Back in June, the U.S. Justice Department declined to prosecute Boston-based engineering firm CDM Smith on foreign bribery charges, despite learning that the company had in fact paid $1.18 million to officials in India.
The firm paid the Indian National Highway Authority from 2011 to 2015 in exchange for contracts that resulted in about $4 million in profits. Such activity is a direct violation of the Foreign Corrupt Practices Act (FCPA).
How, then, did CDM Smith avoid prosecution? The declination letter came under the Justice Department’s FCPA pilot program, which grants companies discounts on fines they receive for violating the Foreign Corrupt Practices Act. Discounts are only received if companies opt to self-disclose their wrong-doings, cooperate with investigators, and disgorge ill-gotten profits. CDM Smith adhered to these stipulations, in addition to terminating all involved parties, and enhancing its compliance program.
Upon the FCPA pilot’s release in April 2016, Justice Department officials said that the goal of the program was to bring wrongdoers to justice while dispelling the misperception that not disclosing corruption can lead to the best financial outcome.
In fact, according to a law enacted by the SEC in 2010, corporations only have two choices when dealing with risk: adopt a mature risk management program, or disclose their ineffectiveness in risk management to the public. To do neither is to face liability for fraud or negligence.
“The pilot program should make it clear to the company that the outcome would be significantly different and significantly more severe if it had opted to not self-report,” according to Leslie Caldwell, assistant attorney general for the Criminal Division.
But beyond incentivizing companies to disclose their ineffectiveness, the pilot program pushes corporations to better manage their risk in the future. Companies like CDM Smith, who took steps to enhance their compliance program upon disclosure, are realizing that while they may have avoided prosecution and larger financial burdens this time, their efforts are far from complete.
“CDM Smith has a clear code of ethics and core values that drive our behavior every day,” said Stephen J. Hickox, the company’s chairman and chief executive. “Any breach of these values or improper business activities is counter to our culture and will not be tolerated.”
The FCPA pilot program enabled Hickox to admit that the company’s actions were not aligned with the company’s beliefs. ERM is what will enable businesses in similar positions to act according to the culture they believe in, as they work to make necessary changes.
ERM is about aligning activities within every business area with the enterprise’s strategic goals. By employing an enterprise risk management approach, companies are armed with the tools to develop a risk culture based on transparency from the top down and vice versa. By standardizing risk assessments and breaking down silos, ERM software allows front-line operations to be apprised of the company’s goals so that their actions will, in turn, line up with those goals.
While disclosure is preferred to negligence, prevention is preferred to disclosure. The FCPA pilot program will someday terminate, and the financial and reputational burden that illicit activities incite will only increase. Effective ERM programs are the only solution to managing risk before it negatively impacts a business.
To protect your organization, read our blog post on developing a transparent risk-based company culture.