In some parts of the world, cash-stuffed envelopes flow as freely as handshakes and smiles during business dealings. In Greece, bribes are so common they have a word for it: fakelaki, which literally means "little envelope."
Once considered "business as usual," bribes paid to foreign officials in exchange for business contracts have become primary enforcement targets in the United States and abroad. A growing number of companies are paying substantial fines to the U.S. Department of Justice and the Securities and Exchange Commission for violating the Foreign Corrupt Practices Act, or FCPA. The federal government stepped up oversight of the long-dormant law enacted in 1977 around 2004-2005.
In 2004 the federal government prosecuted three FCPA cases totaling $11 million in fines. That number steadily increased to 22 cases in 2010, accounting for more than $1 billion in penalties. During that period, several high-profile cases have changed the way manufacturers think about compliance and paved the way for more laws designed to prevent corruption.
A proposed provision in the Dodd-Frank Wall Street Reform and Consumer Protection Act aims to encourage more reporting. The proposal calls for rewards of at least $100,000 to whistleblowers who voluntarily provide the SEC with original information about violations that result in sanctions exceeding $1 million.
If the provision becomes part of the Dodd-Frank law, manufacturers will have another reason to tighten compliance oversight. But the ability to monitor business dealings with foreign entities becomes more complex when you're a multibillion-dollar conglomerate with operations and subsidiaries all over the world. German engineering giant Siemens AG found this out the hard way when it set the record for FCPA fines in 2008. The company agreed to pay $1.6 billion to U.S. and European authorities for paying off foreign officials.
Siemens reached a nadir with its record-setting penalty, but the incident offered a host of lessons learned regarding corporate compliance and management.
When in Rome
The crackdown on FCPA infringement gained traction with the creation of the Sarbanes-Oxley Act of 2002. Sarbanes-Oxley requires publicly traded companies to certify financial reporting accuracy and assess the effectiveness of internal controls. The process revealed shortcomings in FCPA compliance at many firms. Another contributing factor was the combination of globalization and technology. Corporate expansion into emerging markets created more opportunities for malfeasance, and technology made it easier to alert the federal government when misconduct took place in distant locations, says Bill Athanas, a corporate attorney with Waller Lansden Dortch & Davis LLP in Birmingham, Ala.
In the past, sales associates and executives working in regions with state-owned enterprises viewed bribery simply as a cost of doing business. "Many of those individuals operated under the belief that when in Rome, you act as the Romans do," says Athanas, who previously worked as a Justice Department prosecutor investigating FCPA cases. "So if you're in a country with a long history of corruption, such as Brazil, Russia, India, Mexico and China, and all of your competitors are making these payments, it was OK to make them as well."
Some manufacturers even included bribery in their annual budgets. But once the Siemens scandal was exposed, companies could no longer ignore the impact of FCPA noncompliance. Siemens pled guilty to violating the FCPA in December 2008 for making illegal payments totaling approximately $1.4 billion between 2001 and 2007.
Compliance Starts Up Top
As part of the company's settlement with the government, Siemens agreed to hire an independent compliance monitor for a four-year period to oversee implementation and maintenance of a comprehensive compliance program. The company also settled with the World Bank for $100 million to establish an "integrity initiative" to promote clean markets.
Since then, Siemens has established itself as a model for corporate compliance, as evidenced by the company receiving the highest-possible ranking for compliance on the Dow Jones Sustainability Index in 2009. CEO Peter Loescher took the first step toward establishing a compliance culture at Siemens when he replaced half the company's top executives shortly after taking the helm in 2007 at the height of the scandal.
The leadership team sets the companywide tone for ethical and moral behavior, says Benjamin Heineman, senior fellow at Harvard's schools of law and government and former General Electric senior vice president and general counsel. "This has to be something that is the CEO's fundamental mission and the fundamental mission of the top business leaders," he says. "This is not a staff function. This is not something for finance or HR. They all have an important role to support the CEO and the business leaders, but the business leaders have to believe it, they have to own it, and they have to create a performance with integrity' culture from the shop floor to the C-suite."
Corporate governance expert John Alan James takes it a step further and says internal controls begin with board directors who define codes of conduct. Companies then need leaders who "set the tone," says James, a professor at Pace University's Lubin School of Business in New York. Simply throwing money at the problem won't erase a poor corporate culture, he adds. "There is one company I know of that spends millions of dollars a year on corporate conduct, and they have one of the lousiest criminal incident rates of any company I've ever known," he says.
Siemens' Lessons Learned
After revamping its leadership team, Siemens centralized its oversight functions, such as legal compliance, finance and internal auditing, to unify procedures and standards, says Kevin Rogan, Siemens' cluster compliance officer for the United States and Canada.
In the past, payments to third parties were not monitored by finance controls at the company's headquarters as closely as they are today, Rogan says. The Justice Department cited Siemens for facilitating corrupt deals through business consultants and drawing from cash desks and slush funds to make the payments. Now, every bank account must be registered at German headquarters, and almost all activity in bank accounts are fed into a centralized database for review, Rogan says.
The company also wanted to stress the idea that compliance is a "must have" rather than the old-school thinking it's an added benefit, says Rogan, who joined Siemens in 2008. It started with the formation of an estimated 600-person compliance organization. Each regional and operating company has its own compliance review board that is required to meet, at minimum, on a quarterly basis to discuss reports or investigations with each management group, Rogan says.
Another area that was lacking in Siemens was an avenue for employees to report suspected misconduct. The company established a 24/7 hotline called Tell-Us that allows any employee or outside supplier to report by e-mail or phone noncompliance activities in 100 different languages, Rogan says. The company outsources the whistleblower line through an independent service for anonymity and confidentiality purposes. Once a report comes through the system, the company's compliance legal team of attorneys reviews the case. If the allegation shows potential merit, an internal compliance investigation department further examines the issue before issuing a report. In the event of a violation, Siemens proceeds with appropriate discipline and reports the matter to authorities if necessary, Rogan says.
But companies shouldn't rely too heavily on whistleblower hotlines to root out corruption, says Dean Krehmeyer, executive director of the Business Roundtable Institute for Corporate Ethics. Krehmeyer has been critical of the proposed whistleblower provision in the Dodd-Frank act. Such an incentive could undermine already-established internal compliance programs at leading companies, Krehmeyer says. "The ideal situation is to never have whistleblowers," Krehmeyer explains. "By this, I mean that the moment someone is characterized as a whistleblower, the situation is already suboptimal. We need company leaders throughout the organization more than we need whistleblowers. What we really want is to create situations where people who have concerns are willing to voice them to people in positions of authority within their company."
Research shows that nearly three-fourths of all potential misconduct reports are initially made to supervisors rather than external sources, such as hotlines, Krehmeyer says. This, he says, indicates that it's more important to prepare and empower supervisors to make the appropriate decisions when handling such reports.
See Also:
• The Business Case For Avoiding Bribes
