We have been preaching the obvious return on investment associated with effective internal controls for years, normally in response to news of some company that failed to make an internal control investment and ended-up paying far more in settlement costs than it would have invested. It’s a nice change of pace to be able to tell the story of a company that did make an investment in internal controls and employee training, and saw a return in that investment in the form of reduced liability for violating the Foreign Corrupt Practices Act (FCPA).

Good show, FLIR.

FLIR Systems, Inc. designs, develops, manufactures, markets, and distributes thermal imaging systems, visible-light imaging systems, locator systems, measurement and diagnostic systems, and advanced threat detection systems. Founded in 1978, the company (headquartered in Portland, Oregon) has grown and now has about $1.5 billion in annual revenue, generated by sales to both the U.S. Government and commercial entities around the world.

Because of its global sales, FLIR invested in employee training regarding the requirements of the FCPA. It also invested in internal reviews of its global sales offices, reviews that sought to identify potentially corrupt payments. Because of those investments, FLIR was not held liable (at least so far) when two of its employees made bribes and offered gratuities to five officials of the Saudi government.

The story is told in this SEC press release. We’ll summarize it below.

Two FLIR employees, Timms and Ramahi, negotiated sales with the Saudi government out of FLIR’s Dubai office. They provided “expensive luxury watches” reportedly worth US$7,000 to the five government officials who were negotiating a couple of deals. As the SEC press release reported—

A few months later, they arranged for key officials, including two who received watches, to embark on what Timms referred to as a ‘world tour’ of personal travel before and after they visited FLIR’s Boston facilities for a factory equipment inspection that was a key condition to fulfillment of the contract. The officials traveled for 20 nights with stops in Casablanca, Paris, Dubai, Beirut, and New York City. There was no business purpose for the stops outside of Boston, and the airfare and hotel accommodations were paid for by FLIR.

Importantly, FLIR’s Finance Department caught the expenses during a review. In response to inquiries, the two men created a fake invoice showing a lower value for the watches, and persuaded a “local third-party agent” to back-up their story about an expense report mistake. They also “falsely claimed that FLIR’s payment for the world tour had been a billing mistake by FLIR’s travel agent, and again used false documentation and FLIR’s third-party agent to bolster their cover-up efforts.”

The SEC also noted that FLIR had provided the two men with FCPA training that taught them the rules and, had they complied with their training, the violations would not have occurred. The company’s training and internal reviews, combined with the employees’ response to the company’s inquiries, apparently created the perception that the company played no role in the violations, and was more victim than perpetrator.

Thus, while Timms and Ramahi were found by the SEC to have violated the anti-bribery, and the internal controls and false records provisions, the company was not found liable. Indeed, the SEC reported that “Timms and Ramahi caused FLIR’s violations of the books and records provisions of Section 13(b)(2)(A) of the [Securities] Exchange Act.” [Emphasis added.] Each employee was fined for his role in the violations; the company was not sanctioned.

This is a good story. It’s the story of a company who tried to do the right thing. It’s the story of a company that invested in employee training and in internal controls designed to detect corrupt activity. Because it invested wisely, the company’s financial impact from the FCPA violations was minimized. As a matter of fact, the company was not even identified by name in the SEC press release. Instead, it was identified as a “defense contractor” and it took us a Google search to identify which defense contractor it was. The company’s brand remained relatively unscathed, even though its employees engaged in a doozy of an FCPA violation.

Investments in internal controls pay for themselves many times over. You might want to give that sentence a thought or two the next time budgets are discussed.