Identifying your suppliers and customers is crucial if you want to avoid international corruption scandals and legal penalties. Michael Short has the answers.

What are the implications of the Foreign Corrupt Practices Act (FCPA) for European companies and their directors?

The FCPA is an piece of US legislation, but it has transnational reach. The entities that can be legislated by it are American companies, companies that have an American branch office, or companies regulated by a US regulator. There is also a, somewhat untested, provision under the FCPA which means if any part of the corrupt action touches a US jurisdiction, the regulators will pounce. A good example of this is the BAE case. The Americans are looking into whether some of the funds that were allegedly a corrupt payment to the Saudi Arabian government were routed through the US. So far that rule has not been tested in court. But not many breaches of the FCPA are settled in court. Most companies who are investigated under the FCPA reach some kind of accommodation with the Department of Justice (DOJ) before the case reaches the courtroom. The DOJ is very aggressive at following this type of thing.

The US is unique in the way it has exported its anti corruption legislation world-wide. It has done this through the vehicle of the FCPA. In terms of how aggressive the enforcement authorities are in prosecuting offences, it really depends on the jurisdiction. Another trend is cooperation between foreign regulators and the DOJ; we saw this with the Siemens case.

Everyone knows corruption is a bad thing; everyone knows the FCPA has levelled the playing field; it is now down to the tactical issues of ensuring compliance.

How can companies ensure they are compliant?

You have to have a consistent, comprehensive and thorough compliance programme. A compliance programme has many facets. It can have a training element to educate your own people and your clients about why corruption is bad and outlining the company’s policy against corruption. Coded ethics are another big part, so that a company publicly says what it expects from its employees, management and clients. There is an auditing requirement as well. A big part of the FCPA is the books and records provision, which means companies have to account properly for absolutely everything.

But, for me, the biggest part of how to be compliant with the FCPA is about knowing who you are doing business with. The FCPA is all about not paying bribes to secure business abroad. If you do not know who you are doing business with, you have no idea if you are paying them bribes or not. A bribe in business these days is not a brown paper envelope under the table. It is a nice fat consultancy contract, a government PR contract, or giving work to people that can funnel the money to people in positions of influence. A company does not know if it is doing business with a foreign political figure unless it checks the background of that person. Knowing who you are doing business with is absolutely key. A company can have all the bells and whistles on its compliance programme, but if it does not know who it is doing business with it is not going to be compliant. And there is no way it can claim to the DOJ that it is compliant. If a company can demonstrate it has a consistent and comprehensive anti corruption compliance programme in place it can negotiate fines down by up to 95%.

How can companies manage the risk of corruption when doing business in emerging markets?

“Information is just as accessible in emerging markets as it is in developed markets

Companies can manage the risk of corruption by understanding the background of the companies they are dealing with. The main priority is to identify the company correctly. Once the company has been identified it is possible to ascertain who owns the company and who exercises management control over it. I am surprised by the number of multinationals in Asia who cannot get an accurate vendor list together, either because it is stored in many different places and formats or the vendor names are out of date.

Another crucial issue is to adopt a risk-based approach. Different jurisdictions and different types of company warrant different levels of due diligence. A FTSE company requires a different level of due diligence than a privately owned company in Indonesia, for example. Companies need mechanisms to risk rate their vendors and they need to apportion their due diligence commensurate with the level of risk they represent.

When a company looks at its vendors, it should risk rate them using a mixture of country-specific, industry-specific and situation risk. It should identify what types of company they are and the people behind the vendors, because ultimately that is where the risk really resides. It should look at companies to see if they have a track record of corruption, or indeed if they have a track record at all. If it is a newly incorporated company with no track record, then that raises as many questions as if it is a company with a long and sullied history of corruption.

I think emerging markets are more challenging for a number of reasons. They are very different from home environments so people tend to expect less, and they tend to think they can get away with more, which is not the case. The common wisdom is that these markets are opaque and difficult to get information in. I do not agree with that. Information is just as accessible in emerging markets as it is in developed markets.

What other legal obligations are European corporations exposed to in relation to anti money laundering, anti corruption and counter terrorism?

The obligation which underpins all of these laws is the same, whether it is in relation to anti money laundering (AML), anti corruption or counter terrorism. The requirements under the US Patriot Act are the same as the European directives on AML, and that is to really know who you are doing business with.

Do you think the current economic climate is having an impact on the level of corruption risk around the world?

Yes, I think it is. People are now struggling even harder to make the same sales as they made before.

“Knowing who you are doing business with is absolutely key

If a company does not have a consistent compliance culture and tracking mechanism within it, that is when things can start to go wrong. Sales guys can start to cut deals that they should not be cutting. And that is all a factor of there being less business going around at the moment.

What tools are available to help companies identify and rank political, economic and criminal risk in the countries they operate in?

In terms of risk ranking for jurisdictions we have a Country Check tool that lets a user assess the risks in a particular jurisdiction.

The other tool that companies need is access to government and company records. You can only retrieve what is publicly available, but there is a wealth of information in emerging markets on companies and the people behind them, which is often overlooked. China, for example, has fantastic public information if you know where to look. India is pretty good as well and Indonesia is not bad. There are thousands of company registries in China based on municipalities, counties, states and provinces. The information is not online, but it is far in excess of what is available from Companies House in the UK.

You have years of experience tackling organised crime with the Royal Hong Kong Police Force. What are the threats posed by organised crime in Asia?

Organised crime in Asia operates on a number of levels. There are serious organised crime gangs; they are heroin traffickers or cocaine importers, which are what I call the hardcore criminals. There is also a middle level of criminals who counterfeit cigarettes and DVDs. At the bottom end of the scale is the street level threat.

At every level you see organised crime involvement, whether it is street level extortion, buying fake DVDs or counterfeit cigarettes, or the really serious drug and human trafficking. Over the last 20 years increasingly complex relationships between the organised crime groups have developed. Now there is a real globalisation of organised crime. What we have now is a whole new globalised level of black commerce. Whether it is the Triads in Hong Kong or Yakuza in Japan, they all know each other, they all outsource jobs to each other. That type of organised crime is totally different to the stuff you see on the streets.

One of the most popular pastimes of organised criminals now is counterfeiting tobacco, because it makes them almost as much money as drug smuggling does, but the penalties are much less steep. A counterfeiter may get six months in prison or perhaps a $100,000 fine, but they are not going to get hung for it. Counterfeit tobacco and DVDs are where organised criminals are making the most money at the moment.

Large scale extortion against big multinational companies is not really a common tactic. Organised criminals would rather prey on their own or the weak than cause a big fuss. It is virtually unknown for an organised crime circle to try and blackmail a big multinational company, because it would create too much publicity and the authorities would jump on it. Organised crime makes its money by flying below the radar, and it does that either by producing and distributing counterfeit goods or by dealing with a completely illicit market like drugs or human trafficking.