With the involvement of global third parties, an ethics and compliance program is a huge asset, not expense
The SEC and DOJ are very active at the moment in their enforcement efforts. Corruption is a very important topic for the government. In the US, FCPA enforcement actions are on the rise, so it's important to effectively manage your third party risk and incorporate this into a strong ethics and compliance program. This effort should be seen as an asset, not as a bother or an expense to the business.
If you're a global organization, managing your risk includes identifying new and emerging threats and expanding the reach of your ethics and compliance programs to reach and mitigate those new and emerging threats. They are there. To ignore them is a recipe for disaster. It's like the game Whack-a-Mole. They keep popping up and you have to be ready, and fast, and hit them hard!
With many organizations pulling a little tighter on the purse strings, in some instances ethics and compliance programs have been affected by budget cuts. But as organizations grow and expand to new territories, taking on increasing risks, and with FCPA enforcement growing as we've seen in the past few years, organizations could find themselves in a dangerous black hole if they choose to cut corners when it comes to risk. In response to lack of budget, some businesses have collapsed their ethics and compliance departments into a single function focused mainly on compliance. Other companies have decided to rely more heavily on part-time resources for global risk management (that's a scary thought if you think about it). And still others have outsourced certain compliance functions or relied more heavily on professional service providers. Sure this may enhance a program's effectiveness and reduce operating cost, but whatever path is chosen it's essential that management and boards provide enough resources and authority to the ethics and compliance programs. Organizations that give an inappropriate amount of attention to risks do so at their own risk.
Just one rumour, hint of malfeasance or misconduct, or even a social media post is enough to impact shareholder value and damage or destroy a brand just like that! A vigilant organization conducts ongoing risk assessments which provides a start point for mitigation. Because based on today's ever changing environment, it's probably in an organization's best interest to continuously assess risk, and perhaps shuffle them within its ethics and compliance program. It’s essential for organizations to create an internal environment where risks and associated challenges can be openly discussed. No sense in keeping tight lipped about this subject because it's a sure fire way to bring on those pesky regulators. You can’t fix what you don’t talk about.
Speaking of pesky regulators, there is a way to get on their good side. In some circumstances, the DOJ and SEC may decline to pursue charges against a company based on that company's effective compliance program. It may also seek to reward a company for its program, even when that program did not prevent that particular underlying FCPA violation that instigated the investigation in the first place.
Organizations that do manage to conduct themselves in an ethical manner and endure over time are built on a foundation of trust. Great companies build a legacy of success by delivering on their values equally to all stakeholders. Acting ethically and with integrity with all stakeholders is a win-win. Employees take their cues from the top. What leaders do reflects the creation of the company culture within an organization. If management does not lead with integrity, than why on earth would employees?
There's no one-size-fits-all compliance program. Depending on a variety of factors such as size, type of business, industry and risk profile, an organization should determine what is appropriate for its own needs regarding FCPA compliance program best practices.
Let's get your compliance program working for you in a powerful manner.