Anti-Corruption Compliance: Meeting the Global Standard

While much attention is paid to the U.S. Foreign Corrupt Practices Act (“FCPA”)¹U.S. Foreign Corrupt Practices Act, 15 USC. §§78dd-1, et seq. (1977), available at http://www.justice.gov/criminal/fraud/fcpa/statutes/regulations.html. and the U.K. Bribery Act²2010 U.K. Bribery Act, Chapter 23, available at http://www.legislation.gov.uk/ukpga/2010/23/pdfs/ukpga_20100023_en.pdf., an array of other anti-corruption laws apply to multinational companies. For example, the so-called “BRIC” countries—Brazil, Russia, India and China—all recently enacted, and have begun taking initial steps to enforce, more stringent anti-corruption laws.³See Arnold & Porter LLP, Global Anti-Corruption Insights (Feb. 2014) at 5, 31–32, available at http://www.arnoldporter.com/resources/documents/FcpaNewsletter
Winter2014.pdf. For a detailed discussion of Brazil’s Clean Company Act, see K. Korenchuk, M. Asner, S. Witten and B. Spiewak, Responding to Anti-Corruption Concerns in Brazil: Considerations for the Pharmaceutical and Medical Device Sectors, Pharmaceutical Compliance Monitor (Jan. 2, 2014), available at http://www.pharmacompliancemonitor.com/responding-to-anti-corruption-concerns-in-brazil-considerations-for-the-pharmaceutical-and-medical-device-sectors/6069/. For additional information about Russia’s anti-corruption law, see K. Korenchuk, M. Asner, S. Witten and J. Wiesner, Doing Business in Russia: Managing Anti-Corruption Risk, Pharmaceutical Compliance Monitor (Nov. 26, 2013), available at http://www.pharmacompliancemonitor.com/doing-business-in-russia-managing-anti-corruption-risks/5963/. For additional information about anti-corruption developments in India, see K. Korenchuk, M. Asner, S. Witten and M. Davar, Developing an India Strategy: Practical Considerations to Seek Opportunities and Mitigate Corruption Risks in the Medical Products Sector, Pharmaceutical Compliance Monitor (Nov. 1, 2013), available at http://www.pharmacompliancemonitor.com/developing-an-india-strategy-practical-considerations-to-seek-opportunities-and-mitigate-corruption-risks-in-the-medical-products-sector/5803/. And for additional information about the Chinese government’s anti-corruption investigations, see K. Korenchuk, M. Asner and S. Witten, Responding to Anti-Corruption Compliance Challenges in China: The Way Forward in Light of the Ongoing Investigations in the Pharmaceutical Industry, Pharmaceutical Compliance Monitor (Sept. 26, 2013), available at http://www.pharmacompliancemonitor
.com/responding-to-anti-corruption-compliance-challenges-in-china-the-way-forward-in-light-of-the-ongoing-investigations-in-the-pharmaceutical-industry/5571/. Meanwhile, forty countries have signed the OECD Anti-Bribery Convention, which requires criminalizing the bribery of foreign public officials and prescribes measures for the implementation of domestic legislation.⁴Organisation for Economic Co-operation and Development, Convention on Combating Bribery of Foreign Public Officials in International Business Transactions, entered into force 1999, 37 I.L.M. 1 (“OECD Anti-Bribery Convention”) available at http://www.oecd.org/corruption/oecdantibriberyconvention.htm.

Designing an effective anti-corruption compliance program that meets the requirements of many different jurisdictions seems like a daunting task. Executives at global companies are likely to ask themselves: Do we need dozens of different compliance programs? Will we be subject to conflicting standards in the various countries where we do business? How can we ensure proper oversight of activity that occurs all over the globe?

In addressing these questions, multinational companies should take note of the broad global consensus that has developed around what governments and international organizations expect of corporate anti-corruption compliance programs. While there is no one-size-fits-all program—and a company must bear in mind applicable local laws—this global standard is welcome news.

Here we review the commonly accepted best practices for an anti-corruption compliance program.

I. The Global Standard

For those seeking to design or enhance a truly global compliance program, the most appropriate starting place may be the “Good Practice Guidance for Companies,” published by the Organisation for Economic Co-operation and Development’s Working Group on Bribery in International Business Transactions (the “OECD Guidance”).⁵Working Group on Bribery, OECD, Good Practice Guidance on Internal Controls, Ethics, and Compliance (2010) (“OECD Guidance”) available at http://www.oecd.org/investment/briberyininternationalbusiness/anti-briberyconvention/44884389.pdf. The OECD Guidance, which is intended to help multinational companies comply with the OECD’s Anti-Bribery Convention, includes twelve key elements:

1. strong, explicit and visible support and commitment from senior management for preventing and detecting foreign bribery;
2. a clearly articulated and visible corporate policy prohibiting foreign bribery;
3. making compliance the duty of individuals at all levels of the company;
4. oversight of compliance as the duty of one or more senior corporate officers, with autonomy, resources and authority;
5. generally applicable measures that focus on high-risk areas;
6. ensuring the compliance of relevant third parties;
7. financial and accounting procedures, including a system of internal controls;
8. periodic communication and documented training;
9. encouragement and positive support for compliance;
10. appropriate disciplinary procedures to address violations;
11. guidance, advice, confidential reporting and whistleblower protections; and
12. periodic reviews.⁶Id.

In recent years, many countries around the world have at least implicitly endorsed these guidelines. For example, the U.S. Department of Justice’s (“DOJ”) and U.S. Securities and Exchange Commission’s (“SEC”) Resource Guide to the U.S. Foreign Corrupt Practices Act (“FCPA Guide”) identifies “hallmarks” of an effective anti-corruption compliance program that bear a striking resemblance to the good practices set forth in the OECD Guidance.⁷A Resource Guide to the U.S. Foreign Corrupt Practices Act, Criminal Division of the U.S. Department of Justice and the Enforcement Division of the U.S. Securities and Exchange Commission (Nov. 2012) (“FCPA Guide”), at 57–63, available at
http://www.justice.gov/criminal/fraud/fcpa/guidance/. For a road map to the entire FCPA Guidance, see Advisory: The FCPA Guidance Road Map (November 2011), available at http://www.arnoldporter.com/resources/documents/Advisory-The_FCPA_Guidance_Road_Map.pdf. National authorities in the United Kingdom, Canada, Brazil, Japan and South Africa have encouraged many of the same good practices.⁸See U.K. Ministry of Justice, the Bribery Act of 2010, Guidance about procedures which relevant commercial organisations can put into place to prevent persons associated with them from bribing (2011) (“U.K. Bribery Act Guidance”), available at http://www.justice.gov.uk/downloads/legislation/bribery-act-2010-guidance.pdf; Probation Order, Court of Queen’s Bench of Alberta, Judicial District of Calgary, Her Majesty the Queen and Niko Resources Ltd., June 23, 2011 (“Canada’s Niko Probation Order”); Brazil’s Office of the Comptroller General and Ethos Institute for Business and Social Responsibility, Business Social Responsibility in Combating Corruption (2009) (“Brazil’s CGU Guidance”), available at http://www.cgu.gov.br/conferenciabrocde/arquivos/English-Guide-Business-Social-Responsibility.pdf; Japanese Ministry of Economy, Trade, and Industry, Guidelines to Prevent Bribery of Foreign Public Officials (May 1, 2006) (“Japan’s METI Guidelines”), available at www.meti.go.jp/english/information/downloadfiles/briberye2.pdf; Institute of Directors in Southern Africa, King Committee on Governance, The King Code of Governance for South Africa 2009 (“South Africa’s King Code”), available at: http://www.library.up.ac.za/law/docs/King_Code_2009.pdf.; Ministry of Trade and Industry Companies Regulations, 2011, §43(5)(bb), available at www.trpanel.co.za/images/stories/PDFS/regulations.pdf. Numerous public and private international organizations, such as the World Bank, United Nations, International Chamber of Commerce (“ICC”) and Transparency International, recommend these practices as well.⁹World Bank Group, Integrity Compliance Guidelines (2011) (“World Bank Guidelines”), available at http://siteresources.worldbank.org/INTDOII/Resources/Integrity_Compliance_Guidelines.pdf.; U.N. Global Compact, A Guide for Anti-Corruption Risk Assessment (2013) (“UN Guide”), available at http://www.unglobalcompact.org/docs/issues_doc/Anti-Corruption/RiskAssessmentGuide.pdf; ICC Rules on Combating Corruption (2011) (“ICC Rules on Combating Corruption”), available at http://www.iccwbo.org/advocacy-codes-and-rules/document-centre/2011/icc-rules-on-combating-corruption/; Transparency International, Business Principles for Countering Bribery (2d ed. 2009) (“Transparency International Principles”), available at http://www.transparency.org/whatwedo/pub/business_principles_for_countering_bribery. Accord Asia-Pacific Economic Cooperation, APEC Anti-corruption Code of Conduct for Business (2007) (“APEC Anti-corruption Code”), available at http://www.apec.org/Groups/SOM-Steering-Committee-on-Economic-and-Technical-Cooperation/Task-Groups/~/media/Files/Groups/ACT/07_act_codebrochure.ashx; World Economic Forum, Partnering Against Corruption - Principles for Countering Bribery (2009) (“WEF Principles”), available at https://members.weforum.org/pdf/paci/PACI_Principles.pdf.

II. Core Components of an Effective Anti-Corruption Compliance Program

Support and Commitment from the Top. As an initial matter, senior management and boards of directors should create a “tone at the top” that promotes a culture of compliance. The OECD recommends “strong, explicit and visible support” for preventing and detecting foreign bribery.¹⁰OECD Guidance, Annex II at ¶ A1. The World Bank Group’s Integrity Compliance Guidelines (“World Bank Guidelines”) sum this up as “Leadership.”¹¹World Bank Guidelines §2.1.

In evaluating a company’s compliance with anti-corruption laws, U.S. authorities say they will consider “whether senior management has clearly articulated company standards, communicated them in unambiguous terms, adhered to them scrupulously, and disseminated them throughout the organization.”¹²FCPA Guide at 57. As noted by U.K. authorities, “[t]hose at the top of an organisation are in the best position to foster a culture of integrity where bribery is unacceptable.”¹³U.K. Bribery Act Guidance at 23.

A clearly articulated and visible corporate policy. Companies should have written policies and/or codes of conduct that prohibit foreign bribery.¹⁴OECD Guidance, Annex II at ¶ A2. These documents should be “clear, concise, and accessible to all employees and to those conducting business on the company’s behalf.”¹⁵FCPA Guide at 57. Brazilian authorities have explained, for example, that an anti-corruption code “serves to provide all agents operating on behalf or in name of the enterprise and other stakeholders with full knowledge of the principles, values, and standards and types of permissible activities and expected conduct in the enterprise.”¹⁶Brazil’s CGU Guidance at 31.

Making compliance the duty of individuals at all levels of the company. While “tone at the top” and written policies are necessary components of a compliance program, they are not sufficient in and of themselves. A commitment to compliance must be reinforced by middle-management and others throughout the organization. Indeed, compliance “is the duty of individuals at all levels of the company.”¹⁷OECD Guidance, Annex II at ¶ A3. Accord APEC Anti-corruption Code at §4; ICC Rules on Combating Corruption at Art. 10; Transparency International Principles at §5.1; WEF Principles at §5.1. At the national level, see Canada’s Niko Probation Order at ¶ 2(b)(ii); Japan’s METI Guidelines at 10; Bundesverband der Deutschen Industrie, Federation of German Industries, Preventing Corruption—BDI Recommendations, 3d Edition (2007) (“Germany’s BDI Recommendations”) at 6, available at http://www.bdi.eu/bdi_english/download_content/Marketing/Flyer_Preventing_Corruption_3._Auflage_2007. Under the World Bank Guidelines, “Individual Responsibility” is key.¹⁸World Bank Guidelines §2.2. Thus, the effectiveness of an anti-corruption program depends on the commitment of everyone at the company—directors, officers, and employees alike.

Oversight by senior corporate officers with autonomy, resources and authority. A dedicated compliance infrastructure, with “one or more senior corporate officers” responsible for compliance, is also needed.¹⁹OECD Guidance, Annex II at ¶ A4. The responsible corporate officer (or officers) “must have appropriate authority within the organization, adequate autonomy from management, and sufficient resources to ensure that the company’s compliance program is implemented effectively.”²⁰FCPA Guide at 58. Accord Brazil’s CGU Guidance at 36; Canada’s Niko Probation Order at ¶ 2(e); Japan’s METI Guidelines at 10; South Africa’s King Code at 43; U.K. Bribery Act Guidance at 24. At the international level, see, e.g., ICC Rules on Combating Corruption at Art. 10; World Bank Guidelines at §2.3; WEF Principles at §5.1. Indeed, Russian law now requires the designation of an officer and a department or structural unit responsible for the prevention of corruption and related offenses.²¹See Russian Federal Law No. 273-FZ, “On Fighting Corruption,” Dec. 25, 2008 (the “Russian Anti-Corruption Law”).

According to the FCPA Guide, U.S. enforcement authorities will look at whether a “company devoted adequate staffing and resources to the compliance program given the size, structure, and risk profile of the business.”²²FCPA Guide at 58. At a minimum, U.S. authorities expect that lead compliance personnel will have “direct access to an organization’s governing authority,” such as the board of directors or an audit committee.²³Id. Other countries similarly expect companies to establish “direct reporting obligations to independent monitoring bodies,”²⁴See Canada’s Niko Probation Order at ¶ 2(e). which oversee compliance with applicable standards of conduct.²⁵See Brazil’s CGU Guidance at 36.

Although central oversight may create tension in a company with historically decentralized operations, an effective anti-corruption compliance program will necessarily require some involvement from the home office. This central oversight should complement, not replace, compliance measures at the local, operational level.

Generally applicable compliance measures focused on high-risk areas. The OECD encourages multinational companies to implement specific anti-corruption measures in high-risk activities, and to apply such measures to “all directors, officers, and employees” and to “all entities over which a company has effective control.”²⁶OECD Guidance, Annex II at ¶ A5. In this respect, the OECD Guidance recognizes that there is no standard compliance program: an effective program, according to the OECD, “should be developed on the basis of a risk assessment addressing the individual circumstances of a company.”²⁷Id. Nevertheless the OECD identifies common high-risk areas, including “gifts; hospitality, entertainment and expenses; customer travel; political contributions; charitable donations and sponsorships; facilitation payments; and solicitation and extortion.”²⁸Id.

The FCPA Guide advises companies to design a compliance program that considers risk factors such as level of government oversight and interaction; reliance on third parties who interact with governments on behalf of the company; business strategies using mergers, acquisitions or other business combinations; exposure to customs and immigration authorities; involvement in joint venture agreements and the importance of licenses and permits to the operations of a business.²⁹FCPA Guide at 59.

Similarly, under Transparency International’s Business Principles for Countering Bribery (“Transparency International Principles”), a corporate compliance program “should be tailored to reflect an enterprise’s particular business circumstances and culture, taking into account such potential risk factors as size, business sector, nature of the business and locations of operation.”³⁰Transparency International Principles at §3.2; accord World Bank Guidelines at §3.

Since the essence of a compliance program is the prevention, detection, and remediation of wrongdoing, a company’s resources should be allocated to activities that pose the highest risk—and when a company’s corruption risk grows, the FCPA Guide notes, “that business should consider increasing its compliance procedures.”³¹FCPA Guide at 59.

Ensuring the compliance of third parties. A compliance program should not be limited to mitigating risks presented by a company’s direct employees. The OECD recommends that a compliance program pay attention to “third parties such as agents and other intermediaries, consultants, representatives, distributors, contractors and suppliers, consortia, and joint venture partners.”³²OECD Guidance, Annex II at ¶ A6. Specifically, the OECD advises multinational companies to perform documented due diligence of business partners, inform business partners of the company’s commitment to compliance, seek a reciprocal commitment, and monitor compliance.³³Id.

The World Bank Guidelines echo this advice and further recommend assuring that “any payment made to [a] business partner represents an appropriate and justifiable remuneration for legitimate services performed or goods provided … and that it is paid through bona fide channels.” According to the World Bank Guidelines, companies should “[a]void dealing with contractors, suppliers and other business partners known or (except in extraordinary circumstances and where appropriate mitigating actions are put in place) reasonably suspected to be engaging in misconduct.”³⁴World Bank Guidelines at §5.1; accord ICC Rules on Combating Corruption at Art. 3; Transparency International Principles at ¶ 5.2.3. At the national level, see, e.g., FCPA Guide at 60–61; U.K. Bribery Act Guidance at 27–28; Canada’s Niko Probation Order at ¶¶ 2(j)(ii)–(iii), 3(a)–(c). Indeed, many recently reported cases of anti-corruption enforcement against multinational companies are based on the actions of third-party agents.

Financial and accounting procedures, including a system of internal controls. Internal controls help safeguard a company’s assets. The OECD recommends financial and accounting procedures that are “reasonably designed to ensure the maintenance of fair and accurate books, records, and accounts, to ensure that they cannot be used for the purpose of foreign bribery or hiding such bribery.”³⁵OECD Guidance , Annex II at ¶ A7.

Countries generally expect companies to maintain a robust set of internal controls.³⁶See, e.g., U.K. Bribery Act Guidance at 21–22; Japan’s METI Guidelines at 8; Germany’s BDI Guidance at 11–12; Canada’s Niko Probation Order at ¶ 2(b)(iii). For example, Russia’s Anti-Corruption Law now requires companies to have controls that prevent the falsifying of accounting records.³⁷See Russian Federal Law No. 273-FZ, “On Fighting Corruption,” Dec. 25, 2008. Brazil’s new Clean Company Act, when applying penalties, considers the existence of internal controls, including audits, that ensure the integrity of a company’s operations.³⁸Brazil Clean Company Act, Law No. 12.846 (2013), at Art. 7.

Internal controls are especially important where corruption risks are high. As the FCPA Guide observes, “[b]usinesses whose operations expose them to a high risk of corruption will necessarily devise and employ different internal controls than businesses that have a lesser exposure to corruption, just as a financial services company would be expected to devise and employ different internal controls than a manufacturer.”³⁹FCPA Guide at 40; see also id. at 58 (noting that internal controls systems often have “built-in flexibility so that senior management, or in-house legal counsel, can be apprised of and, in appropriate circumstances, approve unique requests”). A robust set of internal controls can help ensure, for example, that an interaction subject to prior approval is only authorized for payment after an appropriate review.

Periodic communication and documented training. The OECD recommends “periodic communication and documented training … for all levels of the company, on the company’s ethics and compliance program.”⁴⁰OECD Guidance, Annex II at ¶ A8. As the FCPA Guide emphasizes, a compliance program cannot be effective without adequate communication and training.⁴¹FCPA Guide at 59; accord U.K. Bribery Act Guidance at 29–30; Canada’s Niko Probation Order at ¶ 2(g); Brazil’s CGU Guidance at 31, 37, 44; Japan’s METI Guidelines at 11; Germany’s BDI Recommendations at 11; South Africa’s King Code at 43. At the international level, see, e.g., APEC Anti-corruption Code at §4; ICC Rules on Combating Corruption at Art. 8; Transparency International Principles at ¶ 5.4; World Bank Guidelines at §7; WEF Principles at §5.4

Anti-corruption training is not a one-time event. Brazilian authorities, for example, have highlighted the importance of a company training existing employees, as well as new hires.⁴²Brazil’s CGU Guidance at 31. The ICC Rules on Combating Corruption state that “key personnel in areas subject to high corruption risk should be trained and evaluated regularly.”⁴³ICC Rules on Combating Corruption at Art. 8. The World Bank Guidelines likewise advise that training programs should be “tailored to relevant needs, circumstances, roles and responsibilities.”⁴⁴World Bank Guidelines at §7. In this vein, the FCPA Guide suggests that training sessions include hypothetical situations that are specific to the trainee’s day-to-day work experiences.⁴⁵FCPA Guide at 59. The ultimate goal of training and communication is to make sure that individuals understand what is expected of them and are able to follow compliance guidelines in their everyday activities.

Moreover, communication regarding compliance issues should not take place only in formal settings. Brazilian authorities therefore recommend “implementation of a permanent communications policy,” which could include such elements as “internal newsletters for employees; a separate space on the intranet devoted to ethics; dissemination of examples of good practices of ethical conduct; posting of pamphlets and announcements on bulletin boards; presentation of positive results obtained from the implementation of the code of conduct; and incorporation of the ethical and integrity principles and values in the organization’s mission and vision statements.”⁴⁶Brazil’s CGU Guidance at 31, 34. The World Bank Guidelines recommend that an organization “make statements in its annual reports or otherwise publicly disclose or disseminate knowledge about its [compliance program].”⁴⁷World Bank Guidelines at §7.

Encouragement and positive support for compliance. Companies also should reward their employees for good behavior, including compliance with anti-corruption policies and procedures.⁴⁸See OECD Guidance, Annex II at ¶ A9; accord World Bank Guidelines at §8. The ICC Rules on Combating Corruption suggest that multinational corporations include “the review of business ethics competencies in the appraisal and promotion of management and measuring the achievement of targets not only against financial indicators but also against the way the targets have been met and specifically against the compliance with the Enterprise’s anti-corruption policy.”⁴⁹ICC Rules on Combating Corruption at Art. 10. In this regard, the FCPA Guide recommends incorporating adherence to compliance as “a significant metric for managements’ bonuses,” “recognizing compliance professionals and internal audit staff,” and making “working in the company’s compliance organization a way to advance an employee’s career.”⁵⁰FCPA Guide at 60.

Appropriate disciplinary procedures to address violations. Just as carrots are important to an anti-corruption compliance program, so are sticks. Anti-corruption rules are only effective if they are enforced. That is why the OECD Guidance contemplates the implementation of appropriate disciplinary measures to address violations.⁵¹OECD Guidance, Annex II at ¶ A10. Accord ICC Rules on Combating Corruption at Art. 10; Transparency International Principles at §5.1.4; World Bank Guidelines at §8; WEF Principles at §5.3.3. At the national level, see, e.g., U.K. Bribery Act Guidance at 22; Canada’s Niko Probation Order at ¶ 2(i); Japan’s METI Guidelines at 9, 11. To evaluate the credibility of a compliance program, U.S. authorities will assess whether “a company has appropriate and clear disciplinary procedures, whether those procedures are applied reliably and promptly, and whether they are commensurate with the violation.”⁵²FCPA Guide at 59. As the World Bank Guidelines make clear, disciplinary measures should include possible termination and apply to “all persons involved in [m]isconduct or other program violations, at all levels.”⁵³World Bank Guidelines at §8.2. In the words of the FCPA Guide, “[a] compliance program should apply from the board room to the supply room—no one should be beyond its reach.”⁵⁴FCPA Guide at 59.

Guidance, advice, confidential reporting, and whistleblower protections. An effective anti-corruption program must provide resources for company employees and relevant third parties to obtain compliance information.⁵⁵OECD Guidance, Annex II at ¶ A11. Specific company personnel should be designated to help answer questions.

An effective program also should provide mechanisms for reporting potential or actual misconduct.⁵⁶See, e.g., FCPA Guidance at 61; U.K. Bribery Act Guidance at 23; Canada’s Niko Probation Order at ¶ 2(h)(ii); Japan’s METI Guidelines at 10–11. At the international level, see, e.g., APEC Anti-corruption Code at §4; ICC Rules on Combating Corruption at Art. 10; Transparency International Principles at §5.5; World Bank Guidelines, §9; WEF Principles at §5.5. Indeed, when punishing violations, Brazil’s new Clean Company Law takes into account the existence of a company’s incentives for employees to report irregularities.⁵⁷See Brazil Clean Company Law at Art. 7. According to the APEC Anti-corruption Code, the goal is to ensure that relevant information travels “to responsible enterprise officials as early as possible.”⁵⁸APEC Anti-corruption Code at §4. For this to happen, of course, employees must not fear retribution or retaliation for the good faith reporting of their concerns. The FCPA Guide thus recommends the institution of hotlines, ombudsmen, or other anonymous reporting systems.⁵⁹FCPA Guide at 61.

A company’s response to a report of potential misconduct is also critical. Companies must have an infrastructure in place to respond to the report, conduct appropriate investigations, and document the response process, in a consistent manner.⁶⁰See, e.g., FCPA Guide at 61; Canada’s Niko Probation Order at ¶ 2(h)(iii); Brazil’s CGU Guidance at 36.

Periodic reviews. A compliance program that remains static is likely to become ineffective as risks shift. Periodic reviews and assessments are therefore essential.⁶¹OECD Guidance, Annex II at ¶ A12; accord FCPA Guide at 61–62; APEC Anti-corruption Code at §4; ICC Rules on Combating Corruption at Art. 10; Transparency International Principles at ¶ 5.8; World Bank Guidelines at §3. At the national level, see, e.g., U.K. Bribery Act Guidance at 31; Canada’s Niko Probation Order at ¶ 2(d); Japan’s METI Guidelines at 5, 8; South Africa’s King Code at 33, 68. Companies must consider, among other things, “business changes over time”;⁶²FCPA Guide at 61. weaknesses and shortcomings that may require enhancements;⁶³See, e.g., FCPA Guide at 62; Transparency International Principles at ¶ 5.8; World Bank Guidelines at §3. and “relevant developments in the [anti-corruption] field” and “evolving international and industry standards.”⁶⁴OECD Guidance, Annex II at ¶ A12. The U.K. Bribery Act Guidance recommends benchmarking with other organizations to help assess whether best practices are being implemented.⁶⁵U.K. Bribery Act Guidance at 31.

The FCPA Guide contains some specific suggestions for periodic reviews and assessment: companies may (1) use “employee surveys to measure their compliance culture and strength of internal controls, identify best practices, and detect new risk areas” and/or (2) conduct “targeted audits to make certain that controls on paper are working in practice.”⁶⁶FCPA Guide at 62.

III. Conclusion

As this article illustrates, a convergence of expectations regarding anti-corruption compliance programs has led to a new global standard. Companies that fail to live up to this global standard unnecessarily increase their risk of exposure. The absence of an effective compliance program not only makes it more likely that improper conduct will occur, but also makes it more difficult for companies to defend themselves in enforcement situations by arguing that individual wrongdoers alone and not the company itself, should be held liable.

While an effective compliance program must address the specific risks a company faces, the global standard embodied in the guidance of governments and international organizations discussed in this article provide international businesses with a path to developing or enhancing a compliance program that prevents, detects and responds to anti-corruption risks worldwide.