CECP internal cover memo

advertisement
Legal & Regulatory Compliance Initiative FAQ’s
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
Why is HP implementing a Legal & Regulatory Compliance initiative?
What is the partner benefit of the Legal & Regulatory Compliance initiative?
How are other companies responding to the compliance challenge?
Why focus on legal and regulatory anti-corruption compliance training?
Why is HP using a third party for legal and regulatory compliance?
Does Integrity have experience managing the process for very large partners?
What compliance activities are partners required to complete via the Integrity Partner Diligence
system?
Is the fax from Integrity a legitimate HP communication?
How do I know for sure the fax is legitimate and not an elaborate “phishing” or identity theft scheme?
Which partners are targeted for involvement in the Legal & Regulatory Compliance initiative?
How many people within a partner firm are required to complete the training?
How will HP ensure the right individuals in partner organizations complete the training and other
activities?
Is there a difference between the Legal & Regulatory Compliance (Integrity) initiative and the CECP
training requirement?
Can Integrity contact partners that have opted out of direct communications from HP without violating
privacy laws?
How much will the Legal & Regulatory Compliance initiative cost partners?
Does the payment process allow for different countries, currencies and payment methods?
Can the Legal & Regulatory Compliance initiative fee be paid out of (Market Development Funds
(MDF)?
What are the consequences if a partner is found to have anti-corruption risks?
How will new partners be screened and trained?
Who should partners contact if they have questions about the Legal & Regulatory Compliance
initiative?
1.Why is HP implementing a Legal & Regulatory Compliance initiative?
As a U.S.-based company, HP must comply with U.S. laws everywhere in the world as well as the laws of the
countries in which we operate. Our goal is to prevent non-compliant activities that can lead to unnecessary
costs and potentially damage relationships between HP, partners, and customers. Legal and regulatory
compliance training shows government authorities and public organizations that HP is serious about promoting
high standards of business conduct and taking all reasonable measure to prevent non-compliance. This is an
HP-wide initiative with requirements set by the HP corporate ethics team.
2. What is the partner benefit of the Legal & Regulatory Compliance initiative?
The Legal & Regulatory Compliance initiative demonstrates HP‘s commitment to helping partners avoid legal
trouble and unnecessary business cost, and responds to both heightened customer expectations in the
compliance area as well as the insistence on corporate transparency shared by HP and its partners.
Participation gives partners a tangible way to show they are concerned about compliance and provides a
fast, easy method to meet what are quickly becoming non-negotiable legal requirements.
3. How are other companies responding to the compliance challenge?
For large global companies with valuable brands to protect, driving compliance across suppliers and partner
organizations is one of the hottest initiatives in 2009. Common efforts include: registering partners and suppliers,
collecting certifications to codes of conducts and related policies, and surveying partner and supplier
behavior. These activities are fueled by statutory, regulatory and legal initiatives in North America and
throughout the world.
4. Why focus on legal and regulatory anti-corruption compliance training?
Training in 2009 will focus on anti-corruption compliance. The following examples underscore the need:
 Kellogg, Brown & Root: Its chairman/CEO pleaded guilty to violating the anti-bribery provisions of the
Foreign Corrupt Practices Act (FCPA) and related Securities and Exchange Commission (SEC)
provisions. He faces seven years in prison and $10.8 million in restitution.
 Siemens AG was been fined approximately $300 million by German courts for bribes paid in Nigeria,
Russia and Libya. Siemens estimates the total price tag for these violations to reach into the billions.
In future years other topics may be the focus of legal and regulatory training.
5. Why is HP using a third party for legal and regulatory compliance?
HP is using Integrity Interactive, an independent provider and a leading compliance assurance vendor, to
manage the legal and regulatory compliance program on our behalf. Integrity Interactive is recognized in the
compliance industry as a best-in-class compliance screening service-provider Using an external vendor has
legal advantages. Vendors can independently validate the steps we are taking to ensure partner compliance
in the event of a compliance issue. Contracting with a vendor shows that we are committed to promoting high
standards of business conduct.
6. Does Integrity have experience managing the process for very large partners?
Integrity’s management process is the same for all partners, regardless of size, and has been used successfully
with customers of similar size and scope to HP. Enterprises including Aramark, Aetna, DuPont, IBM, Microsoft and
United Airlines also work with Integrity.
7. What compliance activities are partners required to complete via the Integrity Partner Diligence system?
Partners will be contacted directly by Integrity, via fax or standard mail, on HP’s behalf, to begin the process
outlined here.
Partners are required to:
 Register and create an account on Integrity’s secure portal
 Complete a short training module on anti-corruption compliance, designed for senior partner
management
 Review the HP Partner Code of Conduct and indicate understanding and compliance with its terms
 Complete a screening questionnaire designed to assess compliance risk
8. Is the fax from Integrity a legitimate HP communication?
Yes. HP has contracted with Integrity Interactive to contact partners on HP’s behalf to conduct a
comprehensive compliance program. Integrity uses fax communication as its primary method for notifying
partners of the compliance requirements. Faxes have been proven to successfully generate high rates of
response and meet due diligence requirements for providing a communication audit trail. Although faxes are
an unconventional method for HP communications to partners, they have been approved for this activity. It
should be noted that standard mail notification will be used in situations where partner fax numbers are
incorrect or unavailable.
9. How do I know for sure the fax is legitimate and not an elaborate “phishing” or identity theft scheme?
The fax notification contains a URL that can be used to link directly to the HP Partner Compliance landing page
on the HP Global Partner Portal. To access the compliance page, partners will need to enter their login
credentials. The compliance page contains information about several compliance initiatives, including the
Legal & Regulatory Compliance initiative being conducted by Integrity.
10. Which partners are targeted for involvement in the Legal & Regulatory Compliance initiative?
The target is all contracted partners whose contracts with HP make them eligible for special pricing.
11. How many people within a partner firm are required to complete the training?
HP requires that at least one individual with authority to represent the partner in an official, legally recognized
capacity complete the steps outlined above. This could be an owner or another individual with the legal
capacity to act on behalf of the organization (e.g., someone authorized to sign contracts). Only one individual
in the partner organization needs to complete the activities.
12. How will HP ensure the right individuals in partner organizations complete the training and other activities?
HP will monitor partner participation via reports from Integrity to ensure all appropriate partners take the
training.
13. Is there a difference between the Legal & Regulatory Compliance (Integrity) initiative and the CECP training
requirement?
Yes. The Legal & Regulatory Compliance initiative and the CECP training requirement are two separate and
distinct compliance requirements; HP is asking its partners to complete each. With an objective to improve
compliance with HP contracts and policies, the CECP initiative includes three training modules which focus on
HP policies and procedures. The training modules are now available to partners on the Partner Learning Center.
Partners are required to complete these training modules during FY09 (by October 31, 2009). There is no fee for
this training.
In contrast, the Legal & Regulatory Compliance initiative focuses on anti-corruption issues, which have legal
and regulatory implications that, if not followed, could cause substantial legal liability to HP and damage to
HP’s reputation and brand. The legal implications of the two initiatives are not equal.
14. Can Integrity contact partners that have opted out of direct communications from HP without violating
privacy laws?
Per HP Corporate Compliance, we cannot contact individuals who have opted out of receiving direct
communication from HP. However, for legal issues, HP can contact the partner firm and request a
representative be appointed to complete compliance processes.
15. How much will the Legal & Regulatory Compliance initiative cost partners?
All contracted partners are expected to pay the US$120 program fee to Integrity Interactive. This fee covers the
entire set of compliance elements: anti-corruption training, HP Partner Code of Conduct certification, and
screening questionnaire. HP strongly believes the benefits of reducing business risk and avoiding unnecessary
costs that can result from non-compliant behavior are well worth this investment.
16. Does the payment process allow for different countries, currencies and payment methods?
The Integrity system accepts payments online in more than 35 currencies. Payment is always made in U.S.
dollars—a partner’s bank makes the currency exchange for them. Integrity employs standard e-commerce
functionality made available through a division of PayPal. Integrity accepts Visa, Switch, Discover, PayPal
Express Checkout, American Express, Solo and MasterCard. Partners simply input credit card information at the
secure site, and payment is immediately processed. Integrity does not currently handle non-credit card
transactions.
17. Can the Legal & Regulatory Compliance initiative fee be paid out of (Market Development Funds (MDF)?
Yes, HP has determined that because the initiative includes training, it is legal for partners to use MDF dollars to
pay this US$120 fee. However, it is up to each region to determine if it has the budget to cover this cost. No
funds are forthcoming from worldwide to offset the cost to partners.
18. What are the consequences if a partner is found to have anti-corruption risks?
The goal of this effort is to identify and resolve compliance problems, not to eliminate partners. Screening will
help us evaluate partners as Compliant, At-risk or Non-compliant. We expect most partners will be classified as
Compliant, which requires no consequence management. At-risk and Non-compliant cases will be handled
individually, as identified, and will require the participation of HP Solution Partner Organization (SPO) legal
personnel at both worldwide and regional levels, regional SPO managers and other compliance personnel in
the region. Integrity will be responsible for bringing issues to HP and we will then address them directly with the
partner. HP is committed to working with partners to bring them into compliance and maintain strong
relationships.
19. How will new partners be screened and trained?
Going forward, HP will include the compliance process within our partner on-boarding requirements.
20. Who should partners contact if they have questions about the Legal & Regulatory Compliance initiative?
Partners can direct questions to Integrity Interactive, to their HP Partner Business Manager (PBM) and to their HP
support organization contact.
Download