Corruption: the law and management of the risk - ICFP

1 Presentation name

Nedbank Group Limited Internal Use Only

Corruption: the law and management of the risk

19 October 2018

2 Presentation name


Agenda

1. Legislationa) Some history

b) PRECCA

c) UK Bribery Act

d) Foreign Corrupt Practices Act

2. Adequate Proceduresa) Overview

b) Some practical issues

c) The SIL prosecution in the UK

3. Associated Personsa) Who are these people?

4. Prosecutions (case studies)

3 Presentation name


Legislation

4 Presentation name


Some history

South Africa is a party to a number of international and regional conventions that set out obligations to fight corruption. In addition, South Africa has enacted domestic legislation in order to give effect to the commitments enshrined in these conventions. This means that the country is legally bound to fight against corruption.

South Africa is a party to four major conventions:

• The UN Convention against Corruption

• The AU Convention on Preventing and Combating Corruption

• The OECD Anti-Bribery Convention

• The SADC Protocol Against Corruption

These conventions need to be brought into effect domestically. There are two approaches that a country can follow in making an international piece of law binding in its domestic jurisdiction, namely monism and dualism – South Africa follows the dualism approach.

In dualist countries such as South Africa, there is a difference between national law and international law. International law needs to be translated into national law, and without this translation, the international law does not apply.

.

5 Presentation name


Some history

So there must be a piece of national law that explicitly incorporates the international law, otherwise it does not become part of national law and citizens cannot rely on it nor can judges apply it and national laws that contradict it remain in force.

PRECCA written to comply with the UN Convention against Corruption and AU Convention on Preventing and Combating Corruption – before that, bribery was a common law offence in South Africa

6 Presentation name


Prevention and Combatting of Corrupt Activities Act

• Extensive definition of what is seen as corruption• Only individuals can be prosecuted• Extra territorial application• S34 Reporting obligation Any person in position of authority

(public/private):

Accepts/agrees to accept/offer to

accept /give any gratification either for

himself or someone else

Intent to influence the person to

act either personally or by

influencing another to act in a

specific way

The act must amount to a certain effect:

• Illegal, dishonest, unauthorised, incomplete or

biased act

•Misuse or selling of information or material

acquired in a certain manner and under certain

circumstances

•Abuse of a position or power

•Breach of trust

•Violation of legal duty or set of rules

•Unjustified result

•Amounts to any unauthorised or improper

inducement to do/not to do something

PRECCA has extra territorial application which means that even if the corrupt act was committed outside of the borders of the Republic and even if it does not constitute a crime in the country where the act was committed, a person can still be prosecuted in South Africa if certain requirements are met

7 Presentation name


Proposed changes to PRECCA

1. The Department of Justice and Correctional Services has recently published the Prevention and Combating of Corrupt Activities Amendment Bill, 2017.

2. The Bill introduces an "immunity" provision in relation to the existing obligation in section 34 to report knowledge of, or a reasonable suspicion of corrupt activity. This provision states that: "A court may find that any person who bona fide filed a report as contemplated in subsection (1) may not be held liable to any civil, criminal or disciplinary proceedings in respect of the content of such report“.

3. Immunity is not absolute and courts are given discretion to determine whether immunity should be awarded. The Bill is silent on the criteria for reasonable knowledge or suspicion which aids the making of a bona fide report.

4. The Bill proposes to place an onerous obligation on persons who find themselves in a position of authority, as defined in PRECCA, to implement internal compliance programmes to ensure offences are detected and reported.

5. The repercussions for non-compliance with the obligation to implement internal compliance programmes were not set out in more detail. Guidance related to what would constitute an internal compliance programme - what specific measures would need to be put in place?

8 Presentation name


Proposed changes to PRECCA (cont)

7. Under PRECCA - only guilty individuals were fined for an offence under PRECCA. The Bill, however, seeks to introduce an element of corporate liability and the sentencing of a corporate body.

8. The Bill proposes introducing maximum fines payable for an offence under PRECCA; that is to say that a Regional Court may impose a fine not exceeding ZAR 50 million and a Magistrate's Court may impose a fine not exceeding ZAR 10 million.

9. The Bill also introduces guidelines that a court must take into account when imposing a fine on a corporate body. In this regard the fine must reflect the seriousness of the offence, the amount of the gratification paid, the benefit derived and the annual turnover of the corporate body.

10. No guideline on the weighting to be attached to each of the criteria listed for determining the appropriate fine on a corporate. The Bill also fails to define when a corporate entity will be held liable for an offence of corruption and not its agent.

11. The Bill also proposes to extend the territorial effect of PRECCA. It gives a court, in whose jurisdiction one/more elements of the crime [offence] have been committed, jurisdiction to try such an offence

12. The Bill also seeks to introduce facilitation payments as an offence by including it in the definition of gratification. A facilitation payment is understood to entail paying a person to make them act in a specific way or to bring about an unfair or unlawful advantage

9 Presentation name


UK Bribery Act

In terms of this act, the aim of the bribe (which could either be offered or accepted) should be to bring about improper performance of a function or activity.

‘Improper performance’ in this context means performance that amounts to a breach of an expectation that a person will act in good faith, impartially, or in accordance with a position of trust.

The offence applies to bribery relating to any function

• of a public nature, connected with a business,

• performed in the course of a person’s employment or

• performed on behalf of a company or another body of persons.

Therefore, bribery in both the public and private sectors is covered, just as in our local act.

For the purposes of deciding whether a function or activity has been performed improperly, the test of what is expected is what a reasonable person in the UK would expect in relation to the performance of that function or activity.

10 Presentation name


UK Bribery Act

Section 7 of the Act:

Organisation is guilty of an offence if an ‘associated person’ performing services on behalf of the company bribes a person in order to obtain or retain a business advantage

In terms of the guidance notes published by the UK Ministry of Justice, an ‘associated person’includes:

»Any person who performs a service for the organisation i.e. employees, contractors, agents, joint ventures and subsidiaries. Where a vendor not merely sells goods on behalf of an organisation it can be deemed as an ‘associated person’

»Whether a person is performing services for an organisation is to be determined by reference to all the relevant circumstances and not merely by reference to the nature of the relationship between that person and the organisation : thus broad application

The only defence an organisation will have is if the company can show that it had ‘adequate procedures’ in place which could be expected to prevent the bribe from occurring



Unpacking Section 7

1. Investigation will be done by the Serious Fraud Office in the UK

2. Commercial entity can be criminally prosecuted in a Court of Law in the UK

3. Strict liability – assumption of guilt until corporate can prove that they had ‘adequate procedures’ in place

4. Corporate is guilty of bribery because of something someone else (“associated person”) did on its behalf (knowledge not a requirement)

5. Can also come to a ‘deferred prosecution agreement’ with the SFO



Foreign Corrupt Practices Act

The FCPA became law in 1977. It has a broad geographical reach and creates significant exposure for both companies and individuals.

There are two main personas covered by the legislation:

An “issuer”

– is listed on a national securities exchange in the United States (U.S.) (either stock or American Depository Receipts); or

– the company’s stock trades in the over-the counter market in the U.S. and the company is required to file Securities and Exchange Commission (SEC) reports.

Officers, directors, employees, agents, or stockholders acting on behalf of an issuer (whether U.S. or foreign nationals), and any co-conspirators, also can be prosecuted under the FCPA.



FCPA (cont)

A “domestic concern”

– is any individual who is a citizen, national, or resident of the U.S.; or

– any corporation, partnership, association, joint-stock company, business trust, unincorporated organisation, or sole proprietorship that is organised under the laws of the U.S. or its states, territories, possessions, or commonwealths or that has its principal place of business in the U.S.

Officers, directors, employees, agents, or stockholders acting on behalf of a domestic concern, including foreign nationals or companies, are also covered.

The FCPA also applies to certain foreign nationals or entities that are not issuers or domestic concerns. Since 1998, the FCPA’s anti-bribery provisions have applied to foreign persons and foreign non-issuer entities that, either directly or through an agent, engage in any act in furtherance of a corrupt payment while in the territory of the U.S. Also, officers, directors, employees, agents, or stockholders acting on behalf of such persons or entities may be subject to the FCPA’s anti-bribery prohibitions.



FCPA (cont)

Offences

The FCPA applies only to payments intended to induce or influence a foreign official to use his or her position “in order to assist … in obtaining or retaining business for or with, or directing business to, any person”

The Act contains two general categories of offenses:

• Its anti-bribery provisions prohibit making—or offering to make—a corrupt payment to a foreign (i.e. non-U.S.) government official for the purpose of securing an improper advantage or obtaining or retaining business for or with, or directing business to, any person.

• Its books and records provisions require foreign or domestic issuers of securities who are registered on U.S. stock exchanges to comply with its additional provisions on recordkeeping and internal accounting controls. Books and records of covered entities must accurately and fairly reflect transactions (including the purposes of an organisation’s transactions).



FCPA (cont)

Nexus with the US

For the FCPA to be applicable, there has to be some nexus between the act of corruption (which should be aimed at corrupting a public official) and the U.S.

The U.S. government can and has asserted near global jurisdiction for FCPA violations on even the slightest connection to the U.S. It can be as little as funds routed through the U.S. banking system or use of computer servers located in US.

The link may not always be obvious for example if a payment is made through two non-U.S. banks. Even if the two banks has no direct correspondent relationship, but each had a U.S. correspondent relationship, the Act may be applicable. The fact that the payer and recipient were unaware that the funds passed through the U.S. correspondent bank is irrelevant.

Emails and other electronic traffic passing through U.S. servers may be sufficient as well.



Adequate procedures



Adequate procedures

After promulgation of the UK Bribery Act, the Ministry of Justice in the UK issued a guideline with six principles that, if implemented, will put an organsiation in a defendable position.

The principles are:

• Awareness and training

• Oversight and review

• Due diligence

• Tone from the top

• Proportionate processes and procedures

• Risk assessments



Adequate procedures – some practical issues

Awareness and training– Using different mediums to appeal to different groups: one size does not fit all!

– Getting the right people to the training sessions – risk officers vs general staff

– Rolling out in Africa

Oversight and review– Development of implementation plan

– Establishment of governance committees

– Role of business vs risk function vs internal audit

Risk assessments– Convincing risk fraternity to include corruption as part of Basel operational risk management

framework

– Getting people to understand that UKBA is a risk management issue and not a compliance issue

– Review of adequacy of risk assessments

Proportionate processes and procedures- SIL matter



The SIL case

Prior to becoming dormant in 2014, SIL was actively trading as a fit-out refurbishment contractor in the South-East of England, primarily in London. Its workforce comprised approximately 30 individuals, operating in an open-plan office based in one room at a single site.

SIL was one of a number of contractors invited by a company (“DTZ”) to tender for two office refurbishment contracts in London worth a combined £6m. SIL won the tenders in 2013.

The bribes

The prosecution alleged that Mr GD, a project manager at DTZ, had acted improperly during the tender process by passing SIL information that could have provided it with an advantage over its bidding rivals and/or sought to influence the award of the contracts by expressing a preference to his colleagues that SIL be selected. The prosecution alleged that this was on the basis of offers/requests for bribes made to SIL’s managing director, Mr SB.

After SIL won the two contracts, it made two payments to GD totalling £10,000, and while a third payment of £29,000 was offered and requested, it was never paid, as explained below.



SIL matter (cont)

A number of steps were taken to conceal the nature of these payments and to make them appear genuine. Invoices for the three payments were sent to SIL by a separate company (“GPS”) that had been set up for GD and/or his son to receive them. The invoices referred to the provision of “services in respect of final site surveys/drawings and final construction consultancy including CAD drawings and health and safety all as agreed”.

However, no services were ever provided by GPS. Members of SIL’s senior management involved in the offending not only approved the invoices, but when their allocation to the projects was questioned, instructed the accounts team to reallocate the invoices to an unrelated internal cost code (as overheads under an overseas subsistence code).

Guidelines by the Court:

• Are all compliance efforts recorded?

• Have the company’s policies and procedures been properly communicated?

• Is someone within the business responsible for compliance?

• Is the company reactive to changes in the law or circumstances?

• Are reporting and approval lines appropriate?



Associated Persons



Associated persons

Not to be confused with ‘associated party’ in Money Laundering legislation.

The UK Bribery Act requires that due diligence that focuses on bribery and corruption risk must be conducted all associated persons.

What is an associated person: this is any person who ‘perform services’ for or on behalf of the organisation?”, i.e. employees, contractors, agents, joint ventures and subsidiaries. Where a vendor does not merely sell goods on behalf of an organisation it can be deemed as an ‘associated person’.

A key question to ask is: ‘Can this entity bribe / commit corruption on my organisation’s behalf for the benefit of the organisation?’ if so they are an Associated Person.

Organisation need to know who these entities are and have to make sure that there are processes and procedures in place to prevent them from bribing somebody for the benefit of your organisation and what is the level of risk that they pose to your organisation.



Associated persons

Examples of how difficult it can get:

• Attorneys

• Entities changing their business models

• Type of contract concluded with entities

Biggest single risk: not knowing who your associated persons are.

Risk rating of associated persons assist with the level of due diligence that must be completed : risk based approach

Same entity can have different risk ratings based on the service that is performed

Guideline to identifying associated persons

Risk rating questionnaire



Prosecutions



S7 Prosecutions

Sweet group Plc - Dec 2015The Group was charged that contrary to Section 7(1) of the Act, between 1 December 2012 and 1 December 2015 it failed to prevent the bribing of a UAE citizen by an associated person, and agent of the Sweet Group

This bribery was intended to obtain or retain business, and/or an advantage in the conduct of business for the Group, namely securing and retaining a contract with Al Ain Ahlia Insurance Company for project management and cost consulting services in relation to the building of a hotel in Dubai.



S7 Prosecutions (Cont)

Brand-Rex Ltd (Scotland)Brand-Rex Ltd, a developer of cabling systems for network infrastructure and industrial applications based in Glenrothes, Scotland, in relation to a breach of Section 7 of the Act.

The company had been operating a system called “Brand Breaks”, under which associated distributors and installers were given rewards (including holidays) as incentives for meeting or exceeding sales targets.

Although this scheme was not itself illegal, it came to Brand-Rex’s attention that one of its installers had offered travel tickets earned by him under the scheme to an employee of one of his customers, who was in a position to influence the customer’s decision-making.



S7 Prosecutions (Cont)

ICBC Standard Bank plc Standard Bank failed to prevent a bribery committed by its Tanzanian subsidiary Stanbic Bank Tanzania Ltd, which paid US$6 million in bribes to Tanzanian officials in order to obtain Government work. This ultimately generated US$8.4 million in transaction fees.

Standard Bank began an internal investigation in April 2013, following reports from Stanbic staff of suspicious cash withdrawals. Shortly afterwards it self-reported the issue to the Serious and Organised Crime Agency and SFO.

As a result of the DPA, Standard Bank was required to pay a total financial penalty of US$25.5 million, as well as compensation to the Government of Tanzania of US$7 million and the SFO’s costs. It also agreed to ongoing cooperation with and monitoring by the SFO, which includes giving them extensive access to its internal data.

Separately, Standard Bank has also been required to pay the US Securities and Exchange Commission US$4.2 million in respect of related conduct.



Recent FCPA prosecutions

Recruitment Practices

Credit Suisse Group AG agreed to pay a $47 million penalty to the Justice Department to end an FCPA investigation into hiring practices in Asia. Investigations related to the bank hiring referrals from government agencies and other state-owned entities in exchange for investment banking business and/or regulatory approvals.

In 2016, JPMorgan Chase paid $264 million in penalties for awarding jobs to relatives and friends of Chinese government officials to win banking deals. The FCPA enforcement action was brought by the DOJ, SEC, and the Federal Reserve.

In 2015, BNY Mellon paid $14.8 million to the SEC to resolve FCPA offenses for providing internships to family members of officials connected to a Middle Eastern sovereign wealth fund.

In 2016, mobile chipmaker Qualcomm Inc. paid the SEC $7.5 million to settle FCPA offenses for hiring relatives of Chinese government officials. The officials were deciding whether to select the company’s mobile technology products, the SEC said.



Recent FCPA prosecutions (cont)

Bribing to ensure business opportunitiesSociété Générale was fined $292.8 million by the French regulator and ordered to pay $475 million in criminal penalties to the DOJ and disgorgement to the Commodity Futures Trading Commission for rigging the LIBOR rate

From 2004 and 2009, SocGen paid bribes through a Libyan “broker.” In return, the bank landed 14 investments from Libyan state-owned financial institutions.

The total amount paid to the intermediary was over $90 million. For each transaction, Société Générale paid the Libyan broker a commission of between one and a half and three percent of the nominal amount of the investments made by the Libyan state institutions,

SocGen received 13 investments and one restructuring from Libyan state institutions worth $3.66 billion.

The bank earned profits of $523 million from the Libya businessThis is the fifth largest fine ever paid under the FCPA

In 2016, fund manager Och-Ziff settled allegations that during the Qaddafi regime it bribed officials at the Libyan Investment Authority or LIA, Libya's sovereign wealth fund. Och-Ziff paid $412 million to settle the FCPA offenses in Libya and several other African countries.

Fund manager Legg Mason, Inc. is resering $67 million for an expected settlement of an FCPA investigation into a unit that managed money for the Libyan government during the Qaddafi regime



Top 10 fines FCPA in 2017



- More about risk management than compliance

- Understand the different areas of your business and understand where your risks are

- This is also an issue of reputational risk

- Proper due diligence is vital – you have to know who you are doing business with

In conclusion



THANKYOU

Documents

Corruption: the law and management of the risk - ICFP