Presenting a live 90‐minute webinar with interactive Q&A
FCPA and UK Bribery Act Risk Assessments Strategies to Identify and Mitigate Corruption Risk and Ensure Compliance
1pm Eastern | 12pm Central | 11am Mountain | 10am Pacific
THURSDAY, JANUARY 6, 2011
Today’s faculty features:
Edward J. Fishman, Partner, K&L Gates, Washington, D.C.
Sam Eastwood, Partner, Norton Rose LLP, London, England, , , , g
John F. Wood, Partner, Hughes Hubbard & Reed, Washington, D.C.
The audio portion of the conference may be accessed via the telephone or by using your computer's speakers. Please refer to the instructions emailed to registrants for additional information. If you have any questions, please contact Customer Service at 1-800-926-7926 ext. 10.
Continuing Education Credits FOR LIVE EVENT ONLY
For CLE purposes, please let us know how many people are listening at your location by completing each of the following steps:
• Close the notification box
• In the chat box, type (1) your company name and (2) the number of attendees at your location
• Click the blue icon beside the box to send
Tips for Optimal Quality
S d Q litSound QualityIf you are listening via your computer speakers, please note that the quality of your sound will vary depending on the speed and quality of your internet connection.
If the sound quality is not satisfactory and you are listening via your computer speakers, you may listen via the phone: dial 1-866-258-2056 and enter your PIN when prompted Otherwise please send us a chat or e mail when prompted. Otherwise, please send us a chat or e-mail [email protected] immediately so we can address the problem.
If you dialed in and have any difficulties during the call, press *0 for assistance.
Viewing QualityTo maximize your screen, press the F11 key on your keyboard. To exit full screen, press the F11 key againpress the F11 key again.
IMPORTANCE OF ANTI-CORRUPTION RISK ANTI CORRUPTION RISK
ASSESSMENTS
Ed FishmanPrepared for: Ed FishmanK&L GATES LLP
1601 K Street, NWWashington, DC 20006-1600
(202) 778-9456ed fishman@klgates com
Prepared for:Strafford CLE Webinar/TeleconferenceRisk Assessments for FCPA and UK Bribery Act ComplianceJanuary 6, 2011
4
[email protected]©2009 K&L GATES LLP
All Rights Reserved
Overview of Regulatory Environment
DOJ/SEC Focus on Enforcement of the U.S. Foreign Corrupt Practices Act (“FCPA”)
Enactment of 2010 UK Bribery Act Dodd-Frank Wall Street Reform and Consumer
Protection Act Local Anti-Corruption Law Enforcement in Africa,
Asia and Around the WorldAsia and Around the World
5
Brief Overview of FCPA Anti-Bribery Provision
Anti-bribery provision:
Prohibits the payment offer or authorization to pay Prohibits the payment, offer or authorization to pay money or “anything of value” to any “foreign official” for purposes of influencing any act or decision of such f i ffi i l i d b i i b iforeign official in order to obtain or retain business
Prohibits the payment, offer or authorization to pay “anything of value” to a third party while “knowing” anything of value to a third party while knowing that all or a portion will be offered or given to a “foreign official” for unauthorized purposes
6
Brief Overview of FCPA Anti-Bribery Provision
DOJ/SEC have interpreted the definition of a “foreign official” under the FCPA very broadly
The concept of “anything of value” includes travel gifts The concept of anything of value includes travel, gifts, favors and other non-monetary benefits
The “business nexus” requirement is an extremely low hurdle for the enforcement authorities to overcomefor the enforcement authorities to overcome
The risk of liability based on third-party conduct can be based on “willful blindness” of red flags or awareness that a violation is “highly probable”is highly probable
The “facilitating payment” and other defenses/exceptions have been interpreted very narrowly by U.S. enforcement authorities
7
authorities
Brief Overview of FCPA Accounting Provisions
Maintain Books, Records and Accounts that, in Reasonable Detail, Accurately Reflect Transactions and the Disposition of AssetsAssets
Maintain a System of Internal Accounting Controls Sufficient to Provide Reasonable Assurance That: Transactions Executed as Authorized Transactions Recorded to Permit Preparation of GAAP
Statements and to Maintain Accountability for Assets Access to Assets Is Restricted Assets Are Examined Periodically
8
Potential Penalties for Violating the FCPA
Individuals face up to 5 years imprisonment and a $250,000 criminal fine per violationC i f t $2 illi i i i l fi i l ti Companies face up to $2 million in criminal fines per violation or alternative fines equal to twice the amount of total profit
Companies also face civil penalties including injunctions against future violations, civil monetary penalties and serious collateral consequences (e.g., debarment, deferred or non-prosecution agreements, corporate monitors, disgorgement p g p g gof profits, reputational damage and third party litigation risk)
9
U.S. Sentencing Guidelines
Sec. 8B.2.1. Effective Compliance and Ethics Program The organization shall take reasonable steps to
“evaluate periodically the effectiveness of the organization’s compliance and ethics program”organization s compliance and ethics program
The organization shall “periodically assess” the risk that criminal conduct will occur and shall take appropriate steps to design, implement and modify [compliance program] elements to reduce the risk of criminal conduct
10
criminal conduct
DOJ Settlement Obligation
From Deferred Prosecution Agreement with Panalpina World Transport (Holding) Ltd. “Panalpina will conduct periodic review and testing of its
anti-corruption compliance code, standards and procedures designed to evaluate and improve their procedures designed to evaluate and improve their effectiveness in preventing and detecting violations of anti-corruption laws and Panalpina’s anti-corruption code standards and procedures taking into account code, standards and procedures, taking into account relevant developments in the field and evolving international and industry standards.”
11
Dodd-Frank Whistleblower Provision
The statute provides significant monetary incentives for whistleblowers that report violations of the securities laws to the SEC before the company self reportsthe SEC before the company self-reports SEC proposed rule issued November 3rd and public comments
received by December 17th
C t h th D dd F k i i ill id Controversy over whether Dodd-Frank provision will provide disincentive to report issues through compliance program
Anti-corruption risk assessments will become more important in light of the whistleblower provision because they will decrease the risk of violations that whistleblowers can report if conducted properly
12
SOX Implications
SOX 404-based internal control programs historically have not addressed FCPA-specific issues
Auditing firms have started to increase their focus on FCPA specific risks including delegation of on FCPA-specific risks, including delegation of authority limits, segregation of duty requirements, vendor and third party agent approval processes, p y g pp p ,disbursement approval processes and ongoing testing and monitoring of compliance programs
13
QUESTIONS?
Contact:
Ed FishmanK&L Gates LLP1601 K Street N.W.Washington, D.C. 20006(202)778 9456 (di t)(202)778-9456 (direct)[email protected]
14
FINANCIAL INSTITUTIONS ENERGY INFRASTRUCTURE AND COMMODITIES TRANSPORT TECHNOLOGYFINANCIAL INSTITUTIONS ENERGY INFRASTRUCTURE AND COMMODITIES TRANSPORT TECHNOLOGY
UK BRIBERY ACT ANDRISK ASSESMENTS
UK BRIBERY ACT ANDRISK ASSESMENTS
Sam EastwoodNorton Rose LLP
Sam EastwoodNorton Rose LLP
Prepared for:Strafford CLE Webinar/TeleconferenceRisk Assessments for FCPA and UK Bribery Act Compliance
Prepared for:Strafford CLE Webinar/TeleconferenceRisk Assessments for FCPA and UK Bribery Act Compliance
Norton Rose LLP3 More London Riverside
LondonSE1 2AQ
(0)207 4442694
Norton Rose LLP3 More London Riverside
LondonSE1 2AQ
(0)207 4442694ComplianceJanuary 6, 2001ComplianceJanuary 6, 2001
(0)207 [email protected]
(0)207 [email protected]
Key Features of the UK Bribery Act
• The new UK Bribery Act comes into force in April 2011
• Guidance – SFO 2009 paper “ Approach of the Serious Fraud Office
to dealing with overseas corruptionto dealing with overseas corruption– MOJ Guidance on “Adequate Procedures”– MOJ circular on Bribery Act
J i t L l G id f P t– Joint Legal Guidance for Prosecutors
16
Key Features of the UK Bribery Act
• The general bribery offences– Someone offers, promises or gives another, or– requests, agrees to receive or acceptsq g p– a financial or other advantage in connection with a person
performing a function improperlyNote: Improper performance is the breach of an expectationNote: Improper performance is the breach of an expectation
that the function will be performed in good faith, impartially or as a result of a position of trust. No corrupt intent required.p qThe offences extend to “private bribery”
17
Key Features of the UK Bribery Act
• Bribing a foreign public official– Someone pays or offers an advantage to a FPO– with the intention of influencing the FPO– in order to retain or obtain a business advantage– When such payment / advantage is not permitted orWhen such payment / advantage is not permitted or
required by written lawNote: No need for improper performance of function
18
Key Features of the UK Bribery Act• Facilitation Payments
N t itt d ( t t FCPA ti )– Not permitted (contrary to FCPA exception)– Written law is relevant, not local custom
• Failure of commercial organisations to prevent bribery– Corporate entity commits an offence if it, or anyone associated
with it, bribes another person in order to retain or obtain a business , padvantage.
– Associated person is widely defined: includes anyone who performs services for or on behalf of the companyp p y
– This could be employees, agents, brokers, subsidiaries, JV entities, JV partners
– Strict liability offence Only defence is that the company hasStrict liability offence. Only defence is that the company has adequate procedures in place to prevent bribery
19
Key Features of the UK Bribery Act
• Extra-Territoriality– General and FPO bribery offences: if any part of the
offence is committed in the UK OR if committed overseas by a person with a close connection to the UK
– Corporate bribery offence: it is irrelevant where the acts/omissions which form part of the offence take place. Applies globally to companies who carry on any part of their business in the UK
– UK branches– Companies with UK securities listings?– Companies with UK agents/distributors?p g
20
Key Features of the UK Bribery Act• Senior Officers can be prosecutedSenior Officers can be prosecuted– Applies where a general or FPO bribery offence has been
committedwith the consent or connivance of a senior officer– with the consent or connivance of a senior officer (director, manager, company secretary)
– The senior officer is then deemed to have committed the same offencesame offence
• Prosecutorial discretion – Key– Guidance expected early 2011
21
Key Features of the UK Bribery ActAdequate Procedures: “Six principles”
1. Risk 6. Monitoring d Assessmentand
Review
Six Principles
2. Top Level Commitment
5. Effective Implementation
3. Due Diligence
4. Clear Policies & Procedures
22
Goals of Risk AssessmentRisk Assessment (Per MOJ Guidance)
“The commercial organisation [must] regularly and comprehensively [assess] the nature and extent of p y [ ]the risks relating to bribery to which it is exposed”
– A tailored approach– Focus on:
Internal risk• Internal risk • Country risk• Partnership riskPartnership risk
– Ongoing responsibility 23
Goals of Risk Assessment
Identify ongoing risk
Assess identified risk – severity and likelihood
Pragmatic and cost effective approach
Risk Mitigation a risk assessment should inform (1)Risk Mitigation – a risk assessment should inform (1) the development, implementation and maintenance of effective anti-bribery policies and procedures (2) remedial steps.
24
FINANCIAL INSTITUTIONS ENERGY INFRASTRUCTURE AND COMMODITIES TRANSPORT TECHNOLOGYFINANCIAL INSTITUTIONS ENERGY INFRASTRUCTURE AND COMMODITIES TRANSPORT TECHNOLOGY
25
II. CONDUCTING THE RISK ASSESSMENT
John F. WoodJohn F. WoodHughes Hubbard & Reed LLPOffice: (202) 721-4720Email: [email protected]
U.K. Ministry of Justice Consultationy J
• The U.K. Ministry of Justice defines a “Risk y JAssessment” as follows: “this is about knowing and keeping up to date with the bribery risks you face in your sector and market ”your sector and market.
• “What constitutes adequate risk assessment procedures will vary enormously depending on the procedures will vary enormously depending on the size of an organisation, its activities, its customers and the markets in which it operates . . . .”
U.K. Ministry of Justice: CONSULTATION ON GUIDANCE ABOUT COMMERCIALORGANIZATIONS PREVENTING BRIBERY (Section 9 of the Bribery Act 2010)
27
U.S. Sentencing Guidelines Ch t 8Chapter 8
• An organization shall “[a]ssess periodically the risk g [ ] p ythat criminal conduct will occur.” Application Note 7.
• “[T]he individual(s) with day-to-day operational [ ] ( ) y y presponsibility for the program typically should, no less than annually, give [the Board of Directors] or a subgroup thereof information on the implementation subgroup thereof information on the implementation and effectiveness of the compliance and ethics program.” Application Note 3.
28
Who Conducts a Risk Assessment?
Internal compliance personnel
Who Conducts a Risk Assessment?
Internal compliance personnel
Auditors
Outside counsel/compliance experts
29
Establishing Scope
Before conducting an assessment, the company
Establishing Scope
g , p ymust decide which activities, relationships, or areas should be assessed
Companies must always look to areas where they have encountered problems in the past
30
Establishing Work Plan
• An effective risk assessment should include,
Establishing Work Plan
An effective risk assessment should include, but not be limited to:
Review of written policies and proceduresReview of written policies and procedures
Review of policy communication
Identifying ongoing risk
31
Identifying Ongoing RiskIdentification of risks includes, but is not limited to,
considering:1. The nature of the industry 5. Other interactions with y
2. Locations in which the company has operations,
government officials (e.g., regulatory approvals, licensing, customs)p y p
sales, or other activities
3. Corporate history
g )
6. Use of third parties (e.g.,agents, distributors, joint ventures)
4. Nature of customers (e.g., government-owned or controlled)
ventures)
7. Mergers & Acquisitions activitycontrolled) y
8. Books & Records
32
Assessing Identified Risks
Evaluate relevant risks of particular activities or
Assessing Identified Risks
Evaluate relevant risks of particular activities or relationships (e.g., hiring of a particular agent)
Use risk criteria to categorize activity (e.g., Use risk criteria to categorize activity (e.g.,descriptively or numerically)
The evaluation of risks will help you determine what p yadditional compliance steps are necessary
The amount of resources devoted to compliance for peach task or relationship will depend on its risk category
33
Tailoring Risk Assessment Criteria
• Source of agent • Qualifications of the agent
gEXAMPLE: USE OF AGENT
• Location of agent’s activities
• Nature of ownership
• Frequency and nature of interactions with
• Payment location and method
k b f d binteractions with government officials
Wh C i d
• Tasks to be performed by agent
• When Company retained agent
• Amount and structure of payments
34
How to Handle the Results
Considerations:
How to Handle the Results
Considerations:
1. Attorney-client privilege
2. Disclosure within company
3. Scoping of separate investigations
35
STRATEGIES TO OVERCOME STRATEGIES TO OVERCOME CHALLENGES IN CONDUCTING
CO O SANTI-CORRUPTION RISK ASSESSMENTS
Ed FishmanPrepared for: Ed FishmanK&L GATES LLP
1601 K Street, NWWashington, DC 20006-1600
(202) 778-9456ed fishman@klgates com
Prepared for:Strafford CLE Webinar/TeleconferenceRisk Assessments for FCPA and UK Bribery Act ComplianceJanuary 6, 2011
36
[email protected]©2009 K&L GATES LLP
All Rights Reserved
Alignment of Scope and Risk
Any business with overseas operations will face significant risks under the FCPA
Companies subject to the UK Bribery Act must also mitigate the risk of commercial bribery
The extensive use of third party agents increases the risk profile significantly
The threshold consideration before commencing an The threshold consideration before commencing an anti-corruption risk assessment is the proper alignment of scope and risk
37
g p
High-Level Anti-Corruption Risk Assessment
Objective: to conduct an effective review of the most significant anti-corruption risks faced by the significant anti corruption risks faced by the organization (from both a severity and likelihood perspective) in a cost effective and timely manner
Methodology: can use both formal and informal methods of assessing risk, as long as the methods reasonably relate to the risks faced by the y yorganization
38
Common Scoping Challenges
The initial scope of the risk assessment needs to be well-defined at the outset to avoid “scope creep”Th k l h ld i l d l d i ti f bj ti The workplan should include a clear description of objectives, responsibilities and expected deliverables
Many organizations will adopt a phased approach to risk assessments, focusing initially on the highest risk countries or business operations (e.g. those sectors of the business that rely heavily on third party agents in high-risk jurisdictions)y y p y g g j )
The risk assessment can be modified/refined in later phases to account for new or emerging risks that are identified during the process
39
the process
Overcoming Resource Challenges
Comprehensive anti-corruption risk assessments in a multinational company can be very expensiveG ff Goal should be to conduct an effective and thorough risk assessment in a cost-effective manner
Strategies for conducting a cost-effective risk Strategies for conducting a cost effective risk assessment include using the right combination of internal and external resources (depending on competencies) developing a reasonable budget in competencies), developing a reasonable budget in connection with the initial workplan, and maintaining reasonable expectations and objectives
40
Importance of Internal/External Cooperation
High-level management support is critical for conducting an effective risk assessment
Management needs to appreciate the potential risks of Management needs to appreciate the potential risks of criminal conduct and the importance of periodically assessing those risks
An anti-corruption risk assessment will have ancillary An anti-corruption risk assessment will have ancillary compliance benefits (e.g. may shed additional light on permanent establishment/tax issues, customs practices, and sufficiency of financial controls)y )
The cooperation of third-party agents (and support from internal business people that interface with those agents) is a key factor in ensuring effectiveness of the risk assessment
41
y g
Possible Restrictions on Access
EU privacy law restrictions may complicate efforts to review e-mails and engage in risk-based transaction testing without consent of data recipientsconsent of data recipients
Failure of internal business people or third parties to cooperate in providing access to information will complicate ffefforts With respect to internal personnel, clearly explain objectives of
the risk assessment and their obligation to cooperate With respect to third parties, ensure that any contractual audit
rights are invoked and use any leverage from a commercial perspective
42
Dealing with the Results of a Risk Assessment
To the extent that any problematic practices are discovered as a result of the risk assessment, a separate internal investigation of those practices may be necessaryp y y This needs to be handled carefully in light of
the whistleblower incentive provisions The conduct should be examined even before
the risk assessment is completed
43
Dealing with the Results of a Risk Assessment
Another possible outcome of the risk assessment is the identification of various potential internal control weaknesses that the organization should remediate upon completion of the assessment The failure to act upon any of these internal control The failure to act upon any of these internal control
problems defeats the purpose of the risk assessment Prior to beginning the risk assessment, there needs g g ,
to be senior management support for remediating any internal control issues during the process
44
C t t I f tiContact Information
Ed FishmanK&L Gates LLP
John F. WoodHughes Hubbard & Reed LLP
Sam EastwoodNorton Rose LLPK&L Gates LLP
(202)[email protected]
Hughes Hubbard & Reed LLP(202) [email protected]
Norton Rose LLP(0)207 [email protected]