When looking at the Goldman Sachs’ $3.3 billion settlement and analyzing other similar cases where FCPA applied penalties and disgorgement, we see common failures in financial institutions to maintain internal controls. But what can we learn from the top 10 FCPA fines?
Here are the ten most significant FCPA cases, penalties and disgorgement assessed in the U.S. enforcement documents of all times, according to the FCPA Blog:
- Goldman Sachs Group Inc. (United States): $3.3 billion in 2020
- Airbus SE (Netherlands/France): $2.09 billion in 2020.
- Petróleo Brasileiro S.A. – Petrobras (Brazil): $1.78 billion in 2018.
- Telefonaktiebolaget LM Ericsson (Sweden): $1.06 billion in 2019.
- Telia Company AB (Sweden): $1.01 billion in 2017.
- MTS (Russia): $850 million in 2019.
- Siemens (Germany): $800 million in 2008.
- VimpelCom (Netherlands): $795 million in 2016.
- Alstom (France): $772 million in 2014.
- Société Générale S.A. (France): $585 million in 2018.
Robust control that includes:
- Policies and procedures
All these cases had something in common, lack of robust and effective control to monitor employees, senior managers and executives compliance activities. We all know how important it is to establish policies and procedures for employees; they need to be design in a way that allows the business to meet goals effectively and legally. These should explain staff responsibilities including Supervisors, Senior Managers, Directors, Board Members and Approved persons and should be updated regularly as regulations changes.
It isn’t enough to create a set of policies and procedures, without giving employees, senior managers, supervisors and other senior executives regular training sessions on these documents and essential regulations, industry best practices, and recent enforcement actions. Regulators expect that these trainings are applied when onboarding employees, also regularly throughout their employment at least yearly.
Nowadays, with the help of technology compliance can get creative and apply training in different formats, make it more engaging and include specific scenarios and activities thought the assessment that is relevant to employees’ department and role in the organization.
- Compliance management system
A compliance management system can empower the compliance team and help the department to (1) better communicate with employees; (2) access data and insights in real-time; (3) view an employee conduct risk profile; (4) automate manual and repetitive tasks to free up compliance team time; and (5) show regulators the organization’s effort to comply.
Technology is on the rescue; it improves the overall firms’ Compliance, especially now that employees work from home, they can input information in the system at any time to meet Compliance obligations.
Compliance needs to listen
These FCPA fined companies had unacceptable business practices, in some cases known by many in the organization, including its senior executives. That’s why Compliance is such an important role in regulated firms, and it should oversee these business practices.
The CCO needs to listen to what is happening in the company as it is their responsibility to investigate any incident or violations for legal or regulatory requirements. Compliance must understand at all levels of the organization its culture and ethical atmosphere, and act if they see a wrong culture of misconduct, bribery and corruption incubated within the business.
Health culture and conduct is critical
Organizations must encourage senior managers and executives to take accountability for their actions and emphasize their responsibility for indirect behaviour that contributes to poor culture and misconduct. Create a healthy culture of compliance isn’t an easy task, and it can take time for the positive outcome.
We can all agree that these organizations caught in bribery, corruption and poor conduct scheme lacked actual compliance culture. On paper, they had robust anti-corruption compliance procedures. In practice, these procedures were flawed and questionable as they avoided compliance review and approvals set up to protect the organization.
On Petrobras case, while the organization fraudulently raised billions of dollars from investors, its senior executives operated a bribery and corruption scheme to benefit the company and Brazilian politicians and political parties. After the disclosure, the company saw the problem in its root and changed its board of directors and executive committee, disciplined employees, and ended relationships with anyone involved in the scheme.
Our partner, the Mizen Group explains in detail in this webcast, how to Measure culture and create a healthy culture of compliance across the board. Watch the on-demand webinar HERE.
Looking out for gifts, entertainment and hospitality
One the Airbus case, regulators found the company sponsoring educational events to hide other activities they paid for in cash to Chinese executives, such as golf, scuba diving, kayaking, surfing lessons and cocktails and luau dinners.
As well as sponsored events, GEH (Gifts, Entertainment & Hospitality), can be considered a legitimate way to create business relationships. However, all that needs to be carefully reviewed by Compliance, making sure that guests are authorized by law or organization policy to receive the benefits provided, which wasn’t the case for these sponsored events hosted by Airbus.
If you want more details on how global organizations are managing their Gifts and Entertainment Compliance programs, consider reading our GEH Survey Report with lots of insights into the subject and rules firms applies in different jurisdictions.
Learning from the mistakes the company released a note that says, “The strengthening of our compliance programs at Airbus is designed to ensure that such misconduct cannot happen again.” Denis Ranque, Airbus Chairman.
All that shows how critical is an effective compliance program. Technology can help Compliance to determine gaps, inefficiencies and areas for improvement. Firms that struggle to adapt to the digital world can suffer severe fines and reputation damage. The ideal for Compliance is to use an integrated system that monitors all employees activities and can check conflicts of interest across the organization. Check our recent white paper that explains the benefits of consolidating technology for better Compliance.