Anti-bribery law demands vigilance.

• Author: Cannon, Matt
• Position: Ethics Corner

November marked the one-year anniversary of the release of the resource guide to the Foreign Corrupt Practices Act, and should serve to remind all defense contractors of the critical importance of keeping their compliance program current and effective.

While not binding, the guide provides insight into the Department of Justice and Securities and Exchange Commission's views on the act's enforcement. Jeffrey Knox, principal deputy chief of Justice's fraud section, said at a conference after its release that officials will act consistently with the guide, and that it should be treated similarly to the U.S. attorneys' manual.

With that in mind, one sentence from the guide is of paramount importance: "In appropriate circumstances, DoJ and SEC may decline to pursue charges against a company based on the company's effective compliance program."

Without an effective compliance program, enforcement agencies are more likely to pursue charges when violations occur. Key to any effective program is constant, ongoing assessment of specific risks and participants. This includes maintaining constant vigilance to ensure that every practicable step has been taken and is tailored to prevent infractions, and to flush out those that inevitably occur.

When violations surface, the enforcement agencies want to know if the incident was aberrational, or whether it was the result of a halfhearted or haphazard compliance program.

Here are some key areas that should be assessed in reviewing an FCPA compliance program.

First, one size does not fit all. It is clear in the guide that cookie-cutter compliance programs are generally ill conceived and ineffective because resources inevitably are spread too thin, with too much focus on low-risk markets and transactions to the detriment of high-risk areas.

There is no such thing as a universal anti-corruption compliance program. For example, the compliance policies for doing business in Europe or the Americas may not necessarily be directly applied in sub-Saharan Africa, and vice versa.

Sound policies must be developed, tailored and carefully adapted to each market or line of business, and even different regions within a business. Companies should always assess changes in their practices that may have an impact on a compliance program.

Has the company expanded into emerging markets? Has the company acquired other companies in risk areas? If so, make sure that the compliance program has taken these new risk areas into...