Does Your Global Compliance Program Have Teeth?

Michael Spencer
GVP & Chief Counsel
6 min read
Does Your Global Compliance Program Have Teeth?

Global compliance can be tricky

At the end of 2022, the Department of Justice (DoJ) ordered a large U.S based conglomerate to pay over $160 million after they made bribe payments to a high-ranking official at Brazil’s state-owned oil company to secure an advantage when bidding on a major $425 million contract. The DoJ found that the company violated the anti-bribery provisions of the Foreign Corrupt Practices Act (FCPA) and so issued the significant fine. This case underscores both the financial liability that companies face when found guilty of corrupt practices and the importance of having a well-run internal compliance program.

As an attorney by trade for over 25 years, I’ve served as a federal prosecutor and in-house counselor for a Fortune 500 company. I’m currently working as Chief Counsel and Chief Ethics and Compliance Officer for Rimini Street, an international organization that specializes in delivering independent support for ERP systems. In this post, I will explore why it is crucial to have a compliance program in place, how a vendor relationship can get you in hot water, the importance of creating a culture of integrity, and how to navigate some of those tricky cultural differences that multinational organizations face as they conduct business abroad.

Ensuring your bases are covered

The FCPA was enacted to prevent entities from bribing foreign government officials to secure business or favors with them. This act applies to both public organizations and private citizens — any individual engaging in corrupt practices can draw the ire of the DoJ. Additionally, when public companies violate the FCPA, the Securities Exchange Commission (SEC) may also step in to fine the organization or order monitoring to observe the organization’s actions.

There are many laws in the United States around ethics and compliance — so many, in fact, that the DoJ has essentially noted that it’s impossible to follow them all. And while an organization can be prosecuted for failing to adhere to the rules, the DoJ does take into consideration whether an organization has a robust compliance program that ensures the organization does the following:

  • Adheres to legal and regulatory requirements
  • Abides by ethical and industry standards
  • Advises departments across the company on compliance matters
  • Fosters ethical behavior across the workforce

But having a compliance program in name alone is not enough. The DoJ clearly states that compliance programs must have teeth. This is often done by requiring that compliance officers report to either the CEO or chairman of the board to ensure the department is properly staffed and resourced.

Vendors can get you in trouble: The importance of due diligence

It may seem obvious that a company employee who engages in corrupt business practices is problematic, but less clear is the damage that vendors can do. Plainly said, a vendor engaging in bribery or other unscrupulous behavior can create a compliance problem for the company that hired them. This becomes a challenge for large and even midsized companies that outsource work to contractors, use international vendors to make real estate purchases, or simply use a variety of software-as-a-service (SaaS) tools. The DoJ makes it clear: your organization can be held liable for vendor behavior done on your behalf.

But the complexity of Fortune 5000 companies can make it seemingly impossible to ensure that all vendors act in good faith. Fortunately, there are three key things that a compliance program can check on to be more confident that a vendor is compliant:

  1. Do your due diligence. Prior to engaging in a contract, your organization should research the vendor. At the very least, ensure the vendor is not on the Office of Foreign Assets Control’s Sanctions List. It is important that your company goes through a vetting process so they know exactly who they are doing business with.
  2. Trust but verify. While many vendors may say they comply with government regulations or industry frameworks, it’s important to dig a little deeper. Ask pointed questions about what they are doing to remain in compliance and how they audit their compliance status. Your vendor should be able to articulate the efforts they’re making to adhere to the rules.
  3. Make compliance a contractual agreement. Your company should include provisions in the contract that say the vendor will comply with the necessary regulations, laws, statutes, frameworks, etc.

This checklist is not foolproof. It will not prevent those who intend to circumvent the law from doing so. However, it does provide a paper trail that proves you have taken strong steps to ensure compliance from your vendors. Whether you are currently looking for or will be looking for a vendor, be sure to reach out to your compliance department so they can help guide you through the process of ensuring vendor compliance. Doing so may reduce the level of scrutiny your company could face from the DoJ and SEC should a vendor run afoul of compliance guidelines.

Creating a culture of integrity, using tech to spot outliers

Vendors are not the only entity that can fall out of compliance with ethics and standards —employees are just as capable. Having a culture of integrity is paramount for any organization because it garners a positive reputation among your peers and can also can protect you from multi-million-dollar fines.

So how does one build a culture of integrity? It starts at the top.

The C-suite and executives must make it clear that not only are they going to do a good job but they’re going to do it the right way. And it can’t just be your compliance officer taking this stand — it must be echoed by the CEO, CFO, COO, and every vice president and director in each presentation and team discussion. Once you establish a culture of integrity from the top, the tone will permeate the organization.

Accountability is also important. If an employee sees a peer doing things the wrong way and that bad actor is still rewarded, all talk about integrity is just that: talk. One wrong action with no accountability can destroy the groundwork built over years to establish an ethical company. Yet when there is accountability and when people who do things the wrong way are held to task with consequences, your employees will realize, “OK, this is how we’re going to do this.”

But how can an organization uncover those individuals who act maliciously? How do they find out those who cut ethical corners? Certainly, an ethics help line can encourage employees to contact the compliance department about inappropriate behavior, but it’s also important to have technology in place to flag and audit suspect actions. Having technology that flags expense reports over a specific amount or patterns that seem unusual is important. After all, issues typically pop up where there are loopholes that employees can use to squirrel away money.

Cultural challenges: Remaining compliant across borders

As if trying to keep your employees and vendors in compliance isn’t hard enough, cultural norms present another challenge to overcome. In some cultures, such as Asia, gift-giving is not just the norm but also often expected. This can be quite a thorny issue when it comes to remaining in compliance.

While I cannot go through all the nuances of all the challenges of doing business across cultures in this article, I do want to leave you with two pieces of advice. First, communicate with your counterpart across international lines in advance, if possible. Let them know that although you would be honored to receive a gift, such action runs the risk of bringing dishonor to your company. When you explain it this way, it emphasizes your efforts to try to preserve your company’s integrity by following your local laws instead of insulting your counterpart’s culture. Getting in front of a difficult situation can help put everyone on the same page.

However, this may not always be feasible. Sometimes there are situations where you could humiliate the giver publicly if you don’t accept their gift. If you find yourself in this kind of situation, my second recommendation is to immediately report the gift to your organization’s compliance department. They should be able to help you navigate the next steps.

The importance of strong compliance programs

The case of the fined conglomerate is a reminder of the severe consequences companies can face for engaging in corrupt practices and highlights the importance of having a strong compliance program in place. Sometimes you just “don’t know what you don’t know,” but being willfully blind is no longer an excuse for unethical business behavior. At Rimini Street, we are doing business the right way. From the top down, integrity permeates our company culture, and my department is here to serve our employees by providing advice and counsel to ensure we are doing business the ethical way. Ultimately, by staying informed about ethics and compliance laws and taking proactive measures through the institution of a compliance program, companies can better navigate the world of ethical business and avoid the financial and reputational consequences of corrupt business practices.

You may also like: