How Vigilant is Vigilant Enough?

Transactional data testing can multiply your FCPA compliance and investigative efforts

By Edward A. Rial, J.D.; Daniel Krittman; Anthony DeSantis, CFE

Companies need to use technology and testing methodologies to uncover red flags and patterns that could indicate corrupt schemes and transactions. New tools on the horizon will help you search across virtually all of your data and information and even predict problems and vulnerabilities. 

MarchApril-data-treeTech Inc., a rapidly growing software company operating in 45 countries, learns that the U.S. Department of Justice (DOJ) and the Securities and Exchange Commission (SEC) are investigating payments made by its subsidiaries in Brazil and China for possible violation of the Foreign Corrupt Practices Act (FCPA). Bob, the general counsel for Tech Inc., suspects that the source of the investigation is an employee who anonymously lodged a hotline complaint alleging that the company was 1) paying independent sales agents excessive commissions and 2) providing generous discounts and rebates to some of its channel customers and distributors. The complainant also said he believed the problem extended beyond Brazil and China based on discussions he had with other employees. 

While Bob is concerned with the immediate allegations, he's also worried that the numerous acquisitions that fueled Tech's growth has left it vulnerable to corrupt practices, particularly concerning a number of privately held companies acquired in emerging markets. Tech did very little pre-acquisition FCPA due diligence and has been slow to roll out an anti-corruption program to the acquired companies. 

Compounding Bob's misery is the news from outside counsel that the DOJ and the SEC will scrutinize the acquisition diligence to determine if Tech should be held responsible for any corrupt practices it inherited and will also expect Tech to look beyond Brazil and China and report on the effectiveness of its overall anti-corruption compliance program. That, outside counsel told Bob, will require interviews, review of documents and transaction testing at a number of locations selected from an assessment process based on factors such as the volume of direct and indirect government sales, use of third-party intermediaries, country-risk profile, local licensing and other regulatory requirements, prior compliance issues and the absence of compliance procedures and training in place. 

This imagined scenario is common for companies operating in or seeking to expand into developing, and frequently risky, markets. (See FraudBasics for more FCPA-related material.) Bob's concerns will ring true with other company counsels, CFEs, compliance professionals and auditors responsible for managing risk and compliance efforts. With funding scarce, these groups are being asked to do more with less, which forces them to strike a balance between adequate procedures to assess, monitor and mitigate risk; conduct fraud investigations; and perform due diligence on acquisition targets and business partners while not breaking the bank. This article discusses how companies can utilize technology and testing methodologies to uncover red flags and patterns that could potentially indicate corrupt schemes and transactions. 


If your company conducts business in emerging or risky international markets — or is planning to enter them — you can't be complacent about your FCPA compliance efforts.

In 2010, the DOJ and the SEC nearly doubled the number of FCPA enforcement actions brought over 2009, which had been a record-setting year.1 Indications from the DOJ are that 2011 was another strong enforcement year.2 Furthermore, the U.K. Bribery Act, which became effective July 1, 2011, represents perhaps the most significant change in global anticorruption law since the 2011 U.S. PATRIOT Act.

Companies may seek to reduce their potential exposure to corrupt acts and the resulting legal liabilities and reputational damage by implementing compliance programs designed to address particular geographic, industry and business risks. Such programs will typically include procedures through which you can monitor risk areas and test for potential red flag indicators of improper payments or other corrupt arrangements. These procedures may include email filtering to identify suspicious terms or phrases and spot compliance reviews at higher-risk locations to ensure, for example, that third-party retention and monitoring procedures are being followed. 

A sometimes overlooked, yet important and potentially powerful, way to monitor anticorruption compliance is through transactional data testing for potentially improper payments. Great strides have been made in developing tools that can process and analyze large volumes of data, which can identify transactions that may require further review. 

For full access to story, members may sign in here.

Not a member? Click here to Join Now. Or Click here to sign up for a FREE TRIAL.