Before the COVID-19 pandemic, investigators relied on a tried and tested playbook to combat potential bribery and corruption: due diligence towards relevant employees or providers, personal interviews and monitoring measures. Meanwhile, the audit teams reviewed archived records, historical issues, and broader market practices to identify common techniques, missteps, or potential problem areas. This process is more complex during the pandemic. The triggers for an FCPA investigation and possible steps to remediate violations have shifted, obscuring the future of that investigation and its enforcement. Practical strategies for navigating this changed landscape are explained below.
Changes in the field
Understanding your FCPA risk profile – your vulnerabilities, your compliance history, and your partners – means lower risk and better post-incident control. Prior to the pandemic, risk profiles were likely to have been easier to assess, with security measures based on known industry patterns or geographic risks. This has changed fundamentally due to the pandemic. A more active approach is now needed. In order to anticipate problems, you need to devote adequate attention and analysis to the aspects of your business most severely affected by the pandemic – including those that have not historically been linked to FCPA risk.
Consider supply chains: As international suppliers are forced to adapt at all levels – from product sourcing to tax approvals, customs clearance to transportation management – there is immense pressure to maintain the consistency their customers expect. A dramatic increase in the use of facilitation payments is sure to follow. These payments are already a distinct risk and are often used to streamline the delivery process. Companies returning during the pandemic can strive to make up for the months of losses incurred during the quarantine. This, coupled with rising unemployment and income concerns, creates additional stress for employees meeting deadlines and getting results. This also increases the risk of potentially improper payments and damage to the company. As companies continue to respond to the pandemic, additional vulnerabilities may develop, underscoring the need for any company to investigate the more stressful aspects of its business.
Changes to your approach
Organizations need to adapt their approach to meet the new challenges of corruption during the pandemic. The reality is that some historically successful methods, especially face-to-face interviews, are not currently practical. Since measures against physical contact preclude personal solutions, investigators and auditors must rely on remote or digital methods to combat potential corruption. Now is the time to use best practices to address current challenges: self-assessments. In our experience, self-assessments and audits of compliance programs are powerful and proactive tools for combating the risk of corruption and reducing the current risk. These tools enable a company to gain visibility through remote review of books and records and programmatic vulnerabilities.
Self-assessment. Self-assessment forms should be sent to all parties, whether in-house or with a vendor who is in contact with government officials or operating in historically vulnerable regions or industries. During the assessment, the responding parties answer several questions to identify risks and provide data to demonstrate compliance with company policies, procedures, and initiatives. Compliance is then rated on a scale of one to five so that the company can ultimately make an informed decision about next steps, which could potentially include further investigation. Self-assessments also help scale audits by identifying practical risks and limiting the need for in-person procedures.
Compliance audits. Anti-corruption program compliance audits are also critical to helping organizations identify and resolve issues as they arise before those issues lead to criminal activity, civil liability, or regulatory action. These reviews review financial information to ensure that government service spending is adequately and accurately recorded on the company’s books and records. Analysis often reveals inconsistencies between reimbursement requests and invoices that require further review. With this information, a company can make an informed decision about policy and process changes, remedial action for all employees involved, and the need for additional employee training. An informed decision can also be made about whether or not the company will report itself to regulators.
Changes to your culture
While training, self-assessments, and compliance audits are important proactive approaches to reducing the risk of corruption, it is also important that your entire compliance program is nimble enough to react quickly once a problem is suspected or identified. Review your FCPA training and policies to ensure that both employees and business partners are made aware of the channels of communication available to them to report suspected or witnessed violations. This should include contact information for compliance officers, as well as an anonymous and confidential reporting option. Efforts should include ensuring that all reports are reviewed by a trained, objective, and independent team who are familiar with allegations of corruption, assess the issues and determine whether an internal investigation should be initiated.
Ultimately, the COVID-19 pandemic increases the risk of corruption and bribery, even in traditionally compliant departments, as employees and third parties are under pressure to reverse the negative effects of the recent economic downturn. Investigators and auditors can rely on trusted strategies to create meaningful, scalable, and remote solutions.