Addressing Today’s Most Common Corporate Compliance Gaps
Addressing Today’s Most Common Corporate Compliance Gaps
By Steve Kuzma and Paul Harris, Ernst & Young LLP*
Increased corporate accountability is a top priority for federal regulators and law enforcement agencies. In recent news, several highly publicized investigations have fueled the federal government’s heightened efforts to crack down on schemes involving conflicts of interest, procurement and consumer fraud, antitrust violations, false claims, corruption and bribery, export control violations, and other ethical breaches. An effective compliance program is the first line of defense in this era of increased scrutiny and penalties. Therefore, traditional organizational structures are now transforming under the pressure of ever-increasing laws and regulations that drive greater corporate accountability and transparency.
Today’s companies must adapt to a fluid regulatory environment and recent legislative actions (in health care and financial services reform, for example) and may even require an overhaul of entire processes. Additionally, companies must be able to adapt to constant legal and regulatory changes as the corporate compliance function will not be effective if operating on “auto pilot.”
In today’s market, we see several common compliance gaps that many organizations either have or are currently facing. They are as follows:
1. Corruption and bribery – The overhang of highly-publicized foreign bribery and corruption scandals has pushed the Foreign Corrupt Practices Act (FCPA) to the forefront of federal investigation and law enforcement priorities. It critical in this hyper-enforcement environment for U.S. companies that market overseas to minimize the risk of an FCPA investigation by implementing effective FCPA and international antibribery procedures. The failure to do so could expose companies to significant reputational and financial risks. As the Securities and Exchange Commission and the Department of Justice have stepped up efforts to investigate and prosecute business corruption, it is now more important than ever for U.S. companies to assess and strengthen their FCPA compliance program.
2. Supply chain due diligence – Many companies know their employees, but not all perform thorough third-party due diligence on the representatives, consultants, subcontractors and other third parties with whom they do business. Entities and individuals in the supply chain function may be liable for compliance issues that can create unforeseen criminal law and reputational issues for the company. Thorough and comprehensive third-party due diligence can help identify compliance and reputational risks before they become a regulatory problem.
3. Privacy/Information Security – The ever-increasing amount of electronic data being transmitted creates risks for companies. Many organizations today require consumers to provide personal data in business transactions – everything from a social security number to an email address. The collection and use of data is crucial to many online business models. It is equally important that consumers trust that their privacy is protected and used for its intended purposes only. Both U.S. and international laws require companies to do just that. However, there have been numerous instances where organizations are not paying enough attention to their international operations, where country laws recognize privacy as a fundamental right and has strict prohibitions on the collection and sharing of personal data.
4. Antitrust –Increased antitrust enforcement is a top priority for the Obama Justice Department. In response to a question from the American Antitrust Institute, President Obama stated that he would “direct [his] administration to reinvigorate antitrust enforcement . . . . [and] take aggressive action to curb the growth of international cartels.” Federal Trade Commission (FTC) Commissioner has proposed that the FTC should make subpoenas mandatory at the beginning of every formal investigation, rather than relying on voluntary requests for information. During an economic downturn, antitrust enforcement becomes critical. Fines and penalties in this area are enormous, driven by U.S. and EU programs that provide amnesty to the first person to disclose unlawful antitrust activities.
5. Export compliance – Globalization has pushed many U.S. companies to market overseas. In a rush to capitalize on new “growth areas,” companies often overlook export control requirements. Effective export compliance is viewed by the government as a national security issue. Exporters of defense articles, including technical data, first must be registered and must also comply with such requirements as obtaining the appropriate license, agreement management, vendor certifications and export control markings. Global companies are reporting an increase in federal enforcement activity in the area of export control compliance.
Our nation’s legislators and law enforcement officials have zeroed in on corporate misconduct. Fueled by recent scandals, new legislation and other initiatives have been rolled out to prevent, detect and punish a wide array of conduct. A harried, ineffectual response to investigation, an inadequate defense to prosecution or civil suit and consequential damage to corporate reputation, all await companies with “reactive” compliance and ethics programs. A proactive and robust compliance program that enables a company-wide understanding of and adherence to the many criminal, civil and administrative provisions provides the best armor in this targeted area.
*Messrs. Kuzma and Harris are part of Ernst & Young's Fraud Investigation and Dispute Services Practice and are based in Atlanta and Washington, DC, respectively. The views expressed herein are those of the authors and do not necessarily reflect the views of Ernst & Young LLP.