essential elements of global compliance programs
TRANSCRIPT
© 2015 Baker & McKenzie LLP
Chelsie ChmelaGlobal Events [email protected]
We encourage you to engage during the Q&A portion of today’s webcast by using the chat function located within your viewing experience.
HOST
QUESTIONS
RECORDING The event recording and PowerPoint presentation will be provided post event.
3
© 2015 Baker & McKenzie LLP
4
SPEAKING TODAY
Adam BriggsRegulatory Compliance & Ethics Attorney, United Parcel Service
Karen BensonDirector, Compliance & Ethics, Royal Caribbean Cruises
Rafael Jimenez-GusiPartner, Baker & McKenzie, Barcelona
Brian L. WhislerPartner, Baker & McKenzie, Washington, DC
Baker & McKenzie LLP is a member firm of Baker & McKenzie International, a Swiss Verein with member law firms around the world. In accordance with the common terminology used in professional service organizations, reference to a "partner" means a person who is a partner, or equivalent, in such a law firm. Similarly, reference to an "office" means an office of any such law firm.© 2015 Baker & McKenzie LLP
Adam Briggs, Regulatory Compliance & Ethics Attorney, United Parcel Service
Karen Benson, Director, Compliance & Ethics, Royal Caribbean Cruises
Rafael Jimenez-Gusi, Partner, Baker & McKenzie, Barcelona
Brian L. Whisler, Partner, Baker & McKenzie, Washington, DC
June 4, 2015
Essential Elements of Global Compliance Programs
© 2015 Baker & McKenzie LLP 6
Overview
‒ Global Enforcement Trends‒ Increasing Global Focus on Compliance‒ Designing a Global Compliance Program: Key
Elements
© 2015 Baker & McKenzie LLP
Global Enforcement Trends
‒ Growing cooperation between foreign and US enforcement authorities in prosecution of corruption, money laundering and other criminal cases
‒ Increased enforcement of local and extra-territorial corruption laws‒ Growing recognition of the importance of effective compliance
programs‒ Self-reporting, cooperation (including with respect to individuals),
and remediation are important factors in reducing penalties in a growing number of countries
‒ Individual prosecutions continue as a priority‒ Liability for failure to implement an effective compliance program
8
© 2015 Baker & McKenzie LLP 9
Complexities of US Enforcement‒ US Department of Justice and US Securities & Exchange
Commission aggressively pursue corruption matters, often accompanied by violations of export controls, sanctions violations and violations of other laws
‒ Aggressive assertion of US jurisdiction to reach conduct of global companies overseas Sharing information with other prosecuting authorities Whistleblower reporting channels at government agencies
‒ Well-developed system of investigations and case resolutions‒ US investigations extremely time-consuming and costly for
companies; parallel investigations even more so
© 2015 Baker & McKenzie LLP
Effective Compliance Continues to be Rewarded‒ Ralph Lauren settled with a non-prosecution agreement (NPA) with both the
SEC and the DOJ (first NPA for the SEC)
‒ An example of DOJ and SEC seeking out an opportunity to publicize credit given for a compliance program
‒ Credited for enhancement of its third-party due diligence procedures, implementation of a global risk assessment process, and improvement to its internal controls
‒ SEC’s FCPA Unit Chief Kara Brockmeyer emphasized that the NPA “shows the benefit of implementing an effective compliance program,” adding that the company “discovered this problem after it put in place an enhanced compliance program and began training its employees”
‒ Distinguished from Morgan Stanley, which received a declination, because Morgan Stanley had comprehensive anti-corruption compliance program in place when the alleged violations surfaced
10
© 2015 Baker & McKenzie LLP
Case Study: Panalpina‒ Represented Panalpina, a global freight forwarding company in a multi-country
investigation of accounting and bribery issues under the FCPA Nigeria, Brazil, Angola, Congo, India, Mexico, Russia, Saudi Arabia, Kazakhstan, United
States; limited investigations in other countries
‒ Multiple presentations of findings to DOJ and SEC‒ Company undertook a global risk assessment and upgraded its compliance
program throughout the process‒ Negotiated a global settlement with the SEC and DOJ‒ Served as compliance consultant for the company for the duration of its three-year
Deferred Prosecution Agreement with DOJ‒ Collateral consequences: shareholder lawsuits, shut down operations in Nigeria‒ Compliance take-away:
Local systemic failures may be evidence of a global systemic compliance gap or compliance program failure
Bribery in one country resulting from a systemic compliance gap or compliance program failure may suggest that there is similar misconduct occurring in other high-risk locations or operations
11
© 2015 Baker & McKenzie LLP
Global Compliance Trends and Expectations
‒ Governments are increasingly introducing criminal liability for legal entities for bribery and other offenses committed by their directors, officers or employees
‒ Recognition of compliance programs as mitigating mechanism or as a defense for legal entities
‒ Regulation of the content of essential elements of the compliance program
‒ Effective implementation of the compliance program‒ Increased global cooperation between the enforcement authorities
13
© 2015 Baker & McKenzie LLP
Benefits of Compliance in US‒ Adequacy of a company’s compliance program will be taken into
account when the DOJ and SEC consider what action to take against a company
‒ Includes whether to resolve the matter through a deferred prosecution agreement (DPA) or a non-prosecution agreement (NPA), the length of a DPA or NPA, or the term of corporate probation
‒ Can also impact penalty amount and whether retention of a monitor is required or the subsequent reporting on compliance program enhancements to DOJ
14
© 2015 Baker & McKenzie LLP
Spain’s Compliance Program Requirements
15
• Spanish Criminal Code introduced Criminal liability for legal entities for selected number of crimes (public and private corruption, tax and social security evasion, money laundering, environmental crimes, etc…)
• The effects of a Compliance program as a defence were unclear.
• Spanish Criminal Code will recognize the adoption of a Compliance program as a valid defence to avoid criminal liability for the legal entities.
2010
2015
© 2015 Baker & McKenzie LLP
The Spanish Criminal Code regulates and defines the content of compliance programs
16
• Article 33 bis of the Spanish Criminal Code establishes that if:
a) The directors of a company have adopted a compliance program that meets the legal requirements under Spanish law;
b) The supervision of the program is entrusted to a company’s body or individual with authorized powers of initiative and control (Compliance Body);
c) The officers or the employees have committed a crime by intentionally violating the Compliance Program; and
d) The Compliance Body has not neglected its duties of supervision, surveillance and control;
The company will be exempted from criminal liability for the crimes committed (including corruption offences) by its officers and employees.
© 2015 Baker & McKenzie LLP
The six elements of a Compliance Program under Spanish Criminal Code
17
1) Risk assessment of the crimes that should be prevented.
2) Standards and controls to mitigate any criminal risks detected.
3) Financial management system in place to prevent the identified crimes.
4) Obligation to report to the Compliance Body any violation of the standards and controls (whistleblowing channel).
5) Disciplinary system to sanction the violation by officers and employees of the Compliance Program.
6) Periodic review of the Compliance Program, making the necessary adjustments when serious violations occur or when the company undergoes organizational, structural or economic activity changes.
© 2015 Baker & McKenzie LLP
Key Elements of Compliance Enforcement authorities across the globe are placing an increased emphasis on the importance of establishing robust and risk-based corporate compliance programs. While the precise formulation and detail of the guidance issued varies, for example, under the U.S. Federal Sentencing Guidelines, by the U.K. in relation to the Bribery Act, or by the OECD, there are key themes that are common. Baker & McKenzie has distilled those key themes into the following essential elements of corporate compliance:
Monitoring, Auditing and Response
Training and Communication
Standards and Controls
Risk Assessment
Leadership
19
© 2015 Baker & McKenzie LLP
Essential Elements of Compliance
13. Re-assessment – regular review and necessary revisions
12. Discipline for violations of policy
11. Reporting violations confidentially with no retaliation
10. Guidance – provision of advice to ensure compliance
9. Accounting – effective internal controls for accurate books and records
8. Business partners due diligence
7. Specific risk areas – promulgation and implementation programs to address key issues
7. Respond quickly to allegations and modify program
6. Monitoring and review
6. Oversight by senior corporate officers with sufficient resources, authority, and access to Board
6. Provide incentives; discipline misconduct
5. Communication
5. Support from senior management – strong, explicit and visible
5. Monitor and audit; maintain reporting mechanism
4. Due diligence
4. Responsibility – individuals at all levels should be responsible for monitoring
4. Communicate standards and procedures of compliance program, and conduct effective training
3. Risk assessment
3. Training – periodic, documented
3. Deny leadership positions to people who have engaged in misconduct
2. Top level commitment2. Policy that clearly and visibly states bribery is prohibited
2. Leaders understand / oversee the compliance program to verify effectiveness and adequacy of support; specific individuals vested with implementation authority / responsibility
1. Proportionate procedures1. Risk assessment as basis for effective internal controls and compliance program
1. Standards and procedures to prevent and detect criminal conduct
UK’s 6 Principles for “Adequate Procedures”
13 Good Practices by the OECD on Internal Controls, Ethics, and Compliance
USSG’s 7 Elements of an Effective Compliance Program
NOTE: A general provision requires periodic assessment of risk of criminal conduct and appropriate steps to design, implement, or modify each element to reduce risk
20
© 2015 Baker & McKenzie LLP
Global Compliance Program Key Elements
− An independent compliance function− A Chief Compliance Officer (“CCO”) reporting directly to Board of
Directors (or designated Board Sub-Committee)− Dedicated compliance staff to support CCO and compliance function− Global anti-corruption, trade sanctions and other key policies − Global due diligence procedure for business partners− Global monitoring mechanism for high-risk business partner
engagements and financial transactions − Regular compliance auditing− Whistleblower reporting process− Defined investigation procedures
21
© 2015 Baker & McKenzie LLP
Leadership – Board of Directors− Board of Directors, CEO, and CCO should work collaboratively to
lead a company’s global compliance program: Board of Directors (or designated Board Sub-Committee)
should oversee the compliance organization at the highest level of the Company
CEO should provide management leadership to set the appropriate tone at the top and help ensure compliance with laws and regulations
CCO and compliance staff should provide day-to-day management of the compliance program
22
© 2015 Baker & McKenzie LLP
Leadership – Compliance Department− Duties of the Compliance Department should include:
Oversight of Code of Conduct Design and management of anti-corruption risk assessment process Create and revise Code of Conduct, policies, and procedures for
compliance program Guide and/or conduct due diligence on business partners, including
third-party intermediaries Develop communication channels and training programs to promote
awareness of the Code of Conduct, policies, and procedures Monitor business partner relationships and high-risk transactions Oversee compliance program monitoring and testing functions Manage whistleblower reporting process
23
© 2015 Baker & McKenzie LLP
Risk Assessment
− Risk assessment process should include the comprehensive evaluation of factors affecting company’s risk profile: Country risk Industry risk Nature of transactions Amount/value of transactions or engagements Business/operating unit profile, headcount, revenue Type of business partner (e.g. third-party intermediaries)
− Findings communicated to Board of Directors (or designated Board Sub-Committee) and Senior Management
− Subsequent program enhancements should be made by the Compliance Department in consultation with other departments and
Senior Management 24
© 2015 Baker & McKenzie LLP
Standards and Controls – Code of Conduct− A Code of Conduct (“Code”) should be in place and address key risks
specific to the company such as anti-corruption, including gifts and entertainment, charitable contributions, business partner engagements, books and records, conflict of interest and antitrust
− All Board Members, officers and employees should be required to review and acknowledge receipt and understanding of the Code and key policies
− The Code should apply to all company operations including subsidiaries and affiliates
− The Code should also prominently display contact information allowing for confidential reporting (including anonymous reporting in countries where such reporting is allowed)
25
© 2015 Baker & McKenzie LLP
Standards & Controls – Global Anti-Corruption Policy− Enforcement agencies will expect multinational companies to have
a global anti-corruption policy in place that: Prohibits bribery throughout global operations; Requires due diligence and an anti-corruption risk appraisal on
business partners, with an emphasis on third-party intermediaries; and
Provides guidelines for gifts, entertainment, travel, education, and related hospitality expenses to government officials (including charitable donations)
− Many countries prohibit facilitation payments, thus, multinational companies should consider prohibiting such payments to ensure compliance with these laws
26
© 2015 Baker & McKenzie LLP
Standards & Controls – Business Partner Due Diligence− Vast majority of global anti-corruption enforcement actions
involved third party intermediaries – regulators will expect you to know who you do business with
− Due diligence should be risk-based, with higher risk entities receiving enhanced due diligence review
− Compliance function should oversee due diligence conducted on business partners (including third-party intermediaries), in collaboration with a risk screening vendor as appropriate
− A contract should be in place for business partners incorporating robust compliance representations
27
© 2015 Baker & McKenzie LLP
− Officers & employees should receive periodic anti-corruption training
− Risk areas identified by the Compliance Department should be targeted for training
− Risk factors considered include: Type and value of work performed by a business unit or
employee (e.g. sales, marketing, accounts payable) Frequency of interaction with government officials and third-
party intermediaries Corruption perception in relevant business locations
− High risk business partners should receive company training as necessary and appropriate
Training & Communication
28
© 2015 Baker & McKenzie LLP
Training & Communication − Company leadership communicates the importance of compliance
through: Annual meetings; Annual reports and other publications; Management conferences; Large employee gatherings; and Intranet and other company sources.
29
© 2015 Baker & McKenzie LLP
Monitoring, Auditing & Testing − Compliance Department should coordinate compliance program monitoring
efforts with Internal Audit, Accounts Payable, Business Units, and any other appropriate business functions
− Policies, procedures, and training modules must be updated based on program testing and monitoring results
− Accounts Payable, Internal Audit, and Business Units should monitor third-party payment and monetary disbursements for red flags and ensure consistency of contract terms
− Any exceptions to business partner engagement process (or other incident of non-compliance) must be reported to Compliance Department or designated reporting channel
30
© 2015 Baker & McKenzie LLP
Monitoring, Auditing & Testing (cont’d)− Internal audit should focus on transactions involving higher risk
business engagements such as Payments to third-party intermediaries; Business units with elevated risk profiles; and Countries with elevated risk profiles.
− Audit priorities should be determined in consultation with the Compliance Department based on audit findings and evaluation of risk
− Internal Audit findings should help dictate appropriate compliance program enhancements
31
© 2015 Baker & McKenzie LLP 32
Baker & McKenzie - Additional Resources
Follow ongoing developments in global compliance and anti-corruption via:
http://globalcompliancenews.com/
Baker & McKenzie’s “Inside the FCPA” Newsletter http://www.bakermckenzie.com/insidethefcpa/
© 2015 Baker & McKenzie LLP 34
Our Presenters
.
Rafael Jimenez-Gusi, Partner, Baker & McKenzie, Barcelona
Tel: +34 93 206 08 24
Brian L. Whisler, Partner, Baker & McKenzie, Washington, DC
Tel: +1 202 452 7019
Adam Briggs, Regulatory Compliance & Ethics Attorney, United Parcel Service
Karen Benson, Director, Compliance & Ethics, Royal Caribbean Cruises Ltd.
© 2015 Baker & McKenzie LLP
This webcast and all future Ethisphere webcasts are available complimentary and on demand for BELA members. BELA members are also offered complimentary registration to Ethisphere’s Global Ethics Summit and other Summits around the world.
For more information on BELA contact:
Laara van Loben SelsSenior Director, Engagement [email protected]
Business Ethics Leadership Alliance (BELA)
© 2015 Baker & McKenzie LLP
Tuesday, June 9 at 12:00 p.m. ET
Anti-Corruption and Third Parties: Mitigating the Risks
All upcoming Ethisphere events can be found at:http://ethisphere.com/events/
PLEASE JOIN US FOR
© 2015 Baker & McKenzie LLP
www.latinamericaethicssummit.com
June 17-18, 2015 – Rio de Janeiro, Brazil15% off Discount Code: WEBCAST15