Top Menu

The Challenges Of Detection And Prevention


This type of post has been published several other times. (See here and here for instance).

Senseless acts of violence have little in common with alleged Foreign Corrupt Practices Act offenses – except of course both can involve criminal activity.

A common thread though is often the challenges of detection and more importantly prevention.

For instance, Robert Card (the coward who murdered several individuals recently in Maine) was well known to law enforcement and other U.S. government actors.

As highlighted in this Wall Street Journal article:

“He told his family he had been hearing voices, prompting them to contact police about the many guns he had access to. His Army Reserve commanders ordered him to spend time in a New York hospital after having a paranoid episode during a training trip there. A firearms dealer refused to sell Card a silencer after he disclosed his psychiatric troubles. When Card threatened to shoot up an Army facility in recent weeks, worried military officials asked a local sheriff to check on his whereabouts.”

Even though law enforcement (and other U.S. government actors) were made aware of a specific individual and the individual’s threats of violence, the Maine mass shooting still happened.

The deficiency (and thus problem) in these instances was one of detection and more importantly prevention.

In other words, the same challenges that law enforcement often has in detecting and more importantly preventing acts of violence are often similar to the challenges business organizations have in detecting and preventing FCPA violations (or other legal violations for that matter).

Yet law enforcement deficiencies in detection and prevention seem to be tolerated to a greater extent than say internal control deficiencies in detection and prevention of alleged FCPA violations.

Policy makers and the public at large seem to acknowledge and accept that the duty of government (loosely defined) is not absolute, but rather subject to a reasonableness requirement. Governments have, in good faith, invested substantial resources both in terms of money and personnel and often hope for the best. In other words, governments are cognizant of cost/benefit issues as well as the balance inherent in detecting and preventing harm while otherwise not infringing on the legal and privacy rights of its citizens.

Sure, when one knows the end of the story, when one knows the perpetrator of a violent attack it is always easier to work backwards and say (as the above examples indicate) that law enforcement woulda, coulda, shoulda done more and if only law enforcement did more and connected-the-dots in real time, then the violent attack would have been averted. However, society seemingly acknowledges that hindsight driven law enforcement is not the proper lens to view real-world, fluid situations.

Issuers subject to the FCPA have a legal duty under the FCPA’s internal controls provisions to “devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that,” generally speaking, corporate assets are properly used and accounted for.

As is explicit from the statutory term, this duty is not absolute, but rather subject to a reasonableness requirement, a concept the FCPA specifically defines as “such level of detail and degree of assurance as would satisfy prudent officials in the conduct of their own affairs.”

In other words, cost/benefit issues, as well as balance, are inherent in the FCPA’s internal controls provisions.

Indeed, in its earliest FCPA Guidance (1981), the SEC explicitly rejected the notion that internal controls “conform to a standard of absolute exactitude or that a company’s control system meet some absolute ideal.” On this issue, the SEC stated:

“Inherent in [the reasonableness] concept is a toleration of deviations from the absolute. One measure of the reasonableness of a system relates to whether the expected benefits from improving it would be significantly greater than the anticipated costs of doing so. Thousands of dollars ordinarily should not be spent conserving hundreds.”

The SEC further stated: “The test of a company’s internal control system is not whether occasional failings can occur. Those will happen in the most ideally managed company.”

This balance inherent in the internal controls provisions has been formally acknowledged by the government on several other occasions. For instance in a 1999 Staff Accounting Bulletin the SEC stated: “The concept of reasonableness of necessity contemplates the weighing of a number of relevant factors, including the costs of compliance.” In the 2012 FCPA Guidance, the government acknowledged:

“The term ‘reasonable detail’ is defined in the statute as the level of detail that would ‘satisfy prudent officials in the conduct of their own affairs.’ Thus, as Congress noted when it adopted this definition, ‘[t]he concept of reasonableness of necessity contemplates the weighing of a number of relevant factors, including the costs of compliance.’”

The 2020 Revised FCPA Guidance contains the exact same statement.

In furtherance of its FCPA-imposed internal controls duties, most all issuers have, in good faith, invested substantial resources both in terms of money and personnel.

Yet, when an issuer’s internal controls are not 100% effective, the government often drops the hammer on an issuer in the form of an FCPA enforcement action. The enforcement theory advanced in several FCPA enforcement actions is very much a woulda, coulda, shoulda theory of enforcement. What the government (particularly the SEC) often does is start with the end of the story, when the problematic employee (among the thousands of employees in the company) or the problematic third party (among the thousands of third parties engaged by the company) is known and then work backwards in what amounts to hindsight driven enforcement.

As highlighted above, such an enforcement approach is entirely inconsistent with the FCPA’s express language and indeed the government’s own guidance.

In short, it would be nice to see some consistency between expectations for government and expectations for business organizations and for the government to be consistent in holding itself accountable for the challenges of detection and prevention vs. how it holds business organizations accountable for the challenges of detection and prevention.

Save Money With FCPA Connect

Keep it simple. Not all FCPA issues warrant a team of lawyers or other professional advisers. Achieve client and business objectives in a more efficient manner through FCPA Connect. Candid, Comprehensive, and Cost-Effective.


Powered by WordPress. Designed by WooThemes