Head scratcher, expense reports, and third-party compliance. It’s all here in the Friday roundup.
In the bribery and corruption space, the DOJ and SEC frequently talk about their relationships with foreign law enforcement agencies including information sharing. For instance, FCPA enforcement agencies have stated:
“It is safe to say that we are cooperating with foreign enforcement on foreign bribery cases more closely today that at any time in history.”
“An international approach is being taken to combat an international criminal problem. We are sharing leads with our international law enforcement counterparts, and they are sharing them with us.”
As highlighted in this prior post regarding the recent Ericsson enforcement action, the SEC first began investigating the company in 2013 and the DOJ in 2015.
Against this backdrop, it is truly head-scratching that Dagens Industri (a leading Swedish financial news site) reports that Sweden (the home country of Ericsson) has opened – only now – a “preliminary investigation” into the conduct at issue in the FCPA enforcement action. A Deputy Chief Prosecutor is quoted: “I can confirm that a preliminary investigation has been going on for a while at the national anti-corruption unit regarding suspected bribery.”
AppZen, a company which offers a leading AI platform for finance teams, recently examined millions of aggregated, anonymized expense report data seeking to identify trends in unauthorized out-of-policy expenses submitted to travel T&E (“travel & expense”) departments during the holidays.
Here are eight of the craziest items:
- Gold-plated cufflinks
- Lunch with oligarchs
- Gear from Lululemon
- Airbnb on a friend’s couch
- Strip club services
- Money for a paramour
- Private helicopter ride
Disclosure: FCPA Professor LLC has a business relationship with AppZen.
As highlighted in this article, Kara Brockmeyer (the former head of the SEC’s FCPA Unit) delivered a recent speech in which she identified the following seven steps compliance officers should take to strengthen third-party compliance.
Step 1: Tally and rank all third parties. The DOJ and SEC have been very clear companies must use a risk-based approach to their programs, so compliance officers must not only identify all third parties but also bucket them according to low, medium, and high risk.
Step 2: Perform appropriate due diligence. Understand who each third party is and who the beneficial owners are. The degree of scrutiny should increase as red flags pop up.
Step 3: Document the specific services provided by the third party. Confirm the third party is performing the work before they are paid and that the compensation is commensurate with the work they are doing. In addition, “if companies can do the service more cheaply elsewhere or in-house, you need to look at that, because the government will, too,” Brockmeyer said.
Step 4: Make sure you understand your company’s process for managing third parties. (What they get paid, how they get paid, etc.)
Step 5: Ensure you have a system to handle red flags as they surface and that employees have the training to recognize and escalate them. Employee training should be differentiated, as well. Gatekeepers need more intensive training on how to recognize red flags, for example.
Step 6: Make sure you have contractual processes in place.
Step 7: Monitor, monitor, monitor. The government expects companies to do so periodically based on the third party’s risk profile. Monitor more closely and more often if they are high risk and have a process in place when a third-party relationship has expanded.
FCPA Institute - Denver (May 4-5)
A unique two-day learning experience ideal for a diverse group of professionals seeking to elevate their FCPA knowledge and practical skills through active learning. Learn more, spend less. CLE credit is available.