Prior to the COVID-19 pandemic, investigators relied on a proven playbook for addressing potential bribery and corruption: due diligence into relevant personnel or vendors, in-person interviews, and surveillance operations. Meanwhile, audit teams reviewed archived records, historical issues, and wider market practices to discern common techniques, missteps, or potential problem areas. This process is more complex during the pandemic. Triggers for an FCPA investigation and the possible steps to address violations have shifted, obfuscating the future of these investigations and enforcement. The following discusses practical strategies for navigating this altered landscape.
Changes in the Field
An understanding of your FCPA risk profile—your vulnerabilities, compliance history, and partners—means reduced risk and increased post-incident control. Before the pandemic, risk profiles were likely more easily assessed, with security measures set up based on known patterns of industry or geographic risks. This profoundly changed because of the pandemic. Now, a more active approach is necessary. To anticipate issues, you must devote proper attention and analysis to the aspects of your business most disrupted by the pandemic—even those aspects not historically associated with FCPA risk.
Consider supply chains: As international providers are forced to adapt at every level—from product sourcing to tax approvals, customs brokerage, or transport management—there is immense pressure to maintain the consistency that their clients expect. A dramatic rise in the use of facilitation payments is sure to follow. Already a pronounced risk, these payments are often used to streamline the supply process. Businesses returning during the pandemic may scramble to recoup the months of losses accrued during quarantines. This combined with rising unemployment and income concerns creates additional stress for employees to meet deadlines and achieve results. This also creates a heightened risk of potentially improper payments and damage to the company. As businesses continue to respond to the pandemic, additional vulnerabilities may develop that further underscore every company’s need to examine the more stressed aspects of its operations.
Changes to Your Approach
Organizations must adapt their approach to meet the new challenges of corruption during the pandemic. The reality is that some historically successful methods, particularly in-person interviews, are not currently viable. As measures against physical contact preclude in-person solutions, investigators and auditors must rely on remote or digital methodologies to address potential corruption. Now is the time to use proven methods to address current challenges: self-assessments. In our experience, self-assessments and compliance program audits are powerful and proactive tools to combat corruption risk and mitigate current exposure. These tools allow an organization to have visibility through remote review of books and records and any programmatic weaknesses.
Self-Assessments. Self-assessment forms should be sent to all parties, whether internal or at a vendor, who interface with government officials or operate in historically vulnerable regions or industries. During the assessment, the responding parties answer multiple questions designed to identify risk and provide data to evidence compliance with corporate policies, procedures, and initiatives. Compliance is then rated on a one-to-five scale, ultimately allowing the organization to make an informed decision on next steps, which could potentially include a deeper investigation. Self-assessments also help to scale audits by identifying practical risks and to limit the need for in-person procedures.
Compliance Audits. Anti-corruption program compliance audits are also critical to helping companies uncover and remediate nascent issues before those issues rise to the level of criminal activity, civil liability, or regulatory action. As part of these audits, financial information is reviewed to ensure that expenditures for government-related services are appropriate and accurately recorded in the company’s books and records. Analytics often will reveal discrepancies between expense reimbursement requests and invoices, requiring a more detailed review. Armed with this information, a company can make an informed decision about policy and procedure changes, remedial action for any employees involved, and the need for further employee training. An informed decision can also be made about whether the company self-reports to regulators.
Changes to Your Culture
Although training, self-assessments, and compliance audits are critical, proactive approaches to mitigating corruption risk, it is also essential that your overall compliance program be nimble enough to react swiftly once an issue is suspected or identified. Review your FCPA training and guidelines to ensure both employees and business partners are made aware of the communication channels available to them for reporting suspected or witnessed wrongdoing. This should include contact information for compliance officers as well as an anonymous and confidential reporting option. Efforts should include ensuring that all reports are reviewed by a trained, objective, and independent team that is well-versed in how to respond to corruption-related allegations, evaluate the issues, and determine whether an internal investigation should be initiated.
Ultimately, the COVID-19 pandemic heightens the risk of corruption and bribery exposure even in traditionally compliant departments as employees and third parties face pressure to reverse the negative effects of the recent economic downturn. Investigators and auditors, meanwhile, can depend on trusted existing strategies to create sensible, scalable, and remote solutions.