global anti-corruption programs...corruption, serious fraud office. “…if you find out about a...
TRANSCRIPT
1
1
Global Anti-Corruption Programs:
Advanced Practice and Effectively
Managing Risk
Jeff KilleenCompliance Attorney – Investigations, 3M
Elliott Leary Managing Director, Freeh Group International Solutions
SCCE Compliance & Ethics InstituteOctober 4 - 7, 2015
Las Vegas, Nevada
Effectively Managing Risk
I. Recent trends in global enforcement, emerging
risks and exposures
II. Best practices in identifying and assessing
corruption risks in your organization
III. Compliance program challenges and solutions for
managing and mitigating risks
Outline for Presentation
2SCCE Compliance & Ethics Institute
October 4 - 7, 2015
3
I. Recent trends in global enforcement, emerging
risks and exposures
Effectively Managing Risk
3SCCE Compliance & Ethics Institute
October 4 - 7, 2015
2
Effectively Managing Risk
Continued country development
Anti-Corruption Law as Foreign Policy Tools
4SCCE Compliance & Ethics Institute
October 4 - 7, 2015
Continued encouragement of cooperation and
self-disclosure
Continued international enforcement cooperation
5
In March 2015, Brazil’s President signed a decree implementing elements of that country’s “Clean Company Act.”
Detailed fines and potential disbarment for violators
Listed cooperation requirements needed for leniency agreement
Set out key elements of an effective compliance program
Effectively Managing Risk
5SCCE Compliance & Ethics Institute
October 4 - 7, 2015
6
Effectively Managing Risk
6SCCE Compliance & Ethics Institute
October 4 - 7, 2015
In August 2015, China again amended the anti-corruption provisions of its criminal law:
Making it a crime to bribe close relatives of state officials
Adding monetary penalties for corrupt acts
Making it more difficult for bribe-givers to be exempted from penalties
3
77
Effectively Managing Risk
7SCCE Compliance & Ethics Institute
October 4 - 7, 2015
May 2015 Speech from Ben Morgan, Joint Head of Bribery and Corruption, Serious Fraud Office.
“…if you find out about a problem I think it is overwhelmingly in your best interests to engage with us early and to do so fully, honestly and with integrity.”
“…we and the court need you cooperate fully with our investigation…we do not require you to carry out internal investigations; investigation is our job.”
8
In May 2015, FIFA officials were indicted on counts beyond the FCPA
“A 47-count indictment was unsealed early this morning in federal court in Brooklyn, New York, charging 14 defendants with racketeering, wire fraud and money laundering conspiracies, among other offenses, in connection with the defendants’ participation in a 24-year scheme to enrich themselves through the corruption of international soccer.”
8
Effectively Managing Risk
8SCCE Compliance & Ethics Institute
October 4 - 7, 2015
9
In September 2015, US DOJ released the “Yates Memo”…
“One of the most effective ways to combat corporate misconduct is by seeking accountability from the individuals who perpetrated the wrongdoing.”
“Fundamentally, this memo is designed to ensure that all attorneys across the Department are consistent in our best efforts to hold to account the individuals responsible for illegal corporate conduct.”
9
Effectively Managing Risk
9SCCE Compliance & Ethics Institute
October 4 - 7, 2015
4
Effectively Managing Risk
Building Key Preventative Third-Party Due Diligence
Policies and Procedures
Building Robust Detection Mechanisms Investigation Protocols Hotline Reporting Mechanisms
Performing Robust Corruption Risk Assessments
II. Best Practices for Identifying and Assessing
Global Corruption Risk in Your Organization
10SCCE Compliance & Ethics Institute
October 4 - 7, 2015
Effectively Managing Risk
What is a corruption risk assessment?
“…corruption risk assessment, broadly
defined, encompasses the variety of
mechanisms that enterprises use to
estimate the likelihood of particular forms
of corruption within the enterprise and in
external interactions, and the effect such
corruption might have. Effective risk
assessment means understanding the
enterprise.”
11SCCE Compliance & Ethics Institute
October 4 - 7, 2015
Government Authorities and Industry Best Practices are unanimous on the need for risk assessments:
“Assessment of risk is fundamental to developing a strong compliance program…One-size-fits-all compliance programs are generally ill-conceived and ineffective because resources inevitably are spread too thin, with too much focus on low-risk markets and transactions to the detriment of high-risk areas.”
Effectively Managing Risk
12SCCE Compliance & Ethics Institute
October 4 - 7, 2015
5
“…the fuller the understanding of the bribery risks an organisation faces the more effective its efforts to prevent bribery are likely to be.”
Effectively Managing Risk
Government Authorities and Industry Best Practices are unanimous on the need for risk assessments:
13SCCE Compliance & Ethics Institute
October 4 - 7, 2015
“Develop, based on risk assessments, tailor-made measures for particularly vulnerable sectors and the most frequent types of irregularities encountered during or after the procurement cycle.”
Effectively Managing Risk
Government Authorities and Industry Best Practices are unanimous on the need for risk assessments:
14SCCE Compliance & Ethics Institute
October 4 - 7, 2015
“Effective internal controls, ethics, and compliance programmes or measures for preventing and detecting foreign bribery should be developed on the basis of a risk assessment addressing the individual circumstances of a company, in particular the foreign bribery risks facing the company (such as its geographical and industrial sector of operation).”
Effectively Managing Risk
Government Authorities and Industry Best Practices are unanimous on the need for risk assessments:
15SCCE Compliance & Ethics Institute
October 4 - 7, 2015
6
Effectively Managing Risk
Why conduct a corruption risk assessment?
Corruption risks continue to evolve: as the complexity of your business changes, your corruption risk will change also
Evaluation of where, what and how you conduct business
will impact how you mitigate corruption risk
Identifying, evaluating and mitigating corruption risks will minimize unnecessary costs and maximize your anti-corruption program’s effectiveness, but may also impact your ability to minimize negative implications of running a business
16SCCE Compliance & Ethics Institute
October 4 - 7, 2015
Effectively Managing Risk
How often should a corruption risk assessment be performed?
Prevention is key – Avoid a “wait and see” attitude
Consider your business’ risk profile
Other significant business activities which can alter the risk profile:
• Entry into a new country / market
• Acquisition of a significant new business
• Formation of a new Joint Venture
• Taking on a “passive” investment in an emerging market
• Changes in ownership / board composition of existing overseas investments
Change in Government’s scrutiny of the industry
17SCCE Compliance & Ethics Institute
October 4 - 7, 2015
Effectively Managing Risk
What is documented in a corruption risk assessment?
May be coordinated with other departments
Contain sufficient detail to distinguish variations in
geography, business units and the nature of the business
activities undertaken
Retain documentation to provide linkage of the program
elements to risks identified
Activities planned to mitigate unacceptable risks identified
Use risk matrices to rate risks and categories
18SCCE Compliance & Ethics Institute
October 4 - 7, 2015
7
Effectively Managing Risk
3M Best Practices - Third Party Due Diligence Program
“Integrity Assessments”
Conducted on EVERY business partner (distributor, sales agent, supplier … every entity)
Rank from 1 to 5 – depending on risk (5 is highest risk)
Background checks are conducted independently of the company
If there are “red flags,” 3M determines if they are disqualifying
Detailed records are maintained
Renewals or re-reviews (if deemed appropriate)
19SCCE Compliance & Ethics Institute
October 4 - 7, 2015
Effectively Managing Risk
3M Best Practices - Compliance Evaluation Process
Identify high risk company entities (e.g., sales subsidiaries in high risk countries)
Evaluation team (6 – 12) is assigned – selected from compliance team worldwide – investigators, auditors, specialists
Two part process:
Interviews of personnel
Books and records review
Report to entity and corporate executive management
Deficiencies
Best practices
20SCCE Compliance & Ethics Institute
October 4 - 7, 2015
Effectively Managing Risk
3M Best Practices – Building a Robust Internal
Investigation Process
3M Compliance Investigation Team
Attorney investigators – some experienced in law enforcement (FBI)
Protect privilege
Team is mobile – worldwide reach
Reports to the Chief Compliance Officer – who reports to the Audit Committee
21SCCE Compliance & Ethics Institute
October 4 - 7, 2015
8
Effectively Managing Risk
3M Best Practices - Building a Meaningful “hotline”
3M “Speak Up” system
All countries are different with their approach to whistleblowing
Compare the US to Western Europe to Korea…
Many who provide information to the government or an employer – despite the country – fear reporting!!! (It’s not easy…). Therefore, handle with care.
22SCCE Compliance & Ethics Institute
October 4 - 7, 2015
Effectively Managing Risk
3M Best Practices - Building a Meaningful “hotline” cont.
One central receiving person who conducts triage – HR, Compliance, Security
System allows anonymity – reporter’s choice
System is mentioned in Code of Conduct as a means to report questionable activity
Executive vetting process – compliance investigators conduct a mandatory uniform structured interview of all candidates regarding compliance issues to assess their knowledge of, and commitment to compliance.
23SCCE Compliance & Ethics Institute
October 4 - 7, 2015
Effectively Managing Risk
III. Compliance Program Challenges and Solution for
Managing and Mitigating Risk
Delivering Risk Assessment Results to Key Stakeholders
Executive Leadership
Board of Directors
Develop a Risk Response Plan
Update Policies, Procedures, and Controls
Develop Auditing & Monitoring Plan
Fight Complacency and Regulatory Overload
24SCCE Compliance & Ethics Institute
October 4 - 7, 2015
9
Effectively Managing Risk
Training your organization to know your industry &
identifying risks
3M Evaluation Process
Identify high risk company entities (e.g., sales subsidiaries in
high risk countries)
Evaluation team (6-12) is assigned – selected from
compliance team worldwide – investigators, auditors,
specialists
25SCCE Compliance & Ethics Institute
October 4 - 7, 2015
Effectively Managing Risk
Training your organization to know your industry &
Identifying risks cont.
3M Evaluation Process
Two part process:
Interviews of personnel
Books and records review
Report to entity and corporate executive management
Deficiencies
Best practices
26SCCE Compliance & Ethics Institute
October 4 - 7, 2015
Effectively Managing Risk
Training your organization to know your industry &
Identifying risks cont.
27SCCE Compliance & Ethics Institute
October 4 - 7, 2015
Keeping the interest and commitment of the Board and Senior
Management• Part of the 3M executive vetting process
Enlisting your business management as compliance “eyes and
ears”• 3M Suggestion – Encourage them to be compliance champions –
rate them on it!
Tempering the “win at all costs” culture• Compliance first – it’s sustainable; winning at all costs is not
10
28
Contact Information
Jeff KilleenCompliance Attorney – Investigations, 3M
Email: [email protected]
Telephone: (651) 733 1176
Elliott LearyManaging Director, Freeh Group International Solutions
Email: [email protected]
Telephone: (703) 338 5471