Ethical Advocate regularly shares information about the U.S. Foreign Corrupt Practices Act (FCPA) because it affects many organizations in a wide variety of ways. See, for example, “Ethics Hotlines and the Foreign Corrupt Practices Act” and Ethics Programs, Ethics Hotlines, and FCPA Penalties.

News headlines tend to focus on large multinational corporations. Therefore, it is common to think of FCPA compliance in terms of very large organizations with very large exposure. Such organizations, we assume, typically have board of directors’ oversight of ethics and compliance activities, well-staffed compliance offices with high-level executives, and a number of formal communications methods and practices for promoting ethics and compliance across the workforce.

In reality, all organizations that do business outside of the United States must pay attention to the FCPA. Fortunately, regulators recognize that “when it comes to compliance, there is no one-size-fits-all program.” This commonsense statement is found in A Resource Guide to the U.S. Foreign Corrupt Practices Act, jointly published by the U.S. Department of Justice (DOJ) and the U.S. Securities and Exchange Commission (SEC).

The document further states “small- and medium-size enterprises likely will have different compliance programs from large multi-national corporations, a fact DOJ and SEC take into account when evaluating companies’ compliance programs.” Nevertheless, the hallmarks of effective compliance programs, as identified in the Resource Guide, are the same for all:

— Code of conduct and compliance policies and procedures

— Oversight, autonomy, and resources

— Risk assessment

— Training and continuing advice incentives and disciplinary measures

— Third-party due diligence and payments– Confidential reporting and internal investigation

— Continuous improvement through periodic testing

A recent post in the FCPAmericas blog, written by attorney Matteson Ellis, provides additional related information. He highlights section 8B2.1 of the U.S. Sentencing Guidelines, which requires that organizations of all sizes shall:

— Exercise due diligence to prevent and detect criminal conduct

— Promote an organizational culture that encourages ethical conduct and a commitment to compliance with the lawThe guidelines further state that in determining what specific actions are necessary to meet those requirements, factors that shall be considered include: applicable industry practice or the standards called for by any applicable governmental regulation; the size of the organization; and similar misconduct.

Ellis highlights the statement that small- and medium-sized companies can meet these requirements with “less formality and fewer resources” than larger companies. Examples include:

— Directly managing the organization’s compliance and ethics efforts

— Training employees through informal staff meetings, and monitoring through regular –“walk-arounds” or continuous observation while managing the organization

— Using available personnel rather than employing separate staff, to carry out the compliance and ethics program

— Modeling its own compliance and ethics program on existing, well-regarded compliance and ethics programs and best practices of other similar organizations

It is important for small companies to recognize their FCPA obligations, and to respond appropriately. Fortunately, regulators allow for a range of responses, depending in part on the size of the organization.

Ethical Advocate offers assistance in setting up and managing ethics and compliance hotlines and programs.

References:

Ellis, Matteson. “FCPA Compliance for SMEs: How smaller companies meet enforcement agency expectations.” FCPAmericas blog, May 9, 2014.

U.S. Department of Justice and U.S. Securities and Exchange Commission. A Resource Guide to the U.S. Foreign Corrupt Practices Act, November 2012.

U.S. Sentencing Commission. Guidelines Manual, November 2013.