There is compliance to industry regulation like PCI DSS 1.2 which is aimed at consumer protection and then there is compliance to government regulation like the FCPA which is aimed at maintaining a high ethical level of behavior and ensuring a level playing field of business.
For a large global company like Monsanto, Merck or Johnson and Johnson, FCPA is an exercise in compliance, awareness training, monitoring and risk management. Clearly – paying bribes directly or indirectly via third party intermediaries, to government employees is problematic from an ethical standpoint and attempts to dilute the problem by explaining that there are gray areas and cultural differences doesn’t change the ethical substance. Like many issues in compliance and risk management, preventing Foreign Corrupt Practices violations is not as simple as it looks although the principle is straightforward – “Thou shalt not give a bribe”.
A seminar at Bioworld last year dealt with the challenge of FCPA compliance using language such as:
- 15 red flags to indicate non-compliance—find and fix these before the DoJ and SEC do it for you!
- Activities for which you can be held accountable, even if committed by foreign subsidiaries, suppliers, or rogue employees
- 5 guidelines for creating FCPA policies, based on recent cases
- 3 foreign official risk areas—did you realize making remuneration to these people could be a Federal crime?
- Who should write procedures, and who should implement them
- Advice and resources for training staff locally and abroad
- 9 ways to audit and assess your FCPA compliance program
- Internal investigations—when to conduct one, who should conduct it, and what to do if you find evidence of non-compliance
- Issues with conducting employee interviews and collecting electronic records