global anti-corruption programs...corruption, serious fraud office. “…if you find out about a...

1

1

Global Anti-Corruption Programs:

Advanced Practice and Effectively

Managing Risk

Jeff KilleenCompliance Attorney – Investigations, 3M

Elliott Leary Managing Director, Freeh Group International Solutions

SCCE Compliance & Ethics InstituteOctober 4 - 7, 2015

Las Vegas, Nevada

Effectively Managing Risk

I. Recent trends in global enforcement, emerging

risks and exposures

II. Best practices in identifying and assessing

corruption risks in your organization

III. Compliance program challenges and solutions for

managing and mitigating risks

Outline for Presentation

2SCCE Compliance & Ethics Institute

October 4 - 7, 2015

3

I. Recent trends in global enforcement, emerging

risks and exposures



October 4 - 7, 2015

2


Continued country development

Anti-Corruption Law as Foreign Policy Tools


October 4 - 7, 2015

Continued encouragement of cooperation and

self-disclosure

Continued international enforcement cooperation

5

In March 2015, Brazil’s President signed a decree implementing elements of that country’s “Clean Company Act.”

Detailed fines and potential disbarment for violators

Listed cooperation requirements needed for leniency agreement

Set out key elements of an effective compliance program



October 4 - 7, 2015

6



October 4 - 7, 2015

In August 2015, China again amended the anti-corruption provisions of its criminal law:

Making it a crime to bribe close relatives of state officials

Adding monetary penalties for corrupt acts

Making it more difficult for bribe-givers to be exempted from penalties

3

77



October 4 - 7, 2015

May 2015 Speech from Ben Morgan, Joint Head of Bribery and Corruption, Serious Fraud Office.

“…if you find out about a problem I think it is overwhelmingly in your best interests to engage with us early and to do so fully, honestly and with integrity.”

“…we and the court need you cooperate fully with our investigation…we do not require you to carry out internal investigations; investigation is our job.”

8

In May 2015, FIFA officials were indicted on counts beyond the FCPA

“A 47-count indictment was unsealed early this morning in federal court in Brooklyn, New York, charging 14 defendants with racketeering, wire fraud and money laundering conspiracies, among other offenses, in connection with the defendants’ participation in a 24-year scheme to enrich themselves through the corruption of international soccer.”

8



October 4 - 7, 2015

9

In September 2015, US DOJ released the “Yates Memo”…

“One of the most effective ways to combat corporate misconduct is by seeking accountability from the individuals who perpetrated the wrongdoing.”

“Fundamentally, this memo is designed to ensure that all attorneys across the Department are consistent in our best efforts to hold to account the individuals responsible for illegal corporate conduct.”

9



October 4 - 7, 2015

4


Building Key Preventative Third-Party Due Diligence

Policies and Procedures

Building Robust Detection Mechanisms Investigation Protocols Hotline Reporting Mechanisms

Performing Robust Corruption Risk Assessments

II. Best Practices for Identifying and Assessing

Global Corruption Risk in Your Organization


October 4 - 7, 2015


What is a corruption risk assessment?

“…corruption risk assessment, broadly

defined, encompasses the variety of

mechanisms that enterprises use to

estimate the likelihood of particular forms

of corruption within the enterprise and in

external interactions, and the effect such

corruption might have. Effective risk

assessment means understanding the

enterprise.”


October 4 - 7, 2015

Government Authorities and Industry Best Practices are unanimous on the need for risk assessments:

“Assessment of risk is fundamental to developing a strong compliance program…One-size-fits-all compliance programs are generally ill-conceived and ineffective because resources inevitably are spread too thin, with too much focus on low-risk markets and transactions to the detriment of high-risk areas.”



October 4 - 7, 2015

5

“…the fuller the understanding of the bribery risks an organisation faces the more effective its efforts to prevent bribery are likely to be.”




October 4 - 7, 2015

“Develop, based on risk assessments, tailor-made measures for particularly vulnerable sectors and the most frequent types of irregularities encountered during or after the procurement cycle.”




October 4 - 7, 2015

“Effective internal controls, ethics, and compliance programmes or measures for preventing and detecting foreign bribery should be developed on the basis of a risk assessment addressing the individual circumstances of a company, in particular the foreign bribery risks facing the company (such as its geographical and industrial sector of operation).”




October 4 - 7, 2015

6


Why conduct a corruption risk assessment?

Corruption risks continue to evolve: as the complexity of your business changes, your corruption risk will change also

Evaluation of where, what and how you conduct business

will impact how you mitigate corruption risk

Identifying, evaluating and mitigating corruption risks will minimize unnecessary costs and maximize your anti-corruption program’s effectiveness, but may also impact your ability to minimize negative implications of running a business


October 4 - 7, 2015


How often should a corruption risk assessment be performed?

Prevention is key – Avoid a “wait and see” attitude

Consider your business’ risk profile

Other significant business activities which can alter the risk profile:

• Entry into a new country / market

• Acquisition of a significant new business

• Formation of a new Joint Venture

• Taking on a “passive” investment in an emerging market

• Changes in ownership / board composition of existing overseas investments

Change in Government’s scrutiny of the industry


October 4 - 7, 2015


What is documented in a corruption risk assessment?

May be coordinated with other departments

Contain sufficient detail to distinguish variations in

geography, business units and the nature of the business

activities undertaken

Retain documentation to provide linkage of the program

elements to risks identified

Activities planned to mitigate unacceptable risks identified

Use risk matrices to rate risks and categories


October 4 - 7, 2015

7


3M Best Practices - Third Party Due Diligence Program

“Integrity Assessments”

Conducted on EVERY business partner (distributor, sales agent, supplier … every entity)

Rank from 1 to 5 – depending on risk (5 is highest risk)

Background checks are conducted independently of the company

If there are “red flags,” 3M determines if they are disqualifying

Detailed records are maintained

Renewals or re-reviews (if deemed appropriate)


October 4 - 7, 2015


3M Best Practices - Compliance Evaluation Process

Identify high risk company entities (e.g., sales subsidiaries in high risk countries)

Evaluation team (6 – 12) is assigned – selected from compliance team worldwide – investigators, auditors, specialists

Two part process:

Interviews of personnel

Books and records review

Report to entity and corporate executive management

Deficiencies

Best practices


October 4 - 7, 2015


3M Best Practices – Building a Robust Internal

Investigation Process

3M Compliance Investigation Team

Attorney investigators – some experienced in law enforcement (FBI)

Protect privilege

Team is mobile – worldwide reach

Reports to the Chief Compliance Officer – who reports to the Audit Committee


October 4 - 7, 2015

8


3M Best Practices - Building a Meaningful “hotline”

3M “Speak Up” system

All countries are different with their approach to whistleblowing

Compare the US to Western Europe to Korea…

Many who provide information to the government or an employer – despite the country – fear reporting!!! (It’s not easy…). Therefore, handle with care.


October 4 - 7, 2015


3M Best Practices - Building a Meaningful “hotline” cont.

One central receiving person who conducts triage – HR, Compliance, Security

System allows anonymity – reporter’s choice

System is mentioned in Code of Conduct as a means to report questionable activity

Executive vetting process – compliance investigators conduct a mandatory uniform structured interview of all candidates regarding compliance issues to assess their knowledge of, and commitment to compliance.


October 4 - 7, 2015


III. Compliance Program Challenges and Solution for

Managing and Mitigating Risk

Delivering Risk Assessment Results to Key Stakeholders

Executive Leadership

Board of Directors

Develop a Risk Response Plan

Update Policies, Procedures, and Controls

Develop Auditing & Monitoring Plan

Fight Complacency and Regulatory Overload


October 4 - 7, 2015

9


Training your organization to know your industry &

identifying risks

3M Evaluation Process

Identify high risk company entities (e.g., sales subsidiaries in

high risk countries)

Evaluation team (6-12) is assigned – selected from

compliance team worldwide – investigators, auditors,

specialists


October 4 - 7, 2015



Identifying risks cont.

3M Evaluation Process

Two part process:

Interviews of personnel

Books and records review

Report to entity and corporate executive management

Deficiencies

Best practices


October 4 - 7, 2015



Identifying risks cont.


October 4 - 7, 2015

Keeping the interest and commitment of the Board and Senior

Management• Part of the 3M executive vetting process

Enlisting your business management as compliance “eyes and

ears”• 3M Suggestion – Encourage them to be compliance champions –

rate them on it!

Tempering the “win at all costs” culture• Compliance first – it’s sustainable; winning at all costs is not

10

28

Contact Information

Jeff KilleenCompliance Attorney – Investigations, 3M

Email: [email protected]

Telephone: (651) 733 1176

Elliott LearyManaging Director, Freeh Group International Solutions

Email: [email protected]

Telephone: (703) 338 5471

global anti-corruption programs...corruption, serious fraud office. “…if you find out about a...

Documents