This presentation was delivered at the ISO 37001 & Anti-Bribery PECB Insights Conference by William Marquardt, Director at Berkeley Research Group LLC in Florida
4. 4
U.S. Foreign Corrupt Practices Act
(FCPA)
Overview – Statutory Framework
The FCPA has two provisions
1. The anti-bribery provision which makes it unlawful
to make a corrupt payment to a foreign official for
the purpose of obtaining or retaining business; and
2. The books/records and internal controls
provisions, which requires companies with
securities listed on the stock exchanges in the U.S.
to make and keep records that accurately and fairly
reflect the transactions of the corporation and to
devise and maintain an adequate system of internal
accounting controls.
5. 5
FCPA Compliance Policies & Procedures
An organization’s policies, procedures, and controls should
address the classic areas of anti-bribery and anti-corruption
(ABAC) risks taking into consideration the companies
business profile and operating jurisdiction(s)/state(s) (e.g.
operating context).
1. General Risks/Compliance Exposure Areas:
a. Third-party due diligence, compliance requirements and
complian7ce monitoring
b. Gifts, meals and entertainment (employee costs)
c. Customer sponsored travel
d. Political and charitable contributions
e. Facilitation payments
f. Solicitation or proffering of payments
g. Mergers and acquisitions (legacy operating issues)
6. 6
FCPA Compliance - continued
2. Company Profile Risks
a. Non-U.S. sales/bidding activities
b. Interactions with foreign regulators and state owned or
controlled entities
c. Engaging non-us sponsors – market entry requirement and/or
local business partners (e.g. MOUs, Operating Agreements &
JV entities)
d. Political and socioeconomic concerns
7. 7
FCPA Compliance - continued
3. Compliance Program Elements
a. Risk Assessment
b. Monitoring and Improvement
c. Training & Certification
d. Resources & Guidance
e. Employee Hot/Help Lines and Ethics & Compliance
Investigations
f. Employee Incentives & Discipline
9. 9
ABAC Enforcement Trends
General Enforcement Trends – 2016 & 2017
Increased Resources – U.S. Department of Justice (DOJ)
and the U.S. Securities and Exchange Commission (SEC)
More prosecutors and FBI agents
Geographic focus in China and Latin America and
industry focus within the healthcare/life sciences
Collateral Consequences are Increasing (Non-Sanction
Costs)
Participation of Other Jurisdictions – cross boarder collaboration
Shareholder Lawsuits
Investigative Costs – Internal & External (accounting & legal
fees)
10. 10
ABAC Enforcement Trends
General Enforcement Trends – 2016 & 2017
Collateral Consequences are Increasing (Non-Sanction
Costs) - continued
Remediation Costs – Monitors – DPA/NPA
Internal Costs – Lost Productivity
Market Devaluation of Stock Price
US DOJ Pilot Program – Voluntary Disclosure Incentives
Continued use of Corporate Monitors – 1 to 3 year
periods
11. 11
ABAC Enforcement Trends
Monetary Impact of FPCA Enforcement - 2016
Monetary Impacts are Increasing – 27 Enforcement Actions
2016 - $6 Billion in FCPA enforcement actions and sanctions
settlements (highest ever – 1977 to date)
95% of the $6 Billion relates to six enforcement actions
1. Odebrecht/Braskem - $3.55 Billion (Brazilian Construction Conglomerate)
2. VimpelCom - $795 Million (Telecommunications)
3. Teva - $518.5 Million (Pharmaceuticals)
4. Och-Ziff - $414 Million (Hedge Fund/Asset Management)
5. Embraer - $287 Million (Brazilian Based Aircraft Manufacturer)
6. JP Morgan - $264 Million (Banking & Financial Services)
12. 12
ABAC Enforcement Trends
Monetary Impact of FPCA Enforcement - 2016
$3.6 Billion of $6 Billion – shared with foreign
governments
Brazil - $2.8 Billion
The Netherlands - $398 Million
Switzerland – $355 Million
Odebretch/Braskem
13. 13
ABAC Enforcement Trends
Individual Impact - 2016
27 Individual Defendants
DOJ – 19
SEC – 8
C-suite/High Ranking Executives are Being Pursued
LAN Airlines – CEO
Analogic’s Danish Sub – CFO
Harris Corporation (Chinese Subsidiary) – Chairman
& CEO
Och-Ziff – CEO and Founder
14. 14
ABAC Enforcement Trends
2017 Mid-Year Update
18 FCPA enforcement actions initiated by DOJ (12) and
the SEC (6) during the first half of 2017 (caveat – all
were before Trump Administration was effectively in
place – 15 of 18 actions were filed in January)
Most Interesting – SQM (Sociedad Química y Minera de
Chile)
No quid pro quo identified and NO allegations of bribery
Books and records liability without a bribe – improperly
documented payments (no observed bribe payment)
No third party due diligence
Involvement of charitable contributions
Paid a $30.5 million and accepted a two-year corporate
compliance monitor.
15. 15
ABAC Enforcement Trends
ABAC Enforcement Trends
Pilot Program Declinations – two to date: Program has
been extended
February 2017: DOJ's Fraud Section released a new
guidance document "Evaluation of Corporate
Compliance Programs“ – comprehensive set of topics
and sample questions related to corporate compliance
programs but largely reinforces the same core standards
by which corporate compliance programs have
traditionally been evaluated.
11 "sample" topics for evaluating a compliance program
Common questions the DOJ may ask during an evaluation (119
questions)
17. 17
International ABAC Regulations
International Cooperation & Other ABAC Regulations
(Voluntary & Mandatory)
OCED Anti-bribery Convention
UK Bribery Act – 2010
Brazil Clean Company Act – 2014
Peru – Administrative Liability of Legal Entities for the
Commission of Active Transnational Bribery – July 2017
Mexico – General Law of Administrative Accountability –
July 2017
Argentina – Considering a bill that penalize corrupt
business practices
18. 18
International ABAC Regulations
International Cooperation & Other ABAC Regulations
(Voluntary & Mandatory)
China – The multi-year effort underway to update the Anti-
Unfair Competition Law, the country's primary civil statute that
regulates commercial bribery is continuing in 2017.
India – In January 2017, the Indian government launched
"Operation Clean Money" to investigate large cash deposits
made into banks in India after the demonetization
announcement (e.g. termination of the 500 and 1000 rupee
bank notes). It is reported that it has detected over 54 billion
Indian Rupees (more than $830 million) in undisclosed
income, which may well lead to corruption investigations in
the year(s) to come.
19. 19
International ABAC Regulations
International Cooperation & Other ABAC Regulations
(Voluntary & Mandatory)
France – Loi Sapin II anti-corruption legislation
South Korea - President Geun-Hye Park was impeached
in December 2016 amid allegations of influence peddling
and corruption
21. 21
Hot Topics – Corporate Compliance
Programs
Focus on Specific Compliance Program Elements
Specific ABAC Compliance Program Issues
Hiring Practices – Enhanced Due Diligence
Travel & Entertainment
Third-party Due Diligence & Monitoring
Risk Management
ABAC Program Monitoring & Improvement
22. 22
Hot Topics – Corporate Compliance
Programs
Enforcement Learnings – HOT Topics
DOJ Pilot Program is Continuing
Individual Mandate Continues (Yates memo)
Jurisdiction – continued broad interpretation
Successor Liability – acquisition (Mondelez-Cadbury)
Whistleblower Activities – Monetary Rewards
Foreign Officials – State Owned Entities (SOEs) and
related entities
24. 24
ABAC Programs – Continuous
Improvement
Compliance Program Essentials
Necessary to Explain/Demonstrate a Functioning
Compliance Program (Matrix)
Mapping Regulatory Requirements
Corporate Culture
Compliance as an Integrated Function
Culture of Compliance
Independent Compliance Function w/ Appropriate
Reporting Structure
Incentives and Discipline
Continuous Improvement & Adequate Monitoring
25. 25
ABAC Programs – Continuous
Improvement
Compliance Program Essentials
Risk Assessments w/ Data Analytics
Qualitative – leveraging existing institutional knowledge
Quantitative – data analytics
Resources & Experience
Adequate resources
Experienced Personnel
Adequate Training & Systems Investments
26. 26
ABAC Programs – Continuous
Improvement
Compliance Program Essentials
Use of Available Regulatory Guidance
1. FCPA Guidance
2. DOJ Evaluation Guidance
3. Case Studies & Industry Guidance
Voluntary Standards – ISO 37001
Critical Compliance Program Areas
Sales Activities
1. Employees – Incentive Programs
2. Travel, Gifts & Entertainment
Third Party Intermediaries – 75% of all ABAC actions involved
third parties & 96% of FCPA cases between 2005 and 2015.
27. 27
ABAC Programs – Continuous
Improvement
Compliance Program Essentials
Third Parties – DOJ/SEC “Three Rules”
1. Qualifications
2. Business Rationale
3. Ongoing Monitoring
Focus on the Money – Modes of Payment
Fake Invoices
Charitable Contributions
Employee Expenses
Measurement – Use of KPI’s and Data Analytics
Activity v. Impact KPIs
Data Analytics/Data Driven Remediation/Monitoring Activities
Incorporate Market Specific Information
28. 28
ABAC Programs – Continuous
Improvement
Compliance Program Essentials
PPB’s with flexibility to manage individual/jurisdiction
specific issues with the appropriate guidance
Focus on reasonable assurance and the results of the
risk assessment and risk mitigation activities (e.g.
policies, processes, and controls)
Continuous Improvement
29. 29
ISO 37001
Value of Certification
Hui Chen, Former DOJ Compliance Counsel, recently
noted that the DOJ will not outsource its investigative
responsibilities when an issue arises.
No statistical evidence that a management system works
Measurement, analytics and improvement are critical to a
compliance programs operating effectiveness
The ISO certification does not provide an affirmative
defense to an ABAC investigation
30. 30
ISO 37001
Value of Certification
Why Implement?
Independent Review Process (audit/monitoring)
Best Practices Opportunity (comparative analysis)
Another tool that promotes a systemic review – holistic
review of the ABAC Management System
Third Parties – Independent evaluation opportunity that
is significantly stronger than contractual language and/or
a periodic review by the contracting organization.
Commentary:
1a – Contractual Terms and Conditions including anti-bribery/anti-corruption language
1c – Tradeshows, conventions, conferences, etc…
1e – Jurisdictions vary in their treatment of facilitation payments (e.g. UK Bribery Act) – most organizations simply prohibit for global consistency and the “fear” of creating an opportunity or justification for other types of payments that may lead to bribery/corruption
Commentary: Fines include interest charges
Odebrecht/Braskem
Angola
Argentina
Brazil
Colombia
Dominican Republic
Ecuador
Guatemala
Mexico
Mozambique
Panama
Peru
Venezuela
VimpelCom Limited and Unitel LLC
Dutch Authorities
Commentary:
DOJ Question Topics
Analysis and Remediation of Underlying Misconduct
Senior and Middle Management
Autonomy and Resources
Policies and Procedures
Risk Assessment
Training and Communications
Confidential Reporting & Investigation
Incentives and Disciplinary Measures
Continuous Improvement, Periodic Testing and Review
Third Party Management
Mergers and Acquisitions
Commentary:
OECD
43 Countries are participants
8 non-OECD countries
A-B
Argentina
Australia
Austria
Belgium
Brazil
Bulgaria
C-F
Canada
Chile
Colombia
Costa Rica
Czech Republic
Denmark
Estonia
Finland
France
G-K
Germany
Greece
Hungary
Iceland
Ireland
Israel
Italy
Japan
Korea
L-R
Latvia
Lithuania
Luxembourg
Mexico
Netherlands
New Zealand
Norway
Poland
Portugal
Russia
S-Z
Slovak Republic
Slovenia
South Africa
Spain
Sweden
Switzerland
Turkey
United Kingdom
United States
Commentary:
France: Implementing a compliance program is a legally binding for in-scope organizations.
On 8 November 2016, the French Parliament passed a law targeting transparency, anti-corruption and the modernization of the economy, known as the Sapin II Law. This law entered into force on 11 December 2016. Consequently, implementation of compliance programs within companies will have to be effective by mid-2017.
The provisions related to the implementation of compliance programs are applicable to any company (i) having at least 500 employees, or belonging to any group whose parent company's headquarters is located in France and which has at least 500 employees, and (ii) whose annual turnover is more than €100 million. Presidents and directors of such companies may be held liable for failure to implement compliance programs.
Similarly, these provisions are also applicable to limited liability companies (i) having at least 500 employees or belonging to a group of companies having at least 500 employees and (ii) whose annual turnover is more €100 million. Members of the executive board of such companies may be held liable for failure to implement compliance programs.
These provisions apply to French subsidiaries of any foreign company having at least 500 employees whose annual turnover is more €100 million.
The Sapin II Law will compel companies to set up the following eight measures and procedures as part of their compliance programs:
A code of conduct defining and illustrating the different types of prohibited behaviours, notably bribery or influence peddling.
An internal system of alerts designed to enable employees to report any violations of the above code of conduct.
Risk mapping, which will be regularly updated and is designed to identify, analyse and rank the company's exposure to any risk related to bribery.
An assessment of clients, providers and intermediaries in light of the risk mapping.
Accounting controls designed to ensure that the company's books and accounts are not used to conceal bribery acts or influence peddling.
Training for managers and employees exposed to the risks of bribery and influence peddling.
Disciplinary sanctions against employees in case of violation of the code of conduct.
Internal control procedures to assess the efficiency of the compliance programme.
Commentary:
Case Example (Employee Theft) - $1MUSD improper employee due diligence
Need to add multi-jurisdictional employee reviews (global economy & workforce)
Commentary:
Mondelez-Cadbury: According to the SEC, in early 2010 Cadbury's Indian subsidiary hired an agent to assist the company with obtaining licenses and approvals for a planned factory expansion. In total, the subsidiary paid the agent just over $90,000 for consultation services associated with the necessary licenses. There appears to have been no direct evidence of corruption, but based on allegations that the company failed to conduct due diligence on the agent, failed to monitor or require written documentation of his activities, and the agent's withdrawal of his payments from the bank in cash, the SEC asserted that there was a "risk that funds paid to [the agent] could be used for improper or unauthorized purposes." This purportedly caused the Indian subsidiary's books and records to be inaccurate and reflected a lack of internal controls by Cadbury. Further, because Mondelēz acquired Cadbury during 2010 while the agency relationship was ongoing, the SEC asserted that "Mondelēz is also responsible for Cadbury's violations.“
Whistleblower ABAC Awards:
The SEC has awarded more than $85 million to 32 whistleblowers since the whistleblower program started in 2011 (through August 2016)
None of the awards had previously been linked to an FCPA enforcement action.
Whistleblowers can be eligible for awards when they voluntarily provide the SEC with "unique and useful information that leads to a successful enforcement action."
Awards can range from 10 percent to 30 percent of recoveries when amounts collected are more than $1 million
Commentary:
Matrix – mapping exercise that includes mandatory and voluntary compliance obligations
Example: Mining company undertook a 3 month review to create a comprehensive regulatory matrix. Surprised at the level of the related reporting efforts as well as the level of duplicative efforts in both documentation and control – “siloed” compliance activities. Offered a significant cost savings opportunity.
Corporate Culture – Extremely hard to create and maintain, but very easy to destroy. Elements of “fair play” are critical – worst fear is employee “disengagement” (not my problem and/or risk of retaliation is deemed to be too high.
“Culture eats strategy for breakfast” - Phrase originated by Peter Drucker and made famous by Mark Fields, President at Ford, is an absolute reality! Any company disconnecting the two are putting their success at risk.
Continuous Improvement – focus on “paper programs” or check the box compliance efforts with little attention given to testing how the program is operating
Commentary:
A company using and understanding its own data is critical to preventing and detecting ABAC activities
-- VMF/payment data
-- Sales Data
-- Employee Expenses
-- MARKET DATA – variance analysis (sales volumes and types of transactions – black/grey markets)