The Foreign Corrupt Practices Act (FCPA) marked the early beginnings of compliance programs

in the United States. In the mid-1970s, United States Securities and Exchange

Commission (SEC) investigations discovered that a significant number of American companies
participated in bribery overseas. “Over 400 U.S. Companies admitted to making questionable or
illegal payments to foreign government officials, politicians and political parties.” (United States
Department of Justice 2006) One of the most infamous cases of its time was the admission by a
Lockheed executive, to the Multinational Corporations Subcommittee of the Senate Foreign
Relations Committee, that Lockheed had paid bribes in the amount of $22 million to Japanese
government officials in the course of trying to sell its aircraft. This revelation came on the heels of
the U.S. Government providing Lockheed with a $250 million emergency loan guarantee
(Hishikawa 2003).
In an effort to restore faith in American business, in December 1977 the Foreign Corrupt
Practices Act was signed into law. This anti-bribery provision makes it “unlawful for a U.S.
person, and certain foreign issuers of securities, to make a corrupt payment to a foreign
official for the purpose of obtaining or retaining business for or with, or directing business to, any
person.” (United States Department of Justice 2006) The law also requires publicly traded
companies “to maintain records that accurately and fairly represent the company’s transactions.
Additionally, it requires these companies to have an adequate systems of internal accounting
controls.” (United States Department of Justice 2006)
Following the passage of the FCPA, in 1988, the Congress became concerned that American
companies were operating at a disadvantage because their foreign counterparts were, as a
matter of practice, paying bribes to foreign officials and deducting those bribes as business
expenses on their taxes. (United States Department of Justice 2006) Subsequently,
the Executive Branch began negotiations with the Organisation for Economic Co-operation and
Development (OECD), a 34-member nation coalition consisting of the United States and 33 other
countries, to enact legislation similar to FCPA. In 1997, the OCED signed the Convention on
Combating Bribery of Foreign Public Officials in International Business Transactions.
(http://www.oecd.org/document/21/0,2340,en_2649_34859_2017813_1_1_1_1,00.html)
This regulation requires member nations to designate the payment of bribes to foreign offices as
a crime and to follow the rules and regulations that govern bribery in international transactions.
The U.S. ratified this convention and enacted implementing legislation in 1998. At this time, the
FCPA was amended to include territorial jurisdiction over foreign companies and nationals. A
foreign company or person is now subject to the FCPA, if the company or person either directly
or indirectly through agents, engages in acts which further the facilitation of corrupt payments
taking place within the territory of the United States.

Committee of Sponsoring Organizations[edit]

In response to the FCPA and its requirement to implement internal control programs, in 1985 a
private-sector initiative was formed called the National Committee on Fraudulent Financial
Reporting (commonly known as the Treadway Commission). This Commission recommended
that its organizational sponsors work together to develop guidance on internal controls.
Subsequently, the Committee of Sponsoring Organizations of the Treadway
Commission (COSO) was formed, and in conjunction with the CPA firm Coopers & Lybrand,
COSO authored and published in 1992 the “Internal Control-Integrated Framework". This
framework has become the de facto standard in the accounting industry for auditing, evaluating
and monitoring internal control systems.
The COSO Internal Control-Integrated Framework is now widely used by most organizations as
the basis for “establishing and maintaining an adequate internal control structure and procedures
for financial reporting” ( 15 USC § 7262) and for the assessment of control effectiveness under
section 404 of Sarbanes-Oxley.
United States Federal Sentencing Guidelines for
Organizations[edit]
In 1984 Congress passed the Sentencing Reform Act, which created a set of mandatory federal
sentencing guidelines (Campbell & Bemporad 2006). As part of the Act, the United States
Sentencing Commission was formed and delegated the responsibility “to provide “certainty” and
“fairness” in sentencing, avoiding “unwarranted sentencing disparities” while “maintaining
sufficient flexibility to permit individualized sentencing when warranted by mitigating or
aggravating factors (Campbell & Bemporad 2006).”
On May 1, 1991, as an extension of the Sentencing Reform Act, the United States Sentencing
Commission submitted to Congress the Federal Sentencing Guidelines for Organizations]
(FSGO), a set of standards that govern the sentences federal judges impose on organizations
convicted of federal crimes. Enacted on November 1, 1991, core to the guidelines was the
Commission's intent to “prevent and deter organizational wrongdoing” through its design of the
organizational sentencing guidelines. These guidelines describe the elements of an
organization's compliance and ethics program that are required to be considered for eligibility for
a reduced sentence if convicted. In general, the FSGO require an organization to establish
standards to guide its employees and agents. These standards must reflect government
regulations and industry standards and apply to almost all types of organizations including
corporations, partnerships, unions, non-profit organizations and trusts.
In 2004, the United States Sentencing Commission voted to amend its existing organization
guidelines to make the criteria for an effective compliance and ethics program more stringent.
Two major standards were identified in the amended guidelines. The amended guidelines stated
the need for directors and executives to take an active role in the management of its compliance
and ethics program and the importance of promoting an organizational culture that is compliant
with the law and demonstrates ethical culture. The amended guidelines outline minimum
requirements for an effective compliance and ethics program and the amended FSGO has
become synonymous with an effective compliance program.
The FCPA, Sarbanes-Oxley (SOX) and the Federal Sentencing Guidelines represent just a
fraction of the standards and requirements organizations need to consider today when
developing and implementing their compliance programs. “Since the passage of SOX, the New
York Stock Exchange (NYSE), NASDAQ, and the Public Company Accounting Oversight
Board (PCAOB), have all proposed and implemented new rules relating to compliance programs
(Martin 2004).” Organizations today are increasingly accountable to mandated laws, regulations
and standards on a number of dimensions, which include geographical/regional considerations,
as well as industry and functional discipline concerns. These regulations and standards apply to
a variety of financial and non-financial areas. Adding to this complexity are the “voluntary”
boundaries, which organizations have individually established such as organizational
commitments, values, and contractual obligations. As a result of these dynamics, organizations
at the very core of their business strategy need to establish the capacity and the capability to
effectively address the conditions mandated by these external requirements and internally
generated operating principles while still meeting their business objectives.
History set the tone for increasing regulations and rising standards. Over time, organizations will
need to be more proactive in anticipating and addressing these considerations while
simultaneously protecting and building the enterprise. More and more organizations will need to
translate, integrate and simplify these various standards and requirements into a cohesive
approach.

Designing an effective compliance and ethics

program[edit]
Designing an effective compliance and ethics program requires implementing a detailed plan
that will make sure the business achieves their ethics objectives. The organization must have
ways of managing, evaluating, and controlling business ethics and compliance programs. There
are five items which can affect the success of the compliance and ethics program: (1) the content
of the company's code of ethics, (2) the frequency of communication regarding the ethical code
and program, (3) the quality of communication, (4) senior management's ability to successfully
incorporate ethics into the organization, (5) and local management's ability to do the same.[1]
Compliance and ethics program with regulatory requirements and the organization's own
policies are a critical component of effective risk management. An organizations program is
recommended to include monitoring and auditing systems that allow detection of criminal and
other improper context to be found easily.[2] Maintaining the compliance and ethics program is
one of the most important ways for an organization to maintain its ethical health, support its long-
term prosperity, and preserve and promote its values.
A compliance and ethics program supports the organization's business objectives, identifies
the boundaries of legal and ethical behavior, and establishes a system to alert management
when the organization is getting close to (or crossing) a boundary or approaching an obstacle
that prevents the achievement of a business objective.
Management should continuously improve its compliance and ethics program. This will enable
it to better prevent, detect, and respond to similar misfeasance and/or malfeasance in the future.
The compliance and ethics program should strive to deliver tangible benefits and outcomes to
the organization. Every organization is unique and has its own objectives. As such, several
objectives of the compliance and ethics program will be unique as well. There are a few universal
program outcomes/objectives that a compliance and ethics capability should deliver. These
include an enhanced culture of trust, accountability and integrity; prevention of noncompliance,
preparation for when (not “if”) noncompliance occurs, protection (to the extent possible) from
negative consequences, detection of noncompliance, response to noncompliance and
improvement of the program to better prevent, protect, prepare, detect and respond to
noncompliance.
An important aspect of a high-performing program, and one that cannot be overstated, is
enhancing an ethical culture. A strong ethical culture that provides important benefits would
including a “safety net” for when formal controls are weak or absent, and an open environment of
trust, ingredients that help drive overall workforce productivity.
A well-designed compliance and ethics program is only half the picture. Critical to its success
and its ability to meet the challenges of constant change, increasing complexity, rapidly evolving
threats, the need for continuous improvement requires organizations to have the commitment of
both senior management and the board, adequate authorization and funding, the appropriate
tools to facilitate measurement and rolling-up information, comprehensive training on the
measurement process and an early socialization of approach.