Practical Approaches to Fighting Corruption: Where to Begin

You have heard about the Foreign Corrupt Practices Act (FCPA) and similar laws enacted by other countries.  Perhaps your company sells products or builds projects in other countries.  Whether the company uses local agents in those countries or sends its own staff there, FCPA risk exists.  How do you go about assessing and then managing this risk?

 Let’s suppose the company gave a jump start to FCPA risk management by publishing an anti-corruption policy.  Senior executives then made a point of talking to business development and sales staff about the importance of both legal compliance and protecting the company’s reputation.  Legal and accounting personnel were trained on how to spot corruption “red flags” in contracts and expense reports.

Those are all elements of a best practices program but they are not enough.  Because the company can be punished for “deliberate ignorance” of corrupt behavior occurring in another country, the company must also conduct initial risk assessments for each country where it is does business and focus its anti-corruption program to address what it learns from those assessments.  The more countries the company sells to, the harder it seems to accomplish a serious assessment of risk.  It can be done, and here is how.

First, sort your risks from high to low by creating a simple risk matrix.  Factors you might assess in your matrix are:

·        Country Risk – Transparency International publishes its annual Corruption Perspectives Index (CPI), which is available for free on its website.  The 2013 CPI ranks 177 countries from least to most corrupt, in terms of how each country’s public sector is perceived.  Those rankings would be one rational basis upon which to decide how to prioritize risk assessments.

·        Local Relationship – If the company uses local representatives, risk depends on the nature of that relationship.  A local agent who has authority to enter contracts on the company’s behalf or a distributor that sells company products for its own account impose far greater risks than a consultant with no power to do anything other than refer opportunities to company headquarters.

 

·        Government Role – Consider whether the local government is a customer.  If so, is it the only customer (high risk) or a very small percentage of sales (low risk)?  Another approach is to assess whether government approvals are needed for a project or how government regulations impact a sale.  The more intrusive the government role, the higher the risk.

 By scoring each of the above on a 1-5 scale, the company can determine which countries merit the most urgent due diligence for FCPA compliance. 

 Second, the company needs to create FCPA due diligence records appropriate to the severity of risk.  Begin with the most dangerous countries, as determined from the matrix created in step one, and work down the list.  Use a mix of internal and external sources.  Internal business leaders who own the relationship with the local representative should be able to answer tough questions.  This is an excellent way to audit the effectiveness of the company’s FCPA training.  Have them describe the project, exactly what the representative will do and whether the representative actually lives in the country where the business will be done.  They ought to have a sense of what the typical compensation rates are for the work, and raise concerns if the representative requested that any part of payment be sent to a third party or a bank account in a different country.  They should also be able to tell you whether the representative has:

·        A business or operates as an individual

·        An office located in business space or at home

·        Employees

·        Support infrastructure for company local hiring, banking, visas and other needs

The company should also vet the local representative through external sources.  The representative’s name can be searched in international and local databases of criminal and regulatory enforcement, as well as through common search engines.  The local US Embassy can provide research and references.  If the representative has worked for other foreign companies, those should be contacted for references.  The representative must also respond to a questionnaire regarding whether the representative has:

·        A business that any government agency owns an interest in

·        A position with any government agency or political party

·        Any other business or professional relationship with government or political figures

·        Been employed by the government in past

Once the documentation has been gathered, the third step is to analyze the material.  There are a host of potential red flags that can be found.  Examples include:

·        The particular country has a reputation for bribery and corruption

·        The representative lacks third party business references

·        A foreign government official recommends the representative

·        The representative proposes unusual invoicing, expense reporting or payment methods

If the representative passes the data analysis, the fourth step is to negotiate a written contract with the representative that contains strong protections against corrupt practices.  Must have provisions are:

·        Representations, warranties and covenants of no past or future violations of the FCPA

·        Immediate right to terminate the contract for breach of FCPA compliance promises

·        The power to audit books and records related to expense reimbursements

·        A commitment to abide by the company’s code of business conduct

·        Participation in company anti-corruption training programs

The fifth and final step in the FCPA risk management process proceeds from the recognition that no program, no matter how well constructed, can be left to manage itself.  The FCPA policy must have dedicated internal owners alert to the need for updating their risk analyses based on changes occurring within an industry or a country, or due to the passage of time.   Representatives in high risk countries should be made to recertify their compliance annually, while representatives in countries ranked as low risk in the CPI may go two or three years before recertification. 

As with any other compliance initiative, an anti-corruption policy makes a difference only if it becomes part of the normal operating rhythm of a company.  Initial and ongoing risk assessments are a key aspect of a robust FCPA policy – and great evidence to offer in any government corruption investigation.

E-Verify: A Program Whose Time Has Come?

It began so modestly... a system federal contractors were required to use in order to verify whether their employees assigned to work on federal contracts were legally allowed to work in the U.S.  Today, the question for every employer, not just federal contractors, is whether it makes sense to sign up for E-Verify as the least costly and risky approach to immigration compliance.  Of course, all employers have been required since 1986 to complete a form I-9 for all new hires, and properly doing so creates a presumption that an employer has not knowingly hired an illegal alien.  Why, in the absence of a mandate, should an employer undertake a second verification process?


First, the federal government currently is considering whether to expand E-Verify to all employers rather than just federal contractors.  The House of Representatives is likely to pass such a bill and the Senate may well do so.  President Obama has indicated his willingness to agree but wants to couple it with a program for legalizing unauthorized workers.  Factor in a presidential election, and we may see stalemate, denial or a contest to see which party can outdo the other in targeting unauthorized workers.  But with E-Verify already functioning, and given the "mission creep" common to many federal programs, it seems inevitable that the U.S. will have a universal E-Verify requirement in the next few years.  We can anticipate that such a law would provide exceptions only for small local employers.


Second, politicians in a growing minority of states have in recent years decided to fight employment of unauthorized workers by enacting laws that seek to force employers to use E-Verify.  One problem for employers is that these laws vary wildly.  Nebraska is an example of a limited mandate: E-Verify is required only for state and local agencies, and private employers who contract with them.  Arizona took the universal punitive approach, threatening all private employers of at least five employees with the loss of their business licenses if they are discovered to have hired unauthorized workers whose status they failed to confirm through E-Verify.


In the absence of federal legislation that preempts state law, we are likely to see more states impose some form of E-Verify use on employers.  Given the continued political pressure over unauthorized workers, a majority of the states can be expected to do so in the next few years.  Any business with a regional or national market needs to consider whether it would simply be easier to minimize the potential for immigration compliance problems by participating in E-Verify now.


A third possible outcome would be a universal federal E-Verify mandate that allows the states freedom to impose their own additional sanctions.  Employers already struggle to keep up with the differing legal rules of 51 jurisdictions across the broad range of employment topics such as human rights and family leave.  E-Verify might be one of the rare examples of an employment issue with a single answer.


That answer is to integrate E-Verify into the company's employment process now.  Employers should already have a functioning Form I-9 process in place, and it is simple to build on that a description of the key steps and timing involved in an E-Verify work authorization check.  The same persons responsible for ensuring I-9 completion can be tasked with performing the E-Verify check and preserving a record of the result.


As with any other compliance program, E-Verify comes with costs and risks.  The Department of Homeland Security (DHS) promotes E-Verify as a free service but that just means the federal government is not charging employers for access - at least not yet.  However, the employer will have to train an employee to use E-Verify and may have to hire additional HR staff depending on new-hire volume.  The real cost and risk is not with the input of data into the online E-Verify system (typically just a name and social security number) but instead arises if the employer receives back what is known as a tentative non-confirmation (TNC) of work authorization.


Here is the typical case.  The employee fills out the I-9 form on her first day of work.  The HR clerk uses the I-9 information to input data into E-Verify.  The employee may have married, divorced or be using a hyphenated name, all common reasons for a TNC.  If E-Verify responds with a TNC, the employer cannot fire or take any adverse employment action against the new employee.  Instead, the employer must privately review the TNC notice with the employee and request the employee to indicate on the notice whether she will contest it, then sign the notice along with the employee and keep a copy for the file.  The employee then has eight federal workdays to contact the government agency to resolve the matter.  Meanwhile, the employer cannot ask the employee about it and, most importantly, must allow her to continue training and working.  The employer may only continue to log into E-Verify to see whether the TNC has been withdrawn or replaced by a final non-confirmation or a note that the employee was a no-show for the agency review.


If the final outcome in E-Verify is anything other than a confirmation of eligibility to work, the employer now has to consider whether to fire the employee.  Interestingly, E-Verify does not require termination but only that the employer records in E-Verify whether termination occurred.  Suppose the employer believes that the employee is eligible to work and that the problem arises from an inaccuracy in the government databases.  The employer has now invested perhaps a month in the employee and does not want to have to start over with a replacement.  The employer could well decide those costs support the employer accepting the risk of being mistaken about the employee's work status.  Unfortunately, because an employer must record in E-Verify its retention of a non-confirmed employee, the employer becomes an easy target for enforcement.


But how big a problem is it to address a TNC?  According to U.S. Immigration and Customs Enforcement (USCIS) statistics for the 2010 fiscal year, E-Verify handled 15,640,167 cases, of which 98.3% resulted in confirmed work authorizations either instantly or within 24 hours.  Another 0.3% of the total number of cases resulted in confirmed work authorization after a TNC process.  Only 1.4% of all E-Verify cases resulted in final determinations that individuals were not authorized to work.


Balance the high confirmation rate of E-Verify against the risk of failure to verify.  Enforcement against employers who hire unauthorized workers is real, at least at the federal level.  DHS Secretary Napolitano told Congress in October 2011 that, in the two fiscal years just concluded, USCIS had audited more than 6,000 companies, issued more than $76 million in penalties and barred more than 400 companies from federal contracting.


The states may not be so willing to put the effort into enforcement.  In 2010, the Arizona Republic reviewed implementation of Arizona's harsh E-Verify law.  It found that only a third of the state's employers were using E-Verify and just half of the new hires in the state had been confirmed through the system.  Not one business had actually lost its license.  On the other hand, the risk of being targeted by private parties with the potential ability to damage a company's reputation also exists.  The website found here declares that its mission in Arizona "is to embarrass and intimidate non-E-Verify compliant businesses, bring them to the attention of law enforcement, and to make them targets of anti-illegal immigration activists in such a way as to pressure them to comply."


Until a biometric authentication method is adopted, E-Verify is likely here to stay, and sure to become more pervasive.  Although it doesn't guarantee an employer can avoid hiring unauthorized workers (identity theft is one means to get around it), E-Verify does strengthen the defenses of a company that uses it to vet new employees.  So long as a company is of sufficient size that devoting HR time to the process involves no significant increase in costs, E-Verify is that rare regulatory process that might actually be a net positive.

How I Became A Lawyer

I took the path less traveled - and it made quite a difference.  What happened in those five years after my high school sent me into the world?  My mother said, "I think it's time you got a job, son.  Now."  So, I opened up the want ads and got started.  I worked in nursing homes and warehouses.  I counted store inventories and played the hits as a weekend radio DJ.  Just for the fun of it, I biked from Amsterdam to Paris. And I read books, lots of books on history, on cultures of the world, on the lives of famous people.  Slowly in donned on me:  I like intellectual debate about the world. How does one qualify for that?  Go to college.

At 23, I had certain advantages over my freshman classmates, relative maturity being the most important.  I'd already got the wild excess out of my system.  No one had to convince me of the usefulness of an education either.  So, I cruised through the first two years with a 4.0.

The life of the mind was great.  I took classes from every department.  So many fascinating things!  Even math.  The prof decided one day to derive the square root of -1.  Such a thing is logically impossible, I naively thought.  He proceeded to fill up two blackboards with equations.  As he neared the end, I could finally anticipate how he would finish, and felt this great rush of joy that I was about to be proved wrong.  I looked back over all his work:  every step followed from that which went before, yet the path ended in entirely unexpected territory.

College was so filled with marvels that I began to wonder how I could stay indefinitely. My mother said, "Maybe it's time to start thinking about a career.  What exactly is a job for a political science major?"  I started looking through the requirements for professional schools.

It came down to dentistry and law.  So many things attracted me to the law.  Some of the great moments in American history were achieved by lawyers fighting passionately for the cause of justice.  Lawyers aid victims.  Lawyers preserve our constitutional freedoms.  Lawyers guide others on how to safely reach their goals. And law fit with my delight in engaged intellectual exchange.  The career compels you to learn and develop.  It responds to most forms of human folly.  It adapts to the ambiguities of an uncertain future.  It would be a continuous challenge that holds out the promise of that joy that comes from finding a practical way forward.

Still, I hesitated.  Dentists help people too.  My mother said, "Do you really want to spend the rest of your life looking in other people's mouths?"  I pictured myself, drill in hand, seeing the terror on a patient's face.  Suddenly, the path became clear.