Fraud and corruption thrive in chaos.
The COVID-19 pandemic and its economic destabilization create the conditions in which misconduct can thrive. Increased business pressure can cause the best policies, procedures, and internal controls to be relaxed or ignored, especially those compliance efforts focused on the U.S. Foreign Corrupt Practices Act (FCPA), the False Claims Act, and the Trading with the Enemy Act (and related regulations enforced by the Office of Foreign Assets Control (OFAC) at the U.S. Department of the Treasury). Organizations on the front line of combatting this crisis will be the most vulnerable to fraud and corruption, including (a) government contractors; (b) not for profit and charitable organizations; (c) healthcare companies; and (d) pharmaceutical, supplement, medical device and diagnostics companies. Businesses in these sectors can, and should, take practical, risk-based, and proactive steps to maintain organizational focus on compliance and mitigate the risk of fraud and corruption, especially in high-risk areas. The best defense in this situation is a good offense that assesses current risks takes steps to limit their exploitation.
Reiterate the ‘Tone from the Top’
The current situation is an opportune time for company management to reiterate and reinforce its top-down commitment to anti-corruption and anti-fraud compliance. Times of crisis create corruption and fraud opportunities for government organizations or officials such as Customs officers, government procurement officers, inspectors, and foreign agents. For example, companies are under pressure to have their customs agent clear goods quickly and mitigate the economic damage created by the pandemic. Some businesses are bringing in new suppliers, distributors or agents; in turn, those sales agents and distributors face immense pressure to generate revenue, a pressure that may incentivize, or at least normalize, cutting compliance corners. Most, if not all, companies are in a survival mode that increases fraud and corruption risk by diverting focus, impeding oversight, promoting profit over good business practice. Companies may consider changing, for example, sales targets to de-incentivize bad behavior.
Compliance officers play a key role in reminding others of the company’s commitment to anti-corruption and anti-fraud compliance, especially when short-term business pressures are intense. These communications should be short, engaging and specific.
Review Relevant Policies
In order to best mitigate fraud and corruption risks, companies should review, for example, their FCPA policy and should remind their third party agents, and their own employees who liaise with these agents, about the company’s zero-tolerance stance against fraud and corruption violations. As part of that reminder, companies should remind relevant agents and personnel of fraud/corruption hotline reporting procedures. In addition, affected businesses may consider asking their third party agents to acknowledge compliance with the company’s anti-corruption and anti-fraud policies, as well as relevant local laws and regulations. Companies may also consider reviewing their internal controls to help ensure the timely detection and response to fraud or customs violations. If, in the course of such review, a policy, procedure or control is found wanting, companies should update their relevant compliance program.
Don’t Cut Corners
Companies should not cut corners in performing diligence on, or screening of, new suppliers, agents, distributors or similar parties to avoid transactions commencing prior to the completion of formal vetting. A fraud and corruption review should consider the new party’s location; the type of services provided or product supplied; the level of corruption in the country where the new party is located; whether the new party has any personal relationships or business dealings with government entities or public officials; and whether the new party has been the subject of any complaints or investigations. Further, companies may consider temporarily lowering relevant thresholds for reviews of transactions, expenses, third-party agent deals, and other aspects of company business that are looked at for corruption risk. Companies may consider augmented diligence for countries hit hard by COVID-19, regardless of whether they are otherwise considered ‘high-risk.’
In addition to fraud and corruption risk, poor screening can cause violations of the Trading with the Enemy Act and the embargo and sanctions programs administered by OFAC. As to OFAC compliance, companies should be on the lookout for shell companies as well as individuals, countries, and organizations on OFAC sanctions lists.
Any agreements with new suppliers, agents, distributors or similar parties should include proper legal clauses, including an anti-corruption clause, an OFAC compliance clause, and a right to audit clause.
Companies should also consider refreshing their anti-fraud and anti-corruption training of key employees. Because of ‘social distancing’ and travel restrictions, companies may not have effective on-site monitoring over activities that create fraud or corruption risk. Companies, therefore, need to have confidence in their employees’ ability to recognize problematic conduct and to respond to and report it according to company compliance protocols.
As remote working requirements expand, compliance officers should ensure that they are accessible and that company employees still have access to mechanisms for reporting potential misconduct. Stress-testing these mechanisms before a work-from-home order is crucial; if that timing is not possible, companies should test these mechanisms as soon as possible. Companies should make whatever operational changes are necessary to ensure that their compliance officers remain available and effective. Of course, compliance officers should have the technical ability to respond appropriately to suspicions or allegations of illegal or unethical activity.
Perform Audits at Conclusion of this Crisis
As was shown in the 2008 financial crisis, fraud and corruption violations committed in times of crises usually don’t become apparent until the crisis is over. Compliance officers should be assured government regulators will fully enforce relevant laws and regulations as this crisis winds down, and there is no known COVID-19 defense for fraud or corruption violations. Companies should conduct a comprehensive compliance audit as soon as practicable when the current crisis abates to understand how their policies performed, whether they face any legal exposure, and what remediation steps may be required.