I primarily work with large, multinational organizations that have to adhere to several compliance regulations. Of those regulations, the one that comes up the most in conversation (and unsurprisingly, the one with the highest average fine amount) is the Foreign Corrupt Practices Act, or FCPA. The FCPA aims to “prohibit companies from paying bribes to foreign government officials and political figures for the purpose of obtaining business.” How are most of these bribes communicated? Hint: it isn’t via smoke signal. The modern world of corporate bribery often uses the same communicative currency as regular corporate business, and that currency is none other than email.
What the FCPA does is routinely audit multinational organizations to ensure their communication shows no traces of unlawful behavior. Typically, the companies sought out by the FCPA are some of the largest companies by employee count in the world. On average, the corporate email user sends and receives 125 emails/day. That results in approximately 32,500 corporate emails/year per employee. If your organization has 10,000 employees, that results in the compliance department having to monitor 325,000,000 individual messages per year. And that’s where companies run into trouble.
In January of this year, Alcoa plead guilty to one count of violating the anti-bribery provisions of the FCPA and settled for a $384 million fine. This type of disgorgement can cripple any business and put the CCO under major scrutiny. What companies must start doing now, more than they ever have before, is supervising outbound, inbound, and internal communication. Define appropriate channels for business communications (e.g. official corporate accounts versus personal email), and then rigorously monitor them. The compliance officers need to set a list of flagged terms that, when triggered, can prevent an email from leaving their company’s firewall, escalating it for further review. They also need to apply those same rules to inbound and internal messages so they can review any illicit activities and report or resolve them before a formal investigation is initiated. But keywords alone are just the tip of the iceberg, especially with FCPA guidelines that are notoriously vague. Options for advanced analysis – such as content similarity and fuzzy/approximate matching – strengthen the corporation’s case in the event that it does come under regulatory fire.
With the sheer volume of emails and IMs exchanged each day, supervising these communications is no easy task. But there are companies already supervising their communication so that they can avoid hundreds of millions of dollars in fines. As a compliance officer, if you do not have a system in place to automatically assist you with your supervision, you are not only wasting your time, but are also putting your company at risk. There are tools out there that can make your life much easier… and saving millions of dollars is not too bad either. http://www.worldcompliance.com/en/resources/due-diligence-legislation/fcpa-legislation/fcpa-definition.aspx