Add to collection(s) Add to saved
  1. Business
  2. Finance
  3. Corporate Finance

Eight Questions Directors and Senior Management Should be Asking About

advertisement 
May 16, 2012
Practice Group:
Government
Enforcement
Eight Questions Directors and Senior
Management Should be Asking About
Their Company’s Anticorruption
Compliance Efforts
By Matt T. Morley (Washington, D.C.), Elizabeth Robertson (London), and Amy L. Sommers
(Shanghai)
In the wake of continuing press reports about the role of bribery in international commerce, many
corporate directors and senior executives are asking for a fresh look at their company’s exposure to
the risks of violating the U.S. Foreign Corrupt Practices Act (“FCPA”), the U.K. Bribery Act, and
similar laws around the world. Those risks can be mitigated, if not eliminated, by the implementation
of policies, procedures and internal controls designed to assure compliance with anti-bribery
requirements. Such compliance measures may be of value both in reducing the likelihood that
company personnel will violate the law, but also in dealing with any government investigation of a
potential violation – because prosecution may be avoided or the consequences of any violation greatly
reduced where a strong compliance program is in place.
Government authorities in the U.S. and the U.K. have repeatedly called for “effective” compliance
measures to be implemented and for “adequate” procedures to be put into place, but many companies
find themselves frustrated by what they see as a lack of clear, practical guidance as to precisely what
is expected of them in this regard. Thus a key question is “what must companies do to meet the
expectations of law enforcement authorities?”
A report issued in March 2012 by the U.K.’s Financial Services Authority (“FSA”) provides what may
be the most comprehensive explanation to date as to what regulators expect from companies in this
regard. Although the FSA’s authority is limited to oversight of firms doing investment business in the
U.K., its report, “Anti-bribery and Corruption Systems and Controls in Investment Banks,” reflects the
same kind of approach that can be expected from both U.K. and U.S. law enforcement authorities.
Notably, the FSA, which issued the report following a review of anti-bribery compliance at 15 firms
(including eight major global investment banks), expressed its view that, as a general matter, these
companies had been “too slow and reactive” in addressing anti-bribery compliance issues. Thus the
report goes to some length in elaborating what the regulators were looking to see in the course of their
review.
Reducing the 55-page report to its essential elements, we have identified eight key questions that
should guide the thinking of corporate directors and senior managers in evaluating their company’s
anticorruption compliance measures.
1. Corporate governance. How does the board of directors oversee anticorruption compliance?
2. Risk assessment. What assessment has the company made of its current corruption risks?
3. Due diligence. What due diligence does the company conduct with regard to agents,
representatives and others who can act on its behalf?
Eight Questions Directors and Senior Management Should
be Asking About Their Company’s Anticorruption
Compliance Effort
4. Internal controls. How does the company assure itself that payments are made for appropriate
purposes?
5. Training and education. How do corporate personnel know what is required of them?
6. Disciplinary action. Are there appropriate consequences for failing to abide by the anticorruption
policies and procedures?
7. Whistleblowing. Do employees know what to do if they learn or suspect that there has been a
violation of anticorruption policies or procedures?
8. Monitoring and auditing. How does the company evaluate the adequacy and effectiveness of its
anticorruption policies and procedures?
Each of these issues is considered in further detail, below.
1. Corporate governance: How does the board of directors oversee anticorruption
compliance?
According to the FSA report, a fundamental prerequisite to the success of any anticorruption regime is
an effective corporate governance framework for addressing the company’s bribery and corruption
risks. The FSA report suggests that companies designate a senior corporate officer with responsibility
for the company’s anticorruption efforts, and that this officer have direct access to the board of
directors. The FSA report stresses that, in order to enable senior management and the board to
exercise appropriate supervision of those efforts, they should receive an ongoing flow of relevant
information that will enable them to ask the kinds of questions that are directed towards assuring
strong compliance efforts. That information should convey a proper understanding of:
 The specific bribery and corruption risks faced by the business;
 The corporate systems and controls in place to mitigate those risks; and
 Information about:
o the effectiveness of those systems and controls;
o relevant legal and regulatory developments; and
o the company’s use of third party representatives (who for most companies are the
single greatest source of corruption risks).
U.K. authorities are not alone in this focus on the role of corporate governance in corporate risk
mitigation and compliance efforts. For example, the director of the U.S. Securities and Exchange
Commission’s Office of Compliance Inspections and Examinations, which examines regulated entities
such as broker-dealers, investment advisers, and investment companies, recently indicated that the
Office intends to have direct discussions with corporate directors and senior managers in order to
assess the extent to which risk management and legal compliance are integrated into the firm’s
operations.
2
Eight Questions Directors and Senior Management Should
be Asking About Their Company’s Anticorruption
Compliance Effort
2. Risk assessment: What assessment has the company made of its current corruption
risks?
The purpose of anticorruption policies and procedures is ultimately to mitigate the risk that the
company or those acting on its behalf will make an improper payment. Nearly half of the firms
examined for the FSA report had not yet made an adequate assessment of their exposure to bribery
and corruption risks. The FSA report points out that a key step in that regard is to identify and assess
the specific corruption risks faced by the company. The report suggests that a company would want to
show that it had considered questions such as:
 What company personnel may be exposed to situations where a corrupt payment might be
demanded or suggested?
 If someone were going to make an improper payment, how might they generate the funds to
do so?
 How might a corrupt payment be conveyed to the recipient?
The FSA report emphasizes the value of information from both outside experts and sources inside the
company. Generic external guidance alone may fail to take into account important aspects of the
company’s specific circumstances, while internal business personnel may be tempted to downplay the
level of bribery and corruption risks to which they are exposed. Using both sources of information
can help provide a more balanced assessment.
The FSA report also notes that, given the fundamental importance of the risk assessment, it should be
updated periodically. Companies examined by FSA conducted not only annual or semi-annual
reviews, but also planned to re-examine their programs in light of certain “trigger events,” such as
significant legal or regulatory developments, the introduction of new products or new lines of business
or the expansion into new territories or markets.
3. Due diligence: What due diligence does the company conduct with regard to agents,
representatives and others who can act on its behalf?
For most companies, regardless of their industry, the most significant corruption risks stem from the
use of agents, representatives and other third parties that can act on the company’s behalf. The FSA
report reiterates existing best practices, noting that companies should determine the appropriate extent
of due diligence on those parties on a risk-sensitive basis. The FSA report notes a variety of risk
factors and “red flags” that companies use in evaluating these risks, including:
 The type, location and industry sector of the third party’s activities
 The third party’s connections with government officials
 Adverse judicial or regulatory findings against the third party
 Evidence or allegations of fraud, bribery or other illegal activity by the third party
 The manner and magnitude of payment to the third party
 The strength of the business rationale for hiring the third party
This last point is particularly significant - and is reflected in the FSA's prior enforcement actions,
which illustrate that agency’s view that, in light of the corruption risks inherent in such relationships, a
3
Eight Questions Directors and Senior Management Should
be Asking About Their Company’s Anticorruption
Compliance Effort
company must be able to document not only its due diligence on a specific agent but also a business
justification for using an agent at all rather than its own personnel.
The FSA report also stresses several other points about third-party relationships, suggesting that.
 Third-party relationships should be reviewed regularly to assure that the business
justification for the relationship remains strong, and that it remains appropriate to continue
the relationship
 Higher levels of due diligence and approval should be required for high risk relationships
 Companies should determine whether third parties, their personnel, owners or close family
members are or might be considered to be public officials
 The company’s compliance function should maintain a list of all approved third-party
relationships and monitor it to identify new risk indicators
 Anticorruption-specific clauses should be included in retention agreements with these third
parties
 Records of the due diligence exercise should be maintained to evidence what has been done
 Particularly in higher risk cases, companies should consider satisfying themselves that the
third party has adequate controls to detect and prevent its staff from using bribery to obtain
business
Similar considerations may apply with regard to at least certain corporate employees, and it may be
appropriate for companies to take steps to assure themselves that these persons have the integrity
required to conduct business lawfully. Among the measures that companies may want to consider are:
 Enhanced background checks on employees hired for roles with higher bribery and
corruption risk
 Repeat vetting of employees in higher risk roles to identify any relevant changes
 Vetting of temporary and contract employees to the same extent as permanent hires
4. Internal controls: How does the company assure itself that payments are made for
appropriate purposes?
Every company seeks to assure that its funds are spent for proper corporate purposes, and indeed this
is a fundamental aspect of internal financial controls, regardless of any anticorruption considerations.
From an anticorruption perspective, the FSA report suggests that companies will want to be attentive
to a variety of key payment controls, including:
 Verifying that any due diligence deemed to be appropriate has been completed before a
payment is made
 Prohibiting cash payments to third parties
 Restricting significant cash advances to employees
 Requiring a valid invoice before making payment
 Escalating unusual or high-risk payments for higher levels of approval
4
Eight Questions Directors and Senior Management Should
be Asking About Their Company’s Anticorruption
Compliance Effort
Gift and entertainment expenditures pose particular challenges in this regard. While in most situations
it may be acceptable to provide gifts or entertainment of modest value, companies should consider
how they will assure that corporate personnel adhere to such standards. Among the kinds of controls
noted in the FSA report are:
 The prohibition of cash or cash-equivalent gifts
 The identification of levels of expenditure requiring the approval of an appropriate level of
management
 The consolidation of information about gift and hospitality expenditures to assess the
concentration of such expenditures by employee, client and type of expenditure, in order to
facilitate management review
5. Training and education: How do corporate personnel know what is required of them?
Law enforcement authorities expect that companies will not only have appropriate policies and
procedures in place to prevent improper payments, but that these requirements will be communicated
to company employees and other relevant personnel in such a way that they know and understand
them. This may require not only general overviews of the company’s anticorruption policy and
procedures, but also more in-depth training for staff with greater exposure to bribery and corruption
risks. Law enforcement officials will also expect to see follow-up measures designed to monitor and
assess the quality and effectiveness of the training provided, and modifications of these efforts to
address any shortcomings.
6. Disciplinary action: Are there appropriate consequences for failing to abide by the
anticorruption policies and procedures?
If and when violations of the anticorruption compliance measures are identified, law enforcement
officials will want to know what actions the company took in response, and whether any disciplinary
action was, in their view, proportionate and appropriate. They will expect that significant failures to
comply will have a negative effect on compensation, and that where lax supervision has contributed to
a compliance failure, the manager bears appropriate responsibility as well.
7. Whistleblowing: Do employees know what to do if they learn or suspect that there has
been a violation of anticorruption policies or procedures?
The whistleblower provisions of the U.S. Dodd-Frank Act are only the most recent governmental
initiative to encourage persons aware of questionable or illegal conduct to come forward with their
concerns. Any assessment of an anticorruption compliance program should consider whether
company personnel have clear information about how to report potential misconduct, and the
availability of hotlines and other means of anonymous reporting. Authorities will also look to see
whether companies have appropriately investigated and followed up on information received through
such channels.
8. Monitoring and auditing: How does the company evaluate the adequacy and
effectiveness of its anticorruption policies and procedures?
The FSA report expressed particular concern about how companies would evaluate the adequacy and
effectiveness of their anticorruption policies and procedures. According to the report, company efforts
to monitor the effectiveness of (and compliance with) their anticorruption controls were generally
5
Eight Questions Directors and Senior Management Should
be Asking About Their Company’s Anticorruption
Compliance Effort
weak and undeveloped. Most of the firms examined had not yet devised mechanisms for doing this,
but were planning to do this in a number of different ways, including:
 Reviewing policies and procedures against updated corruption risk assessments and against
current legal and regulatory requirements
 Monitoring controls over payments to third parties, gifts and hospitality, and business
expenses in an effort to detect policy violations
 Obtaining feedback from business units on their experiences with the policies, including
data on breaches, practical difficulties, and potential gaps in policies and procedures
 Analyzing questions raised by personnel to identify areas where policies and procedures
might lack clarity
 Analyzing complaints and whistleblowing reports to identify areas where policies and
procedures might need to be strengthened
 Having internal audit conduct testing to determine how well processes were being followed
* * * * * * *
The FSA report provides a detailed and comprehensive outline of the factors law enforcement
authorities are likely to consider in evaluating the effectiveness or adequacy of a company’s
anticorruption compliance efforts. For companies subject to FSA jurisdiction, the report sets out the
specific things that the agency will be looking for as it continues to focus on these issues in future
examinations. For other companies, the FSA report provides valuable and practical insights into how
to go about assuring compliance with corporate anticorruption policies.
Identifying and understanding your company’s particular risks is the first step toward reducing the
likelihood of a violation that could result in substantial financial and reputational harm. With
experienced anticorruption lawyers offices around the United States, in the United Kingdom, Europe,
the Middle East, and Asia, K&L Gates is well positioned to provide practical and cost-effective advice
on these matters.
Authors:
Matt T. Morley
Washington, D.C.
Elizabeth Robertson
London
Amy L. Sommers
Shanghai
matt.morley@klgates.com
+1. 202.778.9850
elizabeth.robertson@klgates.com
+44.(0)20.7360.8255
amy.sommers@klgates.com
+86..21.2211.2085
6
Eight Questions Directors and Senior Management Should
be Asking About Their Company’s Anticorruption
Compliance Effort
7
Related documents
Anti-corruption legislation - Business Anti
Anti-corruption legislation - Business Anti
Thailand - Sweden Abroad
Thailand - Sweden Abroad
Dependent Student Screenshots
Dependent Student Screenshots
Florida Standards Assessment
Florida Standards Assessment
+ 2 (,1 1/,1(
+ 2 (,1 1/,1(
Download
advertisement