Most people familiar with the Foreign Corrupt Practices Act know of it as an anti-bribery law that imposes stiff penalties for companies that bribe foreign officials. Far fewer focus on the companion provision of the law that requires companies to maintain a system of internal controls that help detect and deter improper payments. Perhaps this oversight happens because, absent a bribe payment or other primary violation, it is unusual for companies to be penalized for failing to implement these internal controls. As a result, many companies don’t identify and consider the effectiveness of operational and financial reporting controls that are relevant to corruption prevention; and in the process fail to benefit from their considerable power in promoting compliance and identifying potential issues early.
Consider the case of Sunny, an accounts payable clerk for the China-based operations of a global healthcare company. She receives an urgent payment request via email from the VP of sales. The payment requested is for consulting services related to government-regulated testing of the company’s equipment. Attached to the email is a contract executed two weeks earlier with the owner of the consulting vendor, an independent laboratory, and an invoice for RMB 74,000 (approximately USD 12,000) for consulting services. The body of the email includes the necessary banking details for paying the laboratory.