Jeff Kaplan/Kaplan & Walker LLP 2012 SCCE NE Regional Conference

Transcription

1 Jeff Kaplan/Kaplan & Walker LLP 2012 SCCE NE Regional Conference Anti-corruption compliance program good practices I ve seen from advisory work in the field Including reviewing a program for DoJ/SEC in an FCPA settlement Some results from a comprehensive benchmarking report Importance of benchmarking compliance programs Full report can be obtained from Note that what works for some isn t necessarily right for others 2 Kaplan & Walker LLP 1

2 Use interviews Surveys and focus groups can be helpful, too but interviews are generally better at getting rich information Should also look at various types of data Don t neglect commercial bribery risks Don t subordinate compliance risk assessment to ERM One third of survey respondents have self-standing anticorruption risk assessment process Use the results broadly, as provided for by the OECD guidelines Risk assessment is about much more than audit prioritization And process itself can be a form of training for at risk individuals 3 Not legally required But most of survey respondents had this Types Traditional policy form Manuals Given the operational complexity of programs can be useful Helpful for audit purposes Given how common they are, a prosecutor might expect it 4 Kaplan & Walker LLP 2

3 Contexts Gifts, entertainment Travel Political and charitable contributions and community support payments Facilitating payments/personal safety payments Types of requirements Follow standards in all instances Permission of management some/all instances Permission of independent function some/all instances 5 Majority of survey respondents require that employees seek approval of the Compliance function or someone else other than their manager (e.g., the legal department) prior to providing gifts or entertainment to government officials in some or all instances Many companies have approval thresholds based on amount For travel, majority require prior approval in all instances Makes sense because unlike gifts and entertainment travel is very unlikely to be de minimis There have been quite a few prosecutions based on travel 6 Kaplan & Walker LLP 3

4 Charitable contributions a lower risk area But there have been cases (Schering-Plough) 60% of companies say they require independent approval But this is an area where things can fall through the cracks Facilitating payments Due to UK Bribery law, fewer companies now permit them Great majority that do allow require prior approval if possible and accurate recording Personal safety payments - related area Prosecution unlikely But nearly half of companies had policies anyway 7 Two types of due diligence questionnaires By TPI By employee proposing to use TPI Used in some or all cases by ¾ s of survey respondents Approval requirements Either manager or independent (e.g., law, compliance) very common Compliance certifications by TPI Majority require initial certifications at outset Ongoing less common but 70% still require for some or all 8 Kaplan & Walker LLP 4

5 Training Part of Sentencing Guidelines expectations, on a risksensitive basis Still not a majority approach, but moving in that direction Shouldn t be limited to corruption issues Auditing Agreeing to allow very common Much less common doing it absent indication of a problem But more than 15% said they do Ongoing monitoring more than ½ have it Monitoring is next compliance frontier for many companies, and not just for anti-corruption compliance 9 Strong compliance key to: Avoiding inherited liability Ensuring that bad practices don t continue post acquisition/investment Various due diligence measures are common, e.g., Integrity screening on: Company/individuals Some/all cases Reviews of books, contracts, inherited relationships C&E integration procedures majority of respondents have these Everyone really should, at least if they are in M&A mode 10 Kaplan & Walker LLP 5

6 Caremark suits have become common This makes sense because: Penalties that are costly to shareholders are relatively likely in corruption cases Resource and clout requirements may necessitate intervention/oversight by the board 11 Various different approaches to who is the designated senior official But only 4% reported that they hadn t designated someone Majority of boards of respondents do receive information about the anti-corruption program Some questions for boards to ask (from FCPA Blog piece) How do we know the risk assessment process is effective? Despite using the process, have we been caught by surprise before by anti-corruption risks? Does the program reach all relevant company operations (e.g., not just sales, but also appropriate corporate activities)? 12 Kaplan & Walker LLP 6

7 Are we addressing the specific anti-corruption issues that we need to (based on our risk assessment) and reaching the at-risk employee population in our training? Do we train/communicate on anticorruption compliance with sufficient frequency and impact? Does the C&E officer (or other individual in charge of the FCPA compliance program) have adequate clout and resources for the job? Is she sufficiently independent of those who could create FCPA risks? Do other managers (in both corporate functions and business units) play enough of a role in FCPA compliance (e.g., through messaging in their respective parts of the business)? 13 Are we doing sufficient due diligence on third parties? What are our third-party FCPA communication and audit efforts? How do our third parties ensure that their employees and agents follow our anti-bribery standards when acting on our behalf? How do incentives at our company possibly impact FCPA compliance both positively and negatively? (Same question with respect to company culture.) Is there anything that other companies do to prevent/detect FCPA violations that our company doesn t, but should, do? 14 Kaplan & Walker LLP 7

8 For large organizations both web-based and inperson common Former is necessary for reaching all those who need to be trained Latter is key for answering questions and getting information Challenge for many companies: how to keep message relevant Role based training may provide an answer E.g., vary for sales, finance, logistics, management, control functions Another approach: just-in-time communications All T&C efforts should be Driven by risk assessment Organized by plan/curriculum documents 15 All of the following fairly common: Written communication from or speeches by CEO Written communication from or speeches by other senior business leaders Discussion of Anti-Corruption compliance program in company newsletter (general newsletter or a Compliance specific one) Discussion of Anti-Corruption compliance program on Company intranet site Communications regarding the Anti-Corruption compliance program that are disseminated to third parties, including TPIs (such as letters or electronic communications to third parties) 16 Kaplan & Walker LLP 8

9 Four different areas: Auditing for violations Auditing program processes Monitoring ( real-time checking) Self assessment Some already discussed re: TPIs Checking generally important because Corruption often resistant to soft side of compliance Control provision of anti-corruption laws 17 Self standing anti-corruption audits not a majority practice, but fairly common Many other companies devote substantial part of general audits to anti-corruption Some keys to success: Sound audit protocols Training Pre-audit prep work Ensuring follow up to findings Using audit as a means to train/communicate 18 Kaplan & Walker LLP 9

10 Formal self assessment by compliance function in 40% of companies Finance self assessments less common, but can be extremely useful More than 40% have had an external assessment, devoted entirely or partly to anti-corruption compliance program Potential usefulness in the event of a government investigation 19 Always a challenge because places where violations most likely to occur are often places where reporting most unlikely to happen Success in this area essential due to Incentives for self reporting under DoJ and SEC policy Dodd-Frank bounty provisions Expectations in various anti-corruption legal standards Keys to success: showing that company really wants reports E.g., through training, other communications and reporting disciplinary results (in appropriate way) 20 Kaplan & Walker LLP 10

11 Particularly important to enforcement personnel E.g., RAE Systems case faults lack of investigations following indications of bribery calling compliance program a half measure Corporate counsel need to be particularly careful not to be seen as creating a Potemkin compliance program Wal-Mart brings unprecedented attention to this issue Often the biggest challenge for investigations: sufficient resources Investigative training and procedures also important Big challenge for discipline: addressing supervisory lapses Implications for investigations 21 OECD standards: companies should have appropriate measures to encourage and provide positive support for the observance of ethics and compliance programmes or measures against foreign bribery, at all levels of the company Mentioned in Alcatel-Lucent Majority approach: use of compliance criteria in performance evaluations, but it is not specific to Anti- Corruption Other approaches Use of compliance criteria in performance evaluations, some of which is specific to Anti-Corruption Compliance function provides information in personnel decisions (such as promotions or succession planning) for key employees Financial awards for exceptional contributions to the compliance program 22 Kaplan & Walker LLP 11

12 More than two thirds have an overall program charter or an anti-corruption specific one Uses: Showing key employees that company is very serious about anti-corruption Providing basis for audits and self assessments Proving the program to the government 23 Kaplan & Walker LLP 12