Attorneys Advise Companies to Mitigate FCPA Risk Ahead of DOJ Inquiries
Attorneys in the Latin American practice at Miller & Chevalier said that DOJ has been emphasizing the kind of corporate oversight it expects to prevent bribery cases, and said that the agency wants to see compensation structures that incentivize compliant behavior, the use of data analytics for monitoring employees, preserving data from personal cell phones, and, if there is a violation, conducting a root cause analysis.
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
Matteson Ellis said preserving data on personal cell phones is a challenge for companies, because WhatsApp, which encrypts messages and allows for permanent deletion, is widely used in Latin America.
Greg Bates said that while "the Justice Department is cognizant this is hard," they also expect companies to be monitoring their employees' behavior to try to dissuade or stop illegal behavior.
"Perfection is not the goal here; so we’re really looking to design the program on a risk basis," he said during a webinar hosted by Miller & Chevalier this week. "Do not try to boil the ocean here." He said a company can start with one set of monitoring activities, and build from there, with what he called "bite-sized initiatives."
Places to start might be examining contacts with riskier customers, or with third-party service providers. He said companies can interrogate their data on employee bonuses and salaries, and should be doing so before there is a suspicion of illegal behavior.
"You want to do that on your timeline, not when DOJ shows up at your door and says 'we want all this information in xx weeks,'" he said.
If a company is creating reports for the compliance department regularly, that should be documented. And if you find something, push for the company to take action, he said.
Prosecutors will want to know if the compliance department is impeded from getting the information it's asking for, and whether another department could be massaging the data before it gets to the legal or compliance officials, he said.
Ellis said companies can also place limits on business expenses to prevent problems. One example, which he said is terrific, would be limiting employees to only entertaining a particular person three times. A company could enforce this either by letting managers know that an employee has entertained the client twice, and only has one more time left, or by implementing a pre-approval system for expenses that would block a fourth event.
"Managers will often sort of sign off very quickly on expenses," he said, but the travel and expense department can override that and say they're not going to reimburse, he said.
Alejandra Montenegro Almonte noted that the SEC recently levied massive fines on banks over their employees' use of WhatsApp, and said that the use of the app was "tantamount to the employers’ failure to supervise employees."
She said that companies, industry groups and the defense bar have argued that prohibiting ephemeral communication apps is too strict. But she said that companies should put boundaries on that kind of communication, and enforce those policies when violations become known. One example of a boundary, she said, would be to greenlight business discussions on WhatsApp with only certain firms.
Bates said an easy way to draw a bright line is to issue company-owned phones, and tell employees that all work communication must be on those phones. When the company owns the phones, it can dictate which apps are allowed.