INFOCUS

WASHINGTON, D.C. • ATLANTA • BRUSSELS • DUBAI • HONG KONG • LONDON • MILAN • NEW YORK • PARIS • SAN FRANCISCO • SINGAPORE • SYDNEY • TOKYO • TORONTO

promontory.com JANUARY 14, 2013

Managing Corruption Risks

BY PIERRE DE SAINT PHALLE, DAVID THELANDER, AND RAWAN ABDELRAZEK

Multinational companies and financial services firms are confronting increasingly rigorous anti-corruption standards as regulators around the world emphasize sound business practices to promote sustainable economic growth. The consequences are substantial: Companies have incurred material expenses to launch internal investigations of possible infractions, in many cases to preempt or mitigate regulatory enforcement actions. Internal or government-led investigations can drag out for years; fines run into the hundreds of millions of dollars, and individuals also face prison terms of up to 20 years. And the potential reputational damage from violating anti-corruption standards defies simple quantification.

With the notable exception of the United Kingdom’s Bribery Act of 2010, the governing anti-corruption laws are hardly new. In the United States, standards are based on the Foreign Corrupt Practices Act, which became law in 1977. The Organization for Economic Cooperation and Development’s Anti-Bribery Convention, which has 39 signatories, was issued in 1999. Generally speaking, the increasing importance of complying with anti-corruption standards is not the result of new statutes that underpin enforcement efforts, but springs instead from a stronger, international commitment — backed by entities including the G20, the International Monetary Fund, the World Bank, and non-government entities — to pursue bad actors.

OECD signatories have prosecuted roughly 300 individuals and entities since the 1999 convention, but the pace is accelerating: These countries report 170 ongoing criminal proceedings and over 300

Pierre de Saint Phalle Managing Director

David ThelanderManaging Director

Rawan Abdelrazek Senior Principal

• Regulators globally are increasingly focused on anti-corruption regulations, and companies should examine whether they can meet the higher standards articulated in new laws in the United Kingdom and new guidelines in the United States.

• Financial penalties are only one cost of violations of anti-corruption statutes. Internal investigations can be as costly, and the reputational damage may be hard to quantify. And individuals face substantial fines and the prospect of prison.

• The complex and often global nature of internal and government investigations leads to a significant lag — typically five years — between the illegal activity and related settlement. Firms that remediate problems and establish effective compliance programs can improve the chances of favorable settlements.

• An effective risk-based anti-corruption compliance program can greatly minimize corruption risks.

KEY TAKEAWAYS

PROMONTORY Sightlines InFocus | JANUARY 14, 2013 | 2

ongoing investigations. Many of these enforcement actions are in the U.S., where the Department of Justice and Securities and Exchange Commission have taken an increasingly aggressive, transnational enforcement stance towards FCPA noncompliance (see table 1). In fact, the SEC in 2010 created an enforcement unit dedicated to FCPA and maintains a list of actions taken1 under the statute.

The majority of FCPA-related enforcements are now brought against foreign companies. Most recently, Barclays PLC disclosed U.S. and UK authorities were investigating its relationship with Qatar’s sovereign wealth fund and its actions to secure a banking license in the Saudi Arabia.

Operating successfully within the changing global enforcement environment will require executives to carefully manage corruption risks or face considerable costs: public investigations, reputational damage, shareholder lawsuits, whistleblowers, monetary penalties, jail sentences, not to mention undermining of the firm’s credibility with regulators on all matters relating to controls and compliance. But an effective anti-corruption compliance program can greatly minimize corruption risks.

The Globalization of Anti-Corruption Efforts

U.S. anti-corruption efforts have shaped national laws and global standards, and the FCPA has paved the way for the establishment of similar laws in other jurisdictions, as well as the adoption of international standards and best practices.

ORGANIZATION FOR ECONOMIC COOPERATION AND DEVELOPMENT

The OECD’s Anti-Bribery Convention in 1999 criminalized cross-border bribery and set tough, transparent international business standards. It is the only international legally binding instrument that

COMPANY SETTLEMENT AMOUNT YEAR ALLEGED BRIBE PAYMENTS

Siemens $1.6 billion 2008 2001 through 2007

Kellogg Brown & Root/Halliburton* $579 million 2009 1995 through 2004

Snamprogetti Netherlands/ENI* $365 million 2010 1995 through 2004

Technip* $338 million 2010 1995 through 2004

JGC Corporation* $218.8 million 2011 1995 through 2004

Daimler AG $185 million 2010 1998 through 2008

Alcatel-Lucent $137 million 2010 2001 through 2006

Magyar Telekom/Deutsche Telekom $95 million 2011 2005 through 2006

Panalpina $81.8 million 2010 2002 through 2007

TABLE 1: LARGEST FCPA SETTLEMENTS

* Part of a four-company joint venture that bribed Nigerian government officials over a 10-year period in order to win construction contracts in Nigeria worth more than $6B

1 http://www.sec.gov/spotlight/fcpa/fcpa-cases.shtml

PROMONTORY Sightlines InFocus | JANUARY 14, 2013 | 3

requires signatories to make foreign bribery of public officials a crime, and establish criminal penalties. Also under the convention:

• Countries must investigate and prosecute those that offer, promise, or give bribes to foreign public officials and impose heavy penalties

• Companies and individuals are accountable for third-party involvement in bribery

• Bribery is a crime even if permitted in the foreign country where it occurs

Companies operating globally should review signatories (see Appendix I) and adopt their anti-corruption compliance regimes accordingly.

Other international anti-corruption efforts include the G20’s Anti-Corruption Action Plan and the U.N. Convention against Corruption. The G20 is also partnering with the Financial Action Task Force on anti-corruption issues and money-laundering.

UK BRIBERY ACT

Companies doing business in the UK must consider whether their current policies, systems, controls, and training programs comply with the UK Bribery Act, which marks a significant milestone in the official global anti-corruption drive. It is considerably broader than the FCPA and the OECD initiatives, principally in expanding beyond public officials to include corporate employees.

The law criminalizes the bribery of private individuals and companies, and also covers bribe recipients. Prosecutors need not prove corrupt intent, and corporations and their officers face liability for failing to prevent bribery. Similar to the FCPA, the extraterritorial reach of the UK Bribery Act has a broad impact for companies and individuals — any UK presence (subsidiary, office, or operations) creates jurisdiction.

The UKBA applies even if offenses take place in a third country and are unrelated to UK operations. The “local law” defense is applicable only if a local law actively permits or requires the official to be influenced by the payment. Unlike the FCPA, there is no defense for facilitation payments, but the UKBA provides a full defense for organizations that prove they have adequate anti-bribery procedures in place.

Deconstructing the FCPA

Despite more recent international attempts to criminalize bribery, the FCPA is generally recognized as the global benchmark for all other anti-corruption initiatives, and its influence has grown in recent years. Assistant U.S. Attorney General Lanny Breuer in a 2010 speech warned that “we are in a new era of FCPA enforcement; and we are here to stay.”2 The Justice Department and the SEC followed up that warning by making concrete structural changes and committing more resources to FCPA enforcement, including more attorneys, and new initiatives to recover the proceeds of foreign corruption. The FBI has dedicated investigators to FCPA enforcement, and the Financial Industry Regulatory Authority has prioritized FCPA issues in its examination process. The Dodd-Frank Act provided financial incentives for corporate whistleblowers to report potential FCPA violations directly

2 http://www.justice.gov/criminal/pr/speeches/2010/crm-speech-101116.html

ANTI-BRIBERY PROVISIONS

• Individuals: Imprisonment up to five years and fines up to $250,000, or twice the total gain/loss from the act

• Companies: Criminal fines of up to $2 million per violation, or up to twice the total gain/loss from the act

RECORD-KEEPING AND ACCOUNTING PROVISIONS

• Individuals: Imprisonment up to 20 years and fine up to $5 million

• Companies: Fines up to $25 million

OTHER CONSEQUENCES

• Debarment from U.S. or E.U. government contracts/programs

• Debarment from receiving U.S. import/export licenses

• Civil litigation

PENALTIES FOR FCPA VIOLATIONS

PROMONTORY Sightlines InFocus | JANUARY 14, 2013 | 4

to the SEC rather than report them internally.3 And on Nov. 12, 2012, the Justice Department and the SEC jointly issued a Resource Guide to the U.S. FCPA4 that clarified requirements and key definitions of the statute.

The law prohibits paying or offering anything of value to influence a foreign official, including to obtain or retain business. There is no materiality threshold, and “anything of value” has been broadly construed to include cash, expenses, and promises of employment. However, Breuer stressed that the government is focused on bribes that “have a fundamentally corrosive effect on the way companies do business abroad.”5 Enforcement agencies are more likely to be interested in single instances of extravagant gift-giving than they are in ceremonial gifts and items of negligible value, unless the giving is part of a larger, systemic effort to gain a business advantage.

The FCPA’s record-keeping and accounting provisions are the backbone of most U.S. accounting fraud and issuer disclosure cases. The provisions require that books and records accurately reflect the transactions. Sound expense controls and transparent accounting for external payments help prevent and detect bribery and the mischaracterization of funds — high commissions, consulting fees, sales and marketing expenses, travel costs, etc. — frequently used to disguise bribes.

FCPA Compliance

More than half of the Justice Department’s corporate FCPA resolutions involve foreign companies or U.S. subsidiaries of foreign companies, and nine of its 10 FCPA penalties in 2011 were against foreign companies and nationals. An increasing number of FCPA matters are in China and Asia, followed by

3 Whistleblowers are awarded between 10-30% of certain monetary sanctions recovered.4 http://www.justice.gov/criminal/fraud/fcpa/guide.pdf5 November 16, 2012, speech at the ACI 28th National Conference on the FCPA

• Non-essential, lavish expenses

• Lavish gifts or entertainment

• Upfront, lump-sum per diem payments

• Travel expenses, including for family members

• Improper campaign contributions

• Overpayments or underpricing

• Excessive facilitating payments

• Tax or insurance benefits

• Promises of future employment, scholarships, discounts, etc.

“ANYTHING OF VALUE”

Anti-Bribery Provisions. Prohibit covered persons from bribing, or authorizing or offering a bribe, to a foreign official in order to obtain or retain a business or other improper advantage.

Recordkeeping and Accounting Provisions. Issuers must meet standards on accounting practices, books and records, and internal controls.

WHO IS COVERED?

Issuers. Any issuer with securities registered pursuant to section 12 of the Securities Exchange Act or is required to file reports under section 15(d) — including companies with American Depository Receipts — as well as their officers, directors, stockholders, employees, and agents.

Domestic Concerns. Any U.S. citizen, resident or national, or any corporation, partnership, association, trust, sole

proprietorship, or unincorporated organization organized under U.S. laws or has its principal place of business in the U.S. — as well as their officers, directors, stockholders, employees, and agents.

Other. Applies to certain foreign nationals or entities that are not issuers or domestic concerns who engage in any act in furtherance of a corrupt payment in the U.S.

JURISDICTION

The FCPA applies to conduct both inside and outside the U.S.

FCPA: WHAT YOU NEED TO KNOW

PROMONTORY Sightlines InFocus | JANUARY 14, 2013 | 5

Latin America, South Asia and the Middle East, and foreign governments frequently facilitate Justice’s efforts by making referrals. On Dec. 17, for instance, Allianz SE agreed to pay more than $12.3 million to settle SEC charges that its Indonesian subsidiary made improper payments to employees of state-owned entities financed through an off-the-books slush fund.6

PIPELINE INDICATES ACTIONS WILL REMAIN STEADY

The pace and reach of FCPA-related enforcement actions are expected to remain steady as the government works through investigations in the pipeline. Since 2009 the government has entered into over 40 corporate settlements, including nine of the 10 largest ever, as measured by the size of the penalty, resulting in over $2 billion in fines. The government brought seven corporate cases and five individual cases in the first half of 2012, despite the fact that it increasingly seeks to resolve matters through non-prosecution and deferred-prosecution agreements.

EMPHASIS ON VOLUNTARY DISCLOSURE

The Justice Department and SEC rely and encourage voluntary disclosures, as reflected in the longstanding Principles of Federal Prosecution of Business Organizations7 and the U.S. Sentencing Guidelines.8 Government officials point to the “meaningful credit” they give to companies in return, including deferred prosecution, and Justice has said it will consider voluntary disclosures when deciding whether to pursue further action.

Indeed, Justice has indicated that the consequences for a company will be more severe if the government discovers the misconduct on its own or through competitors, which has made self-disclosure an attractive risk-management option. Companies are generally advised to thoroughly investigate a potential violation, both to be able to characterize the wrongdoing and to demonstrate good faith and responsibility, before deciding whether and when to self-disclose a potential FCPA violation. But the Justice Department urges firms to disclose infractions immediately upon finding them — at the front end of the internal investigation.

BUILDING RELATED CASES

Enforcement officials take an industry-wide approach to investigations, leveraging what they’ve learned from one investigation to build others in the same industry or supply chain. And they provide incentives to companies to provide information about their competitors. Regulators increasingly

6 http://www.sec.gov/news/press/2012/2012-266.htm7 http://www.justice.gov/opa/documents/corp-charging-guidelines.pdf8 http://www.ussc.gov/Guidelines/index.cfm

33

23

12 131210

2527

10

2008 2009 2010 2011 2012

TOTAL NUMBER OF FCPA ENFORCEMENT ACTIONS (2008 - FIRST HALF OF 2012)

10

0

20

30 DOJ SEC

• Any officer or employee of a foreign government or depart-ment, agency, and instrumentality thereof

• Any political party, party official, or candidate for political office

• Employee of a majority state-owned or controlled company that constitutes an “instrumentality” of the government

• Officials or employees of public international organizations (World Bank, IMF, UN)

• Employees of Sovereign Wealth Funds

“FOREIGN OFFICIAL”

34

PROMONTORY Sightlines InFocus | JANUARY 14, 2013 | 6

perceive financial services as facing the same corruption risks that traditionally have been associated with manufacturing and retail companies doing business abroad, and recent actions against Barclays, Allianz SE, and Morgan Stanley have proven that the agencies have the capacity to bring enforcement actions in the financial services arena.

Effectively Managing Corruption Risks

Companies can take several steps to manage corruption risks in this heightened legal and enforcement environment:

• Complete a corruption risk assessment based on specific business lines, counterparties, and locations of operation.

• Understand the local laws that apply to their business activities and thoroughly review their anti-corruption practices to assess for global compliance, particularly given the extra-territorial reach of the FCPA and the UKBA. Management should also look to the guidance in the OECD Recommendations and the OECD Good Practice Guidance on Internal Controls, Ethics, and Compliance.9

• Establish or strengthen internal controls, ethics, and compliance regimes to prevent and detect bribery. Companies may assign a dedicated anti-corruption compliance officer, just as many do with efforts related to anti-money-laundering compliance and combating the financing of terrorism. The compliance regime should meet seven minimum requirements in the Federal Sentencing Guidelines for Organizations, which is the global benchmark for measuring an effective compliance and ethics program:

– Establish standards and procedures – Provide oversight and a governance structure – Exercise discretionary authority – Provide training and disseminate information enterprise-wide – Monitor and audit compliance – Promote and enforce the compliance and ethics program – Respond to actual and potential violations

The Justice Department’s April 2012 statement on the imprisonment of a former Morgan Stanley executive on FCPA charges noted that it did not charge the firm itself because its internal controls “provided reasonable assurances that its employees were not bribing government officials.”10

Justice also cited the extensive compliance efforts by Morgan Stanley, including training, internal policies, and annual certifications. Assistant AG Breuer has said that “establishing a top-notch compliance program will not only help to prevent misconduct from occurring, but it will also improve your position with us in any eventual investigation.”11 Still, Justice recently made it clear that a compliance program is not an absolute defense against an FCPA action.

9 http://www.oecd.org/investment/briberyininternationalbusiness/anti-briberyconvention/44884389.pdf10 http://www.justice.gov/opa/pr/2012/April/12-crm-534.html11 http://www.justice.gov/criminal/pr/speeches/2010/crm-speech-101116.html

PROMONTORY Sightlines InFocus | JANUARY 14, 2013 | 7

• Document program activities to support arguments that incidents perpetrated by an individual are isolated and occurred despite the program. Financial firms can build upon the foundations of already established AML/CFT programs, which implement relevant Office of Foreign Assets Control and Bank Secrecy Act requirements. Many of the necessary components are similar: risk assessments, internal controls, training, transaction monitoring, reporting, and documentation.

• Respond quickly to violations or allegations, whether self-identified or the result of external actions, including launching investigations. Companies should have a public relations strategy and standard disciplinary procedures in the event of a violation, and move quickly to prevent recurrence and fix any lapses in policy and procedures.

Key Components of an Effective Anti-Corruption Compliance Program There is no “one size fits all” anti-corruption program, but most successful internal controls and compliance regimes share a number of salient features calibrated to the specifics of each company, and respond to the organization’s evolving needs, risks, and challenges.

RISK-ASSESSMENT PROCESS

Risk assessments are key elements of strong internal controls and compliance, and the critical first step in establishing risk-based policies and procedures that reflect and mitigate an organization’s specific risks.12 Risk assessments should drive the design of any compliance program, including due-diligence procedures and internal audits. The risks vary by the size, nature, and complexity of businesses, counterparties (third parties, intermediaries, foreign public officials), and the regulatory and enforcement environment; the assessment process must be updated and monitored continuously. Key elements include:

• Collaboration between compliance and business units

• Oversight by senior management

• Resource allocation to reflect the firm’s scale and needs

• Accurate and appropriate reporting and documentation

Anti-corruption risk assessments should consider these risks:

• Country-specific/jurisdictional: Country-specific risks include jurisdictions with high levels of corruption, an absence of effectively implemented anti-corruption laws, lack of transparent procurement and investment policies, and minimal government oversight. Pre-existing rankings of country corruption and transparency levels are useful guides to develop appropriate due diligence of associates and related parties.

• Sector: Higher risks are associated with certain sectors, such as the extractive industry and large-scale infrastructure.

12 The US Federal Sentencing Guidelines and the UKBA Guidance both identify Risk Assessments as key elements of effective compliance programs.

Selections from the FCPA Resource Guide issued by the Justice Department and the SEC in November.

“ In a global marketplace, an effective compliance program is a critical component of a company’s internal controls. . . . An effective compliance program . . . protects a company’s reputation, ensures investor value and confidence, reduces uncertainty in business transactions and secures a company’s assets.”

“ DOJ and SEC also consider the adequacy of a company’s compliance program when deciding what, if any, action to take. . . . It will often affect the penalty amount . . . .”

“ An assessment of a company’s compliance program, including its design and good faith implementation and enforcement, is an important part of the government’s assessment of whether a violation occurred, and if so, what action should be taken.”

“ Although the focus is on compliance with the FCPA, given the existence of anti-corruption laws in many other countries, businesses should consider designing programs focused on anti-corruption compliance more broadly.”

IN THEIR OWN WORDS

PROMONTORY Sightlines InFocus | JANUARY 14, 2013 | 8

• Transaction: Transactions involving licenses or permits, public procurements, and charitable or political contributions present greater risk, and due diligence should scale with the importance to the company’s operations.

• Business Opportunity: Risks from high-value projects, projects reliant on intermediaries or contractors, and projects undertaken at below market value.

• Business Partnership: Certain relationships pose greater risks, particularly intermediaries transacting with foreign officials and joint-venture partners (see “Third-Party Due Diligence” on page 9).

• Internal: Internal procedures or structures can compound risks, including inadequate employee training, incentives that reward risk taking, the lack of clear anti-corruption policies and procedures, and ineffective financial controls.

TONE AT THE TOP

Enforcement officials will look for a strong “tone at the top” and a culture of compliance and ethics that extends from the board of directors and the highest level of management to middle and lower management. The tone should stress zero tolerance for corruption or unethical behavior, as opposed to getting business at any expense. This means rewarding good behavior and punishing violations. In practice, a strong tone at the top includes board and management involvement in setting policies and assessing risks, actual implementation of set policies, and effective communication of the firm’s anti-corruption stance. This translates into an ethical company culture that supports a strong compliance program.

Transnational firms, including private-equity companies, should incorporate anti-corruption re-quirements in transaction due diligence by ensuring that financ-ing, deal structures, and contracts comply with the FCPA, UKBA, and other laws. In the case of the FCPA, firms should seek advisory opinions from the Justice Depart-ment when the transaction terms or a target company’s track record could pose a potential challenge. Companies should ensure that compliance policies are followed after the transaction’s comple-tion. Justice emphasized the im-portance of foreign-transaction due diligence in a 2008 advisory opinion.

• Active board and executive involvement

• Knowledge of anti-corruption laws that apply to each business and transaction

• Risk-assessment procedures effectively implemented

• A code of conduct that articulates a commitment to ethical practices and prohibits bribery

• Clear procedures on gift giving, entertainment expenses, philanthropy, political donations, and employment

• Policies and procedures for due diligence on foreign business contacts and related payments

• Anti-corruption compliance monitoring and testing, audits, and testing of particular employees and businesses

• Annual employee certification of compliance with anti-corruption policies and processes

• Guidance on engaging consultants and for other high-risk activities

• Due diligence on third-party agents or joint-venture partners

• Clear identification of anti-corruption compliance responsibility

• Anti-corruption training and reporting

• Internal and confidential whistleblower channels

• Escalation points for ethics and compliance questions, including resources for urgently needed guidance in foreign jurisdictions

• Senior-officer oversight of anti-corruption and bribery compliance programs

ELEMENTS OF AN EFFECTIVE ANTI-CORRUPTION PROGRAM

PROMONTORY Sightlines InFocus | JANUARY 14, 2013 | 9

RISK-BASED POLICIES AND PROCEDURES

Any effective anti-corruption program will be risk-based, and proportional to the corruption risks faced. The risk assessment should dictate policies and procedures tailored to the company’s business lines and effective in mitigating corruption risks. A risk-based program helps set the tone at the top and the firm-wide culture of compliance. Failure to design a risk-based compliance program has been a key factor in decisions by enforcement officials to pursue cases.

THIRD-PARTY DUE DILIGENCE

The bribery of foreign officials in international business transactions frequently involves intermediaries, and U.S. officials have cited inadequate due diligence of intermediaries as a recurring problem. The OECD has provided useful guidance to companies in its Typologies on the Role of Intermediaries in International Business Transactions.13 Intermediaries — consultants, agents, sales representatives, distributors, subadvisers, custodians, joint-venture partner, etc. — can conduct business on a company’s behalf or serve as a conduit for goods and services.

It is critical that companies establish risk-based due-diligence procedures to appraise and mitigate corruption risks posed by intermediaries. Parent-company liability under the FCPA for the actions of subsidiaries and acquired entities further underscores the importance of due diligence and controls. Due diligence depends on the type of intermediary, country of operations, sector, and transaction — for example, greater due diligence is appropriate when selecting an intermediary to obtain a banking, asset-management, or insurance license in a foreign country.

Due diligence may also include investigating potential foreign representatives and joint-venture partners. Background checks should include corporate information, professional and financial references, and relationships with government officials. Companies should also confirm that the intermediary is actually performing the work for which it is being paid and establish a process to evaluate their compliance with anti-corruption rules.

MERGERS AND ACQUISITIONS RISK

Authorities are focused on corruption risks associated with M&A. Companies are liable for criminal activity of acquired companies, and companies may neglect to assess successor liability — particularly if merger-related due diligence has been weak. Anti-corruption controls should include performing rigorous due diligence prior to acquisitions, and strengthening post-acquisition compliance and internal controls. Companies acquiring a corrupt entity should immediately implement a remediation plan. The Justice Department encourages firms to self-report potential violations and document remediation.

INTERNAL AUDIT AND CONTROLS

A strong compliance program is anchored within an effective set of internal controls, and enforcement officials expect companies to test compliance programs and financial firewalls, and have processes covering financial reporting and the preparation of financial statements. The design of the controls should be guided by the company’s operational realities, risk assessment, and potential level of engagement with foreign government officials.

13 http://www.oecd.org/investment/briberyininternationalbusiness/anti-briberyconvention/43879503.pdf

• Agents

• Sales Representatives

• Consultants/Consulting Firms

• Suppliers, Distributors, and Resellers

• Franchisees

• Subcontractors

• Joint-Venture Partners

• Business Partners (lawyers, accountants, etc.)

“WHO IS AN INTERMEDIARY?”

PROMONTORY Sightlines InFocus | JANUARY 14, 2013 | 10

TRAINING

Anti-corruption training must be included in any effective compliance program. General anti-corruption training should be mandatory for all new employees; staff in higher-risk or key control functions should receive specific training, as should those in particular geographies, employees involved in “whistle blower” procedures, sales staff, finance staff, and employees meeting with government officials. Training should also be given, as appropriate, to joint-venture partners, third-party vendors, and intermediaries.

WHISTLE-BLOWER CHANNELS

Firms should establish mechanisms to protect employees and associates that report breaches of law, professional standards, or ethics.

Conclusion

Doing business abroad entails corruption risk for companies of all sizes, and the globalization of enforcement efforts has magnified that risk — 39 countries have now criminalized bribery and have mechanisms for cross-border cooperation under the auspices of the OECD. The FCPA and the UKBA are cross-jurisdictional, and violations can inflict substantial financial and criminal penalties, not to mention irreparable reputational damage. Companies must have an anti-corruption compliance program to protect themselves from individual behavior. While it is impossible to completely eliminate all corruption risks, a strong compliance program incorporating well-established compliance elements will go a long way towards managing the risks in ways that enforcement officials have recognized as protective.

About the Authors

Pierre de Saint Phalle is a managing director at Promontory and advises banks, insurance companies, and asset management groups on governance, compliance risk management, and government regulation.

David Thelander is a managing director at Promontory and advises clients on all aspects of investment management governance, risk management, and compliance oversight.

Rawan Abdelrazek is a senior principal at Promontory and assists clients on a wide range of issues, including strategic matters and regulatory and policy advice.

PROMONTORY Sightlines InFocus | JANUARY 14, 2013 | 11

Appendix I

• ARGENTINA • AUSTRALIA • AUSTRIA • BELGIUM • BRAZIL • BULGARIA • CANADA • CHILE

• CZECH REPUBLIC • DENMARK • ESTONIA • FINLAND • FRANCE • GERMANY • GREECE • HUNGARY

• ICELAND • IRELAND • ISRAEL • ITALY • JAPAN • KOREA • LUXEMBOURG • MEXICO

• NETHERLANDS • NEW ZEALAND • NORWAY • POLAND • PORTUGAL • RUSSIAN FEDERATION • SLOVAK REPUBLIC • SLOVENIA

• SOUTH AFRICA • SPAIN • SWEDEN • SWITZERLAND • TURKEY • UNITED KINGDOM • UNITED STATES

1. SOMALIA2. NORTH KOREA 3. MYANMAR 4. AFGHANISTAN 5. UZBEKISTAN6. TURKMENISTAN7. SUDAN8. IRAQ 9. HAITI10. VENEZUELA11. EQUATORIAL GUINEA

12. BURUNDI13. LIBYA14. DEMOCRATIC REPUBLIC

OF CONGO15. CHAD16. ANGOLA17. YEMEN18. KYRGYZSTAN19. GUINEA20. CAMBODIA

Rankings based on 2011Transparency International Corruption Perceptions Index (CPI)

1. NEW ZEALAND2. DENMARK3. FINLAND 4. SWEDEN5. SINGAPORE*6. NORWAY 7. NETHERLANDS8. AUSTRALIA9. SWITZERLAND10. CANADA

11. LUXEMBOURG 12. HONG KONG*13. ICELAND14. GERMANY15. JAPAN 16. AUSTRIA17. BARBADOS*18. UNITED KINGDOM19. BELGIUM20. IRELAND

Rankings based on 2011Transparency International Corruption Perceptions Index (CPI)

SIGNATORIES TO THE OECD ANTI-BRIBERY CONVENTION

TOP 20 COUNTRIES PERCEIVED TO BE MOST CORRUPT TOP 20 COUNTRIES PERCEIVED TO BE MOST TRANSPARENT

* Countries not signatories to the OECD anti-bribery convention

PROMONTORY Sightlines InFocus | JANUARY 14, 2013 | 12

Promontory is a leading strategy, risk management, and regulatory compliance consulting firm for the financial services industry. Promontory’s professionals have deep and varied expertise gained through decades of experience as senior leaders of regulatory bodies and financial institutions. Promontory assists clients in meeting regulatory requirements and in enhancing governance, risk management, strategic plans, and compliance programs.

Promontory Financial Group, LLC801 17th Street, NW, Suite 1100, Washington, DC 20006 Telephone +1 202 384 1200 Fax +1 202 783 2924 promontory.com

© 2013 Promontory Financial Group, LLC. All Rights Reserved.

Contact Promontory

For more information, please call or email your usual Promontory contact, or one of those listed below:

Pierre de Saint Phalle Managing Director, New York pdesaint@promontory.com +1 212 365 6974

Jeffrey Carmichael Chief Executive Officer, Promontory Financial Group Australasia, LLP, Singapore jcarmichael@promontory.com +65 6410 0900

Ron Gould Managing Director, Hong Kong rgould@promontory.com +852 3975 2901

Stuart King Managing Director, London sking@promontory.com +44 207 997 3402

Adam Shapiro Director, San Francisco ashapiro@promontory.com +1 415 321 6404

David Thelander Managing Director, San Francisco dthelander@promontory.com +1 415 291 2675

To subscribe to Promontory’s publications, please visit promontory.com/subscribe2.aspx