Click here to read the complete illustrated article as originally published or scroll down to read the text article.
Does your company’s “Inadequate Compliance Program” violate securities laws?
In a recent matter before the SEC, settlement of an anti-bribery law known as the Foreign Corrupt Practices Act (“FCPA”) claim with Smith & Wesson (2014 sales of $626 million USD) has raised some worrisome new issues for small and medium sized manufacturers. In short, the FCPA is designed to punish companies and individuals that offer bribes to foreign government officials in order to achieve a business goal. This settlement is noteworthy for two reasons:
1. Small and mid-sized companies may now be in the SEC’s FCPA crosshairs;
2. A determination by the SEC that a company has an “inadequate
compliance program” may give rise to a new SEC claim for violation of the
Securities Exchange Act.
For the SEC, Small and Mid-Market Companies May be the New “Large”
In recent years, the SEC and DOJ have seemed to focus on marquee enforcement actions which grabbed headlines and fines in the tens to hundreds of millions of dollars. In fact, three of the top ten largest FCPA fines occurred in the last two years.
These highly publicized settlements focused largely on large, recognizable companies with significant global operations and pervasive bribery schemes. These schemes often continued for years and involved the payments of large bribes to foreign officials to secure large contracts worth tens of millions of dollars.
In contrast, the Smith & Wesson settlement involved a company with sales of less than $1 Billion USDs and a few small contracts in the Middle East where the profit was barely $100,000, as well as a string of other small cash payments and gifts for equally small contracts.
These contracts were subsequently cancelled or otherwise unsuccessful. Much of this activity was conducted through third parties. These numbers are rounding errors by comparison to the multi-million contract awards in some of the higher profile settlements in recent years.
So what’s up? Was this a fluke, low hanging fruit or some other unique issue? Can we assume that the SEC will turn its attention back to slaying the giants?
Has the SEC Created a New Standard for Compliance Programs?
The Smith & Wesson settlement was described by the SEC’s chief of FCPA enforcement, Karen Brockmeyer, as a “wakeup call for small and medium businesses that want to enter into high risk markets and expand their international sales.”
If you are a senior officer, board member, director or compliance officer at a small to medium company, you may have thought (or wished) that the SEC was only interested in headline-worthy cases and large companies. But if this settlement is any indication, your years of being under the radar may have come to an end.
One of the more newsworthy items that arose from this otherwise ordinary FCPA allegation was a claim by the SEC for violation of the Securities Exchange Act of 1934. What made this claim unusual was that it addressed not just books and records but additionally the SEC determined that the company’s compliance program was “inadequate.”
According to the SEC press release: “While the company had a basic corporate policy prohibiting the payment of bribes, it failed to implement a reasonable system of controls to effectuate that policy, its FCPA policies and procedures, and its FCPA-related training and supervision were inadequate.”
The SEC found that this conduct violated Section 13(b)(2)(B) of the Exchange Act, “which requires reporting companies to, among other things, devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that transactions are executed in accordance with management’s general or specific authorization; transactions are recorded as necessary to maintain accountability for assets, and that access to assets is permitted only in accordance with management’s general or specific authorization.”
So now in addition to looking for instances of bribes of foreign officials, the SEC appears ready to weigh in on the adequacy of specific elements of a company’s compliance policy, training, supervision and internal controls.
10 Best Practices
In light of the Smith & Wesson case, what can small and medium sized businesses, with more limited resources do to minimize risks when they are doing business in risky countries?
1. Make sure to have a clear, post- ed company policy against bribery;
2. Implement controls to ensure that payments to third parties are for
legitimate business purposes and are properly recorded;
3. Provide regular, mandatory training to employees on spotting, preventing
and reacting to bribery;
4. Conduct due diligence on third parties conducting business on your
company’s behalf before contracting with them;
5. Risk rate your third parties and conduct appropriate due diligence in light
of the rating;
6. Exclude third parties with red flags which cannot be resolved to your
7. Regularly update and monitor these third parties: more resources should
be directed to higher risk third parties;
8. Document the process and your company’s efforts;
9. Have a system which allows employees, third parties and others to report
suspicious activity; and
10. Involve procurement, HR, Legal and if appropriate an external consultant
to assess your program and suggest mitigation.
It is difficult to know if this case is an aberration or a shot across the bow of small and mid-sized companies signaling that the SEC is the “new sheriff in town” when it comes to enforcing bribery of foreign officials, but also the adequacy or lack thereof of your company’s compliance programs designed to prevent or reduce bribery.
Whatever the answer to that question, it is critical for senior executives to make sure that, before the SEC knocks on the door, the company has assessed and plugged any holes in their anti-bribery programs. While a policy is a good start much more care and thought must go into developing and regularly assessing a holistic program. This program needs to show that the company has a serious goal—supported with resources and controls—of reducing the risk and likelihood that the company’s employees or third parties have the opportunity and propensity to bribe foreign officials in pursuit of business goals.
Randy Stephens, J.D., CCEP, vice president of advisory services for NAVEX Global, is a lawyer and compliance specialist who has worked in roles with legal and compliance responsibility for over 30 years, including operations in Mexico, China and Canada. Randy has significant in-house experience leading compliance programs and working for some of the largest and most diverse public and private corporations in the United States, including US Foods, Home Depot, and Family Dollar.