Transcription
TODAY’S PROGRAM IS SPONSOREDBY:NAVEX Global defends your organization from legal, financial, reputational andregulatory risk. More than 95 of the Fortune 100 and 12,500 clients around the worldtrust us to power their ethics and compliance programs. A partnership with NAVEXGlobal helps you protect your people, reputation and bottom line.www.navexglobal.com
WebinarJoan Meyer (Partner, Baker McKenzie LLP,Washington, DC)Randall Stephens (VP, Advisory Services, NAVEXGlobal, Atlanta)Howard Weissman (Of Counsel, Baker McKenzieLLP, Washington DC)Recognizing and Mitigating Corruption Risks toProtect Your Business14 June 2017
Agenda1Regulatory landscape92Current enforcement environment203Major risk areas284Mitigation tactics385Key takeaways46
16 January 2017
1Regulatory landscape
Overview of anti-bribery laws Anti-bribery laws generally prohibit theoffer, promise, gift of any item of value tobring about or reward the improperperformance of a duty or function. Some anti-bribery laws also prohibit therequest, receipt or acceptance of suchitems. Signatories of the OECD Convention onCombating Bribery are required tocriminalise bribery of foreign publicofficials. Many countries also prohibit the bribing ofprivate individuals and entities. 2017 Baker & McKenzie LLP7
OverviewGlobal reach of anti-bribery laws Key pieces of legislation, such as the US Foreign Corrupt Practices Act and theUK Bribery Act, have a broad global reach and can directly penalize bothindividuals and companies. An offence under the UKBA is committed if either: any act or omission which forms part of the offence takes place in the UK; or the relevant person has a close connection with the UK – this includes being a Britishnational or British corporate, or being a resident in the UK.The FCPA contains anti-bribery and accounting provisions and applies to: US concerns issuers (publicly traded companies and their officers, directors, employees andagents) foreign persons or entities, as well as their officers, directors, employees and agentswho act in furtherance of a bribe in the US (email or money transfer will suffice) 2017 Baker & McKenzie LLP8
General principlesWhat constitutes a ‘bribe’A bribe under anti-bribery legislation coversany item of value to the recipient.This can include: Cash and cash equivalents Gifts Charitable contributions or donations In-kind services Hospitalities, e.g., lodging, hotels, airlinetickets, meals, entertainment, excursions Job offers to family members Tuition and education of children Business referrals 2017 Baker & McKenzie LLP9
General principlesWhat is meant by ‘business’ or ‘business advantage’? 2017 Baker & McKenzie LLP Obtaining, retaining or renewing a contract Obtaining regulatory approvals Preventing adverse government action Obtaining a competitor's bid Avoiding duties Reducing taxes Increasing profits10
General Principles‘Foreign public official’Some anti-bribery legislation has a particular focus or enhanced penalties for effortsto bribe foreign public officials.Typically, this is broadly defined under anti-bribery legislation and can include: Any foreign government (e.g., mayor, governor, legislator and judiciary) Any department, instrumentality, or agency of a foreign government (e.g., tax orcustoms authorities) A foreign state-owned or controlled entity (e.g. a state-owned bank or stateowned or controlled company like ARAMCO, MUBADALA, TAWAZUN) Any foreign political party and candidates for foreign office Any public international organization (e.g., World Bank) Certain members of royal families Any person who acts at the specific request, direction, or for the benefit of any ofthe aboveExtra care should be taken when dealing, directly or indirectly, with any of the above 2017 Baker & McKenzie LLP11
Comparison: FCPA vs. UKBA vs. Law no. 12,846/2013FCPAUKBABrazil s Law n. 12,846YesYesYesNoYesExtraterritorial reachYesYesYesYes, but not as broad as under underthe FCPA and UKBAFailure to keepaccurate books andrecordsYesNoSilent, but covered in certain existinglawsNoNoYes, include other acts against thePublic Administration(e.g., fraud in public tenderprocesses, bid rigging)NoYesYesYesYesNoOnly under the accounting provisionsYesfor "failure to prevent bribery"YesOther corporate"sanctions”Debarment, monitors, derivativelawsuits, etc. (applicable under otherU.S. laws and legal features)DebarmentProhibition to receive incentives,suspension, etc.Credit forcomplianceprogramsYes(U.S. Sentencing Guidelines, FCPAGuidance, etc.)Yes(can be full defense for corporateoffense of "failure to preventbribery")Yes(amount of credit not determined)Bribery of foreignpublic officialsDomestic briberyOther offensesFacilitationpaymentsCorporate criminalliabilityCorporate strictliabilityYesCredit for self(Principles of Federal Prosecution ofdisclosure / 2017 Baker & McKenzie LLP Business Organizations, FCPA Guidance,cooperationetc.)Yes, but limitedYes(under the leniency program, finescan be reduced up to 2/3 and allother sanctions can be excluded)
ISO 37001 International Standard – AntiBribery Systems
Key requirements of the standardA series of measures and controls to help prevent, detect and respond tobribery risk, among them:12Risk assessment5An anti-briberypolicy, procedures,and controls6Due diligence on projectsandbusiness associates437Investigation proceduresCommunicationand trainingGoverning body, seniorleadership, commitment,responsibilityand oversight8Monitoring and reviewCorrective actionand continual improvementSource: s/iso-37001-insights-new-anti-bribery-standard 2017 Baker & McKenzie LLP14
Implementing the standard The anti-bribery program can exist within a larger compliance program The language used is important The anti-bribery risk assessment serves as the foundation for theprogram's scope and objectives Policies, procedures and controls should be "reasonable andproportionate" to the bribery risks the organization faces Organizations must implement anti-bribery controls where there is "morethan a low risk of bribery" Emphasis on continued improvement 2017 Baker & McKenzie LLP15
ISO 37001: CertificationCertification is Voluntary Some governments areconsidering requiringISO 37001 certificationfor public contracting Some MDBs may alsorequire certification 2017 Baker & McKenzie LLPThe Certification Process Questionnaire todetermine eligibility forcertification Documentation onrequirements of ISO37001 On-site auditAdditional Points ISO 37001 certificationis valid for three years,with an annualsurveillance audit Auditors must meet37001-specific auditorcompetencyrequirements16
2Current enforcement environment
Enforcement agenciesIn the US, Department of Justice and Securitiesand Exchange Commission share enforcementauthority: DOJ has criminal enforcement authority SEC is responsible for civil enforcementover “issuers”, officers, directors, employeesand agents SEC generally enforces accountingprovisions of the FCPAIn UK, enforcement is by the Serious FraudOffice and the National Crime Agency 2017 Baker & McKenzie LLP18
Enforcement TrendsGlobal1Globalization of anti-bribery enforcement2Sharing information with other country authorities3Multiplying agencies and increased inter-agency cooperation4Proliferation of new laws5Focus on individual civil and criminal liability6Focus on effective compliance programs7Enhanced enforcement tools 2017 Baker & McKenzie LLP19
Enforcement TrendsUKEnforcementagainstindividuals “Failure toprevent” Deferredprosecutionagreements 2017 Baker & McKenzie LLPIn July 2016, four former Barclays Bank plc employees were sentenced to atotal of 17 years imprisonmentIn December 2014, four former directors were sentence to 28 years inconnection to a 23m fraudBribery Act contains an offence of a corporate failing to prevent a bribe beingpaid by an “associated person” (e.g. employee, subsidiary, agent or distributor)In the process of extending to other forms of economic crime, including taxevasion and fraudCompanies in the UK can enter into DPAs with regulators and authorities wherea prosecution is suspended provided that the corporation meets certainspecified conditions.This typically involves the payment of a financial penalty and compensation.Rolls-Royce entered into a DPA in early 2017 – this involved the payment of 497m to authorities in the UK and a further 174 to US and Brazilianauthorities.Entering into a DPA does not preclude enforcement against individuals20
Enforcement TrendsU.S. More resources for enforcement authoritiesIncreased global cooperation (sharing information, joint prosecutions)In September 2015, DOJ issued the “Yates Memorandum,” which requires DOJprosecutors to focus more on prosecuting individualsDOJ indeed has been focusing more on individuals, while the SEC continues tofocus on entitiesIn November 2015, DOJ hired a Compliance Expert, who reviews complianceprograms of companies under the DOJ investigationIn April 2016, DOJ announced the FCPA Pilot Program, which clarifies the standardsand benefits for companies who voluntarily disclose violations and cooperateExpanded charges (combining corruption charges with mail and wire fraud, moneylaundering and other criminal charges)SEC whistleblower bounty program continues to prime the pumpGreater awareness (cooperating companies, media reports)Higher expectations for compliance programs (third party due diligence, M&A duediligence, investigations of wrongdoing and remediation) 2017 Baker & McKenzie LLP21
Consequences of non-compliance Criminal charges, leading to imprisonmentand/or fines Significant civil fines and disgorgement Extradition Dawn raids and investigations byauthorities Serious harm to company reputation Shareholder lawsuits; decrease in stockvalue Internal investigation costs can beenormous. Recent examples: Walmart: 650 million in 3 years Avon: 400 million in 5 years May lose tax incentives and othergovernment benefits (potential suspensionor debarment) Extremely disruptive to business 2017 Baker & McKenzie LLPSources: The Telegraph,22
Consequences of non-compliance – U.S.SiemensAlstomKBR/HalliburtonTeva PharmaceuticalOdebrecht/BraskemOch-ZiffBAETotal S.A.VimpelcomAlcoaENI S.p.A.TechnipJPMorgan ChaseJGC CorporationEmbraerDaimlerRolls-Royce plcWeatherfordAlcatel-LucentAvon 2017 Baker & McKenzie LLP 800 772 579 519 419.8 412 400 398 397.6 384 365 338 264.4 219 205 185 170 152 137 135200820092010201120122013201420162017NB: amounts in millions23
Consequences of non-compliance – Non-U.S.Thales SAFrance 913mUK 611mGermany 569mChina 490mGreece 366.1mSBM Offshore NVNetherlands 240mVimplecomNetherlands 230mMan GroupGermany 221mFerrostaalGermany 193m2011LindeGermany 51m2012Norway 48mUK 47.9mNigeria 46.5mSwitzerland 42.6mItaly 38.8mSouth Korea 19mUK 18.1mInnospec LtdUK 12.7mMW KelloggUK 11.1mWillisUK 11mMabey & JohnsonUK 10.5mRolls RoyceSiemensGSKSiemensYara International ASABAESiemensAlstomSaipem SpAKorea Fair Trade Commission (FTC) 7 Pharmacases (2009)Macmillan 2017 Baker & McKenzie LLP20082009201020132014201624
3Major risk areas
Key Risk AreasUnderlying risk factors Geographic risk: Operations in sensitive environments Business partner risk: Use of third party agents / distributors in procurement processes Use of teaming arrangements / JV partners Public sector risk: prevalence of interactions with politically exposed personsthroughout the supply chain Contractual risk: High value and single source contracts Complex tendering processes Offset arrangements Transparency risk: National security considerations provide basis for lack oftransparency / openness 2017 Baker & McKenzie LLP26
Key Risk AreasCommon anti-corruption red flags Payments offered or made in cash Extravagant or lavish gifts or hospitality Over-invoicing or lack of standard invoices Unusual credits granted to new customers Managers of foreign operations have been paid unusual bonuses Requests for payment in a country other than the intermediary's registeredheadquarters, senior management offices, or where services are performed An intermediary lacks the qualifications, necessary experience or resources toperform the services for which it is retained An intermediary's refusal to certify to anti-corruption representations, warranties,and related language in agreements Recommendation to use intermediary coming from a Foreign Official Commissions or fees exceed customary rate for similar services, orunreasonably exceed rates paid for similar services elsewhere 2017 Baker & McKenzie LLP27
Key Risk AreasUse of third partiesUnder the “failure to prevent”offence of the Bribery Act and insimilar anti-bribery legislation,companies can be held liable for theacts of third parties even if theywere not aware of their actions.Examples include: A distributor or logisticscompany who pays a bribe tocustoms officials in order tomove goods across borders An agent who gifts a Mercedesto the daughter of a foreignpublic official to help win acontract 2017 Baker & McKenzie LLP28
Key Risk AreasUse of third partiesRolls-Royce entered into a settlement with UK,US and Brazilian authorities which involved afinancial penalty of 671m. It was alleged that: an indirect subsidiary of Rolls-Royce had madecommission payments to third party commercialintermediaries; certain employees in Rolls-Royce knew that suchpayments would be used to pay bribes to foreignpublic officials on behalf of Rolls-Royce inThailand, Brazil, Kazakhstan, Azerbaijan, Angola,Iraq and elsewhere; and these bribes were paid in exchange for the foreignpublic officials’ assistance in providing confidentialinformation and awarding contracts to RollsRoyce and its affiliated entities. 2017 Baker & McKenzie LLP29
Key Risk AreasManaging third party riskCompany employees must: Choose third parties with care - follow company’s procedures on appropriatedue diligence on all business partners Ensure that third parties operate to company’s standards – do not assume thatbusiness partners have the same anti-bribery controls as the company Monitor the performance of third parties and their adherence to company’s antibribery standardsIn choosing third parties, company employees should be aware of risk factors –any circumstance, internal or external to the third party which can enhance thelikelihood of a risk. For example: Interaction with public officials (broadly defined) Unusual payment methods or amounts Operation in countries with high levels of corruption Prevalence of off-shore company structures Reliance on sub-contractors or lower tier third parties 2017 Baker & McKenzie LLP30
Key Risk AreasManaging third party riskThird party screening principles:RISK SATION 2017 Baker & McKenzie LLP31
Key Risk AreasGifts and hospitalityAnti-bribery authorities recognize that providinggifts and hospitality is a common and importantmethod of building and maintaining businessrelationships.However, gifts and hospitality can be used as amethod of influencing decision-makers or publicofficials to act in an improper manner.In 2015, the US Securities and ExchangeCommission charged FLIR Systems Inc. forviolating the FCPA. It was alleged that: Two FLIR employees took governmentofficials in Saudi Arabia on a 20-night worldtour with stops in Casablanca, Paris, Dubai,Beirut and New York and purchasedexpensive watches. The employees allegedly falsified records inan attempt to hide their misconduct. 2017 Baker & McKenzie LLP32
Key Risk AreasGifts and hospitalityHospitality and gifts are broadly definedHigher risk in relation to public officialsConsider: Lavishness Frequency and cumulative value Value by itself, but also standard practice in the sector Is it high enough to see it as intending to influence the recipient? Commercial context (e.g., immediately preceding a decision on award of contract) Is it linked to the demonstration or promotion of products? Identity and location of the recipient Law or internal policy applicable to recipient Hospitality versus gifts Dangers of cash gifts Nature of corporate hospitality Circumstances in which it is offered (e.g., was it requested by the recipient?) 2017 Baker & McKenzie LLP33
Key Risk AreasCharitable donations Similar to gifts and hospitality, the use of charitable donations can be important andlegitimate for a business However, the use of donations should be carefully reviewed and monitored to ensure thatit is not a method of funnelling payments to recipients for improper purposes In September 2016, Laureate Education voluntarily disclosed to the US Department ofJustice that it suspected that a charitable donation may have been used for improperpurposes: Laureate made a 18m donation to a charitable foundation in Turkey, allegedlybelieving that the donation was encouraged by the Turkish government to further agovernment supported public project Laureate, allegedly, subsequently learned that the charitable foundation disbursed thefunds at the direction of a former senior executive at Laureate’s network in Turkey to athird party allegedly without Laureate’s knowledge or approval Employees should ensure that any direct or indirect recipient of any donation arelegitimate Employees should seek approval for any donations made on the company’s behalf andensure that the donation is clearly documented 2017 Baker & McKenzie LLP34
4Mitigating tactics
Five essential elements of corporate complianceBaker McKenzie has distilled the key themes from the compliance programexpectations of government regulators around the world into five essential elementsof corporate compliance that should be present in every company's complianceprogram:LeadershipRisk AssessmentStandards and ControlsTraining and CommunicationMonitoring, Auditing and Response 2017 Baker & McKenzie LLP36
Common elements of effective anti-bribery programsDOJ/SEC FCPA GuidanceOECD, Annex II "Good practice guidance oninternal controls, ethics, and compliance" Board of Directors oversight and monitoring of ethics andcompliance program Risk based assessment Specific risk policies (GET, Facilitation, etc.) Oversight, autonomy and resources Regular monitoring, assessment and improvement of risks Risk assessment procedures Commitment of senior management Code of conduct Corporate policy prohibiting foreign bribery Anti-corruption compliance policies and procedures Organization wide responsibility Training and continuing advice Third-party due diligence and paymentsSenior officer authority , resources and access to IA orthe Board Incentives and disciplinary measures Third party or business partner due diligence Confidential reporting and internal investigations Confidential reporting and non-retaliation Continuous Improvement: periodic testing and review Communication and training Due diligence for acquisitions and post-closing integration Discipline for violations Accurate Books and RecordsSource: ce 2017 Baker & McKenzie LLPSource: onvention/44884389.pdf37
Third party due diligence questions that need to beansweredDOJ/SEC FCPA Guidance As part of risk-based due diligence, does your organization understandthe qualifications and associations of its third party partners? If there is a red flag, did you conduct more due diligence? Does your organization have an understanding of the business rationalefor including the third party in the transaction? Does your organization undertake some form of ongoing monitoring ofthe third party relationship? Has your organization informed the third parties of your complianceprogram and commitment to ethical business practices?Source: al-fraud/legacy/2015/01/16/guide.pdf 2017 Baker & McKenzie LLP38
Third party due diligence questions that need to beansweredDOJ’s “Evaluation of Corporate Compliance Programs” (February 2017)On Third Party Management Risk-based and integrated processes – How has the company's thirdparty management process corresponded to the nature and level of theenterprise risk identified by the company? How has this process beenintegrated into the relevant procurement and vendor managementprocesses? Appropriate controls – What mechanisms have existed to ensure thatthe contract terms specifically described the services to be performed,that the payment terms are appropriate, that the described contractualwork is performed, and that compensation is commensurate with theservices rendered?Source: 37501/download 2017 Baker & McKenzie LLP39
Third party due diligence questions that need to beansweredDOJ’s “Evaluation of Corporate Compliance Programs” (February 2017)On Third Party Management Management of Relationships – How has the company considered andanalyzed the third party's incentive model against compliance risks?How has the company monitored the third parties in question? How hasthe company trained the relationship managers about what thecompliance risks are and how to manage them? Real Actions and Consequences – Were red flags identified from thedue diligence of the third parties involved in the misconduct and howwere they resolved? Has a similar third party been suspended,terminated, or audited as a result of compliance issues?Source: 37501/download 2017 Baker & McKenzie LLP40
Bribery and corruption remain a top E&C concernWhich of the following ethics and compliance issues is your organizationmost concerned about in relation to third party misconduct?Source: 2016 Ethics and Compliance Third Part RiskManagement Benchmark Report(Respondents select up to three)43%Conflict of interest18%40%Bribery and corruption39%39%Cyber security33%Fraud23%18%Manufacturing quality controls18%Safety / Occupational hazards10%15%Gift giving / Corporate Hospitality15%Financial reporting12%Social responsibility10%Money laundering3%9%Environmental impacts8%Labor relations3%5%Wage and hour violations2%4%Conflict minerals3%Discrimination2016 [n 394]0%2%Human traffickingHarassment2015 [n 321]1%0% 2017 Baker & McKenzie LLP10%20%30%40%50%41
Most 3P programs are not considered high-performingNAVEX Global's 2016 Third Party Risk Management Benchmark Report Findings show that although organizations are aware of the risks of apoorly performing program, fewer than 25% believe their programs areeven "good"What are your organization's top three objectives for your third party risk management program?(Respondents select up to three)87%Protect our organization from risk and damage77%Comply with law and regulations55%Create a culture of trust and transparency35%Identify and prevent future issues or misconduct17%Establish strong legal or compliance defensesSource: 2016 Ethics and Compliance ThirdPart Risk Management Benchmark Report13%Reduce litigation and fines2%Other0% 2017 Baker & McKenzie LLP20%40%60%80%100%42
5Key takeaways
Key takeaways Aggressive FCPA enforcement is not going away Prosecution of individuals is increasing and whistleblower activity is on the rise In recent years, FCPA fines and penalties have increased Active cooperation and information sharing among enforcement authorities is continuing to increase,and the prospect of enforcement actions in multiple countries is on the rise As evidenced by DOJ’s retention of compliance counsel and recently published compliance programevaluation guidance, having an effective compliance program is critically important to both avoidingand detecting FCPA violations and to minimizing exposure to FCPA liability if problems arise The indefinite extension of the DOJ’s FCPA Pilot Program highlights the importance of self-disclosure,remediation and cooperation and shows that the self-disclosure calculus is becoming more complex Understanding and addressing third party risk is a critical initial step for anti-corruption and briberypolicies and programs Automating third party due diligence improves all elements of anti-corruption and bribery programs 2017 Baker & McKenzie LLP44
www.bakermckenzie.comBaker & McKenzie LLP is a member firm of Baker & McKenzie International, a Swiss Verein with member law firmsaround the world. In accordance with the common terminology used in professional service organisations, reference to a"partner" means a person who is a partner, or equivalent, in such a law firm. Similarly, reference to an "office" means anoffice of any such law firm. This may qualify as “Attorney Advertising” requiring notice in some jurisdictions. Prior resultsdo not guarantee a similar outcome. 2017 Baker & McKenzie LLP
FCPA UKBA Brazil s Law n. 12,846 Bribery of foreign public officials Yes Yes Yes Domestic bribery No Yes Yes Extraterritorial reach Yes Yes Yes, but not as broad as under under the FCPA and UKBA Failure to keep accurate books and records Yes No Silent, but covered in certain existing laws Other offenses No No Yes, include other acts against the
