FCPAméricas Blog
Reviewing Your Mexican (or Other) Operations for FCPA Compliance
5.11.2012
Does Wal-Mart have you worried about your Mexican operations? Is your Board asking you to make sure your business units do not have corruption problems that could put your picture in the New York Times (see a recent article in CFO discussing this growing dynamic)? Are you uncertain on where to start?
In an earlier post, FCPAméricas cautioned against a “scattershot” approach to compliance. Targeted FCPA compliance reviews are only one piece of the puzzle and they do not take the place of a comprehensive compliance program. Nevertheless, they can serve an important purpose. They can help ensure that your program is not just words on paper. They can also quickly address areas of immediate concern and give management peace of mind (or a reason to take quick remedial action).
Here are two things you can do in the short-term to review your Mexican (or other) operations.
1. Procedures Review. Test if the anti-corruption procedures currently in place are working properly. Is your head of sales, business development, and logistics fully trained on their compliance responsibilities? Are third party due diligence procedures being applied consistently? Are employees aware of and adhering to travel and entertainment policies, import and export procedures, and charitable giving rules? Are hotline tips being reviewed, categorized, and responded to in an appropriate fashion?
2. Forensic Accounting Review. Conduct a diagnostic of your books and records to test for suspicious transactions. For example, review your general ledger for potential improper payments in high risk transactions. If a particular employee oversees frequent transactions with government officials, look at his or her expense accounts. If a particular service provider is a common intermediary between you and the government, look at payments issued to it. Check for manual entrees associated with these entities. Review accounts related to “consultants,” “entertainment,” “agent fees,” or “commissions” for unusual patterns or entries. Create key word universes based on the highest areas of risk you face.
Some companies are trailblazing in this area. Take Weatherford as an example. As a normal part of its compliance program, the company conducts periodic compliance reviews on its operations all over the world. It describes these reviews as “audits of compliance with relevant laws and Weatherford’s Code of Business Conduct with a focus on anti-corruption, trade compliance, antitrust and conflicts of interest.” The review teams are made up of in-house counsel and forensic accountants and they spend two-to-three weeks in each country to conduct the review. Each review generally follows seven stages.
First, weeks before traveling to the country, the review team looks at documents and data to structure the audit. Information includes general ledger transactional data, revenues by customer, vendor listing and vendor expenses, employee expense reports, and contracts with third parties.
Second, the review team considers any known allegations of compliance failures that have arisen through reporting mechanisms and adds this information to its review plan. It might solicit additional input from other company sources like Internal Audit, regional compliance counsel, and regional auditors.
Third, the review team might send one member to conduct a “pre-visit” that includes high-level interviews with country leaders which helps to continue refining data-gathering efforts.
Fourth, once in-country, the review team will conduct upwards of 50 interviews with personnel in various key departments, such as Business Development, Accounting & Finance, HR, and Legal.
Fifth, the review team continues its review of the books and records and uses this information to inform and supplement interviews.
Sixth, the review team follows up on outstanding issues and questions while in-country and after it has left.
Finally, the review team drafts its report, includes suggested remedial actions, and distributes it to the country leadership, regional leadership, and other corporate leadership. The country management is then required to provide a written remediation plan within 30 days of the distribution of the final report.
The FCPAméricas blog is not intended to provide legal advice to its readers. The blog entries and posts include only the thoughts, ideas, and impressions of its authors and contributors, and should be considered general information only about the Americas, anti-corruption laws including the U.S. Foreign Corrupt Practices Act, issues related to anti-corruption compliance, and any other matters addressed. Nothing in this publication should be interpreted to constitute legal advice or services of any kind. Furthermore, information found on this blog should not be used as the basis for decisions or actions that may affect your business; instead, companies and businesspeople should seek legal counsel from qualified lawyers regarding anti-corruption laws or any other legal issue. The Editor and the contributors to this blog shall not be responsible for any losses incurred by a reader or a company as a result of information provided in this publication. For more information, please contact Info@MattesonEllisLaw.com.
The author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author.
© 2012 Matteson Ellis Law, PLLC
Post authored by Matteson Ellis, FCPAméricas Founder & Editor
Comments
May 14th, 2012 at 11:36 pm
[…] 8″ and notes a filing in its database. This Week in FCPA, episode 37. The FCPAmericas blog has a how-to review on operations in Mexico. Tom Fox does a video podcast on corporate hospitality under the FCPA and […]