Editor: The Foreign Corrupt Practices Act ("FCPA") continues to be a significant enforcement priority for both the U.S. Department of Justice and the Securities and Exchange Commission. Please describe Ernst & Young's FCPA practice.
Sibery: I agree with your comment about the FCPA continuing to be a significant enforcement priority. We have seen increased demand for services in that area, and not only in the traditional reactive role of investigating these allegations or concerns. We have also seen more activity in the area of M&A and more proactive steps in terms of risk assessment and training as it relates to FCPA.
We have an internal group of professionals who focus on FCPA matters. We currently have people all over the world working on these assignments. We also have an extensive international network of Ernst &Young fraud investigators who work with us. A large number of our investigations involve both U.S. forensic accountants as well as forensic accountants from the country in which we are working.
Editor: Do you work with corporate counsel and outside counsel on these issues?
Sibery: In most cases, we are part of a team that includes in-house counsel, outside counsel and internal audit. When we are called in to help with FCPA risk assessments, we may work only with in-house counsel and the internal audit function.
Editor: Are there any special characteristics to the current FCPA environment?
Sibery: The biggest emerging issue we are seeing is that many more companies are taking additional steps to raise awareness of the importance of compliance with FCPA among their global employees, to assess whether they have the proper controls in place going forward and to provide training as to how employees should react if an FCPA compliance failure should be detected. They are not waiting for an event to happen and then improvising a response. We are also seeing that kind of proactive thinking when a company is considering an acquisition. Companies will ask us to assist at an early stage of their acquisition discussions to consider the FCPA issues that could be a deal blocker.
Editor: What do you see are the challenges for general counsel?
Sibery: The burden of FCPA compliance often falls squarely on the shoulders of the corporate counsel group, but it is also important to have the appropriate coordination and involvement of other groups like internal audit and the compliance group - often representatives from each of these groups make up the membership of an FCPA working group. For example, the corporate counsel may make sure appropriate FCPA-related code of ethics and training programs exist. The internal audit function may focus on incorporating detection of violations in their internal audits and also take into account any issues previously detected. The corporate compliance group focuses on making sure that any issues are being reported, tracked and monitored.
Editor: What is Ernst & Young's role?
Sibery: We are often engaged because of our previous knowledge and experience in FCPA matters. We have a number of partners and staff here that have been focusing on FCPA investigations, training and risk assessments. We have gained considerable experience as a result of working with many companies - small and large - in a wide range of businesses all over the world. We may be brought in by any of the groups making up the FCPA working group I just mentioned. But in most instances in-house counsel brings us in to help them assess the risk, implement new procedures or investigate problems - our participation is particularly valued in locations where companies do not have extensive resources.
Editor: What would your role be in the risk assessment process?
Sibery: FCPA risk assessments are becoming more and more popular for companies to consider. Companies are trying to stay ahead of the curve in the compliance area. With FCPA being a hot area right now, companies are trying to consider the risk areas they have and what they can do to stay on top of monitoring any problems.
Our role is to help companies ask the right questions. While we bring to the table the special insights our training and experience provides, in-house counsel and other members of a company's management team have better knowledge of the company. We work hand in hand with in-house counsel to go through a risk assessment exercise. We may also be asked to help them implement specific training or do risk assessments on a country or regional basis.
Editor: How can your services be helpful to general counsel?
Sibery: One of the areas in which general counsel look to us for help is in providing them with additional insight into what is going on in operations that may be geographically distant from the general counsel's office, or where there are cultural differences that may complicate FCPA compliance. Our services have been particularly useful to the general counsel in organizations where they have limited contact with inside counsel at the foreign affiliate. Given the FCPA and Sarbanes-Oxley, we have seen a trend toward general counsel's maintaining stronger relationships with in-house counsel of foreign divisions and subsidiaries.
In many FCPA investigations it is advantageous to use a joint U.S.-local team. This provides the benefit of involving U.S. practitioners who are familiar with the FCPA and the current DOJ and SEC enforcement environment. We are frequently invited to participate in these teams. Our people have an understanding of the expectations of the FCPA regulators. We are also able to bring in professionals who are in tune with the area that is being investigated - who know the language and can provide insights about local practices.
Editor: Tell us about FCPA compliance related services that you provide?
Sibery: We are being asked to assist with FCPA training programs and risk assessment profiles. We are also helping to devise internal audit programs or compliance programs that can help companies better prevent and detect FCPA problems. At times, we find that companies may have well thought out and mature codes of ethics and training programs, yet they may not have focused as much on monitoring the adherence to those policies. We are often brought in to develop ways to improve the implementation of their programs. Through that work, we are in a better position to keep general counsel informed about compliance best practices.
Editor: What steps should a company take to assist you in tracking accounting abnormalities that might reveal an FCPA problem?
Sibery: It is important for the legal department to be connected at the local level. It can also be helpful to have a uniform accounting system that provides transparency to the transactions at the local level. Multiple acquisitions make it more difficult to maintain such uniformity. A system with local transparency helps us more easily identify accounting issues that may relate to an FCPA compliance failure. Another valuable tool is the increasing practice that some companies follow of getting subcertifications from officers of affiliates throughout the world to support the certifications required under Sarbanes-Oxley. In connection with these subcertifications, some companies encourage employees to note any areas of disagreement or issues that trouble them - this process can bring to light FCPA issues.
Editor: How can you help prevent FCPA compliance failures?
Sibery: A large part of our business is conducting investigations. However, we are being asked more and more to assess FCPA compliance programs and advise with respect to improvements.
Editor: What about the treatment of facilitating or "grease" payments?
Sibery: For the most part companies have strict rules about "grease" payments, including very detailed approval steps that must be followed. Typically, if there is any question, the legal department will make the decision on the appropriateness of a payment. Companies are making employees aware of the circumstances in which such payments can be made by giving them examples of proper and improper facilitation payments. However, we are seeing fewer facilitation payments being made - perhaps because of uncertainties with respect to their legality.
Editor: Are you involved in helping companies benchmark how other companies are handling FCPA compliance?
Sibery: We are often asked by corporate counsel to help them assess how they are handling FCPA compliance as compared to other companies. Given our FCPA focus, we have seen the standards and methodologies used by a large number of companies. While we can't share specific information due to confidentiality, we can share the trends across similarly situated companies. Audit committee members are also eager to know how their company's FCPA compliance program measures up against those of its peers. We look at specific areas such as tone at the top, organization of the compliance function, reporting relationships, risk assessments, employee training, monitoring compliance, hot lines, etc.
Editor: Where does FCPA fit into Sarbanes-Oxley?
Sibery: The SEC is responsible for monitoring and enforcing the accounting provisions of the FCPA. FCPA compliance is an important element that must be considered by the CEO and CFO when they comply with the certification requirements of Sarbanes-Oxley.
Editor: What provisions of the FCPA are most likely to involve the DOJ?
Sibery: The bribery provisions are of greatest interest to the DOJ. The SEC takes the lead in going after violations of the books and records and internal control provisions. We have seen a close working relationship between the DOJ and SEC on FCPA issues. The DOJ is out talking about the FCPA - and so is the SEC.
Editor: Why is pre-M&A FCPA due diligence a hot issue?
Sibery: News stories and enforcement actions about M&A transactions that have stalled because of concerns about the FCPA compliance status of acquisition partners have attracted a lot of attention. People have become concerned about the adverse publicity that can be generated if an acquisition partner has FCPA violations - and about successor liability. The due diligence teams in which we participate are aware of this. For this reason, we are frequently asked to investigate red flags that may be raised during the due diligence process.
Editor: Are you seeing training programs dealing with FCPA and other controls being implemented by an acquired company?
Sibery: Absolutely. FCPA is part of the integration process. Issues like proper translation of FCPA policies and training programs into the local language rank high on the list of things to do. We have people in many locations who can help. We often work closely with a company to help it design and implement an FCPA training program for an acquired company, no matter where in the world. Sometimes it requires us to train the trainers as opposed to being outsourced as trainers.
Editor: If an FCPA problem is discovered, how should a company deal with it?
Sibery: The company should find out what really happened and the extent of it. Even more important is making sure that the activity is stopped if not appropriate. Every FCPA compliance violation should be investigated to determine why it happened and what can be done to stop it from happening again. Remedial steps may be advisable even before the initial investigation has been completed.
Published April 1, 2007.