Today, if we were to ask a number of large companies and multinationals with operations in Guatemala whether they have a corporate compliance program, the majority answer would be yes. But the reality is that having an anti-corruption policy on paper is not enough.
It is necessary that the policy that seeks to establish controls to prevent fraud or crime within an organization incorporates mechanisms to ensure its implementation and effectiveness. Otherwise, both the company and its managers will be exposed to various risks, including potential criminal liability.
Let's look at a couple of examples where the lack of implementation of robust anti-corruption policies, or their internal non-compliance, served as a legal argument in disputes that had a high economic and reputational cost for different companies.
In January 2018, a Guatemalan judge concluded that there was sufficient evidence to investigate senior executives of a trading company for tax fraud and money laundering. Among the evidence presented by the Attorney General's Office (AGO) were the internal policies for contracting suppliers and the organization's own know your client (KYC) certifications.
The Attorney General's Office filed criminal charges against the company, arguing that it violated its own internal anti-corruption policies. According to the AGO, the company did business with ghost companies that issued fake invoices, resulting in a tax fraud of Q1 billion (approximately US$129.5 million).
Fast forward to December 3, 2020, when the US Department of Justice (DOJ) announced the settlement with a consortium of energy trading companies for the payment of US$135 million for violations of the Foreign Corrupt Practices Act (FCPA). This followed an investigation that found that the company bribed officials in Brazil, Ecuador and Mexico to improperly obtain state contracts.
Specifically, the companies agreed with the DOJ to improve their compliance programs to ensure effective systems of accounting controls. To do so, they had to adopt new internal processes and a rigorous anti-corruption policy that addressed issues such as gifts, client travel, political contributions, charitable donations and sponsorships, bribery and extortion, among others.
In the Guatemalan case, the authorities used the internal compliance programs as evidence against the company, while in the United States they used these policies to reach an agreement with the authorities and prevent future recidivism.
As we can see, in both examples, compliance programs played the opposite role to what was expected. Instead of mitigating risks for the companies, their poor design and incorrect implementation generated economic costs and a significant blow to their reputation, which could result in a loss of trust among clients, shareholders, employees and regulatory authorities.
Best Practice Recommendations
To avoid scenarios such as the ones we have just seen, it is important to adopt new strategies within compliance programs that facilitate their application, improve their effectiveness and fulfill their purpose of managing and mitigating risks.
A review of the DOJ's Evaluation of Corporate Compliance Programs Policy shows that the adequacy and effectiveness of these programs play an important role in the prosecution's consideration of charges and penalties. Even if the program fails to fully prevent a crime from being committed, it can help reduce legal liability if it is able to adequately respond to the situation.
Taking into account the above, there are some actions that every company should consider when strengthening its internal controls and creating its corporate compliance programs:
- Implement comprehensive compliance programs, both proactive and reactive.
- Establish effective policies to ensure rigorous due diligence with suppliers and external customers, train employees and draft clear codes of conduct.
- Designate specific personnel to monitor compliance issues.
- Report on the results of current programs and communicate them clearly to shareholders, decision-makers and authorities, if applicable.
- Establish independent channels for reporting or whistleblowing.
- Respond to reported violations.
- Periodically update and modify current programs.
If you have any questions about the design or review of your current compliance programs, policies and internal frameworks, please do not hesitate to contact us.
