fcpa and uk bribery act risk...

Presenting a live 90‐minute webinar with interactive Q&A

FCPA and UK Bribery Act Risk Assessments Strategies to Identify and Mitigate Corruption Risk and Ensure Compliance

1pm Eastern | 12pm Central | 11am Mountain | 10am Pacific

THURSDAY, JANUARY 6, 2011

Today’s faculty features:

Edward J. Fishman, Partner, K&L Gates, Washington, D.C.

Sam Eastwood, Partner, Norton Rose LLP, London, England, , , , g

John F. Wood, Partner, Hughes Hubbard & Reed, Washington, D.C.

The audio portion of the conference may be accessed via the telephone or by using your computer's speakers. Please refer to the instructions emailed to registrants for additional information. If you have any questions, please contact Customer Service at 1-800-926-7926 ext. 10.

Continuing Education Credits FOR LIVE EVENT ONLY

For CLE purposes, please let us know how many people are listening at your location by completing each of the following steps:

• Close the notification box

• In the chat box, type (1) your company name and (2) the number of attendees at your location

• Click the blue icon beside the box to send

Tips for Optimal Quality

S d Q litSound QualityIf you are listening via your computer speakers, please note that the quality of your sound will vary depending on the speed and quality of your internet connection.

If the sound quality is not satisfactory and you are listening via your computer speakers, you may listen via the phone: dial 1-866-258-2056 and enter your PIN when prompted Otherwise please send us a chat or e mail when prompted. Otherwise, please send us a chat or e-mail sound@straffordpub.com immediately so we can address the problem.

If you dialed in and have any difficulties during the call, press *0 for assistance.

Viewing QualityTo maximize your screen, press the F11 key on your keyboard. To exit full screen, press the F11 key againpress the F11 key again.

IMPORTANCE OF ANTI-CORRUPTION RISK ANTI CORRUPTION RISK

ASSESSMENTS

Ed FishmanPrepared for: Ed FishmanK&L GATES LLP

1601 K Street, NWWashington, DC 20006-1600

(202) 778-9456ed fishman@klgates com

Prepared for:Strafford CLE Webinar/TeleconferenceRisk Assessments for FCPA and UK Bribery Act ComplianceJanuary 6, 2011

4

ed.fishman@klgates.com©2009 K&L GATES LLP

All Rights Reserved

Overview of Regulatory Environment

DOJ/SEC Focus on Enforcement of the U.S. Foreign Corrupt Practices Act (“FCPA”)

Enactment of 2010 UK Bribery Act Dodd-Frank Wall Street Reform and Consumer

Protection Act Local Anti-Corruption Law Enforcement in Africa,

Asia and Around the WorldAsia and Around the World

5

Brief Overview of FCPA Anti-Bribery Provision

Anti-bribery provision:

Prohibits the payment offer or authorization to pay Prohibits the payment, offer or authorization to pay money or “anything of value” to any “foreign official” for purposes of influencing any act or decision of such f i ffi i l i d b i i b iforeign official in order to obtain or retain business

Prohibits the payment, offer or authorization to pay “anything of value” to a third party while “knowing” anything of value to a third party while knowing that all or a portion will be offered or given to a “foreign official” for unauthorized purposes

6

Brief Overview of FCPA Anti-Bribery Provision

DOJ/SEC have interpreted the definition of a “foreign official” under the FCPA very broadly

The concept of “anything of value” includes travel gifts The concept of anything of value includes travel, gifts, favors and other non-monetary benefits

The “business nexus” requirement is an extremely low hurdle for the enforcement authorities to overcomefor the enforcement authorities to overcome

The risk of liability based on third-party conduct can be based on “willful blindness” of red flags or awareness that a violation is “highly probable”is highly probable

The “facilitating payment” and other defenses/exceptions have been interpreted very narrowly by U.S. enforcement authorities

7

authorities

Brief Overview of FCPA Accounting Provisions

Maintain Books, Records and Accounts that, in Reasonable Detail, Accurately Reflect Transactions and the Disposition of AssetsAssets

Maintain a System of Internal Accounting Controls Sufficient to Provide Reasonable Assurance That: Transactions Executed as Authorized Transactions Recorded to Permit Preparation of GAAP

Statements and to Maintain Accountability for Assets Access to Assets Is Restricted Assets Are Examined Periodically

8

Potential Penalties for Violating the FCPA

Individuals face up to 5 years imprisonment and a $250,000 criminal fine per violationC i f t $2 illi i i i l fi i l ti Companies face up to $2 million in criminal fines per violation or alternative fines equal to twice the amount of total profit

Companies also face civil penalties including injunctions against future violations, civil monetary penalties and serious collateral consequences (e.g., debarment, deferred or non-prosecution agreements, corporate monitors, disgorgement p g p g gof profits, reputational damage and third party litigation risk)

9

U.S. Sentencing Guidelines

Sec. 8B.2.1. Effective Compliance and Ethics Program The organization shall take reasonable steps to

“evaluate periodically the effectiveness of the organization’s compliance and ethics program”organization s compliance and ethics program

The organization shall “periodically assess” the risk that criminal conduct will occur and shall take appropriate steps to design, implement and modify [compliance program] elements to reduce the risk of criminal conduct

10

criminal conduct

DOJ Settlement Obligation

From Deferred Prosecution Agreement with Panalpina World Transport (Holding) Ltd. “Panalpina will conduct periodic review and testing of its

anti-corruption compliance code, standards and procedures designed to evaluate and improve their procedures designed to evaluate and improve their effectiveness in preventing and detecting violations of anti-corruption laws and Panalpina’s anti-corruption code standards and procedures taking into account code, standards and procedures, taking into account relevant developments in the field and evolving international and industry standards.”

11

Dodd-Frank Whistleblower Provision

The statute provides significant monetary incentives for whistleblowers that report violations of the securities laws to the SEC before the company self reportsthe SEC before the company self-reports SEC proposed rule issued November 3rd and public comments

received by December 17th

C t h th D dd F k i i ill id Controversy over whether Dodd-Frank provision will provide disincentive to report issues through compliance program

Anti-corruption risk assessments will become more important in light of the whistleblower provision because they will decrease the risk of violations that whistleblowers can report if conducted properly

12

SOX Implications

SOX 404-based internal control programs historically have not addressed FCPA-specific issues

Auditing firms have started to increase their focus on FCPA specific risks including delegation of on FCPA-specific risks, including delegation of authority limits, segregation of duty requirements, vendor and third party agent approval processes, p y g pp p ,disbursement approval processes and ongoing testing and monitoring of compliance programs

13

QUESTIONS?

Contact:

Ed FishmanK&L Gates LLP1601 K Street N.W.Washington, D.C. 20006(202)778 9456 (di t)(202)778-9456 (direct)ed.fishman@klgates.com

14

FINANCIAL INSTITUTIONS ENERGY INFRASTRUCTURE AND COMMODITIES TRANSPORT TECHNOLOGYFINANCIAL INSTITUTIONS ENERGY INFRASTRUCTURE AND COMMODITIES TRANSPORT TECHNOLOGY

UK BRIBERY ACT ANDRISK ASSESMENTS

UK BRIBERY ACT ANDRISK ASSESMENTS

Sam EastwoodNorton Rose LLP

Sam EastwoodNorton Rose LLP

Prepared for:Strafford CLE Webinar/TeleconferenceRisk Assessments for FCPA and UK Bribery Act Compliance

Prepared for:Strafford CLE Webinar/TeleconferenceRisk Assessments for FCPA and UK Bribery Act Compliance

Norton Rose LLP3 More London Riverside

LondonSE1 2AQ

(0)207 4442694

Norton Rose LLP3 More London Riverside

LondonSE1 2AQ

(0)207 4442694ComplianceJanuary 6, 2001ComplianceJanuary 6, 2001

(0)207 4442694Sam.eastwood@nortonrose.com

(0)207 4442694Sam.eastwood@nortonrose.com

Key Features of the UK Bribery Act

• The new UK Bribery Act comes into force in April 2011

• Guidance – SFO 2009 paper “ Approach of the Serious Fraud Office

to dealing with overseas corruptionto dealing with overseas corruption– MOJ Guidance on “Adequate Procedures”– MOJ circular on Bribery Act

J i t L l G id f P t– Joint Legal Guidance for Prosecutors

16

Key Features of the UK Bribery Act

• The general bribery offences– Someone offers, promises or gives another, or– requests, agrees to receive or acceptsq g p– a financial or other advantage in connection with a person

performing a function improperlyNote: Improper performance is the breach of an expectationNote: Improper performance is the breach of an expectation

that the function will be performed in good faith, impartially or as a result of a position of trust. No corrupt intent required.p qThe offences extend to “private bribery”

17

Key Features of the UK Bribery Act

• Bribing a foreign public official– Someone pays or offers an advantage to a FPO– with the intention of influencing the FPO– in order to retain or obtain a business advantage– When such payment / advantage is not permitted orWhen such payment / advantage is not permitted or

required by written lawNote: No need for improper performance of function

18

Key Features of the UK Bribery Act• Facilitation Payments

N t itt d ( t t FCPA ti )– Not permitted (contrary to FCPA exception)– Written law is relevant, not local custom

• Failure of commercial organisations to prevent bribery– Corporate entity commits an offence if it, or anyone associated

with it, bribes another person in order to retain or obtain a business , padvantage.

– Associated person is widely defined: includes anyone who performs services for or on behalf of the companyp p y

– This could be employees, agents, brokers, subsidiaries, JV entities, JV partners

– Strict liability offence Only defence is that the company hasStrict liability offence. Only defence is that the company has adequate procedures in place to prevent bribery

19

Key Features of the UK Bribery Act

• Extra-Territoriality– General and FPO bribery offences: if any part of the

offence is committed in the UK OR if committed overseas by a person with a close connection to the UK

– Corporate bribery offence: it is irrelevant where the acts/omissions which form part of the offence take place. Applies globally to companies who carry on any part of their business in the UK

– UK branches– Companies with UK securities listings?– Companies with UK agents/distributors?p g

20

Key Features of the UK Bribery Act• Senior Officers can be prosecutedSenior Officers can be prosecuted– Applies where a general or FPO bribery offence has been

committedwith the consent or connivance of a senior officer– with the consent or connivance of a senior officer (director, manager, company secretary)

– The senior officer is then deemed to have committed the same offencesame offence

• Prosecutorial discretion – Key– Guidance expected early 2011

21

Key Features of the UK Bribery ActAdequate Procedures: “Six principles”

1. Risk 6. Monitoring d Assessmentand

Review

Six Principles

2. Top Level Commitment

5. Effective Implementation

3. Due Diligence

4. Clear Policies & Procedures

22

Goals of Risk AssessmentRisk Assessment (Per MOJ Guidance)

“The commercial organisation [must] regularly and comprehensively [assess] the nature and extent of p y [ ]the risks relating to bribery to which it is exposed”

– A tailored approach– Focus on:

Internal risk• Internal risk • Country risk• Partnership riskPartnership risk

– Ongoing responsibility 23

Goals of Risk Assessment

Identify ongoing risk

Assess identified risk – severity and likelihood

Pragmatic and cost effective approach

Risk Mitigation a risk assessment should inform (1)Risk Mitigation – a risk assessment should inform (1) the development, implementation and maintenance of effective anti-bribery policies and procedures (2) remedial steps.

24

FINANCIAL INSTITUTIONS ENERGY INFRASTRUCTURE AND COMMODITIES TRANSPORT TECHNOLOGYFINANCIAL INSTITUTIONS ENERGY INFRASTRUCTURE AND COMMODITIES TRANSPORT TECHNOLOGY

25

II. CONDUCTING THE RISK ASSESSMENT

John F. WoodJohn F. WoodHughes Hubbard & Reed LLPOffice: (202) 721-4720Email: woodj@hugheshubbard.com

U.K. Ministry of Justice Consultationy J

• The U.K. Ministry of Justice defines a “Risk y JAssessment” as follows: “this is about knowing and keeping up to date with the bribery risks you face in your sector and market ”your sector and market.

• “What constitutes adequate risk assessment procedures will vary enormously depending on the procedures will vary enormously depending on the size of an organisation, its activities, its customers and the markets in which it operates . . . .”

U.K. Ministry of Justice: CONSULTATION ON GUIDANCE ABOUT COMMERCIALORGANIZATIONS PREVENTING BRIBERY (Section 9 of the Bribery Act 2010)

27

U.S. Sentencing Guidelines Ch t 8Chapter 8

• An organization shall “[a]ssess periodically the risk g [ ] p ythat criminal conduct will occur.” Application Note 7.

• “[T]he individual(s) with day-to-day operational [ ] ( ) y y presponsibility for the program typically should, no less than annually, give [the Board of Directors] or a subgroup thereof information on the implementation subgroup thereof information on the implementation and effectiveness of the compliance and ethics program.” Application Note 3.

28

Who Conducts a Risk Assessment?

Internal compliance personnel

Who Conducts a Risk Assessment?

Internal compliance personnel

Auditors

Outside counsel/compliance experts

29

Establishing Scope

Before conducting an assessment, the company

Establishing Scope

g , p ymust decide which activities, relationships, or areas should be assessed

Companies must always look to areas where they have encountered problems in the past

30

Establishing Work Plan

• An effective risk assessment should include,

Establishing Work Plan

An effective risk assessment should include, but not be limited to:

Review of written policies and proceduresReview of written policies and procedures

Review of policy communication

Identifying ongoing risk

31

Identifying Ongoing RiskIdentification of risks includes, but is not limited to,

considering:1. The nature of the industry 5. Other interactions with y

2. Locations in which the company has operations,

government officials (e.g., regulatory approvals, licensing, customs)p y p

sales, or other activities

3. Corporate history

g )

6. Use of third parties (e.g.,agents, distributors, joint ventures)

4. Nature of customers (e.g., government-owned or controlled)

ventures)

7. Mergers & Acquisitions activitycontrolled) y

8. Books & Records

32

Assessing Identified Risks

Evaluate relevant risks of particular activities or

Assessing Identified Risks

Evaluate relevant risks of particular activities or relationships (e.g., hiring of a particular agent)

Use risk criteria to categorize activity (e.g., Use risk criteria to categorize activity (e.g.,descriptively or numerically)

The evaluation of risks will help you determine what p yadditional compliance steps are necessary

The amount of resources devoted to compliance for peach task or relationship will depend on its risk category

33

Tailoring Risk Assessment Criteria

• Source of agent • Qualifications of the agent

gEXAMPLE: USE OF AGENT

• Location of agent’s activities

• Nature of ownership

• Frequency and nature of interactions with

• Payment location and method

k b f d binteractions with government officials

Wh C i d

• Tasks to be performed by agent

• When Company retained agent

• Amount and structure of payments

34

How to Handle the Results

Considerations:

How to Handle the Results

Considerations:

1. Attorney-client privilege

2. Disclosure within company

3. Scoping of separate investigations

35

STRATEGIES TO OVERCOME STRATEGIES TO OVERCOME CHALLENGES IN CONDUCTING

CO O SANTI-CORRUPTION RISK ASSESSMENTS

Ed FishmanPrepared for: Ed FishmanK&L GATES LLP

1601 K Street, NWWashington, DC 20006-1600

(202) 778-9456ed fishman@klgates com

Prepared for:Strafford CLE Webinar/TeleconferenceRisk Assessments for FCPA and UK Bribery Act ComplianceJanuary 6, 2011

36

ed.fishman@klgates.com©2009 K&L GATES LLP

All Rights Reserved

Alignment of Scope and Risk

Any business with overseas operations will face significant risks under the FCPA

Companies subject to the UK Bribery Act must also mitigate the risk of commercial bribery

The extensive use of third party agents increases the risk profile significantly

The threshold consideration before commencing an The threshold consideration before commencing an anti-corruption risk assessment is the proper alignment of scope and risk

37

g p

High-Level Anti-Corruption Risk Assessment

Objective: to conduct an effective review of the most significant anti-corruption risks faced by the significant anti corruption risks faced by the organization (from both a severity and likelihood perspective) in a cost effective and timely manner

Methodology: can use both formal and informal methods of assessing risk, as long as the methods reasonably relate to the risks faced by the y yorganization

38

Common Scoping Challenges

The initial scope of the risk assessment needs to be well-defined at the outset to avoid “scope creep”Th k l h ld i l d l d i ti f bj ti The workplan should include a clear description of objectives, responsibilities and expected deliverables

Many organizations will adopt a phased approach to risk assessments, focusing initially on the highest risk countries or business operations (e.g. those sectors of the business that rely heavily on third party agents in high-risk jurisdictions)y y p y g g j )

The risk assessment can be modified/refined in later phases to account for new or emerging risks that are identified during the process

39

the process

Overcoming Resource Challenges

Comprehensive anti-corruption risk assessments in a multinational company can be very expensiveG ff Goal should be to conduct an effective and thorough risk assessment in a cost-effective manner

Strategies for conducting a cost-effective risk Strategies for conducting a cost effective risk assessment include using the right combination of internal and external resources (depending on competencies) developing a reasonable budget in competencies), developing a reasonable budget in connection with the initial workplan, and maintaining reasonable expectations and objectives

40

Importance of Internal/External Cooperation

High-level management support is critical for conducting an effective risk assessment

Management needs to appreciate the potential risks of Management needs to appreciate the potential risks of criminal conduct and the importance of periodically assessing those risks

An anti-corruption risk assessment will have ancillary An anti-corruption risk assessment will have ancillary compliance benefits (e.g. may shed additional light on permanent establishment/tax issues, customs practices, and sufficiency of financial controls)y )

The cooperation of third-party agents (and support from internal business people that interface with those agents) is a key factor in ensuring effectiveness of the risk assessment

41

y g

Possible Restrictions on Access

EU privacy law restrictions may complicate efforts to review e-mails and engage in risk-based transaction testing without consent of data recipientsconsent of data recipients

Failure of internal business people or third parties to cooperate in providing access to information will complicate ffefforts With respect to internal personnel, clearly explain objectives of

the risk assessment and their obligation to cooperate With respect to third parties, ensure that any contractual audit

rights are invoked and use any leverage from a commercial perspective

42

Dealing with the Results of a Risk Assessment

To the extent that any problematic practices are discovered as a result of the risk assessment, a separate internal investigation of those practices may be necessaryp y y This needs to be handled carefully in light of

the whistleblower incentive provisions The conduct should be examined even before

the risk assessment is completed

43

Dealing with the Results of a Risk Assessment

Another possible outcome of the risk assessment is the identification of various potential internal control weaknesses that the organization should remediate upon completion of the assessment The failure to act upon any of these internal control The failure to act upon any of these internal control

problems defeats the purpose of the risk assessment Prior to beginning the risk assessment, there needs g g ,

to be senior management support for remediating any internal control issues during the process

44

C t t I f tiContact Information

Ed FishmanK&L Gates LLP

John F. WoodHughes Hubbard & Reed LLP

Sam EastwoodNorton Rose LLPK&L Gates LLP

(202)778-9456ed.fishman@klgates.com

Hughes Hubbard & Reed LLP(202) 721-4720woodj@hugheshubbard.com

Norton Rose LLP(0)207 4442694Sam.eastwood@nortonrose.com