Walmart settled with the Securities and Exchange Commission (SEC) and the Department of Justice (DOJ) last month related to violations of the SEC Act of 1934. The violations involved both the books and records requirements and the internal control obligations under the FCPA (Foreign Corrupt Practices Act).
Those violations stemmed from incidences that occurred in 2011. As part of the settlement, there is a follow-up period by the Commission of nearly two years and payment of more than $130 million.
Foreign Corrupt Practices Act (FCPA)
The FCPA was initially enacted in 1977 as a result of the Watergate scandal. With the amendments legislated in the late 1990s, the anti-bribery provisions apply to all U.S. persons and certain foreign issuers of securities. Basically, the Act says you can’t pay someone (bribe) to solicit business. Additionally, the FCPA requires entities with listed securities within the United States to comply with certain accounting provisions, including keeping adequate books and records and, designing and maintaining an internal control system that operates effectively.
Internal Control Objective
One of the objectives of internal control, according to the COSO framework, is compliance with applicable laws and regulations. The establishment and assessment of the design and effectiveness of internal control is the responsibility of management and the board of directors. The accounting provisions in the FCPA provide the bulk of the support in most accounting fraud and issuer disclosure cases brought by the SEC and the DOJ, so compliance is key for all entities.
Issues and Best Practices of Compliance Programs
The SEC and the DOJ have jointly issued a resource guide to the FCPA with a wealth of information in this arena. Since there is no statute of limitations on criminal actions under the accounting provisions (you might have noticed that the Walmart case dates back a while), the reach for reparations is long and deep for noncompliance. Bribes aren’t usually noted as such in the accounting books and records, so the Guide provides some examples. Auditors will notice that a lot of these are areas frequently considered high risk. The list includes transactions involving:
- Commissions or Royalties
- Travel and Entertainment Expenses
- Intercompany Accounts
- Supplier/Vendor Payments
Keeping in compliance with regulations in recent years has given rise to Chief Compliance Officers and whole programs looking to mitigate risks an organization may face. An effective compliance program is one of the things the DOJ considers when making a prosecution determination, so entities are well-served by having one. Effective compliance programs, like effective audit plans, are tailored to the entity. Typically, those programs include the following:
- Strong, ethical tone at the top level of management with a clear anti-corruption policy
- Clear, concise Code of Conduct available to all employees that is reviewed and updated regularly
- Oversight by senior management of the program and autonomy from management
- Assessment of risk, continual training and advice as well as positive incentives contributing to compliance and disciplinary measures for violations
- Third-party due diligence and monitoring, including payments received
Note that changes to the entity in markets, personnel, or acquisitions may increase the risk of a violation and would trigger a review of policies and procedures.