Download - Innoxcell - Due Diligence Presentation JFF 2016

March 3rd 2016

Julian Fenwick, Managing DirectorGRC Solutions

BRIBERY & CORRUPTONEFFECTIVE COMPLIANCE PROGRAMS & THIRD PARTY DUE DILIGENCE

2

Transparency International

Corruption Perceptions Index 2015

1. Siemens (Germany): $800 million in 2008.

2. Alstom (France): $772 million in 2014.

3. KBR / Halliburton (USA): $579 million in 2009.

4. BAE (UK): $400 million in 2010.

5. Total SA (France) $398 million in 2013.

6. VimpelCom (Holland) $397.6 million in 2016.

7. Alcoa (U.S.) $384 million in 2014.

8. Snamprogetti Netherlands B.V. / ENI S.p.A (Holland/Italy): $365 million in 2010.

9. Technip SA (France): $338 million in 2010.

10. JGC Corporation (Japan) $218.8 million in 2011

3

FCPA Blog - Top ten FCPA enforcement actions of all time

Source: FCPA Blog – www.fcpablog.com

http://www.fcpablog.com/

Increasing Complexity of Compliance

4

EY Asia Pacific Fraud Survey 2015

8 out of 10 respondents say they would be

unwilling to work for companies involved in

bribery and corruption.

The Statistics

5

AlixPartners Annual Global Anti-Corruption

Survey, 2014 Respondents said the biggest obstacles to their companies' anti-corruption efforts and ability to mitigate risk areas were:

• staffing constraints (65 percent);• variations in local country regulations

(65 percent); • pressure to deliver operating results

(58 percent).

In another survey, fewer than half (43 percent) of respondents said they regularly conduct due diligence on third-party agents.

Perceptions – Europe v. USA

6


Survey, 2014

One in five respondents at European companies said their industries are exposed to significant corruption risk, compared with 40 percent of respondents from U.S. companies.

Twenty-nine percent of European respondents performed due diligence on prospective employment candidates on a regular basis, compared with 63 percent of U.S. respondents, according to the survey.

Only 2 of the top 10 on the FCPA Blog list were US Companies.

7

Trends In The Use Of Third Parties

Internal Auditors Research Foundation,Crowe Horwath LLP

8

Trends In The Use Of Third Parties


9

Third Party Risk

EY Asia Pacific Fraud Survey 2013

10

Case Studies

• On January 8, 2016, the UK Serious Fraud Office (SFO) announced that UK-based printing company Smith & Ouzman was ordered to pay a total of £2.2 million (consisting of a £1.3 million fine and £880,000 in forfeiture) in connection with bribes paid to public officials in Kenya and Mauritania to win business contracts.

• Smith & Ouzman made news when, in December 2014, it became the first company ever convicted under POCA. The company’s chairman and sales and marketing manager were also convicted at that time.

• Under POCA, for a company to be charged, it must be shown that those responsible had the “directing will and mind” of the company, which in the case of family-run business Smith & Ouzman may have been less difficult to establish than with a large organization.

• The threshold is much lower under section 7 of the Bribery Act 2010, which is a strict liability offense prohibiting failure to prevent bribery.

11

Printing Company Fined for violation of UK’s Prevention of Corruption Act 1906 (POCA)

Source: Morrison & Foerster LLP

The UK's Financial Conduct Authority (FCA) fined Besso Limited £315,000 for its failure to take reasonable care to establish and maintain effective systems designed to prevent and detect bribery and corruption risks.

The company, a general insurance broker, maintained weak controls that "gave rise to an unacceptable risk that payments made by Besso to third parties could be used for corrupt practices, including paying bribes to persons connected with the insured or public officials," the FCA said in its published findings.

Besso issued a statement to clarify that the FCA "has not said that Besso permitted any illicit payments or inducement to any such third party," the Financial Times reported.

FCA Final Notice 2014: Besso Limited, 17 March 2014

12

Failure to Take Reasonable Care – Besso

Besso's breaches occurred between 2005 and 2011. They included the following:

The company had limited bribery and corruption policies and procedures in place until written ones were created in November 2009.

The 2009 policies weren't adequate in their content or implementation.

Besso failed to conduct adequate risk assessments of third parties before entering into business relationships with them.


13


Besso's breaches occurred between 2005 and 2011. They included the following:

It didn't carry out adequate due diligence of third parties to evaluate the risks involved in doing business with them.

It failed to establish and record an adequate commercial rationale to support payments to third parties.

It didn't maintain adequate records of the anti-bribery and corruption measures taken on its third-party account files.


14


Fined a record £7m fine by the Financial Services Authority (FSA)for failing to put in place robust anti-bribery systems, after an investigation unearthed suspicious payments in Russia and Egypt.

For failing sufficiently to monitor £27m of payments to overseas third parties who had helped the company win new business.

The FSA said that Willis failed to take appropriate steps to ensure that payments were not being used for corrupt purposes, despite repeated warnings about potential corruption in the industry.

www.theguardian.com, 21 July 2011

15

Failure to Take Reasonable CareInsurance broker Willis fined £7m by FSA (2011)

The U.K.'s Financial Services Authority said that it has fined Aon Ltd £5.25 million for failing to recognise and control the risks of overseas payments being used as bribes.

The regulator concluded that Aon had failed to properly assess the risks involved in its dealings with overseas firms and individuals (third parties) who helped it win business and failed to implement effective controls to mitigate those risks.

www.theguardian.com, 8 January 2009

16

Failure to Take Reasonable Care - AON

• In mid-January 2016, the CEO and the Finance Director of a New York-based non-profit organization both pleaded guilty to bribing John Ashe, a former United Nations General Assembly President.

• Sheri Yan and Heidi Hong Piao were charged in October 2015 as part of a larger group of defendants that included Ashe. According to the complaint, Yan and Piao arranged for over $800,000 of payments to Ashe in exchange for official favors by Ashe and other Antiguan officials for various Chinese businessmen.

• In court, Yan stated that she and others had paid Ashe “with the intent of influencing him in his official capacity” to promote business ventures from which they intended to profit.

• Piao pleaded guilty to conspiracy, bribery, money laundering, and failure to report foreign financial accounts and agreed to cooperate with law enforcement in the ongoing investigation. Yan pleaded guilty to one count of bribery.

17

First Guilty Plea in United Nations Bribery Case – the legislation that keeps on giving!

Source: Morrison & Foerster LLP

Tullow Oil declared force majeure on its offshore exploration block in Guinea following the disclosure that its partner, U.S.-based Hyperdynamics Corporation, is under investigation by the DOJ and SEC for possible violations of the Foreign Corrupt Practices Act.

The investigation is focused on whether its "activities in obtaining and retaining the Concession rights and [its] relationships with charitable organizations potentially violate the FCPA and anti-money laundering statutes," Hyperdynamics said.

Charitable contributions can violate the FCPA if they benefit foreign officials personally and are intended to obtain or retain business or gain an unfair advantage.

Tullow Oil had been planning to start drilling off Guinea together with its partners in the second quarter of 2014, “Tullow has decided that it cannot proceed with activities on the [exploration] license until these issues are resolved.’’

Petro Global News, 13 March 2014

18

UK Oil Firm Declares "Corruption Force Majeure" in Guinea Because of FCPA Probe

A new survey of general counsels and compliance officers found that 30% of companies in North America, Europe, and Asia stopped doing business with a partner because of corruption risks.

19

30% of companies stopped doing business with a partner because of corruption risks.


Survey, 2014

20

What is Required of an

Effective Compliance

Program?

The Adequate Procedures Guidance to the UK Bribery Act provides that “general training could be mandatory for new employees or for agents (on a weighted risk basis) as part of an induction process” and adds that “it may be appropriate to require associated persons to undergo training. This will be particularly relevant for high-risk associated persons.

In any event, organisations may wish to encourage associated persons to adopt bribery prevention training”. An “associated person” is defined as an individual or entity that “perform services for or on behalf” of an organization.

21

Adequate Procedures Guidance to the UK Bribery Act

World Economic Forum, Partnering Against Corruption Initiative (PACI)

The US Federal Sentencing Guidelines for Organizations, which apply to criminal violations of federal statutes such as the US Foreign Corrupt Practices Act, mandate that an organization “shall take reasonable steps to communicate periodically and in a practical manner its standards and procedures, and other aspects of the compliance and ethics program, to [“members of the governing authority, high-level personnel, substantial authority personnel, the organization’s employees, and, as appropriate, the organization’s agents”] by conducting effective training programs and otherwise disseminating information appropriate to such individuals’ respective roles and responsibilities”.

22

US Federal Sentencing Guidelines

World Economic Forum Partnering Against Corruption Initiative (PACI)

23

ISO 19600:2014

24

Can We Do Business Without

Trust?

25

Designing Trustworthy Organizations

MITSloan Management Review

26

Rebuilding Trust

27

Rebuilding Trust

28

Building an Effective Third Party Compliance Program

1. Communicate with your third parties

2. Perform a compliance audit/due diligence review

3. Review your standard contract terms

4. Manage policy dissemination and attestation

5. Provide or source appropriate training

6. Benchmark your program and review regularly

29

6 Steps for An Effective Third Party Compliance Program

Four things third parties should know about due diligence:

1. We are not questioning your integrity

2. We know this is a burden on you

3. Resisting slows things down and may make it seem like you have something to hide

4. There is a business advantage to handling compliance well

Alexandra Wrage - Trace International

www.corpcounsel.com, 7 March 2014

30

Step 1 - Communicate With Your Third Parties

• Classify and assess your third party relationships. Develop risk rankings.

• Collect and regularly review data. Some data can be collected when on-boarding a new 3rd party others might come from regular reviews of watch lists, news stories and PEP screening.

• Evaluate 3rd party’s management’s understanding of compliance with regulations or policies.

• Evaluate 3rd party compliance activities such as policy management and staff training effectiveness.

• Confirm that contract terms and service-level agreements are being met.

• Identify and communicate process improvements for 3rd party interactions.

31

Step 2 -Compliance Audit / Due Diligence Review

Contractor represents and warrants that, in connection with this Agreement or the business resulting therefrom:

(a) It is knowledgeable about Anti-Bribery Laws applicable to the performance of this Agreement and will comply with all such laws; and

(b) Neither is nor a Related Party have made, offered or authorised or will make, offer or authorise any payment, gift promise or other advantage, including a facilitation payment.

Contractor will impose the requirements in this Clause XX on any subcontractor, or other Party from which Goods or Services are procured in connection with the Agreement.

32

Step 3 - Contract Clauses

Company may terminate this Agreement immediately by written notice to Contractor, if Contractor or any of its Related Parties performing work in connection with this Agreement:

(a) No longer meet the requirements of the Company's HSE systems or Contractor fails to observe Company's provisional accreditation requirements where Contractor has previously been wholly or provisionally accredited by Company under the Company's HSE systems;

(b) Commits any or causes Company or any Related Parties to be in breach of applicable Anti-Bribery Laws;

(c) Commits any or causes Company or any Related Parties to be in breach of applicable competition laws;

(d) Commits any or causes Company or any Related Parties to be in breach of applicable Trade Control Laws;

(e) Commits a material breach of applicable laws not mentioned in paragraphs (a), (b), (c) and (d)

33

Step 3 - Contract Clauses – Not just Bribery & Corruption

Corporate policies are no longer just a ‘nice to have’ culture shaping tool for large businesses. With the introduction of increasingly strict legislation and the attentions of industry watchdogs focusing in on compliance, policies and policy management are now essential for all organisations.

Organisations that make a concerted effort to take policy management seriously will over time be able to audit the real value of their efforts. This will be both in terms of a discernible reduction in the risk exposure of the organisations and in the resources that need to be allocated to manage policies.

34

Step 4 - Policy Management – Take Control

1) Establishing policy requirements: Researching relevant law, regulatory requirements, guidelines and best practice. Identifying the business’s requirements.

2) Drafting policy: Creating legally-sound statements in plain English.

3) Policy deployment: Distributing policies rapidly and reliably around the organisation.

4) Testing understanding & affirming acceptance: Ensuring employees understand policy and agree to abide by it.

5) Auditing policy penetration: Auditing policy and providing management reports on compliance status

35

Step 4 - Policy Management – Achieve Compliance

• Must be able to provide documentary evidence that policies and procedures are in place and are adhered to.

• Used as an effective compliance communications tool.

• Provides essential information to Senior Management and Auditors that statutory compliance obligations are accurately communicated and understood.

• Can clearly see not only who has accepted but who has truly understood, then request a retest where a satisfactory result was not delivered.

36

Policy Case Study - Allianz

Keep reasonable demands on employees’ time. Compliance training requirements are high and continue to rise.

Manage employees’ perception of compliance training. Staff are likely to view mandatory training on the same content year in, year out as a box-ticking exercise that doesn’t take into account their knowledge and experience.

37

Step 5 - Compliance Training

38


Update courses to stay consistent with latest regulations. Regulations are changing all the time. This makes it harder to deliver high-quality courses at a reasonable cost.

Identify problematic areas and pro-actively mitigate risks. Most organisations lack tools that would allow them to capture and turn relevant learning data into useful information.

Demonstrate compliance to regulators and shareholders. Given recent compliance issues in several industries, the relevant stakeholders continue raising their expectations on compliance training programs.

Module Allocation

Our courses are modular. They are broken down into 20-minute components, each containing a series of clear learning outcomes. Employees are assigned modules of a course based on a risk profile of their job role. The lower the risk, the less training they should need to do.

Adaptive Learning

Adaptive learning is perfect for organisations that need to complete annual certification for all staff. Employees are assessed on their current knowledge and then only trained on where they have gaps in that knowledge. This reduces training time and minimises pushback from employees. By determining from the outset which areas learners already possess competence in, adaptive learning focuses solely on key areas for improvement.

39


40

Step 6 - Benchmarking

Reactive• Ad hoc response to events• High insurance costs• Non-existent or expensive reporting structure• No review of systems or outcomes• Risk of reputational damage or fines

Active• Compliance is a developing priority• Document hierarchy is designed• Key staff responsibilities are outlined• Systems are in place for regulatory obligations• Training is developed

Proactive• A culture of compliance is encouraged• Automatic reporting and proactive reviews occur• Clear processes and expectations are in place• Compliance is a partner to new business ventures• Compliance/risk executives are assigned overt accountability

41

Step 6 - Benchmarking

‘How frequently do you train your third parties on anti bribery and corruption?’

2015 Anti-Bribery and Corruption Benchmarking Report, Kroll/Compliance Week

42

Benchmarking - Third-Party Risk Management Capability Maturity Model


This may all seem like a huge burden on you, your organisation, your suppliers, clients and other partners.

The alternative may well be huge fines, ongoing regulatory headaches, legal fees, the costs of management time, and a hugely detrimental effect on your firm’s reputation and staff morale.

Your company may be banned from certain markets or from bidding for certain types of work. Worst case scenario, you are put out of business.

Companies “are not taking advantage of the solutions that are out there to the extent that they probably could, and frankly should be expected to, based on

potential regulatory scrutiny.” Robert Huff, Managing Director, Kroll

43

Final Thoughts

This presentation material is intended to provide a summary of the subject matter covered for training purposes only. It does not purport to be comprehensive or to render legal advice. No reader should act on the basis of any matter contained in this presentation without first obtaining specific professional advice.

Sam GibbinsGeneral Manager, Asia

[email protected]

Julian FenwickManaging Director

[email protected]

Download - Innoxcell - Due Diligence Presentation JFF 2016

Top Related