Tag Archives: FCPA

Data at rest encryption

Two days in the same week to run into FCPA issues is strange.

A prospect in Poland (ENEA) recently acquired Euro 6 million worth of disks from Hitachi and explained the purchase as a data loss prevention measure (Hitachi has data at rest encryption- i.e. the controller encrypts the data on the disk, which makes it unreadable if the disk is ever stolen).  The outstanding aspect of the deal is that it was done without a public tender. The details are a bit fuzzy but it appears to have been done by breaking up the order into a large number of small purchase orders below the RFP requirement. It’s highly likely that there was some money paid under the table for expediting the transaction.  People in Poland are predicting that it will eventually end up in a criminal investigation.  Hitachi Data Systems is a US company and needs to be compliant with the Foreign Corrupt Practices Act – and a bribe even via a third-party intermediary, is illegal under the FCPA – as companies like Johnson and Johnson and Monsanto know well.

Tell your friends and colleagues about us. Thanks!
Share this

Foreign Corrupt Practices Act: The DoJ and SEC Are Coming

There is compliance to industry regulation like PCI DSS 1.2 which is aimed at consumer protection and then there is compliance to government regulation like the FCPA which is aimed at maintaining a high ethical level of behavior and ensuring a level playing field of business.

For a large global company like Monsanto, Merck or Johnson and Johnson, FCPA is an exercise in compliance, awareness training, monitoring and risk management. Clearly – paying bribes directly or indirectly via third party intermediaries, to government employees is problematic from an ethical standpoint and attempts to dilute the problem by explaining that there are gray areas and cultural differences doesn’t change the ethical substance. Like many issues in compliance and risk management, preventing Foreign Corrupt Practices violations is not as simple as it looks although the principle is straightforward – “Thou shalt not give a bribe”.

A seminar at Bioworld last year dealt with the challenge of FCPA compliance using language such as:

  • 15 red flags to indicate non-compliance—find and fix these before the DoJ and SEC do it for you!
  • Activities for which you can be held accountable, even if committed by foreign subsidiaries, suppliers, or rogue employees
  • 5 guidelines for creating FCPA policies, based on recent cases
  • 3 foreign official risk areas—did you realize making remuneration to these people could be a Federal crime?
  • Who should write procedures, and who should implement them
  • Advice and resources for training staff locally and abroad
  • 9 ways to audit and assess your FCPA compliance program
  • Internal investigations—when to conduct one, who should conduct it, and what to do if you find evidence of non-compliance
  • Issues with conducting employee interviews and collecting electronic records
Tell your friends and colleagues about us. Thanks!
Share this