compliance due diligence: mergers & acquisitions and third ...€¦ · 9/20/2013 1 louis perold...
TRANSCRIPT
9/20/2013
1
LOUIS PEROLD
COMPLIANCE MANAGER, SASOL LTD.
KRISTA MUSZAK
SENIOR COMPLIANCE ANALYST, PAYCHEX, INC.
2013 Compliance and Ethics Institute 1
Compliance Due Diligence In
Multi-National Transactions:
Mergers & Acquisitions
and Third Parties
TODAY’S AGENDA
• Overview of Compliance program due diligence
• Risks found in Mergers & Acquisitions and Third
Parties
• Assessing a due diligence program
• Emerging Markets
• Enforcement programs for anti-corruption and anti-
bribery.
2013 Compliance and Ethics Institute 2
9/20/2013
2
OVERVIEW
What is compliance program due diligence
• It is the process of reviewing the adequacy and effectiveness of a
company’s compliance program to detect and mitigate the regulatory
risks applicable to the areas of operations such as health & safety,
environment, tax, human resources, sales & marketing etc..
Purpose of compliance program due diligence
• To determine if the target company has an adequate compliance
program, according to the SEC guidelines, to prevent violations. This
provides substantial protection against government enforcement
action.
Benefit
• If an effective and robust compliance program is found to be in place
it can be used as a defense in case of government prosecution.
2013 Compliance and Ethics Institute 3
RISKS
What are the risk areas?
• Industry specific risks
• Specific regulatory requirements for different industries, i.e.
energy, food & drugs, transport, financial services, medical
devices
• General risks
• Anti corruption, anti trust
2013 Compliance and Ethics Institute 4
9/20/2013
3
COMPLIANCE PROGRAM RISK INVENTORY
• Accounting Fraud/Earnings
management
• Antitrust/competition law
• Confidential information
• Conflicts of interest
• Consumer protection
• Document
Management/Retention
• Employment/Labor
• Environmental
• Government Contracting
• Harassment
• Intellectual property
2013 Compliance and Ethics Institute 5
o Money Laundering
o Political
contributions/bribery/lobbying
o Privacy
o Product/service safety
o Purchasing
o Securities
o Taxes
o Wages
o Workplace safety and health
o Workplace violence and security
ASSESSING A
PROGRAM
5 Step process:
1. Establish points of contact
2. Collect relevant documents
3. Review the Compliance and Ethics Mission and Goals
4. Review the 7 Elements of an Effective compliance Program
• Oversight and operational structure of the program
• Policies and Procedures/Code of Conduct
• Education, Training and communication
• Monitoring and auditing
• Reporting
• Response to detected violations
• Enforcement Practices/Disciplinary Action
5. Review the periodic evaluation of the program’s effectiveness
2013 Compliance and Ethics Institute 6
9/20/2013
4
ASSESSING A
PROGRAM CONT.
Review the 7 Elements of an Effective compliance Program
1. Oversight and operational structure of the program
• Role of the Board
• Compliance Officer/Committee
• Reporting & Access
• Program Personnel
• Budget/Resources
2013 Compliance and Ethics Institute 7
ASSESSING A
PROGRAM CONT.
Review the 7 Elements of an Effective compliance Program
2. Policies and Procedures/Code of Conduct
• Identify industry practices & standards and laws & regulations
• Policies & procedures developed accordingly
• Review cycles
• Distributed
• Enforced
2013 Compliance and Ethics Institute 8
9/20/2013
5
ASSESSING A
PROGRAM CONT.
Review the 7 Elements of an Effective compliance Program
3. Education, Training and communication
• Training process: Formal & Informal
• Plan & schedules
• Material developed – fit for purpose
• Delivery channels
2013 Compliance and Ethics Institute 9
ASSESSING A
PROGRAM CONT.
Review the 7 Elements of an Effective compliance Program
4. Monitoring and auditing
• Audit plan & methodology – risk based
• Audit frequency
• Independence
2013 Compliance and Ethics Institute 10
9/20/2013
6
ASSESSING A
PROGRAM CONT.
Review the 7 Elements of an Effective compliance Program
5. Reporting
• System for reporting – anonymous
• Non-retaliation policy
• Investigations
• Record keeping
2013 Compliance and Ethics Institute 11
ASSESSING A
PROGRAM CONT.
Review the 7 Elements of an Effective compliance Program
6. Response to detected violations
• Response process to detected violations
• Disclosures procedures
• Corrective action plans to prevent recurrences
• Obtain history of violations, actions taken and auditing results
2013 Compliance and Ethics Institute 12
9/20/2013
7
ASSESSING A
PROGRAM CONT.
Review the 7 Elements of an Effective compliance Program
7. Enforcement Practices/Disciplinary Action
• Disciplinary and termination practices
• Distributed and understood
2013 Compliance and Ethics Institute 13
ASSESSING A
PROGRAM CONT.
Red flags
• Ineffective compliance program elements
• Company in financial difficulty
• Frequent breached of policies and procedures
• Inactive compliance and ethics committee
• No access to the board
• No regular reports to the board
• CCO not allowed direct access to the CEO
• Lack of independence
• Frequent requests to waive policies
• No consistent consequence management for violations
2013 Compliance and Ethics Institute 14
9/20/2013
8
RISK DETERMINATION
2013 Compliance and Ethics Institute 15
Company Name
Company's Industry Jurisdiction Total Annual Revenue USD
Aerospace Africa Less than $ 500 million
Agriculture/Livestock Asia Pacific $ 500 - $900 million
Automobile Australia $ 1 - $1.9 billion
Banking Canada $2 - $2.9 billion
Business Services Europe Middle East $3 - $3.9 billion
Chemicals United Kingdom $4 - $4.9 billion
Electronics United States $5 - $9.9 billion
Computer Software/Internet $10 - $25 billion
Construction More that $25 billion
Consumer Product Goods
Defense/Military
Distribution/Wholesale
Education
Energy
Engineering
Entertainment
Financial Services
Food beverages and Tabaco
Government/Public Sector
Health Care/Health Insurance
Hospitality
Insurance
IT Services
Manufacturing
Media, Publishing and Communications
Metals/Mining
Pharmaceuticals/Biotech
Real Estate
Retail
Telecommunications
Transportation and Logistics
Utilities
Other
RANKING YOUR
PROGRAM
7 Elements of an Effective Compliance Program
Principles Description Level 1 Level 2 Level 3 Level 4 Level 5
1 Compliance oversight and operational structure of the program
2 Standards, Policies and Procedures/Code of Conduct
3 Compliance Risk management
4 Education, Training and communication
5 Monitoring and auditing
6 Reporting
7 Response to detected violations
8 Enforcement Practices/Disciplinary Action
2013 Compliance and Ethics Institute 16
9/20/2013
9
RANKING YOUR
PROGRAM
Level 1- Absent
There is no commitment to compliance illustrated by no dedicated resources, no
formal compliance policy and the absence of a compliance program.
Level 2- Reactive
There is commitment to address compliance issues when major breaches arise.
Level 3- Foundation
There is commitment to address compliance issues when major breaches arise.
There is no formal compliance program but policies and monitoring activities are put
in place to prevent the reoccurrence of major breaches.
Level 4- Proactive
There is a commitment to have a strong compliance program in place with dedicated
resources and a clear assessment of all risk areas. The program encompasses on-
going monitoring and measurement as well as proactive and preventative elements.
Level 5- Embedded
The compliance program pervades the organization in every respect: strategically,
culturally and operationally. Every staff member is aware of and takes appropriate
responsibility for the effective implementation of the compliance program and its
ongoing improvement.
2013 Compliance and Ethics Institute 17
RISK CASE STUDY:
HALLIBURTON
DOJ Opinion Procedure Release 08-02
• Privacy regulations
• Warranties
• Price
2013 Compliance and Ethics Institute 18
9/20/2013
10
COMPLIANCE PROGRAM
STANDARDS AROUND
THE GLOBE
2013 Compliance and Ethics Institute 19
COMPLIANCE PROGRAM
STANDARDS AROUND THE
GLOBE
• Australasian Compliance Institute: ISO 31000 standards
• Compliance Institute of Southern Africa: Generally
Accepted Compliance Practice framework
• Applying and difference to the US Sentencing Guidelines
2013 Compliance and Ethics Institute 20
9/20/2013
11
COMPLIANCE PROGRAM
STANDARDS AROUND
THE GLOBE
2013 Compliance and Ethics Institute 21
Sentencing Guidelines: 7
Principles – USA
Generally Accepted Compliance
Practice framework – Southern
Africa
1. Compliance Oversight 1. Governance
2. Responsibility of Management,
3. Establishment of a compliance
Function,
4. Status,
5. Independence
COMPLIANCE PROGRAM STANDARDS
AROUND THE GLOBE
2013 Compliance and Ethics Institute 22
Sentencing Guidelines 7
Principles – USA
Generally Accepted Compliance
Practice framework – Southern
Africa
2. Standards and Procedures
3. Education and Training
4. Auditing and Monitoring
5. Reporting
6. Enforcement and Discipline
7. Response and Prevention
6. Compliance Policy Statement,
7. Compliance Function’s Role &
responsibility: • Identify and assess compliance
obligations
• Policies, procedures and controls
• Adequacy and effectiveness
monitoring
• Report to management and
regulators
• Communication, advice, guidance
and training
• Record keeping
9/20/2013
12
DUE DILIGENCE AND
MERGERS & ACQUISITIONS
Case Study & Discussion
2013 Compliance and Ethics Institute 23
THIRD PARTY
ASSESSMENTS
2013 Compliance and Ethics Institute 24
Anti-corruption Assessment Plan of a Third Party
What is your risk profile in the region?
What is the third party's risk profile?
Is a third party truly necessary to conduct/facilitate your business?
Are they multi-tiered? (sub-suppliers?)
Are the suppliers local or at the corporate level?
What are their credentials/expertise?
What are their established relationships that can help or hurt your business?
What are their policies and procedures? Are they inline with yours?
Are there any violations against the third party?
Are there any violations against the principal agents/owners of the third party ?
How long is this relationship going to last?
9/20/2013
13
THIRD PARTY
ASSESSMENTS
Due Diligence Implementation plan for a Third Party
Assign designee to facilitate implementation
Create contract in precise language; include expectations of business relationship
Educate third party in your business acumen
Account for travel to facilitate implementation
Ensure policies are written in clear, easy to follow language
Address specific risk profile vulnerabilities
Develop a plan to address any violations.
2013 Compliance and Ethics Institute 25
COMMON THIRD
PARTY RED FLAGS
To assist companies in understanding third party risk, DOJ and SEC identify these common red flags in the Guide:
• excessive commissions to third-party agents or consultants;
• unreasonably large discounts to third-party distributors;
• vaguely described services" within third-party consulting agreements;
• the third party’s line of business differs from that for which it has been engaged;
• the third party is related to or closely associated with the foreign official;
• a foreign official initiated or requested the third party’s involvement;
• the third party is a shell company incorporated in an offshore jurisdiction;
• the third party requests payment to offshore bank accounts.
2013 Compliance and Ethics Institute 26
9/20/2013
14
DUE DILIGENCE AND
THIRD PARTIES
Case Study & Discussion
2013 Compliance and Ethics Institute 27
EMERGING MARKET RISKS
• Immature legislation
• Enforcement
• Culture
• Interaction between regulators
2013 Compliance and Ethics Institute 28
9/20/2013
15
DOJ/SEC
ENFORCEMENT
Benchmark your methods against these trends
• What is the bribery risk for your business?
• What is the commitment from the top?
• How robust is your due diligence program?
• Do you provide a consistent message within the Policies,
Procedures and Training?
• Do you have a strong Implementation, Monitoring and Review
process in place to safeguard your business?
2013 Compliance and Ethics Institute 29
ENFORCEMENT
ABROAD
• UK Bribery Act of 2010
• United Nations Convention Against Corruption
• Organisation for Economic Cooperation and
Development (OECD)
2013 Compliance and Ethics Institute 30
9/20/2013
16
CASES &
LESSONS LEARNED
• SEC v. Christopher Black
• Titan Communications
• Alcoa/Alumina
• Tyco fraud case
• Morgan Stanley and Peterson
2013 Compliance and Ethics Institute 31
Discovery
Resolution
Responsibility
Corrective Action
CASES &
LESSONS LEARNED
2013 Compliance and Ethics Institute 32
Titan Corporation
An early FCPA enforcement action
DOJ emphasized lack of internal controls: Apart from ABAC policy Titan had no compliance programme i.e. no due diligence, training, on-going monitoring
At the time, 2005, the $28.5 million in penalties were largest ever imposed on a corporate in terms of the FCPA
Alcoa
Corrupt payments to officials at state-owned Alba (Aluminium Bahrain B.S.C.) in exchange for raw material supply contracts
Possible FCPA settlements with the DOJ and SEC for alleged bribes to officials of Bahrain's Alba could amount to more than $300 million in 2013
In 2011, Victor Dahdaleh, who had acted as Alcoa's agent in Bahrain, was arrested in London, where he lives. He was charged under U.K. law with bribing officials at Alba.
Last year, Bruce Allan Hall, an Australian who served as CEO of Alba, was charged in London with taking bribes. Hall was extradited from Australia after his arrest there in 2010.
Inadequate internal controls.
9/20/2013
17
CASES &
LESSONS LEARNED
2013 Compliance and Ethics Institute 33
Tyco (Fraud case)
Crackdown on corporate corruption case
SEC filed civil fraud cases against 3 former top executives, including the CEO and CFO
Failed to disclose multi-million dollar low interest and interest-free loans taken from company as required by federal securities laws
Former Tyco CEO Dennis Kozlowski and ex-CFO Mark Swartz were found guilty of stealing hundreds of millions of dollars from the manufacturing conglomerate
After the verdicts were read in court, Dennis Kozlowski's face was scarlet red and his daughter buried her face in her hands, according to an eyewitness. Swartz' wife appeared to be in shock and Kozlowski's wife was crying.
The trial of Kozlowski and Swartz was solely about the improper use of company funds, in other words, greed.
The 66-year-old Kozlowski and former Tyco International Ltd. chief financial officer Mark Swartz were convicted in 2005 of fraud and larceny and sentenced to 8 1/3 to 25 years in prison.
Kozlowski was denied parole in April 2012 on his sentence in a $100 million fraud case. He challenged the decision and a mid-level appeals court ruled Tuesday that the state parole board acted properly.
CASES &
LESSONS LEARNED
2013 Compliance and Ethics Institute 34
SEC vs Christopher Black
CFO and senior vice president of American Commercial Lines Inc.
According to the SEC, Office Depot, and its then CEO and CFO, selectively signalled to analysts and institutional investors that the company would not meet analysts’ earnings estimates for the second quarter of 2007
Caused violation of section 13(a) of Exchange Act due to selective disclosures made agreed to pay penalties of $50,000.
Significantly, in each of these actions, the SEC noted that Office Depot, the company involved, did not have written policies or procedures concerning Regulation FD and had not conducted any formal training in this area.
Morgan Stanley & Peterson
Peterson conspired with others to circumvent Morgan Stanley’s internal controls in order effect bribe payments
DOJ declined to prosecute Morgan Stanley due to adequate controls implemented to prevent bribery
Controls were related to training, compliance notifications, counterparty due diligence and on going testing and monitoring of the control environment
Adequate compliance programme was a defence against DOJ enforcement
Peterson imprisoned for 9 months
9/20/2013
18
THANK YOU!
Louis Perold [email protected]
za.linkedin.com/pub/louis-perold/28/663/3a2/
Krista Muszak [email protected]
http://www.linkedin.com/pub/krista-muszak/5a/9a0/495
Disclaimer:
This presentation provides general information and is not
legal advice and should not be used or taken as legal advice
for specific situations. You should consult with legal counsel
before taking any action or making any decisions concerning
the matters in this presentation.
2013 Compliance and Ethics Institute 3
5