By Aaron G. Murphy
An interesting piece recently appeared in Randy Cohen’s “The Ethicist” column in the New York Times Magazine.
It discussed an exchange with a company employee that should keep corporate legal and compliance departments awake at night. An employee, unhappy that his company wanted him to take a four hour on-line training course about the Foreign Corrupt Practices Act (FCPA), claiming it was a waste of his time, asked The Ethicist if he had an ethical obligation to complete the training. The Ethicist gave the best possible answer, stating that even if it was inefficient, it was the company’s prerogative to train its people, and that it might not be the waste of time the employee assumed since the company could have a larger plan of action invisible to the employee.
The punch line lay in the “Update” posted later: The employee skipped the course, went straight to the on-line test, and passed it. The employee, who underwent no training of any kind (and arrogantly assumed he needed no such training), is now certified by his own company as having mastered the FCPA. This is an all too common scenario, and everyone involved in it is a fool.
The employee is a fool for assuming that one of the most aggressively enforced and far-reaching criminal laws in America does not apply to him. It does, plain and simple. Even if he does not deal directly with foreign officials or companies, he undoubtedly touches transactions, corporate records, and other company employees that do. I have investigated many FCPA matters in recent years and have had countless conversations with these kinds of employees who never stop to think of the larger connections between the world of global commerce and their own activities. You can aid and abet FCPA violations from within the walls of your cubicle, whether that cubicle is in Boston or Bangalore. And now that the deceptive employee has tricked a simplistic training course into thinking he is an expert in the FCPA, what exactly will his excuse be when someone like me comes and asks him why he did not see a violation occurring right under his nose? He’s an expert, after all.
But companies in these situations are fools for thinking that their compliance programs are working. A training course that can be passed by employees who skip the training is no training course at all. This fiction of corporate training happens all the time, and there are two serious problems with it: First, people are not actually trained, so FCPA violations still occur with the same frequency, and second, the U.S. government will give no leniency to companies with such blatantly ineffective training programs. Companies spend a lot of money on these programs, and the get nothing in return – neither trained employees nor protection from prosecution.
This is a serious issue, the U.S. government has collected billions of dollars in fines for FCPA violations in the past few years and has announced that it intends to be even more aggressive going forward. The United Kingdom has just enacted its own global anticorruption law too, and will be itching to try it out when it goes into effect this coming April.
There has been much talk of the U.K. Bribery Act’s new defense that lets companies off the hook where they have “adequate procedures” – including proper antibribery training and policies. Many in this country think the FCPA should have a similar defense available for companies with good FCPA compliance programs.
But it would be foolish to think that the compliance program discussed in The Ethicist post would ever be viewed as “adequate” by U.S. or U.K. authorities. An adequate compliance program should actually result in educated employees and, well, compliance. Not reams of paper certificates that show nothing more than an employee’s ability to game a simplistic training program.
Aaron G. Murphy is partner at Latham & Watkins specializing in the Foreign Corrupt Practices Act and corporate compliance issues. He is the author of the book: Foreign Corrupt Practices Act: A Practical Resource for Managers and Executives.