Export-controls violations at United Technologies and Raytheon and the ongoing bribery investigations at JP Morgan and Wal-Mart are just some notable examples from the steady pace of stories in the news media concerning corporate compliance issues.
These types of problems are, of course, very costly to deal with, in terms of penalties and fines paid in settlements, and as a result of the costs to investigate and remediate any problems. With that backdrop, companies of all sizes and in all industries should understand by now the critical importance of having an effective compliance program.
The U.S. Federal Sentencing Guidelines expressly reflect the need for corporations to have an “effective compliance and ethics program.” Similarly, the Bureau of Industry and Security of the U.S. Department of Commerce preaches that exporters must have an effective export management and compliance program to avoid violations of the Export Administration Regulations.
Despite this guidance, a common mistake is to have nothing more than a generic, “off the shelf” compliance program consisting of little more than standard, boilerplate policies and procedures. Policies and procedures are undoubtedly vital pieces to a compliance program, but they, and the entire compliance program, generally, must be risk-based and tailored to address the specific risks of a given entity, based on the nature, scope and location of its operations.
One particular source of risk for companies is its relationships with third parties, particularly the sales representatives, distributors and consultants used in international business operations. Managing those risks begins with performing meaningful due diligence on those third parties before the relationship has commenced and then continues with the need to manage those relationships from a regulatory-compliance perspective.