Doing Business Abroad: The "Must Haves" of Your Corporate Compliance Program

Nov 28, 2018

By Doreen Edelman and Andrew Bisbas

As your company grows and expands into new international markets, focusing on reducing legal risks when exporting or selling overseas can save you headaches. The key is a robust compliance program that outlines your company's policy as well as various internal procedures to implement the policy and a solid set of documents to prove compliance activities at all levels.

A Compliance Policy Is Nothing Without Procedures

Your corporate policy should state that it is each employee's responsibility to be vigilant in identifying and reporting potential violations and should clearly state the name of the compliance officer in charge of the program's implementation.  Along with a copy of the policy, your company should provide all new employees, agents, partners, and distributors with a certification to sign and a questionnaire to complete to ensure that they understand the policy and to identify any red flags. (To give force to such documents, include indemnification language and appropriate dispute resolution provisions in your contracts.)

Also, internal forms and standard form contracts offer opportunities to include compliance verification mechanisms in existing procedures and to regularly remind employees of their compliance obligations. For example, a form that your business development manager completes to report the engagement of a new agent abroad can include answers to questions intended to elicit red flags for bribery. A form contract for the sale of software can require your distributor to agree that it is not in violation of and will not violate any U.S. export control laws.

Tone at the Top: Enthusiasm Goes a Long Way

The crucial and most often neglected element of a compliance program is the human element. The successful implementation of your company's compliance program ultimately depends on the subjective intent of the board of directors, officers and senior management because their attitude trickles down to all employees. All policy documents should plainly articulate management's commitment to prioritizing compliance and reiterate that all employees at all levels of the organization are expected to comply with all applicable laws. Tone at the top is the key factor to mitigate penalties.

With intergovernmental cooperation on the rise, harmonized investigations and the potential for carbon-copy prosecutions in multiple countries are quickly becoming the norm.  These beefed-up enforcement efforts have led to higher monetary penalties and even jail time for senior executives found to be in violation of Anti-Boycott, Foreign Corrupt Practices Act, and export and sanction laws.  For example, this past June, French oil and gas company Total S.A. was hit with a $398 million penalty by the U.S. government for bribing an Iranian official in exchange for help obtaining oil rights contracts for two major projects. Officials are now in the process of bringing similar charges against Total S.A. in French courts. 

To avoid such messy and expensive situations, most companies are choosing to adhere to a zero tolerance policy for any wrongdoing. Examples will help your employees know what not to do. For instance, ignoring export licensing requirements in order to fulfill a lucrative order because it "can't wait" is not consistent with company policy for employees or overseas agents. Training all employees on what not to do is crucial because it protects your company if a violation does occur.

How Not to Bribe

The most effective way to protect your company is to have and enforce a policy to vet all new agents and third parties through substantive due diligence. Step one is usually a questionnaire and background check to determine accuracy of education, credentials and work experience.  Potential agents, contractors and distributors need to disclose relationships and affiliations that will assist or could affect sales and new business. The responses are then reviewed for red flags and further due diligence to ensure that the company is protected from possible violations of U.S. and foreign law, most particularly anticorruption legislation.

Position-Specific Training

Training sessions should be tailored by job function and should cover the laws that are directly applicable to employees' specific responsibilities within the organization as well as potential violations by others that employees might be able to spot, prevent, or report through their own careful due diligence. For example, employees who have any responsibility for accounting and payment processing should learn not-so-obvious red flags related to foreign bribery such as a charitable contribution by a local representative. On the other hand, employees tasked with pulling and packaging inventory may not need training on this particular type of red flag.

All training should include procedures for reporting violations and compliance risks: teaching your employees to identify red flags is simply not enough, they need to know what to do and who to go to once such a risk has been identified. Also, all new employees as well as employees who are assigned new duties should be evaluated for compliance training needs to ensure that individuals remain responsible for compliance through employee turnover.

Between a Rock and a Hard Place

Within increasing frequency and effectiveness, prosecutors in the U.S. and elsewhere are using leniency towards cooperating witnesses to prosecute companies, their individual employees, and even foreign companies who bribe foreign government officials.  An executive caught arranging bribes to foreign officials in order to obtain business for his company now must choose between ratting out his company and co-conspirators in exchange for a brief (if any) custodial sentence in order to avoid the possibility of jail time and fines if someone else rats to the prosecutors first.

Additionally, companies are now reporting violations of competitors. One of the largest foreign bribery prosecutions, which was led by American authorities against Halliburton's Kellogg, Brown & Root and its foreign partners, began after a former executive of French partner company Technip elucidated the conduct of his former company in meetings with French prosecutors. He saw it as a sort of "we're not as bad as the competition" defense against allegations of wrongdoing at his new company.

A Regulatory Landscape in Flux:  Effectively Using Your Technical Experts

Export controls are so numerous and their application requires such a high level of technical knowledge, that compliance programs must be prepared by experts who know how to apply the law to your company's particular industry. The export lawyer must know the business well enough to determine, or to assist the in-house export officer in determining, a method for classifying products subject to the U.S. Munitions List and the Commerce Control List. Once products are classified, the lawyers can draft procedures based on the sales organization structure to ensure compliance with the export control regimes of both the State Department and the Commerce Department. 

It is particularly important to keep in mind that the President's Export Control Reform Initiative will implement classification changes in phases set to begin this fall. The goal of the Initiative is to update a system of U.S. export controls on military and civil "end items," including software, technology, and defense services that have remained largely unchanged for more than 30 years. In the long term the Initiative seeks to update the current rigid and outdated system, but the period of transition will necessitate an expert familiar with the specific classification changes and various timetables for implementation. Moreover, companies must also be aware of the additional requirements from the Treasury Department. 

The Treasury Department’s Office of Foreign Assets Control (OFAC) administers economic and trade sanction laws. The laws are constantly changing. For instance, a new general license was issued with respect to certain exports to Syria in June and additional sanctions against Iran's automotive industry were implemented in July through an executive order. Your company must be vigilant in updating employees regarding the regulatory requirements as well as training employees regarding how the sanctions laws affect their job functions.

Compliance procedures must include steps to ensure that your business doesn't inadvertently violate the regulations. A checklist before a sales transaction is approved is a good methodology. Some companies prepare such checklists for all foreign sales to ensure that there is no transshipment or red flags that could lead to a violation.  OFAC has country-specific regulations as well as lists of entities with which U.S. persons cannot do business.  The country-specific programs range from outright sales prohibitions (to which there are a few exceptions) such as Iran and Cuba, to programs prohibiting sales that aim to benefit specifically named parties or immediate family members in Liberia.

Companies that are in businesses remotely related to the defense industry and all companies that deal in high-technology products should have a policy to determine whether new products and services are subject to export controls as soon as they are developed. It should be the responsibility of technical personnel to provide as much information as possible about new products to compliance officers or export attorneys, who should check the information against the relevant lists of controlled items.

If your company cannot "self-classify" a product, you should seek assistance of outside counsel or request a binding ruling from the government regarding classification and/or licensing requirements as exports are, in some case, country specific. Of course logistics and shipping department employees must have policies to prevent exports in violation of licensing regulations and OFAC embargo/sanctions laws. Again, checklists and procedure flow charts can be used, and compliance officers can be consulted when red flags are raised based on the product itself or the destination. Training programs for compliance with general defense and dual use export controls should concentrate on identification of the sorts of things that are controlled, focusing on those that are less obvious. Companies with any involvement in aviation should highlight the prohibition on exports of night vision equipment and night vision compatible lighting. Defense contractors should ensure that technical employees responsible for servicing products are aware that maintenance itself can be controlled and that there are license and notification requirements enforced by Customs and the State Department for temporary importation of controlled articles, even from Canada.

When Is the Transfer of Technology in the U.S. an Export?

Finally, your company must be cognizant of the deemed export rules. If your company transfers controlled technology to a foreign person in the United States, that is a deemed export. If the item related to the technology requires a license for export to the foreign person’s country, the transfer of the technology to the foreign person in the U.S. also may require a license. Your company must have an understanding of these requirements as they relate to your industry and to any temporary or third-party employees at the company's facilities. You must coordinate such compliance with your human resources department because of a licensing requirement for U.S. companies that employ certain foreign workers. Companies with foreign workers who are in the U.S. under visa categories H-1B, L-1, and O-1A must certify in the company’s immigration documents that the human resources manager has read the International Traffic in Arms Regulations (ITAR) and the Export Administration Regulations (EAR) and has determined whether an export license is needed.  Such decisions must be documented as part of the company's compliance program.

Empower Your Managers and Compliance Officers

Compliance programs are most effective when they are narrowly tailored for each type of legal risk and prepared for a specific group or type of employee, such as the sales team, and are implemented enthusiastically by empowered compliance officers and management.

In designing compliance programs to address foreign bribery, export controls, and other areas of legal risk, companies should focus not on the aesthetics of the overall compliance manual or program but on how useable the actual procedures will be for its employees to understand and incorporate such procedures into their daily job functions.

About The Author(s)

Doreen M. Edelman is a shareholder in Baker Donelson Bearman Caldwell & Berkowitz PC's Washington, D.C., office and co-leader of the firm's global business team. She has more than 20 years of experience counseling companies on import and export matters and global expansion. She advises clients on their export, import and compliance obligations related to defense articles, services, and technologies and dual-use goods and technologies through the Bureau of Industry and Security of the U.S. Department of Commerce, the Directorate of Defense Controls of the U.S. Department of State, and the Office of Foreign Assets Control of the U.S. Department of Treasury.

Andrew Bisbas is a law clerk in Baker Donelson's Washington, D.C., office.