If you are a Russian company that is subject to the U.S. Foreign Corrupt Practices Act (FCPA) or U.K. Bribery Act (BA), now is an excellent time to switch from being merely FCPA or BA-curious to FCPA or BA-compliant.
There are a number of solid reasons for this. On the one hand there is the increased level of FCPA enforcement with an almost exponentially growing number of staff at the U.S. Department of Justice (DoJ) looking at Russia ever more closely. On the other hand, as if this were not enough, beginning this summer companies and individuals alike must now also contend with BA enforcement.
What does being compliant mean? It certainly does not mean you should attempt to structure business operations to avoid these two laws. The laws are statutes with long-arm jurisdictions and, as such, cast their nets far and wide. This means that, if you are an international company with a presence and/or a public listing in the United States and the United Kingdom, it is more likely than not that both the FCPA and the BA will apply to you. Furthermore, I would not trust the statement in the Official Guidance to the Bribery Act that a listing by itself will not constitute carrying out business or part of business in the United Kingdom. Instead, I would urge following what the SFO has said, which is that a listing by itself may be just enough to trigger BA jurisdiction.
Being compliant means you should have a proper compliance program in place. It is as "simple" as that.
Your compliance program should cover both the FCPA and BA. Careful analysis and review of existing enforcement practice indicate that, despite textual differences, the two laws are about similar prohibitions. For instance, it is true that the BA does not contain an exception for facilitation or "grease" payments, whereas the FCPA does. Note, however, that U.S. enforcement has rendered this FCPA exception practically obsolete. Commercial bribery is another example. The BA expressly prohibits commercial bribery, whereas the FCPA does not. Nevertheless, the DoJ has charged companies for commercial bribery in the past under the so-called books and records provisions of the FCPA, and with the help of jurisdictional mechanisms available under the U.S. Travel Act.
Your compliance should also incorporate the specifics of Russian laws and regulations. This is doable but not easy. A case in point is the recent Novo Nordisk settlement touted by the Russian Federal Anti-Monopoly Service (FAS) as a blended solution that addresses both Russian competition and FCPA enforcement concerns. FAS would go on to label the settlement as the "standard" that could and should apply to similar cases going forward. The problem is that the way the "standard" has been interpreted by FAS may introduce discord into the risk identification-response dynamic within your program. That in turn may not leave room for viable FCPA compliance.
This brings us to the last important point: efficiency. One of the questions I am most commonly asked when I help companies build compliance is: When or how do I know that my anti-corruption compliance program is effective and fully operational? Is there a bright-line rule? The answer is simple: No. There are no bright lines in compliance. However, if you are an experienced compliance professional, you will know that you have viable compliance when you are able to manage the information flow and available response mechanisms. In other words, if 1) your downstream information reaches target staff and parties, 2) your upstream information flow provides you with a full picture (without gaps and blind spots) concerning risk identification and analysis, and 3) your response to upstream information triggers requisite actions by all of the responsible staff involved, then it is more likely than not that you have built an effective compliance program that informs your company's day-to-day operations.
By doing this, you have far fewer reasons to worry about your company being subject to FCPA and BA jurisdictions.