Compliance Program "Must Haves" for Doing Business Abroad

With "compliance" being the buzzword for corporate executives and legal counsel, there is renewed focus on reducing legal risks when exporting or selling overseas. The key is a robust compliance program that outlines the company's policy as well as various internal procedures to implement the policy and a solid set of documents to evidence the compliance activities at all levels of the company.

A Compliance Policy is Nothing Without Procedures

A good compliance policy should include a statement of the prohibition that it seeks to enforce and should state that it is every employee’s responsibility to be vigilant in identifying and reporting potential violations. Clearly identifying the name of the compliance officer is another must. Also beneficial are questionnaires and certifications to ensure that new employees, agents, partners, distributors, and other third parties understand the policy and to determine any red flags related to those parties. Indemnification language and appropriate dispute resolution provisions in third party contracts will give force to such certifications and representations. 

Internal forms and standard form contracts offer opportunities to include compliance verification mechanisms in existing procedures and to regularly remind employees of compliance obligations. For example, a form that a business development manager completes to report the engagement of a new agent abroad can include answers to questions intended to elicit red flags for bribery. A form contract for the sale of software can require the buyer to agree that it is not in violation of and will not violate any U.S. export controls laws.

A Must Have Element for Success- "Buy In" by Senior Management

The crucial and most often neglected element of a compliance program is the human element. Actual compliance is driven by the subjective intent of the board of directors, officers, and senior management which will trickle down to all employees in the company. All policy documents should articulate a "tone at the top" that compliance is a priority and that management expects employees at all levels of the organization to comply with all applicable laws. Most companies are choosing to adhere to a zero tolerance policy for any wrongdoing, especially now that senior executives are actually going to jail for violations of Anti-Boycott, Foreign Corrupt Practices Act, and export and sanctions laws. Examples help educate employees. For example, ignoring export licensing requirements in order to fulfill a lucrative order because it "can't wait" is not consistent with company policy for employees or overseas agents. Training all employees on these topics is crucial and protects the company if a violation does occur.

Specifically Tailored Training

Training sessions should be tailored by job function within the company and should cover the laws that directly affect how these employees do business as well as potential violations by others that the employees might be able to spot and prevent by their due diligence. For example, employees who have any responsibility for accounting and payment processing should learn the not so obvious red flags related to foreign bribery such as a charitable contribution by a local representative. All training should include procedures for reporting violations and compliance risks, and all new employees as well as employees who are assigned new duties should be evaluated for compliance training needs.

Companies Turning On Each Other

With increasing frequency and effectiveness, prosecutors in the U.S. and elsewhere are using leniency for cooperating witnesses to prosecute companies, their individual employees, and even foreign companies who bribe foreign government officials. An executive who helped to arrange bribes to foreign officials in order to obtain business for his company now has to choose between ratting out his company and coconspirators in exchange for a brief (if any) custodial sentence in order to avoid jail time and fines if someone else rats to the prosecutors first.

Additionally, companies are now reporting alleged violations of competitors. One of the largest foreign bribery prosecutions, which was led by American authorities against Halliburton’s Kellogg, Brown & Root and its foreign partners, began after a former executive of French partner company Technip elucidated the conduct of his former company in meetings with French prosecutors. He saw it as a sort of “we’re not as bad as the competition” defense against allegations of wrongdoing at his new company.

How Not to Bribe

The most effective way to protect a company is to have and enforce a policy to vet all new agents and third parties through substantive due diligence. Step one is usually a questionnaire and background check to determine accuracy of education, credentials, and work experience. Potential agents, contractors, and distributors need to disclose relationships and affiliations that will assist or could affect sales and new business. The responses are then reviewed for red flags and further due diligence to ensure that the company is protected from possible violations of U.S. and foreign law, most particularly anti-corruption legislation. Prosecutions related to the payment of foreign bribes have dramatically increased.

Technical Experts May Be Needed To Implement Export Compliance Programs

Export controls are so numerous, and their application requires such a high level of technical knowledge, that compliance programs must be prepared by experts who know the law and the company's business. For example, the export lawyer must know the business well enough to determine, or to assist the in-house export officer in determining, a method for classifying products subject to the U.S. Munitions List and the Commerce Control List. Once products are classified, the lawyers can draft procedures based on the sales organization structure to ensure compliance with the export control regimes of both the State Department and the Commerce Department. Moreover, companies must also be aware of the additional requirements from the Treasury Department.

The Treasury Department's Office of Foreign Assets Control (OFAC) administers economic and trade sanction laws. The laws are constantly changing. Companies must be vigilant in updating employees regarding the regulatory requirements as well as training employees regarding how the sanctions laws affect their business. The compliance procedures must include steps to ensure that their business doesn’t inadvertently violate the regulations. A checklist before a sales transaction is approved is a good methodology. Some companies prepare such checklists for all foreign sales to ensure that there is no transshipment or red flags that could lead to a violation. OFAC has country-specific regulations as well as lists of entities that U.S. persons cannot do business with. The country-specific programs range from outright sales prohibitions (to which there are a few exceptions) such as Iran and Cuba to programs prohibiting sales that aim to benefit specifically named parties or immediate family members of Charles Taylor in Liberia.

Companies that are in businesses remotely related to the defense industry and all companies that deal in high technology products should have a policy to determine whether new products and services are subject to export controls as soon as they are developed. It should be the responsibility of technical personnel to provide as much information as possible about new products to compliance officers or export attorneys, who should check the information against the relevant lists of controlled items.  If a company cannot “self-classify” a product, it should seek assistance of outside counsel or request a binding ruling from the government regarding classification and/or licensing requirements as exports are, in some case, country specific. Of course logistics and shipping department employees must have policies to prevent exports in violation of licensing regulations and OFAC embargo/sanctions laws. Again, checklists and procedure flow charts can be used, and compliance officers can be consulted when red flags are raised based on the product itself or the destination.

Training programs for compliance with general defense and dual use export controls should concentrate on identification of the sorts of things that are controlled, focusing on those that are less obvious. Companies with any involvement in aviation should highlight the prohibition on exports of night vision equipment and night vision compatible lighting. Defense contractors should ensure that technical employees responsible for servicing products are aware that maintenance itself can be controlled and that there are license and notification requirements enforced by Customs and the State Department for temporary importation of controlled articles, even from Canada.

When is the Transfer of Technology in the U.S. an Export?

Finally, all companies must be cognizant of the deemed export rules. If a company transfers controlled technology to a foreign person in the United States, that is a deemed export. If the item related to the technology requires a license for export to the foreign person's country, the transfer of the technology to the foreign person in the U.S. also may require a license. A company must have an understanding of these requirements as they relate to their business and to any temporary or third party employees at their facilities. Such compliance must be coordinated with the human resources department because of a new licensing requirement for

U.S. companies that employ certain foreign workers. Companies with foreign workers who are in the U.S. under visa categories H-1B, L-1 and O-1A must certify in the company's immigration documents that the human resources manager has read the International Traffic in Arms Regulations (ITAR) and the Export Administration Regulations (EAR) and has determined whether an export license is needed. Such decisions must be documented as part of a company's compliance program.

Empower Managers and Compliance Officers for a Robust Compliance Program

Compliance programs are most effective when they are narrowly tailored for each type of legal risk and prepared for a specific group or type of employees, such as the sales team, and are implemented enthusiastically by empowered compliance officers and management. In designing compliance programs to address foreign bribery, export controls, and other areas of legal risk, companies should focus not on the aesthetics of the overall compliance manual or program but on how useable the actual procedures will be for its employees to understand and incorporate such procedures into their daily job functions.