The FCPA Report

The definitive source of actionable intelligence covering the Foreign Corrupt Practices Act

Articles By Topic

By Topic: Internal Controls

  • From Vol. 6 No.8 (Apr. 26, 2017)

    Managing Subsidiary Risks: Internal Controls (Part Three of Three)

    While subsidiaries continue to be a major source of corruption risk, parent companies have several tools at their disposal to mitigate that risk. This final article in our three-part Managing Subsidiary Risks series explores some of the strongest tools and controls – internal and financial – available to a parent company to prevent corruption at its subsidiaries. The first article discussed what steps companies can take when setting up new subsidiaries, either from scratch or through the acquisition of an existing company, to limit corruption risk and the second part of the series addressed leveraging strong communication and a culture of compliance. See “Rolls-Royce Settlement Offers Lessons on How to Pay Commissions Without Corruption” (Feb. 15, 2017).

    Read Full Article …
  • From Vol. 6 No.7 (Apr. 12, 2017)

    Managing Subsidiary Risks: Culture and Communication (Part Two of Three) 

    Recent corporate FCPA settlements with the SEC and DOJ show that foreign subsidiaries continue to be an area of anti-corruption risk for multinational companiesEven if a parent company has a strong compliance culture and accompanying program, failing to integrate that culture with its subsidiaries can lead to problems, as can failing to keep lines of communication open between the parent and its subsidiaries. In this second article in our three-part series on managing subsidiary risk, we look at how companies can make subsidiary employees partners in complianceThe first article in the series discussed how companies can set up their subsidiaries to minimize risk, and the third part will examine the internal controls a company should have in place to prevent corruption at its subsidiaries. See How to Build a Compliant Culture and Stronger Company From the ‘Middle’ (Part One of Three) (Apr. 1, 2015); Part Two (Apr. 15, 2015); Part Three (Apr. 29, 2015). 

    Read Full Article …
  • From Vol. 6 No.6 (Mar. 29, 2017)

    Managing Subsidiary Risks: Setting Things Up for Success (Part One of Three)

    A common theme of many anti-corruption settlements is the involvement of foreign subsidiaries. A parent company may have little oversight of its far-flung subsidiaries, but can still be on the hook if bribes are paid or books and records are not kept properly. In this three-part series, The FCPA Report will look at the different ways companies can minimize and mitigate anti-corruption risks at their subsidiaries. In this first part, we discuss how companies can be held liable for the actions of their subsidiaries and how subsidiaries can be set up for success from the beginning – both when building one from scratch and when acquiring an already existing company. The subsequent articles will discuss how companies can use culture, communication and internal controls to keep subsidiary risks in check. See “How to Mitigate FCPA Risk Before and After an Acquisition” (Feb. 18, 2015).

    Read Full Article …
  • From Vol. 6 No.5 (Mar. 15, 2017)

    Rolls Settlement Illuminates SFO Expectations for Cooperation and Compliance

    Rolls-Royce’s recent settlement with U.K., U.S. and Brazilian authorities was a key development in global anti-corruption enforcement. The case opens a window into what the SFO, now a major player on the field of anti-corruption enforcement, expects from companies both in terms of cooperation and remediation. That information may prove crucial for many multinational companies as U.K. enforcement continues to assert its dominance on the anti-corruption stage. See “Rolls-Royce Settlement Offers Lessons on How to Pay Commissions Without Corruption” (Feb. 15, 2017) and “SFO Arrives in the Anti-Corruption Premier League With Rolls-Royce Settlement” (Mar. 1, 2017).

    Read Full Article …
  • From Vol. 6 No.5 (Mar. 15, 2017)

    DOJ’s Guidance Shows That Compliance Programs Still Matter

    Critical comments of the FCPA by President Trump, coupled with a general policy position of lessening regulatory oversight of U.S. companies, have caused speculation as to whether the new administration will curtail FCPA enforcement. Recently, the DOJ Fraud Section quietly released this administration’s first guidance setting out its position on the contours of an effective corporate compliance program. In a guest article, Paul Hastings partners Tara Giunta and Palmina Fava, and their associate Brian Wilmot, explain that this guidance does not signal any easing of enforcement – rather, the Fraud Section is signaling an incisive review of companies and their compliance programs, functions, resources and effectiveness. See “Top FCPA Officials Encourage Strong Compliance Programs and Remediation, the Defense Bar Responds” (Dec. 21, 2016).

    Read Full Article …
  • From Vol. 6 No.4 (Mar. 1, 2017)

    SFO Arrives in the Anti-Corruption Premier League With Rolls-Royce Settlement

    The U.K.’s Serious Fraud Office has struggled for legitimacy in recent years, with a limited number of enforcement actions under its belt and a shrinking budget. But its recent settlement with Rolls-Royce has established it as a force to be reckoned with in global anti-corruption enforcement. “The settlement catapults the SFO into the Premier League of global anti-bribery law enforcement,” said London-based Barry Vitou, head of Pinsent Masons’ corporate crime team. But is it sending mixed messages about the value of cooperation and self-reporting? For more on the settlement, see “Rolls-Royce Settlement Offers Lessons on How to Pay Commissions Without Corruption” (Feb. 15, 2017).

    Read Full Article …
  • From Vol. 6 No.3 (Feb. 15, 2017)

    Rolls-Royce Settlement Offers Lessons on How to Pay Commissions Without Corruption

    Rolls-Royce’s recent massive settlement with U.S., U.K. and Brazilian authorities is a stark reminder of the anti-corruption risks associated with intermediaries, agents and fixers when negotiating contracts with state-owned entities. Commissions paid by Rolls-Royce to its agents – including notorious oil-and-gas “solutions” provider Unaoil – often were eventually passed on to foreign officials to close deals, netting Rolls-Royce a global settlement for hundreds of millions of dollars. In this first article discussing the case, we look at the bribes Rolls-Royce paid, how its compliance program failed to prevent them and what companies can do to make sure that commissions paid to agents are not used improperly. In a second article, we will look at the implications for cooperative U.S. and U.K. enforcement and what the SFO is looking for in terms of cooperation and remediation. See “Bribery Act Experts Discuss the Impact of Brexit, DPAs and Other U.K. Developments” (Jul. 13, 2016).

    Read Full Article …
  • From Vol. 5 No.24 (Dec. 7, 2016)

    A Dish of Cream? Some Caviare? Or Strassburg Pie? How to Properly Respond to Bribery Requests  

    “Before a Cat will condescend to treat you as a trusted friend, some little token of esteem is needed, like a dish of cream,” T.S. Eliot wrote in his Book of Practical Cats. Ensuring that an employee properly responds to a bribe request is no easy task because providing the soliciting individual with a “little token of esteem” may be the path of least resistance for employees. In a guest article, Hogan Lovells attorneys Peter Spivack and Rafael Ribeiro discuss how a company can strengthen all aspects of its compliance program to minimize the risk that bribes will be requested and ensure that their employees respond appropriately when they are. For further insights from Hogan Lovells, see “How Companies Can Use Enhanced Auditing Techniques to Address the Government’s Increasing Focus on Internal Controls” (May 13, 2015).

    Read Full Article …
  • From Vol. 5 No.23 (Nov. 23, 2016)

    Developing Key Performance Indicators and Tracking Metrics Using ISO 37001 (Part Two of Two)

    The International Organisation for Standardisation’s new standard for anti-bribery management systems – ISO 37001 – provides a useful frame of reference for companies developing management tools such as key performance indicators (KPIs) and tracking metrics to address anti-corruption compliance. In the first part of this guest article series, Matthew Herrington, a partner at Steptoe & Johnson, Jonathan Drimmer, vice president and deputy general counsel at Barrick Gold Corp., and Leslie Benton, vice president of advocacy and stakeholder engagement of, explained how to use ISO 37001 to develop management tools such as KPIs and tracking metrics to address anti-corruption compliance, and provided an example of a KPI strategy mapped to the training requirement. In this second part, they examine additional areas of ISO 37001 that naturally lend themselves to KPI and/or metrics. See “Developing Key Performance Indicators and Tracking Metrics for an Anti-Corruption Program” Part One of Two)” (Feb. 24, 2016); Part Two (Mar. 9, 2016).

    Read Full Article …
  • From Vol. 5 No.19 (Sep. 28, 2016)

    Experts from PwC Discuss Compliance Audits and Common Missteps

    Compliance auditing is a critical component of an effective anti-corruption compliance program, recognized both by the U.S. Sentencing Guidelines and the government’s FCPA Resource Guide. A recent Strafford program, “FCPA Compliance Audits: Lessons From Recent Investigations,” discussed regulators’ expectations regarding compliance auditing, the process for scoping and conducting a compliance audit and common audit pitfalls. David A. Wilson, a partner at Thompson Hine, led the discussion, which featured Sulaksh Shah, a partner at PwC, and James Gargas, a director at that firm. This article discusses some of the key takeaways from the program. See also our interview series, “Best Practices for Performing Compliance Program Assessments: Pamela Passman of” (Apr. 6, 2016); “Susan Markel of AlixPartners” (Feb. 24, 2016); and “Jeffrey Kaplan of Kaplan & Walker” (Nov. 4, 2015).

    Read Full Article …
  • From Vol. 5 No.13 (Jun. 29, 2016)

    The DOJ Deploys Carrots and Sticks in Analogic FCPA Settlement

    The SEC and DOJ’s recent FCPA settlements with health care and security technology company Analogic reveal how the government is treating self-reporting and cooperation after the announcement of the Pilot Program and the Yates Memo. The combination of Analogic’s voluntary disclosure of its bribery scheme involving Russian slush funds, and its failure to fully cooperate in the investigation, netted benefits (the lack of a parent-level DOJ plea) yet also less-than-optimal results (a lower discount than the Pilot Program provides for). We analyze the more than $11 million settlement with Analogic and its Danish subsidiary BK Medical and BK Medical’s former CFO. See also “From Discounts to Slush Funds: Red Flags to Heed and Eight Steps to Take to Avoid SAP’s $3.9 Million Mistakes” (Feb. 10, 2016).

    Read Full Article …
  • From Vol. 5 No.8 (Apr. 20, 2016)

    Regional Risk Spotlight: Baker & McKenzie Lawyers Discuss Italy’s Corruption Risks and Unique Compliance Model 

    There is a growing trend, particularly in European countries, of implementing laws that outline the best practices for an anti-corruption compliance program and then allow a company to assert their effective compliance program as a defense to anti-corruption violations. Italy – a country riddled by corruption scandals, most publicly during the tenure of Prime Minister Silvio Berlusconi – has recently introduced an innovative set of laws that takes these proscriptive best practices a step further, particularly with regard to monitoring compliance programs. The FCPA Report recently spoke with Roberto Cursano and Aurelio Giovannelli of the Studio Professionale Associato of Baker & McKenzie located in Rome about the state of anti-corruption compliance in Italy. See previously “Analyzing Spain’s New Corporate Compliance Defense” (Apr. 6, 2016).

    Read Full Article …
  • From Vol. 5 No.8 (Apr. 20, 2016)

    Ten Key Compliance Measures CCOs Should Implement in 2016

    The increased enforcement of the FCPA and the U.K. Bribery Act, and statements by top enforcers of those laws, have highlighted the need for companies to identify and address any potential exposure to violations of anti-bribery and corruption laws around the world. As a new KPMG study reveals, managing new and emerging risks can seem overwhelming. In a guest article, Randy Stephens and Ed Petry of NAVEX Global identify ten steps to help compliance officers get ahead of the curve and plan for the coming year. See “Five Tools Every Chief Compliance Officer Needs for Effective FCPA Compliance: Title, Authority, Access, Budget and Culture (Part One of Two)” (Apr. 3, 2013); Part Two (Apr. 17, 2013).

    Read Full Article …
  • From Vol. 5 No.8 (Apr. 20, 2016)

    A Shady Consultant and Lackluster Accounting in China Wins Sands a $9 Million Penalty

    Las Vegas Sands Corp. (LVSC), a casino and resort giant, agreed on April 7, 2016 to pay a $9 million SEC penalty to settle FCPA charges stemming from its activities in China and Macao. According to the SEC, LVSC transferred funds totaling more than $62 million to a consultant in China without supporting documentation or appropriate authorization for the transfer of those funds. Furthering LVSC’s troubles, the majority of the transfers were made even though senior LVSC management knew significant funds that had previously been transferred to the consultant couldn’t be accounted for. In addition to the transfers to the consultant, LVSC’s Chinese operations were rife with internal controls failures and shady accounting. The case demonstrates that such controls are “of the utmost importance,” said Susan Divers, a senior advisor at LRN Advisory Services Group. See “How Companies Can Use Enhanced Auditing Techniques to Address the Government’s Increasing Focus on Internal Controls” (May 13, 2015).

    Read Full Article …
  • From Vol. 5 No.7 (Apr. 6, 2016)

    Travel and Entertainment Corruption Risks: Internal Controls to Ensure the Program Is Working (Part Three of Three)

    A strong travel and entertainment policy that clearly delineates between an acceptable business expense and an impermissible bribe is critical to keeping a company out of FCPA trouble. But a policy alone is not enough – a company must also have sufficient internal controls in place to ensure that employees understand and follow company policies. In this final installment of The FCPA Report’s three-part series on travel and entertainment expenses, we explore the controls companies should have in place to keep their travel and entertainment programs working effectively. The first article in the series discussed the hallmarks of an appropriate T&E expense and the second looked at T&E policies. See also “Five Stages of Corruption and Myriad Internal Controls Failures: Compliance Takeaways From the VimpelCom Settlement” (Mar. 9, 2016).

    Read Full Article …
  • From Vol. 5 No.6 (Mar. 23, 2016)

    Travel and Entertainment Corruption Risks: Three Musts for a Strong T&E Policy and Five Ways a Company Can Customize Its Program (Part Two of Three)

    A strong travel and entertainment policy is the bedrock of a compliance program, but a policy that is overly complicated or doesn’t consider business realities may undermine a company’s compliance efforts. In this article, the second in a three-part series on travel and entertainment expenses, we explore three characteristics of a strong T&E compliance policy and five ways companies can customize their policy to their business. The first article in the series outlined five hallmarks of an acceptable T&E expense and the third article will investigate what internal controls a company needs to make sure that its program is functioning properly. See also “How to Build an Anti-Corruption Policy That Allows for Appropriate Business Gifts” (Sep. 19, 2012).

    Read Full Article …
  • From Vol. 5 No.5 (Mar. 9, 2016)

    Five Stages of Corruption and Myriad Internal Controls Failures: Compliance Takeaways From the VimpelCom Settlement

    VimpelCom’s historic settlement with U.S. and Dutch authorities was notable for many reasons, among them the enormous penalties and disgorgement paid and the DOJ’s attendant civil forfeiture suit. But beyond the settlement itself, which was discussed in the first part of this two-part article series, the underlying bribery scheme is noteworthy – and informative – as well. Over and over the company’s weak internal controls enabled employees to make corrupt payments to a government official in Uzbekistan. Here, we take a close look at the five stages of corruption that were outlined by the DOJ in its criminal information. The underlying facts show the mechanics of how corrupt payments can be made and how strong internal controls could have prevented them. See “Examining New DOJ Compliance Counsel Hui Chen’s Four Elements of a Successful Compliance Program” (Jan. 13, 2016).

    Read Full Article …
  • From Vol. 5 No.2 (Jan. 27, 2016)

    Survey Highlights Surprising Lack of Corporate Anti-Corruption Efforts

    The World Bank estimates that $1 trillion is lost to corruption of foreign public officials each year. Yet, a recent survey conducted in the second half of 2015 by the economic crime and justice studies department at Utica College, along with risk and business consulting firm Protiviti Inc., found that company anti-corruption efforts are lacking. During a recent panel discussion, Scott Moritz, a Protiviti managing director, observed that most companies are not well positioned to deter, detect or investigate fraud and corruption. We summarize the most concerning portions of the survey report to help compliance professionals evaluate their programs and advocate for sufficient resources. See also “Ernst & Young’s Fraud Survey Warns of Anti-Corruption Complacency” (Jun. 25, 2014); and “Kroll Managing Director Extracts Practical Lessons From 2013 Anti-Bribery and Corruption Benchmarking Survey” (Jun. 26, 2013).

    Read Full Article …
  • From Vol. 4 No.10 (May 13, 2015)

    How Companies Can Use Enhanced Auditing Techniques to Address the Government’s Increasing Focus on Internal Controls

    Recent FCPA enforcement actions demonstrate that the government is asking more of the companies it regulates, especially when it comes to internal controls to prevent and detect corruption.  Fortunately, enhanced technologies are providing companies with new ways to create and maintain internal controls.  In a guest article, Michael J. Shepard, a partner at Hogan Lovells, explains how both pressure from the government and the ability to do more may push companies to go beyond the techniques traditionally associated with anti-corruption compliance programs and into a world previously inhabited almost exclusively by finance professionals – the world of internal controls.  See also “Mitigating Bribery Risks Using Financial Controls, Risk Assessments and Leveraging Internal Resources,” The FCPA Report, Vol. 3, No. 18 (Sep. 10, 2014).

    Read Full Article …
  • From Vol. 3 No.8 (Apr. 16, 2014)

    Three Regions, Four Settlement Tools and $108 Million: HP Entities Resolve Criminal and Civil FCPA Charges 

    Hewlett-Packard and three of its subsidiaries in Russia, Mexico and Poland have resolved FCPA charges, paying $108 million in penalties.  The schemes involved bribes to obtain contracts with various government sectors and encompass different risk areas, such as third-party payments and gifts.  The entities resolved the actions through a guilty plea (for HP Russia), a deferred prosecution agreement (for HP Poland), a non-prosecution agreement (for HP Mexico) and a cease and desist order (for HP, the California-based parent company).  The criminal fines represent discounts from the low end of the Sentencing Guidelines range, unlike the recent Marubeni case, and no compliance monitor was imposed.  For insights from HP on its current compliance program, see “Conducting Effective Anti-Corruption Due Diligence on Third Parties: An Interview with Gwen Romack, Director of Global Anti-Corruption at Hewlett-Packard Company,” Vol. 2, No. 20 (Oct. 9, 2013). 

    Read Full Article …
  • From Vol. 2 No.6 (Mar. 20, 2013)

    Structuring FCPA Books and Records Controls to Withstand SEC Scrutiny Without Impairing Sales

    Although the FCPA is commonly known as an “anti-bribery” law, it is frequently difficult for the SEC and DOJ to prove that a suspect payment was made with the requisite “corrupt” intent to establish a violation of FCPA Section 78dd-a.  However, investigations of suspect payments often reveal violations of FCPA Section 78m, which requires a company to maintain appropriate internal accounting controls and accurate books and records (the Accounting Provisions).  Even if a payment to a government official does not constitute an impermissible bribe, if that payment is recorded as a sales commission, then the company can still be held liable for an FCPA Accounting Provisions violation.  A recent webinar shed light on SEC enforcement and investigative priorities with regard to the Accounting Provisions and on how companies can approach the development of suitable accounting controls.  This article catalogues the noteworthy insights from the webinar.

    Read Full Article …
  • From Vol. 2 No.4 (Feb. 20, 2013)

    How Can Anti-Money Laundering Laws Affect an FCPA Compliance Program? An Interview with Former FinCEN Director James H. Freis, Jr. (Part Two of Two)

    Though motivated by different statutes, anti-money laundering compliance programs and FCPA compliance programs deal with related risks.  Anti-money laundering laws are also integrally related to FCPA charges, and prosecutors use them frequently in FCPA enforcement actions across industries and geographies.  The FCPA Report recently spoke with the nation’s former top anti-money laundering regulator, James H. Freis, Jr., about a range of issues, including the role anti-money laundering laws play in FCPA cases, how financial regulators are working together across the globe to combat corruption and the corruption challenges facing the gaming industry in particular.  In this, the second part of our interview, Freis discussed, among other things: the connection between anti-bribery laws and broader financial reforms around the globe; how financial institutions can integrate their AML and FCPA compliance programs; the similarities and differences between Politically Exposed Persons and foreign officials; and the importance of high-profile FCPA enforcement.  In the first article in this series, Freis discussed, among other things: what companies should focus on when conducting corruption and anti-money laundering risk assessments and audits; how the DOJ and SEC work with FinCEN on corruption cases; and details regarding the formation, operation and future of the Egmont Group, a 130-member organization of international financial intelligence units.  See “Former FinCEN Director James H. Freis, Jr. Discusses the Intersection between Anti-Money Laundering and Anti-Corruption Law (Part One of Two),” The FCPA Report, Vol. 2, No. 3 (Feb. 6, 2013).

    Read Full Article …
  • From Vol. 2 No.3 (Feb. 6, 2013)

    Former FinCEN Director James H. Freis, Jr. Discusses the Intersection between Anti-Money Laundering and Anti-Corruption Law (Part One of Two)

    One way prosecutors have pursued the FCPA’s broad jurisdictional reach and overcome some of the inherent challenges in corruption cases has been the use of a set of powerful tools – anti-money laundering laws.  The FCPA Report spoke with the nation’s former top anti-money laundering regulator, James H. Freis, Jr., about a range of issues, including how prosecutors use anti-monetary laundering laws in FCPA cases, how financial regulators are working together across the globe to combat corruption and the corruption challenges facing the gaming industry.  Freis was the director of the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) from 2007-2012 and is now Counsel at Cleary Gottlieb Steen & Hamilton LLP.  As Director of FinCEN, Freis led the development and enforcement of regulations, fighting not only money laundering and corruption, but terrorist financing, fraud and other financial crimes applicable to a broad range of financial institutions, including banks, securities and futures industry participants and insurance companies.  We are publishing our interview with Freis in two parts.  In the first part, Freis discussed, among other things, what companies should focus on when conducting corruption and anti-money laundering risk assessments and audits; how the DOJ and SEC work with FinCEN on corruption cases; and details regarding the formation, operation and future of the Egmont Group, a 130-member organization of international financial intelligence units.

    Read Full Article …
  • From Vol. 1 No.9 (Oct. 3, 2012)

    Tyco Settles SEC and DOJ Charges Relating to FCPA Violations, Agrees to Pay Over $26 Million in Penalties, and Subsidiary Pleads Guilty to Criminal FCPA Charge

    In connection with a 2006 settlement with the SEC over alleged FCPA and other violations, Tyco International Ltd. (Tyco) pursued a comprehensive compliance review of all of its operating entities – 454 companies in 50 countries.  That review disclosed additional FCPA violations, or continuing benefits from prior violations, involving more than a dozen Tyco direct and indirect subsidiaries.  Tyco reported those findings to the SEC and DOJ, which began new investigations into Tyco’s operations.  On September 24, 2012, the DOJ and SEC announced that Tyco has now reached a comprehensive settlement of those new matters, consisting of three separate elements: A settled civil enforcement action by the SEC against Tyco, a non-prosecution agreement between the DOJ and Tyco and the entry of a guilty plea to a criminal violation of the FCPA by a Tyco subsidiary.  This article provides a summary of the various investigations and charges and the details of the three settlements.

    Read Full Article …
  • From Vol. 1 No.5 (Aug. 8, 2012)

    Halliburton Settles Shareholder Derivative Suits Alleging Breaches of Fiduciary Duty Stemming from Inadequate Internal Controls and Violations of the FCPA

    In May 2009, the Policemen and Firemen Retirement System of the City of Detroit and the Central Laborers’ Pension Fund commenced separate shareholder derivative actions in the name of Halliburton Company (Halliburton).  The plaintiffs accused Halliburton and its former subsidiary, Kellogg, Brown & Root, Inc. (later Kellogg, Brown and Root, LLC) of operating as a “criminal enterprise” and running a “reign of terror” in connection with various violations of the FCPA and other laws.  Those violations included, notably, the payment of $182 million of bribes to win Nigerian oil contracts.  The parties have agreed to settle the suits and all related claims.  This article provides the background facts and a summary of the material terms of the settlement, with emphasis on those that relate to FCPA and anti-corruption compliance issues.  It also discusses Halliburton’s recently-filed Form 10-Q, which discloses internal FCPA investigations of payments made to third party agents in Angola and Iraq.

    Read Full Article …