fcpa - oregon state bar 2013 materials.pdf · the importance of due diligence in compliance...

FCPA:RECENT DEVELOPMENTS AND

COMPLIANCE RECOMMENDATIONS

A Presentation to the Securities RegulationSection of the Oregon State Bar

June 19, 2013

1

Jamie S. Kilberg

Presentation Roadmap

Topics Covered

Recent FCPA Issues

FCPA and U.K. Bribery Act Overview

DOJ / SEC Resource Guide

Hallmarks of Effective Compliance Programs

Recent FCPA Issues

2

The Importance of Due Diligence in Compliance Programs

Prohibits bribery of foreign government officials by:

• Issuers registered on U.S. exchanges

• All other U.S. companiesCompanies

Foreign Corrupt Practices ActAnti-Bribery Overview

• All other U.S. companies

• Foreign companies acting while in U.S.

• U.S. citizens, nationals, and residents

• Officers, directors, employees, agentsof issuers and U.S. companies

• Any person acting in the U.S.

Individuals

3

Passed in 1977

Foreign Corrupt Practices ActAnti-Bribery Overview

More cases and investigations brought in the last 5years than first 30 years

• “We are in a new era of FCPAenforcement; and we are here tostay.” (Lanny Breuer, 11/16/2010)

• “We are not going away—indeed,our efforts to fight foreign briberyare more robust than ever” (MythiliRaman, 6/18/2013)

Not going away

4

years than first 30 years

Rise of the FCPA

40

50

60

70

80

3833

40

74

48

0

10

20

30

40

2004 2005 2006 2007 2008 2009 2010 2011 2012

5

1215

33

23

Source: Gibson Dunn & Crutcher 2012 Year-End FCPA Update

U.K. Bribery Act of 2010

Like FCPA, prohibits bribery of foreign officials

• Applies to any entity which carries on a business orpart of a business in the UK and whose employee

New corporate offense of failure to prevent bribery

6

part of a business in the UK and whose employeeor agent engages in bribery anywhere in the world

• Bribe can be wholly unconnected to UK activity

• Defense: Adequate procedures to prevent bribery

Largely untested so far

Recent FCPA Issues

DOJ trial failures

Who is a “foreign official”?

Liability of parent for conduct of subsidiaryLiability of parent for conduct of subsidiary

7

SEC use of DPAs/NPAs


No new revelations or bright-line tests

Excellent resource: puts DOJ/SEC’s interpretations andenforcement positions in one place

Issued November 2012, about a year after announced

Uses hypotheticals and examples

enforcement positions in one place

Cites cases, statutes, prior charging instruments

One very useful portion: Ten Hallmarks of EffectiveCompliance Programs

8


1. Commitment from senior management and clearlyarticulated policy

2. Code of conduct/compliance policy and procedures

3. Oversight, autonomy, and resources

4. Risk assessment

Ten Hallmarks of Effective Compliance

9

4. Risk assessment

5. Training and continuing advice

6. Incentives and disciplinary measures

7. Third-party due diligence

8. Confidential reporting and internal investigations

9. Periodic testing and review

10. Pre-merger due diligence/post-merger integration

• Strong, explicit commitment from management tointernal controls and compliance programs


1. Top-Level Commitment

Hallmarks of Effective Compliance

internal controls and compliance programs

• Acknowledgment that compliance is duty ofindividuals at all levels of the company

• Communication of consequences for violating policies

• Personal involvement in developing conduct code

• Refusal to do business with business partners who donot commit to compliance

10

• Clear, written prohibition of all forms of bribery

• Guidance on gifts, hospitality, entertainment, travel,


2. Code of Conduct/Compliance Policies and Procedures


• Guidance on gifts, hospitality, entertainment, travel,political/charitable contributions, facilitating payments

• Procedures for confidential, internal reporting ofsolicitation, acts of bribery, and violations of policies

• Clear disciplinary procedures to address violations

• Procedures for annually updating policy

• Tailored to industry and geographic risks

11

• Assign oversight and implementation to specificsenior executive


3. Oversight, Autonomy, and Resources


senior executive

• Must have authority, autonomy from management(including direct access to governing authority), andsufficient resources

• Reporting structure will depend on size andcomplexity of the company

12


• “One-size-fits-all compliance programs are generallyill-conceived and ineffective”

4. Risk Assessment


ill-conceived and ineffective”

• Regular, comprehensive, and ongoing assessmentof nature and extent of risks relating to bribery

• Include internal risk factors (deficiencies incorporate policy, controls, communication, training)

• Include external risk factors (countries wherebusiness conducted, vulnerable transactions,location and association of business partners)

13

• Ensure policies and procedures communicatedthroughout organization


5. Training and Continuing Advice


throughout organization

• Periodic training and certification for all directors,officers, relevant employees, and, where appropriate,business partners

• Use local language

• Hypotheticals geared toward situations particularaudience may encounter

14

• Appropriate and clear disciplinary procedures forviolations of policy


6. Incentives and Disciplinary Measures


violations of policy

• Apply reliably and promptly

• Publicize internally if appropriate under local law

• Positive incentives such as tying bonuses toadherence to compliance

15

• Understand qualifications and associations ofpartners


7. Third-Party Due Diligence


• Understand qualifications and associations ofpartners

• Understand business rationale for including them

• Undertake some form of ongoing monitoring

• Inform them of compliance program

• Seek assurances from them, where appropriate,regarding reciprocal commitments

16

• Mechanism to report suspected or actual violationswithout fear of retaliation


8. Confidential Reporting and Internal Investigations


without fear of retaliation

• Anonymous hotlines, ombudsmen, etc.

• Must have process in place to investigate allegations anddocument company’s response

• Update compliance program following investigations

17

• Regularly review and improve compliance programs

• Employee surveys to measure compliance culture and


9. Periodic Testing and Review


• Employee surveys to measure compliance culture anddetect new risk areas

• Conduct periodic audits to improve effectiveness, inview of evolving standards

• Proactive evaluations, as appropriate given size andcomplexity of organization

18

• Due diligence on target to stop bribery from continuing


10. Pre-merger Due Diligence/Post-merger Integration


• Due diligence on target to stop bribery from continuing

• Negotiate costs of bribery to be borne by target

• Incorporate acquired company into compliance programand internal controls

• Train new employees, re-evaluate third parties underacquiring company standards

• Conduct audits on new business units, whereappropriate

19

Third Party Due Diligence

Best Compliance Practices

InquiriesContract Provisions

One of the most important steps ineffective bribery prevention


to Consider

Communication andTraining

ComplianceMonitoring

20


Due Diligence of Business Partners


Inquiries

• Examine links to foreign government, includingofficers, employees, customers, and subsidiariesInquiries

Contract Provisionsto Consider




officers, employees, customers, and subsidiaries

• Competence – skill set v. government contacts

• Reputation in community; status as a local business

• Whether anyone under investigation or indictment,or has been convicted or debarred

• Existence of internal anti-bribery policies

• Interviews and extensive background checks

• Anti-bribery questionnaire

21




Inquiries

• Representations as to relationship withgovernment and absence of past violations



to Consider




government and absence of past violations

• Require reciprocal anti-bribery commitment

• Require annual anti-bribery certifications

• Contractual rights to approve hiring, conduct audits

• Include right to terminate contract upon violation

• Structure remuneration based on market rates

• Avoid success fees and expense accounts

• Require receipts and explanation of expenses

22




• Communicate clearly management’s commitmentto anti-bribery measures

Communicationand Training


to Consider




• Communicate clearly management’s commitmentto anti-bribery measures

• Communicate clearly management’s expectationthat business partners will adhere to all applicableanti-bribery laws

• Provide copies of written policies to businesspartners

• Consider including business partners in all anti-bribery training

23




Communicationand TrainingComplianceMonitoring

• Require certificationsInquiriesContract Provisions

to Consider




• Require certifications

• Provide whistle-blower protections and insistbusiness partners do the same to encouragereporting

• Conduct regular audits of business partners’conduct and, when appropriate, their books

• Watch out for red flags

24





ComplianceMonitoringRed Flags

• Country or industry corruptionInquiries






• Provide whistle-blower protections and insistbusiness partners do the same to encouragereporting

• Conduct regular audits of business partners’conduct and, when appropriate, their books

• Watch out for red flags

• Country or industry corruption

• Refusal to complete questionnaire

• Refusal to certify anti-bribery compliance

• Close ties or related to government official

• Heavy reliance on government contacts

• Requests for strange payment patterns

• Over-invoicing or false invoicing

• Unrecorded accounts or transactions

25

QUESTIONS?

Jamie S. [email protected]

26

[email protected](503) 294-9274

fcpa - oregon state bar 2013 materials.pdf · the importance of due diligence in compliance...

Documents