The Five Essential Elements of Corporate ?· 1 The Five Essential Elements of Effective Corporate Compliance:…

  • Published on
    04-Aug-2018

  • View
    213

  • Download
    0

Embed Size (px)

Transcript

  • 1

    The Five Essential Elements of Effective Corporate Compliance: A Practical Guide to an Effective Compliance Program as Seen Through the Eyes of a Compliance Officer the DoJ and the SECa Compliance Officer, the DoJ and the SEC

    Stephen Martin, Baker & McKenzie (Washington DC)Marc Litt, Baker & McKenzie (New York)Laurel Burke, Associate General Counsel - Compliance Regal-Beloit Corporation

    SCCEs Annual Compliance & Ethics InstituteChicago, IllinoisSeptember 16, 2014

    Agenda

    Introductions The Five Essential Element of Effective Corporate

    ComplianceWh t i th G t L ki f i C li What is the Government Looking for in a Compliance Program?

    The Five Elements in Practice: A Practical Guide to Meeting Governmental Expectations and Best Practices

    Questions

    2

    2014 Baker & McKenzie LLP

    The Five Essential Elements of Corporate Compliance

  • 2

    Five Essential Elements of Corporate Compliance

    Risk Assessment

    Leadership

    Baker & McKenzie has distilled the key themes from the compliance program expectations of government regulators around the world and best practices into five essential elements of corporate compliance that should be present in every companys compliance program.

    2014 Baker & McKenzie LLP 4

    Monitoring, Auditing and Response

    Training and Communication

    Standards and Controls

    Risk Assessment

    Sources of Corporate Compliance Guidance

    USSGs 7 Elements of an Effective Compliance Program

    1. Standards and procedures to prevent and detect criminal conduct

    2. Leaders understand / oversee the compliance program to verify effectiveness and adequacy of support; specific individuals vested with implementation authority / responsibility

    13 Good Practices by the OECD on Internal Controls, Ethics, and Compliance

    1. Risk assessment as basis for effective internal controls and compliance program

    2. Policy that clearly and visibly states bribery is prohibited

    3. Training periodic, documented4. Responsibility individuals at all levels should be

    responsible for monitoring5 S t f i t t li it

    UKs 6 Principles for Adequate Procedures

    1. Proportionate procedures

    2. Top level commitment

    3. Risk assessment

    4. Due diligence

    5. Communication

    USSGs 7 Elements of an Effective Compliance Program

    1. Standards and procedures to prevent and detect criminal conduct

    2. Leaders understand / oversee the compliance program to verify effectiveness and adequacy of support; specific individuals vested with implementation authority / responsibility

    13 Good Practices by the OECD on Internal Controls, Ethics, and Compliance

    1. Risk assessment as basis for effective internal controls and compliance program

    2. Policy that clearly and visibly states bribery is prohibited

    3. Training periodic, documented4. Responsibility individuals at all levels should be

    responsible for monitoring5 S t f i t t li it

    UKs 6 Principles for Adequate Procedures

    1. Proportionate procedures

    2. Top level commitment

    3. Risk assessment

    4. Due diligence

    5. Communication

    2014 Baker & McKenzie LLP 5

    3. Deny leadership positions to people who have engaged in misconduct

    4. Communicate standards and procedures of compliance program, and conduct effective training

    5. Monitor and audit; maintain reporting mechanism

    6. Provide incentives; discipline misconduct

    7. Respond quickly to allegations and modify program

    NOTE: A general provision requires periodic assessment of risk of criminal conduct and appropriate steps to design, implement, or modify each element to reduce risk

    5. Support from senior management strong, explicit and visible

    6. Oversight by senior corporate officers with sufficient resources, authority, and access to Board

    7. Specific risk areas promulgation and implementation programs to address key issues

    8. Business partners due diligence9. Accounting effective internal controls for accurate

    books and records10. Guidance provision of advice to ensure compliance11. Reporting violations confidentially with no retaliation12. Discipline for violations of policy13. Re-assessment regular review and necessary

    revisions

    6. Monitoring and review3. Deny leadership positions to people who have engaged in misconduct

    4. Communicate standards and procedures of compliance program, and conduct effective training

    5. Monitor and audit; maintain reporting mechanism

    6. Provide incentives; discipline misconduct

    7. Respond quickly to allegations and modify program

    NOTE: A general provision requires periodic assessment of risk of criminal conduct and appropriate steps to design, implement, or modify each element to reduce risk

    5. Support from senior management strong, explicit and visible

    6. Oversight by senior corporate officers with sufficient resources, authority, and access to Board

    7. Specific risk areas promulgation and implementation programs to address key issues

    8. Business partners due diligence9. Accounting effective internal controls for accurate

    books and records10. Guidance provision of advice to ensure compliance11. Reporting violations confidentially with no retaliation12. Discipline for violations of policy13. Re-assessment regular review and necessary

    revisions

    6. Monitoring and review

    KEY

    USSG US Sentencing Guidelines

    OECD Organisation for Economic Co-operation and Development

    Hallmarks of Effective Compliance Programs from the joint DOJ/SEC 2012 FCPA Guidance

    Hallmarks of Effective Compliance Programs

    1. Commitment from Senior Management and Clearly Articulated Policy

    2. Code of Conduct and Compliance Policies and Procedures

    3. Oversight, Autonomy and ResourcesLeadership

    Five Essential Elements of Corporate Compliance

    2013 Baker & McKenzie LLP 6

    4. Risk Assessment

    5. Training and Continuing Advice

    6. Incentives and Disciplinary Measures

    7. Third Party Due Diligence and Payments

    8. Continuous Improvement: Periodic Testing and Review

    9. Mergers and Acquisitions: Pre-Acquisition Due Diligence and Post-Acquisition Integration

    Monitoring, Auditing and Response

    Training and Communication

    Standards and Controls

    Risk Assessment

  • 3

    2014 Baker & McKenzie LLP

    Current Enforcement Environment

    Global Enforcement Trends

    Increased international cooperation in the prosecution of corruption Complex multi-jurisdictional investigations U.K. Bribery law (limited enforcement to date) Emerging market laws and prosecutions Enforcement efforts in other countries: Brazil, Canada, and AustraliaIncreased emphasis on individual prosecutions

    2014 Baker & McKenzie LLP

    Increased emphasis on individual prosecutions Strong interest in willful blindness and third parties Sector-wide targeting: financial services; pharmaceuticals and

    medical devices; freight forwarding; oil & gas services; and retail Dramatically increased penalties, including criminal fines and

    disgorgement of illicit profits measured in hundreds of millions of dollars

    Greater pressures and incentives to voluntarily disclose misconduct to regulators

    8

    U.S. Enforcement Risks Increasing in Certain Legal Areas

    Areas with significant enforcement risk include an ever-increasing number of issues: Data Protection/Privacy/Information Governance Antitrust Trade Compliance (Import/Export Controls, Sanctions,

    Customs)

    2014 Baker & McKenzie LLP

    Corruption/Bribery/Fraud (including FCPA) Immigration/Global Mobility Intellectual Property Environmental Labor & Employment (including Compensation and Incentives) Sales/Marketing/Advertising Supply Chain/3rd Party Relationships Health & Safety Governmental Contracting

    9

  • 4

    Top 20 FCPA Settlements (2005 present)Siemens $800KBR/Halliburton $579BAE $400Total S.A. $398Alcoa $384ENI S.p.A. $365Technip $338JGC Corporation $219Daimler $185

    2008

    2009

    2010 2013

    2011

    2012

    2014 Baker & McKenzie LLP

    Weatherford $152Alcatel-Lucent $137Hewlett-Packard $108Deutsch / Magyar Telekom $95Marubeni Corporation $88Panalpina $82Johnson & Johnson $70Pfizer / Wyeth $60ABB $58Pride International $56Marubeni Corporation $54

    2014

    10

    Top 20 Non-US Cases (millions)

    Thales SA France $913Siemens Germany $569Siemens Greece $366.1Ferrostaal Germany $193Man Group Germany $102.2BAE UK $47.9Siemens Nigeria $46.5Alstom Switzerland 42.6Fair Trade Commission 7 Pharma cases South Korea $19M ill UK $18 1

    2008

    2009

    2010Macmillan UK $18.1Innospec Ltd UK $12.7 MW Kellogg UK $11.1Willis UK $11Mabey & Johnson UK $10.5Griffiths Energy International Canada $10.35Niko Resources Ltd. Canada $9.5Fair Trade Commission 6 Pharma cases South Korea $9.3 Abbot Group Limited UK $8.9AON Ltd UK $8.8Danish Oil-For-Food Actions (7 cases) Denmark $8.1

    2011

    2012

    2013

    11 2014 Baker & McKenzie LLP

    Recent Fines in US Sanctions/Export Controls

    Company Industry Fine Year1 BNP Paribas Financial Services $8.9 Billion 2014

    2 HSBC Bank Financial Services $1.256 Billion 2012

    3 Standard Chartered Bank Financial Services $667 Million 2012

    4 ING Bank N.V. Financial Services $619 Million 2012

    5 Credit Suisse AG Financial Services $536 Million 2009

    2014 Baker & McKenzie LLP

    5 Credit Suisse AG Financial Services $536 Million 2009

    6 Royal Bank of Scotland(formerly ABN Amro Bank, N.V.)

    Financial Services $500 Million 2014

    7 BAE Systems PLC Defense Services $400 Million 2010

    8 Barclays Bank PLC Financial Services $298 Million 2010

    9 Mitsubishi UFJ Financial Services $259 Million 2013

    10 Lloyds TSB Bank, plc Financial Services $217 Million 2010

    11 Weatherford International Oil Services $252 Million 2013

    12 Fokker Services BV Aircraft Services $50.9 Million 2014

    12

  • 5

    Transparency Internationals 2013 Corruption Perception Index

    2014 Baker & McKenzie LLP 13

    FCPA Enforcement Actions by Country (2010-2013)

    2014 Baker & McKenzie LLP

    14

    14

    2014 Baker & McKenzie LLP

    The Case for Compliance

  • 6

    What is the Government Looking For The Three Basic Questions About a Companys Compliance Program

    1. Is the program well-designed?

    16

    2. Is it being applied in good faith?

    3. Does it work?

    Case Study: Morgan Stanley

    Provides powerful evidence of the benefits of investing in an effective compliance program.

    A former Morgan Stanley Managing Director pled guilty to one count of conspiring to circumvent the system of internal controls that the bank maintained to prevent violations of the FCPA.

    Morgan Stanleys pre-existing compliance program was specifically highlighted in press releases and public comments as the biggest reason

    2014 Baker & McKenzie LLP

    highlighted in press releases and public comments as the biggest reason for the Governments decision not to prosecute the bank, enter into a deferred prosecution agreement or pursue a substantial fine. This marked the first public FCPA declination based upon the sufficiency of a companys compliance program.

    April 25, 2012, U.S. Department of Justice Press Release: "[C]onsidering... Morgan Stanley constructed and maintained a

    system of internal controls, which provided reasonable assurances that its employees were not bribing government officials, the [DOJ] declined to bring any enforcement action against Morgan Stanley related to Peterson's conduct."

    17

    Case Study: Morgan Stanley (contd)

    The decision not to prosecute was based on clear evidence of Morgan Stanleys compliance program containing: The existence of an effective compliance program; Rigorous internal controls; Regular compliance training and communications; Internal policies addressing the corruption risks associated with the

    2014 Baker & McKenzie LLP

    giving of gifts, business entertainment, travel, lodging, meals, charitable contributions and employment, that were updated regularly to reflect regulatory developments and specific risks;

    Compliance program monitoring and auditing; and Extensive pre-retention due diligence on business partners and

    stringent controls on payments to business partners.

    18

  • 7

    Case Study: Ralph Lauren Corporation

    Involved Ralph Laurens subsidiary in Argentina which bribed customs officials to assist in the passage of goods through customs. The General Manager for the Argentina subsidiary also provided gifts to three different government officials valued at between $400 and $14,000 to improperly secure the importation of products into Argentina.

    DOJ jurisdiction cited in Non-Prosecution Agreement (NPA) as based on Ralph Lauren (RLC) hiring the employee as General Manager of Argentinian subsidiary (NPA later calls that person an employee of the subsidiary itself)

    2014 Baker & McKenzie LLP

    (NPA later calls that person an employee of the subsidiary itself) General Manager was an employee and agent of the issuer, per NPA

    RLC discovered the problem after it put in place an enhanced compliance program and began training its employees.

    Company entered into a NPA and agreed to pay $1.5 million, including disgorgement of $734,000 in illicit profits and interest RLC also undertook extensive FCPA training for employees worldwide,

    enhanced the companys existing FCPA policy, implemented an improved gift policy, and other compliance, control, and anti-corruption policies and procedures, strengthened its due diligence protocol for third-party agents, terminated culpable employees and a third-party agent, instituted a whistleblower hotline, and hired a designated corporate compliance attorney.

    19

    Case Study: Ralph Lauren Corporation (contd)

    SECs decision to resolve the case with the NPA was supported by the following factors:1. RLC discovered the misconduct during the rollout of its new enhanced FCPA

    policy in 2010 (misconduct reported to management by an employee upon review of the new compliance policy.)

    2. RLC, upon being notified of the concerns by employees, responded immediately to end the misconduct by terminating the customs broker, ceasing retail operations in Argentina

    2014 Baker & McKenzie LLP

    ceasing retail operations in Argentina.3. RLC promptly reported preliminary findings of the internal investigation to the

    SEC.4. The SEC credited RLC for its compliance program, which included

    (i) enhanced third-party due diligence procedures, (ii) a global risk assessment process, and (iii) significant improvement to its internal controls.

    5. RLCs comprehensive compliance program was developed and implemented before the problem was discovered.

    6. The SEC also acknowledged extensive cooperation of the company during the investigation.

    20

    The Five Elements inThe Five Elements in Practice: A Practical Guide to Meeting Governmental Expectations and Best Practices

  • 8

    2222

    Leadership Discussion

    2014 Baker & McKenzie LLP

    Risk Assessment Discussion

    2014 Baker & McKenzie LLP

    Risk Assessment Report Deliverables

  • 9

    Sample Slides - Opportunities for Enhancement of Compliance Program

    Program Element Opportunities for Enhancement of the Compliance Program

    Leadership

    Interviews indicate there is room for increased focus on tone at the middle (i.e., compliance and ethical leadership at the middle management levels).

    There is a need for more proactive, formal and/or planned compliance activities, particularly targeted to the sales function and/or Unit B.

    Continue to enhance the coordination, integration and working relationship between Risk, In...

Recommended

View more >