essential elements of global compliance programs

© 2015 Baker & McKenzie LLP

GOOD. SMART. BUSINESS. PROFIT.TM


Essential Elements of Global Compliance Programs

June 4, 2015


Chelsie ChmelaGlobal Events [email protected]

We encourage you to engage during the Q&A portion of today’s webcast by using the chat function located within your viewing experience.

HOST

QUESTIONS

RECORDING The event recording and PowerPoint presentation will be provided post event.

3


4

SPEAKING TODAY

Adam BriggsRegulatory Compliance & Ethics Attorney, United Parcel Service

Karen BensonDirector, Compliance & Ethics, Royal Caribbean Cruises

Rafael Jimenez-GusiPartner, Baker & McKenzie, Barcelona

Brian L. WhislerPartner, Baker & McKenzie, Washington, DC

Baker & McKenzie LLP is a member firm of Baker & McKenzie International, a Swiss Verein with member law firms around the world. In accordance with the common terminology used in professional service organizations, reference to a "partner" means a person who is a partner, or equivalent, in such a law firm. Similarly, reference to an "office" means an office of any such law firm.© 2015 Baker & McKenzie LLP

Adam Briggs, Regulatory Compliance & Ethics Attorney, United Parcel Service

Karen Benson, Director, Compliance & Ethics, Royal Caribbean Cruises

Rafael Jimenez-Gusi, Partner, Baker & McKenzie, Barcelona

Brian L. Whisler, Partner, Baker & McKenzie, Washington, DC

June 4, 2015

Essential Elements of Global Compliance Programs

© 2015 Baker & McKenzie LLP 6

Overview

‒ Global Enforcement Trends‒ Increasing Global Focus on Compliance‒ Designing a Global Compliance Program: Key

Elements


Global Enforcement Trends


Global Enforcement Trends

‒ Growing cooperation between foreign and US enforcement authorities in prosecution of corruption, money laundering and other criminal cases

‒ Increased enforcement of local and extra-territorial corruption laws‒ Growing recognition of the importance of effective compliance

programs‒ Self-reporting, cooperation (including with respect to individuals),

and remediation are important factors in reducing penalties in a growing number of countries

‒ Individual prosecutions continue as a priority‒ Liability for failure to implement an effective compliance program

8


Complexities of US Enforcement‒ US Department of Justice and US Securities & Exchange

Commission aggressively pursue corruption matters, often accompanied by violations of export controls, sanctions violations and violations of other laws

‒ Aggressive assertion of US jurisdiction to reach conduct of global companies overseas Sharing information with other prosecuting authorities Whistleblower reporting channels at government agencies

‒ Well-developed system of investigations and case resolutions‒ US investigations extremely time-consuming and costly for

companies; parallel investigations even more so


Effective Compliance Continues to be Rewarded‒ Ralph Lauren settled with a non-prosecution agreement (NPA) with both the

SEC and the DOJ (first NPA for the SEC)

‒ An example of DOJ and SEC seeking out an opportunity to publicize credit given for a compliance program

‒ Credited for enhancement of its third-party due diligence procedures, implementation of a global risk assessment process, and improvement to its internal controls

‒ SEC’s FCPA Unit Chief Kara Brockmeyer emphasized that the NPA “shows the benefit of implementing an effective compliance program,” adding that the company “discovered this problem after it put in place an enhanced compliance program and began training its employees”

‒ Distinguished from Morgan Stanley, which received a declination, because Morgan Stanley had comprehensive anti-corruption compliance program in place when the alleged violations surfaced

10


Case Study: Panalpina‒ Represented Panalpina, a global freight forwarding company in a multi-country

investigation of accounting and bribery issues under the FCPA Nigeria, Brazil, Angola, Congo, India, Mexico, Russia, Saudi Arabia, Kazakhstan, United

States; limited investigations in other countries

‒ Multiple presentations of findings to DOJ and SEC‒ Company undertook a global risk assessment and upgraded its compliance

program throughout the process‒ Negotiated a global settlement with the SEC and DOJ‒ Served as compliance consultant for the company for the duration of its three-year

Deferred Prosecution Agreement with DOJ‒ Collateral consequences: shareholder lawsuits, shut down operations in Nigeria‒ Compliance take-away:

Local systemic failures may be evidence of a global systemic compliance gap or compliance program failure

Bribery in one country resulting from a systemic compliance gap or compliance program failure may suggest that there is similar misconduct occurring in other high-risk locations or operations

11


Increasing Global Focus on Compliance


Global Compliance Trends and Expectations

‒ Governments are increasingly introducing criminal liability for legal entities for bribery and other offenses committed by their directors, officers or employees

‒ Recognition of compliance programs as mitigating mechanism or as a defense for legal entities

‒ Regulation of the content of essential elements of the compliance program

‒ Effective implementation of the compliance program‒ Increased global cooperation between the enforcement authorities

13


Benefits of Compliance in US‒ Adequacy of a company’s compliance program will be taken into

account when the DOJ and SEC consider what action to take against a company

‒ Includes whether to resolve the matter through a deferred prosecution agreement (DPA) or a non-prosecution agreement (NPA), the length of a DPA or NPA, or the term of corporate probation

‒ Can also impact penalty amount and whether retention of a monitor is required or the subsequent reporting on compliance program enhancements to DOJ

14


Spain’s Compliance Program Requirements

15

• Spanish Criminal Code introduced Criminal liability for legal entities for selected number of crimes (public and private corruption, tax and social security evasion, money laundering, environmental crimes, etc…)

• The effects of a Compliance program as a defence were unclear.

• Spanish Criminal Code will recognize the adoption of a Compliance program as a valid defence to avoid criminal liability for the legal entities.

2010

2015


The Spanish Criminal Code regulates and defines the content of compliance programs

16

• Article 33 bis of the Spanish Criminal Code establishes that if:

a) The directors of a company have adopted a compliance program that meets the legal requirements under Spanish law;

b) The supervision of the program is entrusted to a company’s body or individual with authorized powers of initiative and control (Compliance Body);

c) The officers or the employees have committed a crime by intentionally violating the Compliance Program; and

d) The Compliance Body has not neglected its duties of supervision, surveillance and control;

The company will be exempted from criminal liability for the crimes committed (including corruption offences) by its officers and employees.


The six elements of a Compliance Program under Spanish Criminal Code

17

1) Risk assessment of the crimes that should be prevented.

2) Standards and controls to mitigate any criminal risks detected.

3) Financial management system in place to prevent the identified crimes.

4) Obligation to report to the Compliance Body any violation of the standards and controls (whistleblowing channel).

5) Disciplinary system to sanction the violation by officers and employees of the Compliance Program.

6) Periodic review of the Compliance Program, making the necessary adjustments when serious violations occur or when the company undergoes organizational, structural or economic activity changes.


Designing a Global Compliance Program: Key Elements


Key Elements of Compliance Enforcement authorities across the globe are placing an increased emphasis on the importance of establishing robust and risk-based corporate compliance programs. While the precise formulation and detail of the guidance issued varies, for example, under the U.S. Federal Sentencing Guidelines, by the U.K. in relation to the Bribery Act, or by the OECD, there are key themes that are common. Baker & McKenzie has distilled those key themes into the following essential elements of corporate compliance:

Monitoring, Auditing and Response

Training and Communication

Standards and Controls

Risk Assessment

Leadership

19


Essential Elements of Compliance

13. Re-assessment – regular review and necessary revisions

12. Discipline for violations of policy

11. Reporting violations confidentially with no retaliation

10. Guidance – provision of advice to ensure compliance

9. Accounting – effective internal controls for accurate books and records

8. Business partners due diligence

7. Specific risk areas – promulgation and implementation programs to address key issues

7. Respond quickly to allegations and modify program

6. Monitoring and review

6. Oversight by senior corporate officers with sufficient resources, authority, and access to Board

6. Provide incentives; discipline misconduct

5. Communication

5. Support from senior management – strong, explicit and visible

5. Monitor and audit; maintain reporting mechanism

4. Due diligence

4. Responsibility – individuals at all levels should be responsible for monitoring

4. Communicate standards and procedures of compliance program, and conduct effective training

3. Risk assessment

3. Training – periodic, documented

3. Deny leadership positions to people who have engaged in misconduct

2. Top level commitment2. Policy that clearly and visibly states bribery is prohibited

2. Leaders understand / oversee the compliance program to verify effectiveness and adequacy of support; specific individuals vested with implementation authority / responsibility

1. Proportionate procedures1. Risk assessment as basis for effective internal controls and compliance program

1. Standards and procedures to prevent and detect criminal conduct

UK’s 6 Principles for “Adequate Procedures”

13 Good Practices by the OECD on Internal Controls, Ethics, and Compliance

USSG’s 7 Elements of an Effective Compliance Program

NOTE: A general provision requires periodic assessment of risk of criminal conduct and appropriate steps to design, implement, or modify each element to reduce risk

20


Global Compliance Program Key Elements

− An independent compliance function− A Chief Compliance Officer (“CCO”) reporting directly to Board of

Directors (or designated Board Sub-Committee)− Dedicated compliance staff to support CCO and compliance function− Global anti-corruption, trade sanctions and other key policies − Global due diligence procedure for business partners− Global monitoring mechanism for high-risk business partner

engagements and financial transactions − Regular compliance auditing− Whistleblower reporting process− Defined investigation procedures

21


Leadership – Board of Directors− Board of Directors, CEO, and CCO should work collaboratively to

lead a company’s global compliance program: Board of Directors (or designated Board Sub-Committee)

should oversee the compliance organization at the highest level of the Company

CEO should provide management leadership to set the appropriate tone at the top and help ensure compliance with laws and regulations

CCO and compliance staff should provide day-to-day management of the compliance program

22


Leadership – Compliance Department− Duties of the Compliance Department should include:

Oversight of Code of Conduct Design and management of anti-corruption risk assessment process Create and revise Code of Conduct, policies, and procedures for

compliance program Guide and/or conduct due diligence on business partners, including

third-party intermediaries Develop communication channels and training programs to promote

awareness of the Code of Conduct, policies, and procedures Monitor business partner relationships and high-risk transactions Oversee compliance program monitoring and testing functions Manage whistleblower reporting process

23


Risk Assessment

− Risk assessment process should include the comprehensive evaluation of factors affecting company’s risk profile: Country risk Industry risk Nature of transactions Amount/value of transactions or engagements Business/operating unit profile, headcount, revenue Type of business partner (e.g. third-party intermediaries)

− Findings communicated to Board of Directors (or designated Board Sub-Committee) and Senior Management

− Subsequent program enhancements should be made by the Compliance Department in consultation with other departments and

Senior Management 24


Standards and Controls – Code of Conduct− A Code of Conduct (“Code”) should be in place and address key risks

specific to the company such as anti-corruption, including gifts and entertainment, charitable contributions, business partner engagements, books and records, conflict of interest and antitrust

− All Board Members, officers and employees should be required to review and acknowledge receipt and understanding of the Code and key policies

− The Code should apply to all company operations including subsidiaries and affiliates

− The Code should also prominently display contact information allowing for confidential reporting (including anonymous reporting in countries where such reporting is allowed)

25


Standards & Controls – Global Anti-Corruption Policy− Enforcement agencies will expect multinational companies to have

a global anti-corruption policy in place that: Prohibits bribery throughout global operations; Requires due diligence and an anti-corruption risk appraisal on

business partners, with an emphasis on third-party intermediaries; and

Provides guidelines for gifts, entertainment, travel, education, and related hospitality expenses to government officials (including charitable donations)

− Many countries prohibit facilitation payments, thus, multinational companies should consider prohibiting such payments to ensure compliance with these laws

26


Standards & Controls – Business Partner Due Diligence− Vast majority of global anti-corruption enforcement actions

involved third party intermediaries – regulators will expect you to know who you do business with

− Due diligence should be risk-based, with higher risk entities receiving enhanced due diligence review

− Compliance function should oversee due diligence conducted on business partners (including third-party intermediaries), in collaboration with a risk screening vendor as appropriate

− A contract should be in place for business partners incorporating robust compliance representations

27


− Officers & employees should receive periodic anti-corruption training

− Risk areas identified by the Compliance Department should be targeted for training

− Risk factors considered include: Type and value of work performed by a business unit or

employee (e.g. sales, marketing, accounts payable) Frequency of interaction with government officials and third-

party intermediaries Corruption perception in relevant business locations

− High risk business partners should receive company training as necessary and appropriate

Training & Communication

28


Training & Communication − Company leadership communicates the importance of compliance

through: Annual meetings; Annual reports and other publications; Management conferences; Large employee gatherings; and Intranet and other company sources.

29


Monitoring, Auditing & Testing − Compliance Department should coordinate compliance program monitoring

efforts with Internal Audit, Accounts Payable, Business Units, and any other appropriate business functions

− Policies, procedures, and training modules must be updated based on program testing and monitoring results

− Accounts Payable, Internal Audit, and Business Units should monitor third-party payment and monetary disbursements for red flags and ensure consistency of contract terms

− Any exceptions to business partner engagement process (or other incident of non-compliance) must be reported to Compliance Department or designated reporting channel

30


Monitoring, Auditing & Testing (cont’d)− Internal audit should focus on transactions involving higher risk

business engagements such as Payments to third-party intermediaries; Business units with elevated risk profiles; and Countries with elevated risk profiles.

− Audit priorities should be determined in consultation with the Compliance Department based on audit findings and evaluation of risk

− Internal Audit findings should help dictate appropriate compliance program enhancements

31


Baker & McKenzie - Additional Resources

Follow ongoing developments in global compliance and anti-corruption via:

http://globalcompliancenews.com/

Baker & McKenzie’s “Inside the FCPA” Newsletter http://www.bakermckenzie.com/insidethefcpa/

http://globalcompliancenews.com/

http://www.bakermckenzie.com/insidethefcpa/

Thank you! Questions?

33


Our Presenters

.

Rafael Jimenez-Gusi, Partner, Baker & McKenzie, Barcelona

Tel: +34 93 206 08 24

[email protected]

Brian L. Whisler, Partner, Baker & McKenzie, Washington, DC

Tel: +1 202 452 7019

[email protected]

Adam Briggs, Regulatory Compliance & Ethics Attorney, United Parcel Service

Karen Benson, Director, Compliance & Ethics, Royal Caribbean Cruises Ltd.


This webcast and all future Ethisphere webcasts are available complimentary and on demand for BELA members. BELA members are also offered complimentary registration to Ethisphere’s Global Ethics Summit and other Summits around the world.

For more information on BELA contact:

Laara van Loben SelsSenior Director, Engagement [email protected]

Business Ethics Leadership Alliance (BELA)

mailto:[email protected]


Tuesday, June 9 at 12:00 p.m. ET

Anti-Corruption and Third Parties: Mitigating the Risks

All upcoming Ethisphere events can be found at:http://ethisphere.com/events/

PLEASE JOIN US FOR

http://ethisphere.com/events/


www.latinamericaethicssummit.com

June 17-18, 2015 – Rio de Janeiro, Brazil15% off Discount Code: WEBCAST15


THANK YOU

essential elements of global compliance programs

Business

baker mckenzie llp good

baker mckenzie llp adam

global focus

us enforcement authorities

whisler partner

conduct of global companies

enforcement of local

prosecution of corruption