Managing an organization’s ethics and values is challenging enough. A legion of laws, regulations, contractual obligations, judgments, and fines bear down on the organization and the CECO in the 21st century. There is a difficult path ahead for ethics and compliance management. Compliance is particularly difficult, as business is bombarded with thousands of new regulations each year.
At the U.S. federal level (not including U.S. state or local jurisdictions) there were more than 3,500 new regulations issued last year. This brings the total number of regulations issued since 1995 to nearly 60,000. Another 4,000 new laws and regulations are pending, waiting for approval. The sheer volume is staggering. FCPA is a particular hotbed of compliance in the U.S.:
- The court found Frederic Bourke, Jr. was willfully blind and as an investor he should have done more due diligence and should have known that the energy company he invested in bribed foreign officials.
- The government told Nature’s Sunshine’s CFO and COO they should have had better controls over financial reporting, even though the SEC never stated they specifically knew of the bribery happening within the corporation.
- The average cost of an FCPA settlement is $50 million plus the expense for an external monitor to validate a compliance program is in place for the next 10 to 20 years. This does not include investigation expenses.
- The U.S. Department of Justice assessed nearly $2 billion in fines in 2010. Eight of the top 10 FCPA settlements occurred in 2010. BAE Systems was the third largest fine at $500 million. Daimler AG had $185 million in fines and disgorgements. Snamprogetti had $365 million in fines (the fourth-largest).
- Charles Jumet, former VP of Ports Engineering Consulting Corporation, was sentenced to 87 months in prison.
- Siemens spent $850 million in fees and expenses to investigate anticorruption. Daimler had a five-year investigation that cost over $500 million.
Europe has been known for a principles-based (or outcomes-based) approach to compliance — which originates from the United Kingdom’s Financial Services Authority. They have turned their focus away from specific requirements toward understanding and interpreting compliance in light of the risk the organization faces, requiring a risk-based approach to compliance. Adding to compliance mandates, the U.K. approved the U.K. Bribery Act (UKBA) legislation in 2010, which went into enforcement in July 2011. This brings broader scope and implications to anticorruption compliance. Both the FCPA and the UKBA are country-specific initiatives in support of the Organization for Economic Cooperation and Development’s (OECD) anticorruption initiatives in 34 countries. The OECD has released Good Practice Guidance for internal controls, ethics, and compliance to combat corruption around the world.
Australia, through the ASNZ 3806 standard, takes a principles-based approach to compliance. The 12 principles provide guidance to organizations designing, developing, implementing and maintaining an effective compliance program, encompassing:
- Monitoring and measuring
- Continual improvement
- In addition, mandates such as those provided by the Australian Securities and Investments Commission (ASIC) and Australian Prudential Regulation Authority (APRA) broaden the scope and compliance requirements for listed organizations or those within the financial services industry.
The Era of the Corporate Bounty Hunter
Government is cracking down on organizations that lack integrity in their ethics and compliance practices. The current environment is seeing increased actions and judgments for noncompliant behavior such as corruption, insider trading, antitrust abuse, harassment, discrimination, fraud, and privacy violations. Fraud and unethical behavior is not tolerated — government and society have had enough. One aspect of this change is the government focus on initiatives that establish rewards for corporate whistleblowers. This heralds the era of the corporate bounty hunter.
The U.S. government recently introduced its most extensive regulation to uncover corporate wrongdoing in the Dodd-Frank Wall Street Reform and Consumer Protection Act (Pub.L. 111-203, H.R. 4173). Title IX Subtitle B gives the SEC powers to enforce a “whistleblower bounty program.” This program allocates a 10 percent to 30 percent reward to corporate whistleblowers who provide information leading to a successful government enforcement action with monetary sanctions of more than $1 million. In an era of increased scrutiny and judgments for anticorruption, insider trading, and other areas, this significant concern keeps executives, the board, legal, and compliance professionals up at night.
This just scratches the surface of the regulatory burden on organizations amidst thousands that span areas of employment, quality, health and safety, environmental, business transactions, privacy, security, and many other areas. Distributed businesses that cross jurisdictions in transactions and relationships have a great deal to answer for when it comes to regulatory oversight. The burden is so great it demands companies use limited resources and a risk-based approach to understand where its greatest ethics and compliance risks are. A risk-based approach complements a values-based approach and enhances corporate culture. While culture and values ultimately drive compliance, an organization must understand where its greatest compliance exposure is and allocate resources accordingly.
This is the second in my series on Compliance Management in the 21st Century. The previous ones have been:
I would love to hear your thoughts as well – please share them.
For those that cannot wait for all of my upcoming posts – you can read my thoughts and perspectives in my most recent written report: Compliance Risk Management in the 21st Century.