Compliance professionals got a lucky break this week. Twice in a matter of days, we saw major scandals break involving corporate misconduct and corrupt domestic government officials here in the United States — demonstrating, yet again, that tying corporate compliance on the Foreign Corrupt Practices Act alone is tremendously short-sighted.
First we had a case in Illinois, where ComEd agreed to pay $200 million to settle charges that it had funneled bribes to state House Speaker Michael Madigan in the 2010s in exchange for favorable legislation. Just four days later, federal prosecutors in Ohio arrested the Speaker of the House for that state, Larry Householder, on charges that he and his cronies shook down a different energy company for millions, also in exchange for favorable legislation.
The timing of the two enforcement actions is coincidental, but so what? Taken together, they still send a powerful message that, yes, FCPA-like misconduct happens right here in the United States, too. And a company can get into serious trouble for it.
Several compliance officers have reached out to me privately this week, almost gleeful at the chance to express exactly that point to their colleagues in other parts of the enterprise. One U.S. compliance officer of a foreign business — a company that is no stranger to FCPA enforcement, rest assured — recounted to me that U.S. business executives outright tell him: “This FCPA stuff is for other countries. We don’t have to worry about bribery here.”
I know, dear readers, that your eyes are rolling over the stupidity of that statement. Mine rolled, too. But we’d be foolish to pretend that sentiment doesn’t exist, and it speaks volumes about the challenges compliance officers face in building truly effective, enterprise-wide compliance programs.
Corruption Versus the FCPA
First is the idea among some U.S. executives that “anti-corruption compliance” pretty much means “the Foreign Corrupt Practices Act” — and therefore, if your business has no exposure to the FCPA, you don’t need to care much about anti-corruption issues.
That’s dumb, but the idea persists. Compliance officers need to stress constantly that anti-corruption compliance is about reducing incidents of corruption, no matter where they happen in the world. In some instances those corrupt acts can violate the FCPA; but as the news from Illinois and Ohio demonstrates, in other instances those corrupt acts can violate domestic U.S. law too.
We can even expand our list of examples with another from the pharmaceutical world: Novartis. The Swiss pharma giant settled FCPA charges last month with a $345 million fine — but even more eye-popping was its agreement to pay $642 million to settle False Claims Act charges that it was bilking the U.S. government, too.
In both cases, Novartis’ misconduct was fundamentally the same: spending gobs of money on “speaker series” events, where the company showered certain physicians with travel and speaking gigs in exchange for those doctors prescribing more Novartis drugs.
Novartis was, really, engaged in one global form of misconduct that involved bribery both inside and outside the United States. So one global commitment to anti-bribery standards is what’s necessary.
Even among global pharmaceutical companies, with all their compliance resources and maturity, I’m not sure how many employees outside the compliance function grasp that point. Executives selling in America tend to worry about anti-kickback statutes; executives selling overseas worry about the FCPA.
At the enterprise level, however, the wiser position to take is that corruption will bring the company grief eventually, no matter what laws are involved. So stick with one simple message — “We don’t gain business by unfair and unlawful advantage” — and staple it to every employee’s forehead.
Compliance Versus Legal
My other concern is that when companies view anti-corruption compliance as very much tied to specific laws, lawyers can end up running the compliance function. I love lawyers, but some just don’t know how compliance programs work.
Hence you end up with a head of competition law who moves into the CCO role, or a VP of regulatory affairs, or a deputy general counsel who managed mergers & acquisitions, or any of a dozen other such moves we could find on LinkedIn. (I found all these paths to CCO on LinkedIn within a few minutes.)
Those people might know the legal nuance of an anti-corruption statute or wise strategy for dealing with government prosecutors, but that’s not the same as running a compliance program. A compliance program requires ability to guide organizational behavior. The job is one part data analytics, one part policy maven, one part ethics counselor — and yes, one part lawyer. But only one part.
I would draw a distinction between lawyers who drift into the career path of running corporate compliance programs; versus lawyers who oversee corporate compliance because they or their bosses believe corporate compliance is a legal department duty.
I know scads of the former, who can be wonderful people with fantastic ability at running compliance programs. I also know some of the latter, who are genuinely surprised at the notion that compliance programs for the FCPA are essentially the same as compliance programs for, say, the Anti-Kickback Statute. The latter view anti-corruption compliance as a matter of meeting standards of a certain law, rather than as achieving better standards of conduct simply because in the long run that alleviates all sorts of problems.
In the long run, that second view prevails.