Prohibiting US firms and individuals from paying bribes to foreign officials in furtherance of a business deal, the FCPA’s impact in the CEE/SEE (Central and (south)Eastern European Countries) region continues to grow. We speak to Jitka Logesová who heads the firm-wide Corporate Investigation practice at Wolf Theiss, on what impact the FCPA has and the importance effective compliance management systems play in such situations.
What is the relevance of the Foreign Corrupt Practices Act in the CEE/SEE region?
The influence of the FCPA is tremendous. To give you some perspective, most of the corporate investigations that we are currently running in the CEE/SEE region are somehow FCPA-triggered. The CEE/SEE countries are still perceived as more vulnerable to corruption than the rest of Europe as indicated, for example, in the latest Transparency International Corruption Perceptions Index. The concept of corporate criminal liability was introduced gradually and relatively recently in some of the countries in the region. However, at the same time the will of public authorities to prosecute corporate crimes is generally on the rise. For example, since 2015 the number of commencement of criminal proceedings against legal entities in the Czech Republic increased almost by double. So if companies have business activities occurring in this part of the world, they should really focus on compliance issues and being able to present an effective compliance management system, to enable them to emit as much corporate criminal liability as possible.
Why is the FCPA so important here and what impact can the violations of the Act in jurisdictions outside the US have?
The Foreign Corrupt Practices Act gives the United States authorities effective power to prosecute US and foreign companies with certain ties to the United States jurisdiction for bribery of foreign officials. The word "foreign" is particularly important, indicating that the legislation covers illegal activities (bribery of foreign officials) outside the United States, in every other jurisdiction where a company or an individual have set up their relevant business. If, for example, non-compliant behaviour, or even suspicious behaviour, is detected in one of the company's CEE/SEE subsidiaries, the company can be held liable for this, not only in that particular jurisdiction, but also in the United States, even if the activity occurring in the US subsidiary was legal.
The sanction being imposed by the DOJ is extremely high and excludes additional costs, such as legal fees, costs of monitorship, costs associated with updating the compliance system (etc). Alleged violations of the FCPA are extremely sensitive to deal with. The potential of reputational damage is tremendous and it has serious consequences with respect to business.
Having been found guilty entails being possibly excluded from participation in public tenders in the EU for several years. These are significant losses and that is why the investments into compliance should not be neglected. Besides, third parties are nowadays more cautious and pay much more attention to the compliance of their business partners than a few years ago as a precondition to get involved with them. The interesting thing is that the Foreign Corrupt Practices Act was established in 1977, but it started to be actually enforced almost 30 years later. The CEE/SEE corporate criminal liability and anti-bribery laws are only a few years old and the authorities are still struggling to use them effectively. The US authorities have much longer experience with enforcing the FCPA. The extraterritorial reach of the FCPA is vast, which is also due to the fact that it has never been tested sufficiently by courts – most of the cases are settled.
There seem to be many factors at play. How can companies ensure that they are not violating the rules given this?
The key resides in an effective compliance management system. Legal entities should use all efforts and adopt adequate measures to prevent, or at least minimise the risk(s) of a crime being committed. Companies which are managed appropriately will not suffer from criminal liability. I would like to point out that solely the adoption of certain measures is absolutely insufficient. In the event of a crisis situation, the authorities take into account the effectiveness of the measures and whether there exists a real compliance culture within a company. Therefore, such measures must address the specific situation of the legal entity and form an effective compliance management system.
What would you classify as an ‘effective compliance management system’?
A proper compliance management system should be based on proper risk analysis and reflect the size of the entity, complexity of regulatory requirements, international nature of the company, the scope of business, the risk profile of the entity and the market environment in which it operates. Moreover, a compliance management system must not only be put in place and forgotten about, as it is in need of a continuous update in light of new circumstances and risks. Of course, even if the system is set up correctly, a crime can still be committed due to a breach of obligation by an individual. The human factor cannot be eliminated completely. However, the crime should not be attributed to the company in such an event.
How does a corporate investigation proceed if a company is under suspicion of violating the FCPA?
The standard corporate investigation usually consists of three phases. The first one comprises the review of initial information, background searches and sometimes initial fact-finding interviews with relevant custodians. Background searches reveal red flags and identify individuals who we should focus on during the data review or who should be interviewed in the next stages to understand their involvement in the matter.
The following investigation phase resides in the technology-assisted electronic data review based on appropriate keywords. Data protection and privacy issues are extremely important at this stage and the use of proper technology and the right definition of keywords reduce the risk of breaching data protection and privacy rules. The red flags either prove or disprove to be real, sometimes new facts emerge and the scope of the corporate investigation adapts to reflect these.
After the data review, the interviews with individuals involved follow in order to fill in the missing pieces of information, to confront them with findings and give them the opportunity to explain what happened. We then proceed with an analysis of all the findings and propose recommendations to the client.
Concerning the final stage, the company decides - or it might be effectively "forced" by law enforcement authorities - to implement an effective compliance management system. The existence of an effective compliance management system is a precondition for the possibility to release the company from its criminal liability (compliance defence) and aims at preventing misconduct in the future.
How should companies handle their reputation (with clients or the media) when undergoing a corporate investigation?
It is of utmost importance to be prepared, even if the company is not in a crisis situation yet. The ‘crisis communication’ preparation should be a part of the first phase of the whole process and it should be based upon the background searches and be constantly updated throughout. The company should consider hiring a local agency with a substantial track record in crisis communication if it is not able to manage the situation using internal resources. It is necessary to appoint a manager responsible for coordinating these activities, prepare for various hypothetical situations and to involve the experts conducting the corporate investigation to the process. Lawyers need to be involved at all times during the communication stratégy. The potential legal consequences of every communications step should be taken into account.
JITKA LOGESOVÁ
Partner
Pobřežní 12
186 00 Prague
Czech Republic
- +420 234 765 111
- +420 234 765 110
jitka.logesova@wolftheiss.com
Jitka Logesová heads the firm-wide Corporate Investigation practice at Wolf Theiss covering the CEE/SEE region. She specialises in corporate investigations, compliance, corporate criminal liability/white-collar crime and asset recovery. Before joining Wolf Theiss, Jitka established and built up a firm-wide compliance, risk and sensitive investigations practice at another regional law firm. She was tasked by the Czech General Prosecutors office to help draft the methodology for state prosecutors on how to evaluate corporate compliance management systems and to educate the state prosecutors in this respect. She has wide experience in various sectors, where she advised clients primarily on FCPA triggered issues and investigations, led a number of corporate internal investigations in CEE/SEE and advised on various compliance issues including setting up anti-corruption and compliance programmes. Jitka is Senior Co-Chair of the International Bar Association (IBA) Anti-Corruption Committee. She is also a Certified Auditor for ISO 19600 (compliance management systems) and for ISO 37001 (Anti-Bribery management systems). She has also published extensively on these topics and is a frequent speaker at compliance and anti-corruption conferences. Further, Jitka teaches a Business Ethics class as a guest lecturer at the Anglo-American University in Prague.