Forty-two years after its creation, the U.S. Foreign Corrupt Practices Act (FCPA) remains as relevant as ever against bribes and fraudulent deals in international business. And the penalties for FCPA violations can be steep. In March 2019, the top 10 fines ranged from $477 million to just under $2 billion.

Worldwide crackdowns on corruption and business opportunities in developing nations create a new set of challenges for multinational companies and their boards. In this episode, Matt Shelhorse, a partner with PwC’s Forensic Services Practice, discusses FCPA and steps boards can take to protect against FCPA violations and maintain a culture of compliance.

I think that the most important thing is to prepare. Don’t wait for a crisis to happen in this area.

— Matt Shelhorse, Partner, PwC’s Forensic Services Practice

The state of FCPA violations today

In the current FCPA compliance climate, companies face an interesting carrot-and-stick situation.

Similar to today’s environment with the SEC and whistleblowers, the U.S. government has been making it beneficial for companies to voluntarily disclose FCPA violations and cooperate on these issues. If a company finds an FCPA violation on its own and voluntarily reports it, the difference in fines can be significant. In some cases, Shelhorse said, the company may receive a declination where the government decides not to pursue the matter further.

Concurrently, FCPA investigations have been intensifying. Governments worldwide have been working together to share information and prosecute cases like never before, with a focus on individuals as well as companies. “Is there a bad actor, and should they be held accountable? That could be a CEO, a CFO, a board member,” Shelhorse said.

Whether companies are cooperating with law enforcement or reporting FCPA violations proactively, action often starts with the board of directors.

“I’ve worked on my share of investigations, and looking at what the board knew and didn’t know through minutes is one of the first steps we take,” said Shelhorse.

Kerstetter reiterated the importance of board responsibility. “If the government or regulators come in because they discovered something or got a tip, the first place they’re going is those board minutes,” Kerstetter said. “They want to understand that the board and management get this compliance responsibility. If they find that there’s been no attention paid to training, policies, procedures in terms of what’s happening—that’s a very bad place to start.”

If I were a board member and I hadn’t thought about this or wanted to start thinking about it, a couple of threshold questions for me: What is management’s view of corruption risk at the company? Do we have higher risk, do we have moderate risk, how are we managing it?

— Matt Shelhorse, Partner, PwC’s Forensic Services Practice

Recommendations for spotting, stopping, and dealing with FCPA violations

What are the keys to an effective anti-bribery and corruption program?

Start at the top. According to Shelhorse, one of the most important things a board can do is to commit to a true culture of compliance and trickle this commitment down through senior management and the rest of the team.

“You can have a compliance program that sits on the shelf and looks good on paper, but if people don’t understand it, they’re not aware of it, and they don’t live it, you’re not going to set the right tone, and that starts with the board,” he said.

Leverage technology. In the middle of today’s digital revolution and evolution, good tools and information are readily available for assessing risk. Make sure your board and management are using these tools and being creative in how they pull the data together and analyze it.

Scrutinize third parties. According to Shelhorse, “One of the real challenges we see in this area is doing business with agents, distributors, entering into JV relationships where you may or may not have complete visibility.”

Establish financial controls. “There’s a tendency for boards to put FCPA into the box of legal or compliance, but from an accountant’s perspective like me, financial controls are very important,” Shelhorse said. He suggested thinking of a transaction where a payment might leave the building improperly. How do you make sure that’s detected, that the right people are looking at it?

“If I’m sitting on a board, I want to make sure that my CFO is part of this conversation. I want to make sure my treasurer is part of this conversation, and I want to think very broadly about these risks,” he said. “If you do that, you’re one step ahead.”

“No one wants to spend the money on compliance people, yet if it makes a difference of half a billion dollars, that’s a very small investment,” said Kerstetter. The trick is to make the best decisions possible on training, personnel, time, and resources to place the company in good stead.

>> Don’t miss Part 1 of this series: Is Your Whistleblower Program Effective?