Subscribe to access world-class global resources and education: Subscribe
Subscribe to access world-class global resources and education: Subscribe



Global Payroll Must Take a Role in FCPA Compliance

By Tom Fox

In July 2018, Credit Suisse Group AG (CSAG) and Credit Suisse (Hong Kong) (CSHK) Limited settled a Foreign Corrupt Practices Act (FCPA) enforcement action for just over $77 million for the illegal hiring of family members and close personal friends of Chinese government employees and employees in Chinese state-owned enterprises (SOEs).

CSHK obtained a Non-Prosecution Agreement (NPA) from the U.S. Department of Justice (DOJ), and CSAG entered into an agreed Cease and Desist Order with the U.S. Securities and Exchange Commission (SEC). Collectively, they paid a criminal fine to the DOJ in the amount of $47 million and disgorgement to the SEC in the amount of $24.9 million with interest of $4.8 million, for a total to the SEC of $29.7 million.

This FCPA enforcement action was the fourth in a line stretching back to the summer of 2015, when corporate hiring practices came under such scrutiny. The prior enforcement actions involved NYB Mellon, Qualcomm, and most notably, JPMorgan. Taken together, all four of these enforcement actions drive home the clear message that human resources (HR) must not only be involved in your compliance program but that policies, procedures, and internal controls around hiring, which have traditionally been considered solely the purview of HR, have implications for FCPA compliance going forward.

This means that hiring procedures, including all steps such as interviews, background or due diligence checks, and job offers, must not be outside the normal parameters. If there is an exception made, there must be a legitimate business exception articulated in writing. Finally, all of this must be done with an auditable trail, so that if a regulator ever does come knocking at your door, you will be able to document your compliance with your company’s internal requirements.

The obvious starting point for any hiring of a close family member of a foreign governmental official is whether the candidate is qualified for the position. If not, it is “full stop” at that point. In the case of Credit Suisse, there was no evidence any of the candidates had the academic background, academic credentials, leadership traits, or intangible skills to meet the bank’s normal internship hiring criteria.

As with any other anomaly granted in a company’s normal process, there must be a documented reason for the exception, a review by an appropriate authority of the exception, and documentation as to why the exception was granted. None of these steps were present in this matter. Put another way, if you are hiring a family member or close relative of a foreign official for any reason other than merit, it had better be a darn good one and well-documented as to your decision-making calculus with appropriate senior management oversight.

But your risk management does not stop simply with the hiring process. If the foreign governmental official is the person who made the request for the hiring of the family member, this is a red flag not to be overlooked. Your analysis needs to be on the role of that foreign governmental official in awarding new business to your company or in retaining old business. If the foreign governmental official has direct or even strong indirect control over such business relation, this may present a conflict of interest and may be a risk you cannot manage. A good rule of thumb here is whether there is full transparency in the hiring with the foreign government involved with your company. That is a clear sign transparency is lacking and someone, somewhere is engaging in unethical conduct, if not breaking the law.

Finally, if you do decide to move forward and hire a close family member, you need to assign that new hire to work not associated with the business relationship between your company and the foreign government involved. Just as in the lifecycle of third-party management, managing the relationship after a contract is inked is in many ways the most critical element. The same is true in the employment relationship involving close family members of foreign officials.

The Role of Global Payroll

Global payroll plays a part in this HR role as well. In the BNY enforcement action, the sons and nephew of the foreign officials were paid at a higher rate than other interns. While the decision to grant such an exception may not lie with global payroll, global payroll does have a role in the compliance internal control process. Questions that may arise include:

  • If a hiring candidate is based outside the normal range for a position, is there a business justification for the exception?
  • Has the exception been approved by all responsible parties, including HR, operations, and—if the candidate is the family member of a foreign government official—by the corporate compliance function?
  • Are all internal controls subject to review by global payroll?
  • Are all of these approvals documented so that global payroll has access to the information in the form of an audit trail?

Ultimately, you need to have internal controls to ensure effective compliance going forward. You cannot have customer relationship managers making the calls on hiring that override the HR procedures. There must not only be an HR review, but also mechanisms to flag for compliance review for such hires. Lastly, there needs to be sufficient senior management oversight because this is such a high-risk proposition.

Here are three questions that should be used to analyze the hiring of family members of a foreign official or SOEs. They can also be installed as internal controls. The questions are:

  1. Does the candidate meet your firm’s hiring criteria?
  2. Did the foreign official whose family member you are considering for hire demand or even suggest your company hire the candidate?
  3. Has the foreign official made or will make a decision that will benefit your company?

Global Payroll—Part of an Integrated Set of Controls

If the answer to the first question is “no” and the second two “yes,” you may well be in a high-risk area for violating the FCPA. You should investigate the matter quite thoroughly and carefully. Finally, whatever you do, document your entire investigation—both the findings and the conclusions. Furthermore, these questions can be set up as internal controls. This is another example of how a company can operationalize compliance and burn it into the fabric and DNA of an organization. Additionally, it provides another level of oversight or “a second set of eyes” on the hiring process around hires that are high-risk under the FCPA. 

While hiring decisions may not appear at first glance to impact global payroll, an effective anti-corruption compliance program incorporates all corporate disciplines in an integrated set of internal controls that work to prevent and detect exceptions or issues from becoming full legal violations. The role of global payroll is critical in any best practices compliance program.

Do you like our content? Join the GPMI community to get free education and articles straight to your inbox! 


Tom Fox is the Compliance Evangelist®. He has practiced law in Houston for 35 years. He was most recently the General Counsel at Drilling Controls, Inc., a worldwide oilfield manufacturing and services company. He is now one of the country’s leading experts on the Foreign Corrupt Practices Act (FCPA), business leadership, and compliance and ethics. Fox is the author of 15 books on business leadership, compliance and ethics, and corporate governance, as well as a series called Fox on Compliance. Fox writes and speaks across the globe on compliance programs. Fox leads the social media discussion on compliance with his award-winning blog, The FCPA Compliance and Ethics Blog, and is the founder of the Compliance Podcast Network.