8028271660?profile=originalBack in June, the U.S. Justice Department declined to prosecute Boston-based engineering firm CDM Smith on foreign bribery charges, despite learning that the company had in fact paid $1.18 million to officials in India.

The firm paid the Indian National Highway Authority from 2011 to 2015 in exchange for contracts that resulted in about $4 million in profits. Such activity is a direct violation of the Foreign Corrupt Practices Act (FCPA).

How, then, did CDM Smith avoid prosecution? The declination letter came under the Justice Department’s FCPA pilot program, which grants companies discounts on fines they receive for violating the Foreign Corrupt Practices Act. Discounts are only received if companies opt to self-disclose their wrong-doings, cooperate with investigators, and disgorge ill-gotten profits. CDM Smith adhered to these stipulations, in addition to terminating all involved parties, and enhancing its compliance program.

What does the FCPA pilot program mean for ERM?

Upon the FCPA pilot’s release in April 2016, Justice Department officials said that the goal of the program was to bring wrongdoers to justice while dispelling the misperception that not disclosing corruption can lead to the best financial outcome.

In fact, according to a law enacted by the SEC in 2010, corporations only have two choices when dealing with risk: adopt a mature risk management program, or disclose their ineffectiveness in risk management to the public. To do neither is to face liability for fraud or negligence.

 “The pilot program should make it clear to the company that the outcome would be significantly different and significantly more severe if it had opted to not self-report,” according to Leslie Caldwell, assistant attorney general for the Criminal Division.

But beyond incentivizing companies to disclose their ineffectiveness, the pilot program pushes corporations to better manage their risk in the future. Companies like CDM Smith, who took steps to enhance their compliance program upon disclosure, are realizing that while they may have avoided prosecution and larger financial burdens this time, their efforts are far from complete.

“CDM Smith has a clear code of ethics and core values that drive our behavior every day,” said Stephen J. Hickox, the company’s chairman and chief executive. “Any breach of these values or improper business activities is counter to our culture and will not be tolerated.”

The FCPA pilot program enabled Hickox to admit that the company’s actions were not aligned with the company’s beliefs. ERM is what will enable businesses in similar positions to act according to the culture they believe in, as they work to make necessary changes.

ERM is about aligning activities within every business area with the enterprise’s strategic goals. By employing an enterprise risk management approach, companies are armed with the tools to develop a risk culture based on transparency from the top down and vice versa. By standardizing risk assessments and breaking down silos, ERM software allows front-line operations to be apprised of the company’s goals so that their actions will, in turn, line up with those goals.

While disclosure is preferred to negligence, prevention is preferred to disclosure. The FCPA pilot program will someday terminate, and the financial and reputational burden that illicit activities incite will only increase. Effective ERM programs are the only solution to managing risk before it negatively impacts a business.


To protect your organization, read our blog post on developing a transparent risk-based company culture.

Votes: 0
E-mail me when people leave their comments –

Steven Minsky, CEO and Founder of LogicManager, is a recognized thought leader in risk management. Steven is well known for his precinct abilities to guide organizations through future risk events. Steven is a frequent speaker in the Energy, Financial Services and Cyber industries. While the first wave of COVID-19 caught many organizations by surprise, Steven predicted the pandemic impacts in January of 2020 and swiftly published action plans to help organizations prepare.

You need to be a member of Global Risk Community to add comments!

Join Global Risk Community

    About Us

    The GlobalRisk Community is a thriving community of risk managers and associated service providers. Our purpose is to foster business, networking and educational explorations among members. Our goal is to be the worlds premier Risk forum and contribute to better understanding of the complex world of risk.

    Business Partners

    For companies wanting to create a greater visibility for their products and services among their prospects in the Risk market: Send your business partnership request by filling in the form here!