Download pdf - The Five Essential Elements of Corporate Compliance€¦ · 1 The Five Essential Elements of Effective Corporate Compliance: A Practical Guide to an Effective Compliance Program as

1

The Five Essential Elements of Effective Corporate Compliance: A Practical Guide to an Effective Compliance Program as Seen Through the Eyes of a Compliance Officer the DoJ and the SECa Compliance Officer, the DoJ and the SEC

Stephen Martin, Baker & McKenzie (Washington DC)Marc Litt, Baker & McKenzie (New York)Laurel Burke, Associate General Counsel - Compliance Regal-Beloit Corporation

SCCE’s Annual Compliance & Ethics InstituteChicago, IllinoisSeptember 16, 2014

Agenda

– Introductions

– The Five Essential Element of Effective Corporate Compliance

Wh t i th G t L ki f i C li– What is the Government Looking for in a Compliance Program?

– The Five Elements in Practice: A Practical Guide to Meeting Governmental Expectations and Best Practices

– Questions

2

© 2014 Baker & McKenzie LLP

The Five Essential Elements of Corporate Compliance

2

Five Essential Elements of Corporate Compliance

Risk Assessment

Leadership

Baker & McKenzie has distilled the key themes from the compliance program expectations of government regulators around the world and best practices into five essential elements of corporate compliance that should be present in every company’s compliance program.

© 2014 Baker & McKenzie LLP 4

Monitoring, Auditing and Response

Training and Communication

Standards and Controls

Risk Assessment

Sources of Corporate Compliance Guidance

USSG’s 7 Elements of an Effective Compliance Program

1. Standards and procedures to prevent and detect criminal conduct

2. Leaders understand / oversee the compliance program to verify effectiveness and adequacy of support; specific individuals vested with implementation authority / responsibility

13 Good Practices by the OECD on Internal Controls, Ethics, and Compliance

1. Risk assessment as basis for effective internal controls and compliance program

2. Policy that clearly and visibly states bribery is prohibited

3. Training – periodic, documented

4. Responsibility – individuals at all levels should be responsible for monitoring

5 S t f i t t li it

UK’s 6 Principles for “Adequate Procedures”

1. Proportionate procedures

2. Top level commitment

3. Risk assessment

4. Due diligence

5. Communication

USSG’s 7 Elements of an Effective Compliance Program

1. Standards and procedures to prevent and detect criminal conduct

2. Leaders understand / oversee the compliance program to verify effectiveness and adequacy of support; specific individuals vested with implementation authority / responsibility

13 Good Practices by the OECD on Internal Controls, Ethics, and Compliance

1. Risk assessment as basis for effective internal controls and compliance program

2. Policy that clearly and visibly states bribery is prohibited

3. Training – periodic, documented

4. Responsibility – individuals at all levels should be responsible for monitoring

5 S t f i t t li it

UK’s 6 Principles for “Adequate Procedures”

1. Proportionate procedures

2. Top level commitment

3. Risk assessment

4. Due diligence

5. Communication


3. Deny leadership positions to people who have engaged in misconduct

4. Communicate standards and procedures of compliance program, and conduct effective training

5. Monitor and audit; maintain reporting mechanism

6. Provide incentives; discipline misconduct

7. Respond quickly to allegations and modify program

NOTE: A general provision requires periodic assessment of risk of criminal conduct and appropriate steps to design, implement, or modify each element to reduce risk

5. Support from senior management – strong, explicit and visible

6. Oversight by senior corporate officers with sufficient resources, authority, and access to Board

7. Specific risk areas – promulgation and implementation programs to address key issues

8. Business partners due diligence

9. Accounting – effective internal controls for accurate books and records

10. Guidance – provision of advice to ensure compliance

11. Reporting violations confidentially with no retaliation

12. Discipline for violations of policy

13. Re-assessment – regular review and necessary revisions

6. Monitoring and review3. Deny leadership positions to people who have engaged in misconduct

4. Communicate standards and procedures of compliance program, and conduct effective training

5. Monitor and audit; maintain reporting mechanism

6. Provide incentives; discipline misconduct

7. Respond quickly to allegations and modify program

NOTE: A general provision requires periodic assessment of risk of criminal conduct and appropriate steps to design, implement, or modify each element to reduce risk

5. Support from senior management – strong, explicit and visible

6. Oversight by senior corporate officers with sufficient resources, authority, and access to Board

7. Specific risk areas – promulgation and implementation programs to address key issues

8. Business partners due diligence

9. Accounting – effective internal controls for accurate books and records

10. Guidance – provision of advice to ensure compliance

11. Reporting violations confidentially with no retaliation

12. Discipline for violations of policy

13. Re-assessment – regular review and necessary revisions

6. Monitoring and review

KEY

• USSG – US Sentencing Guidelines

• OECD – Organisation for Economic Co-operation and Development

“Hallmarks of Effective Compliance Programs” from the joint DOJ/SEC 2012 FCPA Guidance

Hallmarks of Effective Compliance Programs

1. Commitment from Senior Management and Clearly Articulated Policy

2. Code of Conduct and Compliance Policies and Procedures

3. Oversight, Autonomy and Resources

Leadership

Five Essential Elements of Corporate Compliance


4. Risk Assessment

5. Training and Continuing Advice

6. Incentives and Disciplinary Measures

7. Third Party Due Diligence and Payments

8. Continuous Improvement: Periodic Testing and Review

9. Mergers and Acquisitions: Pre-Acquisition Due Diligence and Post-Acquisition Integration

Monitoring, Auditing and Response



Risk Assessment

3


Current Enforcement Environment

Global Enforcement Trends

– Increased international cooperation in the prosecution of corruption Complex multi-jurisdictional investigations

U.K. Bribery law (limited enforcement to date)

Emerging market laws and prosecutions

Enforcement efforts in other countries: Brazil, Canada, and Australia

Increased emphasis on individual prosecutions


– Increased emphasis on individual prosecutions

– Strong interest in willful blindness and third parties

– Sector-wide targeting: financial services; pharmaceuticals and medical devices; freight forwarding; oil & gas services; and retail

– Dramatically increased penalties, including criminal fines and disgorgement of illicit profits measured in hundreds of millions of dollars

– Greater pressures and incentives to voluntarily disclose misconduct to regulators

8

U.S. Enforcement Risks Increasing in Certain Legal Areas

– Areas with significant enforcement risk include an ever-increasing number of issues: Data Protection/Privacy/Information Governance

Antitrust

Trade Compliance (Import/Export Controls, Sanctions, Customs)


Corruption/Bribery/Fraud (including FCPA)

Immigration/Global Mobility

Intellectual Property

Environmental

Labor & Employment (including Compensation and Incentives)

Sales/Marketing/Advertising

Supply Chain/3rd Party Relationships

Health & Safety

Governmental Contracting9

4

Top 20 FCPA Settlements (2005 – present)Siemens $800KBR/Halliburton $579BAE $400Total S.A. $398Alcoa $384ENI S.p.A. $365Technip $338JGC Corporation $219Daimler $185

2008

2009

2010 2013

2011

2012


Weatherford $152Alcatel-Lucent $137Hewlett-Packard $108Deutsch / Magyar Telekom $95Marubeni Corporation $88Panalpina $82Johnson & Johnson $70Pfizer / Wyeth $60ABB $58Pride International $56Marubeni Corporation $54

2014

10

Top 20 Non-US Cases (millions)

Thales SA France $913Siemens Germany $569Siemens Greece $366.1Ferrostaal Germany $193Man Group Germany $102.2BAE UK $47.9Siemens Nigeria $46.5Alstom Switzerland £42.6Fair Trade Commission 7 Pharma cases South Korea $19M ill UK $18 1

2008

2009

2010Macmillan UK $18.1Innospec Ltd UK $12.7 MW Kellogg UK $11.1Willis UK $11Mabey & Johnson UK $10.5Griffiths Energy International Canada $10.35Niko Resources Ltd. Canada $9.5Fair Trade Commission 6 Pharma cases South Korea $9.3 Abbot Group Limited UK $8.9AON Ltd UK $8.8Danish Oil-For-Food Actions (7 cases) Denmark $8.1

2011

2012

2013

11© 2014 Baker & McKenzie LLP

Recent Fines in US Sanctions/Export Controls

Company Industry Fine Year

1 BNP Paribas Financial Services $8.9 Billion 2014

2 HSBC Bank Financial Services $1.256 Billion 2012

3 Standard Chartered Bank Financial Services $667 Million 2012

4 ING Bank N.V. Financial Services $619 Million 2012

5 Credit Suisse AG Financial Services $536 Million 2009


5 Credit Suisse AG Financial Services $536 Million 2009

6 Royal Bank of Scotland(formerly ABN Amro Bank, N.V.)

Financial Services $500 Million 2014

7 BAE Systems PLC Defense Services $400 Million 2010

8 Barclays Bank PLC Financial Services $298 Million 2010

9 Mitsubishi UFJ Financial Services $259 Million 2013

10 Lloyds TSB Bank, plc Financial Services $217 Million 2010

11 Weatherford International Oil Services $252 Million 2013

12 Fokker Services BV Aircraft Services $50.9 Million 2014

12

5

Transparency International’s 2013 Corruption Perception Index


FCPA Enforcement Actions by Country (2010-2013)


14

14


The Case for Compliance

6

What is the Government Looking For – The “Three Basic Questions” About a Company’s Compliance Program

1. Is the program well-designed?

16

2. Is it being applied in good faith?

3. Does it work?

Case Study: Morgan Stanley

– Provides powerful evidence of the benefits of investing in an effective compliance program.

– A former Morgan Stanley Managing Director pled guilty to one count of conspiring to circumvent the system of internal controls that the bank maintained to prevent violations of the FCPA.

– Morgan Stanley’s pre-existing compliance program was specifically highlighted in press releases and public comments as the biggest reason


highlighted in press releases and public comments as the biggest reason for the Government’s decision not to prosecute the bank, enter into a deferred prosecution agreement or pursue a substantial fine. This marked the first public FCPA declination based upon the sufficiency of a company’s compliance program.

– April 25, 2012, U.S. Department of Justice Press Release:

"[C]onsidering... Morgan Stanley constructed and maintained a system of internal controls, which provided reasonable assurances that its employees were not bribing government officials, the [DOJ] declined to bring any enforcement action against Morgan Stanley related to Peterson's conduct."

17

Case Study: Morgan Stanley (cont’d)

– The decision not to prosecute was based on clear evidence of Morgan Stanley’s compliance program containing:

The existence of an effective compliance program;

Rigorous internal controls;

Regular compliance training and communications;

Internal policies addressing the corruption risks associated with the


giving of gifts, business entertainment, travel, lodging, meals, charitable contributions and employment, that were updated regularly to reflect regulatory developments and specific risks;

Compliance program monitoring and auditing; and

Extensive pre-retention due diligence on business partners and stringent controls on payments to business partners.

18

7

Case Study: Ralph Lauren Corporation

– Involved Ralph Lauren’s subsidiary in Argentina which bribed customs officials to assist in the passage of goods through customs. The General Manager for the Argentina subsidiary also provided gifts to three different government officials valued at between $400 and $14,000 to improperly secure the importation of products into Argentina.

– DOJ jurisdiction cited in Non-Prosecution Agreement (NPA) as based on Ralph Lauren (“RLC”) hiring the employee as General Manager of Argentinian subsidiary (NPA later calls that person an employee of the subsidiary itself)


(NPA later calls that person an employee of the subsidiary itself)

General Manager was an “employee and agent of the issuer,” per NPA

– RLC discovered the problem “after it put in place an enhanced compliance program and began training its employees.”

– Company entered into a NPA and agreed to pay $1.5 million, including disgorgement of $734,000 in illicit profits and interest

RLC also undertook extensive FCPA training for employees worldwide, enhanced the company’s existing FCPA policy, implemented an improved gift policy, and other compliance, control, and anti-corruption policies and procedures, strengthened its due diligence protocol for third-party agents, terminated culpable employees and a third-party agent, instituted a whistleblower hotline, and hired a designated corporate compliance attorney.

19

Case Study: Ralph Lauren Corporation (cont’d)

– SEC’s decision to resolve the case with the NPA was supported by the following factors:

1. RLC discovered the misconduct during the rollout of its new enhanced FCPA policy in 2010 (misconduct reported to management by an employee upon review of the new compliance policy.)

2. RLC, upon being notified of the concerns by employees, responded immediately to end the misconduct by terminating the customs broker, ceasing retail operations in Argentina


ceasing retail operations in Argentina.

3. RLC promptly reported preliminary findings of the internal investigation to the SEC.

4. The SEC credited RLC for its compliance program, which included (i) enhanced third-party due diligence procedures, (ii) a global risk assessment process, and (iii) significant improvement to its internal controls.

5. RLC’s comprehensive compliance program was developed and implemented before the problem was discovered.

6. The SEC also acknowledged extensive cooperation of the company during the investigation.

20

The Five Elements inThe Five Elements in Practice: A Practical Guide to Meeting Governmental Expectations and Best Practices

8

2222

Leadership Discussion


Risk Assessment Discussion


Risk Assessment Report Deliverables

9

Sample Slides - Opportunities for Enhancement of Compliance Program

Program Element Opportunities for Enhancement of the Compliance Program

Leadership

Interviews indicate there is room for increased focus on “tone at the middle” (i.e., compliance and ethical leadership at the middle management levels).

There is a need for more proactive, formal and/or planned compliance activities, particularly targeted to the sales function and/or Unit B.

Continue to enhance the coordination, integration and working relationship between Risk, Internal Audit and Compliance functions to ensure a strategic and comprehensive approach to risk management.


Risk Assessment

There is concern about the consistency of the compliance risk assessment process and approach across global business units.

Senior management needs appropriate tools and communication to dynamically anticipate, monitor and track risk across the organization.


Company is developing its third party vendor management capabilities; third party due diligence should be based on risk and regularly updated.

Company has many compliance-related policies which undergo periodic review but there is not a formal, centralized system to ensure policies are updated on a regular basis.


Employees receive limited live training after the onboarding period. It is a compliance program best practice to provide live training at periodic intervals based on risk.

Monitoring, Auditing and

Response

Interviews suggest that there should be increased oversight and compliance auditing of high-risk functions such as benefit claims and sales.

25

Recommendations for Key Program Opportunities

Key Program Opportunities Recommendations

1. Strategic acquisition plans: Company A is pursuing a strategy of growth through acquisition of family owned businesses which are unlikely to have sufficient compliance programs and/or implemented anti-corruption practices.

Strengthen acquisition risk assessment. Develop protocols for compliance program integration.

2. Third-party management: Company A does not have sufficient awareness of the risk profile of its active third parties hampering the ability to conduct effective monitoring from a i k t ti

Conduct an inventory of Company A third parties.


risk management perspective.

3. Trade-related risk: Several risk factors were identified, including insufficient due diligence around the engagement of a third party with customs broker capabilities and new personnel on the customs management team.

Conduct a targeted review of third parties in higher risk trade functions.

4. Anti-corruption controls: There is limited clarity in Company A regarding who performs FCPA-related auditing and monitoring of country operations.

Document an 18-month compliance audit plan.

26

Related findings and recommendation details for each Key Program Opportunity are outlined in the full report.

Recommendations: Risk Assessment

Risk assessment - Compliance program best practices for this element are:

Conduct periodic, formal risk assessments Risk assessment as basis for instituting effective internal controls and compliance program elements

Recommendations Details

Conduct comprehensiverisk assessments

Conduct risk assessments in the following areas: Regional/country risks, particularly in China and other emerging markets, to provide

greater corporate line of sight into local management/operations and associated risks. Trade compliance and export controls compliance risks (note: implementation of single

SDN capability is in progress)

© 2014 Baker & McKenzie LLPATTORNEY CLIENT PRIVILEGED - CONFIDENTIAL

27

p y p g ) Antitrust/Competition risks

Establish a protocol for the periodic refresh of risk assessments

Develop a program for annual and/or on-going risk assessments in key areas, including: Compliance (e.g., FCPA, Antitrust/Competition, Trade, Data Protection, Third Parties) Region/Country Transactional Strategic Business Initiatives

Assessments should enable ABC Company to understand and regularly evaluate its risk profile

Strengthen the ERM process

Ensure that the risk management process and Risk Committee is being effectively utilized. Broaden ownership of process beyond the Risk Committee

Encourage the Risk Committee to consider a broad range of issues, including future business risks and/or internal issues that may not require public disclosure. Continue to use the ERM process to review explore financial, operational, regulatory/compliance, and enterprise risk

Develop protocols for monitoring and assessing implementation of mitigation plans

10

Sample Compliance Assessment – Heat Map

9b. Evaluate Resource Levels for Government Contracts

10b. Establish Safeguards for New Client Database

10c. Evaluate IT/Security Resource Levels

4c. Confidentiality & Trade Secrets Program Review

6. Conduct Global Privacy Review and Assessment (in Progress)

2. Audit Peer-Review Research Process

7. Create Crisis Management Response Program

9a. Review Government Contracts Controls10d. Coordinate on IT Audits13c. Audit/Monitor High Risk Contractors

Difficult to implement


g

1a. Expand Coordination Between Legal & Internal Audit1b. Augment Legal Resources3a. Implement Revised Code of Conduct8a. Survey and Document Government Interactions

4a. Implement Data Classification Policy (as Planned)

11. Conduct Annual Compliance & Ethics Risk Assessment

12a. Sales Agent Diligence

13a. Conduct Third-Party Diligence

5c. Develop Compliance Audit Plan

13b. Ensure Appropriate Third-Party Controls

4b. Publicize & Train on Confidentiality Policies5a. Review & Update Compliance Policies5b. Enhance Compliance Communications Plan8c. Annual FCPA Training Affirmation Process

3b. Code of Conduct Training3c. Develop Training Program & Log8b. Develop Live FCPA Training Process10a. Update Board on IT/Network Security

5d. Develop Investigation Protocol12b. Document Sales Agent Training Program

High Priority

Medium

Medium

Easy to implement

Lowpriority

Recommendations by Implementation Effort Required and Suggested Timing

RecommendationsImplementation Effort Required

Suggested Timing

Key

Pro

gra

m

Op

po

rtu

nit

ies 1. Strengthen acquisition risk assessment and compliance program integration l l Medium Year One

2. Clarify third-party risk by conducting an inventory of third parties l l Difficult Year One

3. Review the trade-related risks l l Medium Year One

4. Document a 18-month compliance audit plan l l Medium Year One

rity

On

e:e

1. Increase compliance messaging by senior leaders l l Easy Year One

2. Provide consistent anti-corruption compliance resources to employees at all levels l l Easy Year One

3. Ensure government interactions are properly handled and systematically tracked l l Easy / Medium Year One

4 E l l li i id t ll ti i t l t k d d l t d ll Easy Year One


Bes

t P

ract

ices

Pri

or

Co

reP

ract

ice 4. Ensure local compliance incidents or allegations are appropriately tracked and escalated l l Easy Year One

5. Provide anti-corruption compliance training at onboarding l l Easy Year One

6. Enhance compliance training and expand live training l l Medium Three Year Plan

7. Monitor labor union interactions and payments l l Easy / Medium Three Year Plan

8. Strengthen anti-corruption controls for Company Unit A l l Medium Three Year Plan

9. Increase oversight of trade associations l l Easy Three Year Plan

10. Regularly update internal policies to reflect issues, risks, and regulatory developments l l Medium Three Year Plan

Bes

t P

ract

ices

Pri

ori

ty

Tw

o:

Str

ateg

ic O

pti

on

s 11. Update the local risk assessment process to address anti-corruption or FCPA risk l l Easy Year One

12. Provide anti-corruption compliance materials to third parties l l Medium Three Year Plan

13. Review supply chain and logistics to streamline processes and identify risks l l Medium Three Year Plan

14. Review and refresh the compliance protocols around the key partnership l l Medium/Difficult Three Year Plan

15. Assess impact of IT system and infrastructure on anti-corruption risk management l l Difficult Three Year Plan

16. Address corruption risks faced by certain front-line employees l l Medium Three Year Plan

Roadmap: Year One (by priority and element)Priority Rank

RecommendationSuggested

Timing Implementation Effort Required

Related Element

Tier 1

(KPO) Expand compliance resources to assist in implementing and enhancing compliance program

Three Months

l l Medium Leadership

(KPO) Establish strategic food production management framework Six Months l l Medium Standards & Controls

(KPO) Enhance compliance training planning, structure and delivery Six Months l l Easy / Medium Training & Comm’n

Tier 2

(KPO) Ensure data security recommendations are implemented and establish appropriate protocols Six Months l l Easy / Medium Standards & Controls

Develop leadership capabilities in order to meet key compliance risks in functional areas Six Months l l Medium Leadership

Review overall sales and marketing strategy Six Months l l Easy Risk Assessment

Higher priority

ATTORNEY CLIENT PRIVILEGED - CONFIDENTIAL

© 2014 Baker & McKenzie LLP30

Tier 2(KPO) Strengthen the ERM process One Year l l Medium/Difficult Risk Assessment

(KPO) Coordinate on implementing and documenting the internal audit plan Ongoing l l Easy / Medium Monitor, Audit, Respond

Conduct comprehensive risk assessments of key activities Ongoing l l Medium Risk Assessment

Tier 3

Enhance the crisis response plan and integrate recall protocols One Year l l Easy / Medium Standards & Controls

Develop new policies and refresh existing policies and controls as needed Ongoing l l Medium Standards & Controls

Implement previously identified compliance / risk mitigation plans One Year l l Easy / Medium Standards & Controls

Create Human Resources policies for international expansion / global mobility One Year l l Medium Standards & Controls

Establish a policy management process One Year l l Easy Standards & Controls

Enhance training curriculum One Year l l Easy / Medium Training & Comm’n

Ensure sales training provided annually Ongoing l l Easy Training & Comm’n

Continually communicate compliance expectations Ongoing l l Easy Leadership

Lower priority

11


Standards & Controls Discussion


Training & Communications Discussion


Auditing, Monitoring and Response Discussion

12

Managing 3rd Party Risk

Ubiquitous Cross-Border Flows

Information Technology Raw Materials

35

Components Products Services

People Money Personal Data

Key Legal Areas

Anti-Bribery Employment Customs / Trade

36

Environment Privacy / Security

Competition / Antitrust

13

5 Essential Steps to Help Assess and Address 3rd Party Risk

Education & Structuring & Vetting &

37

&Training

Monitoring & Evaluating

Reacting & Remedying

g &Documenting

g &Selecting


Third-Party Due Diligence Program Overview

About Third-Party Due Diligence Programs

– Enforcement authorities across the globe expect companies to carefully review the corruption risk posed by third parties that sell products for, or act on behalf of, the company

– Implementing a third-party due diligence program, along with other measures, will help protect the organization from responsibility for any corrupt actions by its vendors, suppliers, and other third parties

A third party due diligence process should include the following:


– A third-party due diligence process should include the following:

Policies and materials necessary for onboarding new third-parties (and potentially alerting existing third-parties to the organization’s compliance expectations)

An active management program that enables the organization to maintain oversight of third-parties as appropriate

– The scope and threshold levels for the Due Diligence program should be determined by the organization’s Legal or Compliance team in accordance with the company’s assessment of risk and desired level of risk mitigation

39

14

Third-Party Due Diligence Program - Sample Materials

– Sample materials for a third-party due diligence program include: Pre-Assessment form: internal checklist indicating which third parties are

eligible for due diligence

Third Party Engagement / Due Diligence policy: informs target audience of company policy and the process

Due Diligence Questionnaire: provided to third party; used to gather relevant business information

R i P d id t b t i t ti f id tif i th


Review Procedures: provides step-by-step instructions for identifying the level of diligence required for third party

Reporting Form: used to compile and assess results of the due diligence

Approval Form: documents internal decisions and sign-offs

– The due diligence process can be conducted using internal resources or the process can be outsourced to an external vendor.

40

Third-party Due Diligence Program - Process Map

1• Use Internal Pre-Assessment to determine if third party eligible for enhanced due diligence. Eligible

Third Party provided with Due Diligence Questionnaire and Certification form.

2• Third Party submits Due Diligence Questionnaire to business team’s [Engagement Lead].

3• [Engagement Lead] completes Internal Reporting Form then submits materials to appropriate

resource for due diligence and internal processing.

For illustration purposes only


4• Designated resource reviews information to identify risk factors and/or red flags and ensures the

appropriate level of diligence is conducted.

5• After diligence is completed, results are documented on internal forms and if necessary, approvals

obtained. The final decision and other relevant documentation is sent to the [Engagement Lead].

Low Risk Medium Risk High Risk

Process: Sales VP reviewSales VP Review with Legal input

Additional Diligence, Sales VP, Legal Input

Approvals required:

None (but inform Country President)

Finance, and Country President

Finance, Country President and Regional President

Example of Due Diligence Review Process

Risk level Sample Factors Required Approvals

Low • Third party operates in low risk country (e.g. Denmark) • None (but inform Regional President)

Medium • Third party operates in a higher risk country (e.g. Brazil) • BEC• Finance, and• Regional President


High • Third party operates in a high risk country (e.g. Russia)• Third party CEO is politically exposed (e.g., former

Minister of Commerce)• Third party is domiciled in one country (e.g., Greece) but

banks in another (e.g. Switzerland)• Third party is partly or wholly owned by a government

agency

• BEC• Finance, • Regional President, and• CECO

Agent • Third party will act as an agent • BEC• Finance, • Regional President, and• CECO

15

Sample Due Diligence Options

– The internal review procedures should be calibrated to ensure third parties are consistently categorized based on the third party’s risk profile and/or red-flag behavior

Typical result is categorization of third party as Low, Medium or High risk

– Based on the risk category, the due diligence review may include: Internet search and analysis

Review all third party information to identify risk factors and/or red flags and ensure the appropriate level of diligence is conducted


Review of local and international media

Review of public records (Lexis/Nexis or similar database)

Screening against International Watch List and Database

Litigation searches from databases and local searches (where available)

Conversation with provided references

Reputation testing from industry and local sources

Business Intelligence on the Subject Company

Discreet inquiries to acquire information

– Due diligence frequency and scope can be based on third party relationship (new, ongoing, high-risk) and/or the type of contract (one-year, multi-year, evergreen).

43

44

Wrap-Up Questions

Final Takeaway: What Is Effective Corporate Compliance?

More than … It is …

A job title An active program

A vague set of generally A tangible set of policiesA vague set of generally understood moral principles

A tangible set of policies, procedures and practices

A special interest of a few employees

A priority of senior managers/BOD

A burden on business activityAn essential element of the strategic direction of enterprise

A Code of Conduct A risk-based compliance system

A one-time initiativeA dynamic process periodically reviewed and enhanced

16

Contact Information:Stephen Martin Marc LittManaging Director PartnerBaker & McKenzie Compliance Consulting Baker & McKenzie LLP815 Connecticut Avenue, NW 452 Fifth AvenueWashington, DC 20006 New York, New York 10018Tel: +1 303 345 3345 (Primary) Tel: +1 212 626 4454

46

Tel: 1 303 345 3345 (Primary) Tel: 1 212 626 4454Tel: +1 202 835 6167 (DC Office) Fax: +1 212 310 1802Fax: +1 202 416 7167 [email protected]@bakermckenzie.com

Laurel L. Burke Associate General Counsel - Compliance Regal-Beloit Corporation 200 State Street Beloit, Wisconsin 53511 Tel: 608.361.7416Fax: 608.364.8817 Email: [email protected]