Rethinking Corporate Compliance Programs: Do They Make Sense in Every Country?

Before I went to law school, I worked as a former compliance professional for a publicly traded Fortune 500 company in the Oil & Gas industry. That company, based in the U.S., dedicated extensive resources to create a robust compliance program, and I was just one proud part of that effort. The company’s focus far exceeded rooting out the causes of an FCPA (Foreign Corrupt Practices Act) claim spawned by the actions of a foreign subsidiary. In fact, I would argue the company’s compliance program and its aims are largely consistent with most multinational corporations that have adopted ESG standards.[1]

This article takes a bit of a contrarian position. My experience as compliance professional and working in Latin America has led me to believe that compliance programs are only as good as the consequences of failure. In the developed world where the FCPA, the UK Anti-Bribery Act, the French SAPIN-II, and the anti-bribery provisions of the German StGB govern corporate conduct, rigorous enforcement drives companies to implement compliance programs. Companies in other parts of the world, however, often lack the same motivation. For the reasons stated below, I conclude that corporate compliance programs cannot be effectively replicated in countries playing by different rules and compliance programs merely become feeble administrative tasks to enable a due diligence defense in the event of an action brought against the home office.

There is no single definition of a compliance program. For present purposes, I would define it as a system of internal controls a company implements to ensure that its employees and external business partners comply with applicable laws and regulations. These controls usually occur as a mix of reporting and accountability, training, and anonymous ethics hotlines. Companies create compliance programs to avoid government sanctions, to protect and perhaps strengthen image and brand, and to encourage ethical behavior.

Leading compliance practices obtain buy-in from management, make periodic risk assessments, draft and enforce clear policy, train personnel, and monitor compliance. While domestic compliance programs vary widely by industry, compliance programs for foreign subsidiaries typically focus on anti-corruption/anti-bribery. This is economically coherent, as these areas are usually the source of substantial fines and penalties.[2]

In the U.S. (my home country), two government agencies, the Department of Justice and the Securities and Exchange Commission rigorously enforce the FCPA and have levied heavy fines against corporate wrongdoers. Last year, the DOJ fined 12 companies for FCPA violations for a total USD $6.4 billion. In Argentina (my current country of residence), various slaps of Washington’s long-arm statutes have been felt in Buenos Aires and elsewhere around the world. In 2011, the DOJ brought enforcement actions against Tenaris, a subsidiary of an Argentine multinational company, and imposed a fine of USD $3.5 million (in addition to a settlement payment to the SEC of $5.4 million ) for bribes paid to increase sales in Uzbekistan.[3]

Local law often pursues goals of combating anti-bribery and corruption. Unfortunately, these goals largely emerge from a desire to punish corrupt government officials. Little is often found in the law—particularly criminal law—to punish those acting only in the public sector. Returning to Argentina, the Corporate Liability Act of 2018 (Law No. 27,401) mandates compliance programs only for government contractors. The anti-bribery statute (Section 258 of the Penal Code) is similarly myopic. These statutes impose criminal liability on corporations and their directors but only when the illicit conduct involves public officials.

Even when the Corporate Liability Act gives the government authority to prosecute and punish corporate citizens and their managers for corrupt acts against the State, the Argentine government has been reluctant to do so. Corruption cases face long delays and slow investigations. OECD’s 2019 report found that of the eight foreign bribery cases mentioned in its 2017 report on Argentina, seven had still not arrived at the indictment or trial stages.[4] Thus, local companies (aside from government contractors) have little incentive to implement compliance programs.

Domestic companies typically create compliance programs to either comply with local legislation or to avoid exposure to overseas enforcement actions. Without fear of enforcement, purely domestic companies in a foreign country are not forced to dedicate substantial resources to fund and staff compliance programs. One could argue that international players, forced to devote substantial time and resources on compliance efforts, suffer a competitive disadvantage compared to local companies. Nonetheless, foreign corporate persons may choose to implement a compliance program because they conduct substantial business in overseas markets and are often pressured to do so to successfully compete in those markets.

For multinational subsidiaries operating in a local market, the incentives are different. Corporate culture or legal obligations require the local sub to concern itself with compliance measures to avoid exposing entities or individuals in the same corporate family.

While implementing a compliance program is oftentimes essential for multinational subsidiaries and local companies conducting business abroad, it probably does not make sense for a purely domestic company operating in a country that is unlikely to prosecute unethical conduct. Until the failure to self-police by adopting a compliance program becomes consequential, these domestic companies will continue to simply “check the box” as cosmetically necessary.

[1] ESG is shorthand for Environmental, Social, and Governance. ESG endeavors to take a socially responsible approach to compliance by ensuring that companies conduct themselves ethically in these three areas.

[2] For example, both United States and German authorities sanctioned the multinational company, Siemens, for paying bribes in Argentina and multiple other countries. As a result, Siemens paid USD $450 million in a settlement with the U.S. Department of Justice (DOJ) and €395 million in a settlement with the German authorities.

[3] Recent FCPA enforcement actions involving Argentina include LAN Airlines (2016), Olympus (2016), Dallas Airmotive (2014), Ralph Lauren (2013), and Biomet (2012).

[4] Enforcement actions are largely ineffective. According to one of Argentina’s leading daily newspapers (La Nacion), only 8% percent of all corruption cases over the past 20 years have reached judgment or verdict. Since Argentina joined the OECD Anti-Bribery Convention in 2000, there has not been a single international bribery conviction. [Marcelo Octavio de Jesús, Un Termómetro Descompuesto Para Medir la Corrupción, La Ley, Nov. 11, 2021, at 9.]