I have always loved to compete in sports, even though I have been consistently mediocre. In contrast, I like to watch sports because I like watching the Greatest Of All Time—a.k.a. the “GOAT.”
People will always debate about the GOAT in each sport. Tom Brady, with seven Super Bowl victories, is a great candidate for football. Serena Williams has won 23 major singles titles, dominating women’s tennis for the last two decades. My personal all-time favorite is Earvin “Magic” Johnson, who won five NBA titles in basketball in the 1980s. Each checked many boxes: they had great technique and intangibles, worked to improve aspects of their craft in the off-season, and had solid overall game IQ. All have at least one thing in common: results. They won—a lot—at the highest levels of their respective sports.
What about the gold standard in anti-bribery/anti-corruption (ABAC) compliance programs? What makes a program the GOAT? Whatever the U.S. Department of Justice (DOJ) and Securities and Exchange Commission (SEC) demand of companies? The DOJ/SEC guidance in the last decade should be part of every compliance program because, as we will explore, it sets a standard. However, continuous monitoring—which includes regularly conducting third-party audits—is also necessary for GOAT status and, more importantly, to detect and prevent corrupt activity.
What are the regulatory demands?
The DOJ/SEC, for the last decade, has supplied several guidance documents, including A Resource Guide to the U.S. Foreign Corrupt Practices Act which details what it expects in corporations’ ABAC compliance programs. They expect that a compliance program is well-designed, in good faith, and uses continuous monitoring. They also set forth the following statement:
“Third, companies should undertake some form of ongoing monitoring of third-party relationships. Where appropriate, this may include updating due diligence periodically, exercising audit rights, providing periodic training, and requesting annual compliance certifications by the third party.”[1]
Compliance officers might push back and claim, “Well, this is just guidance.”
However, take this random selection of DOJ enforcement actions against 20 companies from the DOJ website in the last five years (2017–2022)—there is no statistical significance in my selection—and review specific points from indictments, information documents, and DOJ press releases (see Figure 1).[2]
None of the 20 companies (I did not look at individuals charged) voluntarily disclosed their bribery issues. There could be many reasons the 20 did not: counsel may have recommended that they not reveal, the entity did not believe they would be discovered, the compliance program did not include continuous monitoring, or the compliance program did not catch the issue when it occurred. Regardless, not voluntarily disclosing the bribery issues appears to have cost the offenders in the penalty assessment phase.
Seventeen out of 20 (85%) enforcement actions involve bribes being funneled through a third-party intermediary (TPI). The DOJ assigned 13 entities (65%) a monitor, meaning the DOJ had no confidence that the entity’s compliance program was adequately equipped going forward. An entity being assigned a monitor is equivalent to the “death penalty” in NCAA sports. The company must pay the monitor to micro-analyze the development or enhancement of the compliance program over several years. Monitors are usually legal or consulting firms with substantial billable rates.
Five of the randomly chosen companies were repeat offenders. At least three had three or more offenses.
Based on this back-of-the-envelope analysis, TPIs often participate in corrupt activity and, overall, inadequately designed compliance programs by the offenders are evidenced. DOJ shows no signs of slowing down—nor are the trends deviating from assigning costly monitorships. Compliance officers should take heed to ensure their program’s integrity and focus on the highest risks.
