Global Anti-Corruption Programs: Advanced Practice and Effectively Managing Risk Las Vegas, Nevada Jeff Killeen Compliance Attorney Investigations, 3M Elliott Leary Managing Director, Freeh Group International Solutions 1 Outline for Presentation I. Recent trends in global enforcement, emerging risks and exposures II. Best practices in identifying and assessing corruption risks in your organization III. Compliance program challenges and solutions for managing and mitigating risks 2 1
I. Recent trends in global enforcement, emerging risks and exposures 3 3 Anti-Corruption Law as Foreign Policy Tools Continued country development Continued encouragement of cooperation and self-disclosure Continued international enforcement cooperation 4 2
In March 2015, Brazil s President signed a decree implementing elements of that country s Clean Company Act. Detailed fines and potential disbarment for violators Listed cooperation requirements needed for leniency agreement Set out key elements of an effective compliance program 5 5 In August 2015, China again amended the anti-corruption provisions of its criminal law: Making it a crime to bribe close relatives of state officials Adding monetary penalties for corrupt acts Making it more difficult for bribe-givers to be exempted from penalties 6 6 3
May 2015 Speech from Ben Morgan, Joint Head of Bribery and Corruption, Serious Fraud Office. if you find out about a problem I think it is overwhelmingly in your best interests to engage with us early and to do so fully, honestly and with integrity. we and the court need you cooperate fully with our investigation we do not require you to carry out internal investigations; investigation is our job. 7 7 In May 2015, FIFA officials were indicted on counts beyond the FCPA A 47-count indictment was unsealed early this morning in federal court in Brooklyn, New York, charging 14 defendants with racketeering, wire fraud and money laundering conspiracies, among other offenses, in connection with the defendants participation in a 24-year scheme to enrich themselves through the corruption of international soccer. 8 8 4
In September 2015, US DOJ released the Yates Memo One of the most effective ways to combat corporate misconduct is by seeking accountability from the individuals who perpetrated the wrongdoing. Fundamentally, this memo is designed to ensure that all attorneys across the Department are consistent in our best efforts to hold to account the individuals responsible for illegal corporate conduct. 9 9 II. Best Practices for Identifying and Assessing Global Corruption Risk in Your Organization Performing Robust Corruption Risk Assessments Building Key Preventative Third-Party Due Diligence Policies and Procedures Building Robust Detection Mechanisms Investigation Protocols Hotline Reporting Mechanisms 10 5
What is a corruption risk assessment? corruption risk assessment, broadly defined, encompasses the variety of mechanisms that enterprises use to estimate the likelihood of particular forms of corruption within the enterprise and in external interactions, and the effect such corruption might have. Effective risk assessment means understanding the enterprise. 11 Government Authorities and Industry Best Practices are unanimous on the need for risk assessments: Assessment of risk is fundamental to developing a strong compliance program Onesize-fits-all compliance programs are generally ill-conceived and ineffective because resources inevitably are spread too thin, with too much focus on low-risk markets and transactions to the detriment of high-risk areas. 12 6
Government Authorities and Industry Best Practices are unanimous on the need for risk assessments: the fuller the understanding of the bribery risks an organisation faces the more effective its efforts to prevent bribery are likely to be. 13 Government Authorities and Industry Best Practices are unanimous on the need for risk assessments: Develop, based on risk assessments, tailor-made measures for particularly vulnerable sectors and the most frequent types of irregularities encountered during or after the procurement cycle. 14 7
Government Authorities and Industry Best Practices are unanimous on the need for risk assessments: Effective internal controls, ethics, and compliance programmes or measures for preventing and detecting foreign bribery should be developed on the basis of a risk assessment addressing the individual circumstances of a company, in particular the foreign bribery risks facing the company (such as its geographical and industrial sector of operation). 15 Why conduct a corruption risk assessment? Evaluation of where, what and how you conduct business will impact how you mitigate corruption risk Corruption risks continue to evolve: as the complexity of your business changes, your corruption risk will change also Identifying, evaluating and mitigating corruption risks will minimize unnecessary costs and maximize your anticorruption program s effectiveness, but may also impact your ability to minimize negative implications of running a business 16 8
How often should a corruption risk assessment be performed? Prevention is key Avoid a wait and see attitude Consider your business risk profile Other significant business activities which can alter the risk profile: Entry into a new country / market Acquisition of a significant new business Formation of a new Joint Venture Taking on a passive investment in an emerging market Changes in ownership / board composition of existing overseas investments Change in Government s scrutiny of the industry 17 What is documented in a corruption risk assessment? May be coordinated with other departments Contain sufficient detail to distinguish variations in geography, business units and the nature of the business activities undertaken Retain documentation to provide linkage of the program elements to risks identified Activities planned to mitigate unacceptable risks identified Use risk matrices to rate risks and categories 18 9
3M Best Practices - Third Party Due Diligence Program Integrity Assessments Conducted on EVERY business partner (distributor, sales agent, supplier every entity) Rank from 1 to 5 depending on risk (5 is highest risk) Background checks are conducted independently of the company If there are red flags, 3M determines if they are disqualifying Detailed records are maintained Renewals or re-reviews (if deemed appropriate) 19 3M Best Practices - Compliance Evaluation Process Identify high risk company entities (e.g., sales subsidiaries in high risk countries) Evaluation team (6 12) is assigned selected from compliance team worldwide investigators, auditors, specialists Two part process: Interviews of personnel Books and records review Report to entity and corporate executive management Deficiencies Best practices 20 10
3M Best Practices Building a Robust Internal Investigation Process 3M Compliance Investigation Team Attorney investigators some experienced in law enforcement (FBI) Protect privilege Team is mobile worldwide reach Reports to the Chief Compliance Officer who reports to the Audit Committee 21 3M Best Practices - Building a Meaningful hotline 3M Speak Up system All countries are different with their approach to whistleblowing Compare the US to Western Europe to Korea Many who provide information to the government or an employer despite the country fear reporting!!! (It s not easy ). Therefore, handle with care. 22 11
3M Best Practices - Building a Meaningful hotline cont. One central receiving person who conducts triage HR, Compliance, Security System allows anonymity reporter s choice System is mentioned in Code of Conduct as a means to report questionable activity Executive vetting process compliance investigators conduct a mandatory uniform structured interview of all candidates regarding compliance issues to assess their knowledge of, and commitment to compliance. 23 III. Compliance Program Challenges and Solution for Managing and Mitigating Risk Delivering Risk Assessment Results to Key Stakeholders Executive Leadership Board of Directors Develop a Risk Response Plan Update Policies, Procedures, and Controls Develop Auditing & Monitoring Plan Fight Complacency and Regulatory Overload 24 12
Training your organization to know your industry & identifying risks 3M Evaluation Process Identify high risk company entities (e.g., sales subsidiaries in high risk countries) Evaluation team (6-12) is assigned selected from compliance team worldwide investigators, auditors, specialists 25 Training your organization to know your industry & Identifying risks cont. 3M Evaluation Process Two part process: Interviews of personnel Books and records review Report to entity and corporate executive management Deficiencies Best practices 26 13
Training your organization to know your industry & Identifying risks cont. Keeping the interest and commitment of the Board and Senior Management Part of the 3M executive vetting process Enlisting your business management as compliance eyes and ears 3M Suggestion Encourage them to be compliance champions rate them on it! Tempering the win at all costs culture Compliance first it s sustainable; winning at all costs is not 27 Contact Information Elliott Leary Managing Director, Freeh Group International Solutions Email: leary@freehgroup.com Telephone: (703) 338 5471 Jeff Killeen Compliance Attorney Investigations, 3M Email: jbkilleen@mmm.com Telephone: (651) 733 1176 28 14