professionals crazy is that the FCPA’s internal controls provisions lack specifics and are thus, for the most part, standardless.
The provisions state that issuers shall “devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that” certain limited financial objectives are met.
This standardless aspect of the internal controls provisions was highlighted in the notable World-Wide Coin decision  (believed to be the only substantive judicial decision to construe the internal controls provisions). In the decision, the judge stated:
“The main problem with the internal accounting controls provision of the FCPA is that there are no specific standards by which to evaluate the sufficiency of controls; any evaluation is inevitably a highly subjective process in which knowledgable individuals can arrive at totally different conclusions.”
Against this statutory backdrop, is the further likely frustration of compliance professionals that the FCPA enforcement agencies seemingly come up with new standards in discrete ways. Even though, as highlighted in this prior post , courts have held that the failure to act consistent with “best practices” is not a legal violation, the FCPA enforcement agencies typically use resolution vehicles that bypass judicial scrutiny, so what good is this judicial authority?
One aspect of so-called “best practices” that seems to have changed discretely in recent years (even though the above statutory standard has not changed) is in connection with hiring practices.
After the BNY Mellon enforcement action in August 2015, FCPA Professor published this post  titled “Do Your Hiring Practices Lives Up to the SEC’s New Expectations?” and “flipped” the SEC’s findings in the enforcement action into apparent “best practices” as follows:
- Does the company’s anti-corruption policy “explicitly address the hiring of government officials’ relatives”?
- Does the company require “that every application for a full-time hire or an internship be routed through a centralized HR application process”?
- Does the company’s Code of Conduct “require that every year each employee certify that he or she is not responsible for hiring through a non-centralized channel”?
- Does the company’s application process require “that each applicant indicate whether he/she is a close personal associate of a government official or has recently been a government official?”
“[Credit Suisse (Hong Kong) Limited (the Company) and CSAG [Credit Suisse Group AG] implemented remedial measures, including: (1) adopting additional controls related to their hiring programs; (2) implementing procedures in the Asia Pacific region in 2013, and globally in 2015, to ensure the identification of and anti-corruption vetting for all candidates referred for employment by government officials and employees of state-owned enterprises (“SOEs”); (3) requiring all candidates for employment to be screened by an independent service for connections to government officials, SOE employees and other “politically exposed persons” (“PEPs”) and verifying the efficacy of this screening; (4) requiring additional post-hire controls on employees linked to government officials and SOE employees, such as ring fencing them from work involving such officials and SOE employees, and requiring compliance personnel to track their performance; (5) requiring and conducting periodic reviews of hiring controls, and developing procedures for the regular evaluation of hiring controls; (6) conducting yearly headcount reviews to ensure accurate record-keeping concerning hiring; and (7) requiring improved Foreign Corrupt Practices Act (“FCPA”) and anti-corruption training for all staff, including job-specific training for bankers, recruiters, human resources, and compliance personnel.”
Much of the above of course are not time free or cost free exercises (i.e. requiring all candidates for employment to be screened by an independent service, tracking performance, periodic reviews of hiring controls, yearly headcounts).
So where does this leave compliance professionals?
None of the above is explicitly required by the FCPA. But then again, those carrying the big and sharp sticks (that would be the enforcement agencies) may be expecting it.
Satisfied with this answer?
Save Money With FCPA Connect
Keep it simple. Not all FCPA issues warrant a team of lawyers or other professional advisers. Achieve client and business objectives in a more efficient manner through FCPA Connect. Candid, Comprehensive, and Cost-Effective.