Personal finance guru and motivational speaker Dave Ramsey is known to say that “every dollar has a name” when advising audiences on how best to manage their money. This maxim holds true for companies seeking to comply with the FCPA as well. By implementing controls that help ensure that each company dollar is assigned a name, that its destination is recorded with a degree of specificity, companies reduce foreign bribery risks.
Take the problem of sham third party contracts for example. Like the problem of phantom vendors (discussed previously by FCPAméricas), sham contracts present perpetual FCPA risk for companies in Latin America. How do they work? Companies, or their employees, create phony written agreements with third parties, perhaps a consultant or outside vendor. The company makes payments to the third party for purported goods or services. In reality, the entity provides no legitimate services, or not at the level to justify the compensation. The rest of the money is used to bribe foreign officials on the company’s behalf to achieve some business advantage, thereby violating the FCPA. Schemes like these were seen in cases like Siemens Argentina, where the company’s consulting contract with the Argentine Consulting Group involved no legitimate services and lay at the root of the bribery scheme.
What kind of controls can companies implement to minimize the risk that their employees will set up sham contracts to facilitate bribery? We asked anti-corruption forensic accountant David Wolfe to provide his insights:
Set Up Systems. Pre-set processes, like vendor approval mechanisms, help reduce the possibility that a third party will be paid based on a sham contract. Vendor approvals require a second, and sometimes a third, set of eyes to review the agreement and assess its legitimacy before the relationship begins. By requiring computer databases to be populated with this information, companies ensure that various aspects of the arrangement have been vetted. Pre-approved vendor lists give businesses a degree of comfort that relationships are legitimate. Similarly, purchase order systems force companies to consider with whom they are dealing and what they are purchasing.
Moreover, when companies create budgets up-front that anticipate expenses, and when they pre-approve these expenses, they establish more control over dollars spent. Contracts that arise outside of the pre-approved plan can be scrutinized more closely.
Key to such controls is segregation of duties and transparency. When various actors are involved, and when contract formation is done openly, it is harder to execute illicit arrangements. The level of detail of controls will depend on the size of the company – it is often difficult for smaller companies to achieve the same standards as those of large multinationals. But the fundamental principles can be the same.
Verify. Companies should verify that third parties are doing what they say they are doing pursuant to their contracts. This means ensuring they provide backup documentation with their invoices, and reviewing the documentation. It means keeping an eye out for fraudulent documentation, such as fake invoices or bogus line items. These are the types of problems seen in cases like Ralph Lauren Corporation in Argentina and Willbros International in Bolivia.
Track and Monitor. Payments made pursuant to third party contracts must be closely archived in a company’s books and records with specific budget codes that signify the types of goods and services at issue. Records should be made and updated in real time, while the expenses are occurring. Accurate books and records position the company to monitor contracts for potential problems. They can review contracts based on amounts paid to vendors, the location of the vendors, and what they are doing. Testing might pay particular attention to contracts for periodic services, where it is sometimes easier for fraud to hide. They might look closely at contracts that deal with intangibles, as opposed to physical goods. Such contracts might be subject to fewer pre-existing controls, like inventory logs.