Several weeks ago compliance professionals saw two enforcement actions involving energy companies implicated in bribing government officials here in the United States. They were sobering reminders that FCPA-like misconduct can happen right here at home, too.
Today I want to pick up that thread again, with a deeper look at how domestic corruption risks do and don’t resemble foreign bribery banned by the Foreign Corrupt Practices Act. What sort of compliance program do you need? How would you assess your risk? What would an audit of “domestic bribery controls” entail?
To explore those questions I talked with Mike Brodsky, a managing director at Deloitte who devotes much of his practice to helping companies with corruption issues.
Brodsky didn’t address the two cases in the news — one against Commonwealth Edison in Illinois; the other involving FirstEnergy Corp. in Ohio — but he did talk about how a compliance program might approach domestic corruption; and the obstacles that compliance officers might face to convince employees that bribery within the United States is just as much of a bad practice as it is overseas.
You can hear our full conversation in the podcast posted at the top of this page. Meanwhile, here are a few of my own impressions below.
The Legal Risk Is Complicated
Compliance officers face two principal challenges with domestic corruption risk right now.
First, while the Foreign Corrupt Practices Act provides a uniform, nationwide prohibition against bribing foreign government officials, we have no “Domestic Corrupt Practices Act” equivalent to do the same here at home. Instead, it’s a patchwork of state laws and narrowly tailored federal statutes that address bribery in multiple ways.
That leaves compliance officers stuck doing more research to understand what your domestic bribery risk actually is. One state might treat inducing a public official to corruption as a felony that the state attorney general will pursue. Another state might treat it as a misdemeanor left to local district attorneys. If the bribery crosses state lines (you’re headquartered in one state, bribing a government official in another), your nearest U.S. attorney might also come calling.
Brodsky did recommend a nifty page on the website of Columbia Law School, that provides a state-by-state analysis of anti-bribery statutes. It’s worth bookmarking if domestic corruption is on your agenda right now.
Second, the enforcement appetite for domestic corruption may be increasing simply because state and local governments need the money. For a state facing budget shortfalls — which is every state in the country right now — a corruption settlement that puts $100 million or $200 million into the state treasury is a valuable windfall.
Moreover, the cost to mount these cases is lower for state and local prosecutors than it is for the feds. So even if your high-powered outside counsel might eventually win the case, from local prosecutors’ perspective, they have plenty of incentive to try anyway.
Compliance Is Complicated
One might think that a compliance program for domestic bribery would be the same as what you use for FCPA compliance. After all, since the bribes offered are essentially the same (cash, charitable donations, no-show jobs, contracts with political cronies), and the means to offer them are the same (vague contracts, payments through intermediaries), couldn’t you clone your FCPA compliance program for transactions in the United States?
I posed that question to Brodsky. “I don’t know ‘clone’ is the right word here,” he answered after a long pause.
In an abstract sense, the compliance policies and procedures you use for FCPA risk (vendor management systems, third-party due diligence, contract analysis, and so forth) would fit for domestic anti-bribery programs, too. But my question puts the cart considerably before the horse.
If you haven’t already done an assessment of your domestic bribery risk — especially how your own business operations might allow for illicit payments to local officials — then you won’t be cloning anything for a long while. You first need to do that spadework of understanding how the company is working with local officials before grafting FCPA policies and procedures onto U.S. operations.
In industries such as healthcare or defense contracting, where the False Claims Act has already focused the executive mind on tracking payments to U.S. officials, that foundation might already exist. For others that don’t have much False Claims Act or FCPA exposure, you might need to build that anti-bribery foundation from scratch.
Education Needs to Happen
More than a few compliance officers tell me that they encounter resistance from U.S. employees because those employees believe anti-bribery compliance is specifically about the FCPA. That is, it’s a law that governs foreign transactions — “and since my business is only here in the United States, this isn’t my problem.”
That attitude, Brodsky said, is a widespread and legitimate issue. Citing specific anti-bribery statutes to these employees is much more difficult because, as we mentioned above, the statutes are more numerous. What an employee can do in one state might be illegal for a coworker in another state. Chatting up your local state rep might seem perfectly natural if you do know your state rep (as I do, for example).
So domestic bribery compliance programs also face a sticky web of training and policy management issues, as you try to shift employee focus away from compliance with one specific law to compliance with anti-bribery goals generally.
If you have your own experience with domestic anti-bribery compliance programs or observations to share, we’d love to hear them. Drop me a line at [email protected] any time.