canada-south africa chamber of business the risk ...onthegroundgroup.com/documents/8 - fasken...
TRANSCRIPT
Canada-South Africa Chamber of Business The Risk Mitigation & CSR Services Series Tuesday October 1st, 2013 - London
Implementing Procedures to Mitigate the Risk of Bribery and Corruption in Developing Countries Steven Beharrell, Partner Fasken Martineau LLP, London
What is the legal source of the risks?
• Domestic law affecting the Resource Company e.g. Bribery Act, FCPA, Corruption of Foreign Officials Act, etc.
What is the legal source of the risks?
• Long Arm Jurisdiction • FCPA
• US entities – anywhere; Public Bribery abroad; books and records • Issuers • Transactions touching the USA
• Bribery Act • UK entities – anywhere – private and public bribery • The Bribery Act applies to a foreign company failing to prevent bribery
anywhere (so-called "Corporate Offence"): • If it carries on any business in the UK • Regardless of where the bribery occurs • Regardless of where it is incorporated or managed • Even if the UK office is not involved
• CFPOA • Extended to all international activities of Canadian nationals or
residents • Books and records
What is the legal source of the risks?
• New anti-corruption laws and renewed vigour in anti-corruption in countries where operations are situated • e.g. Russia • e.g. China
What is the legal source of the risks?
• Money laundering and anti-terrorist laws • Bribery is an offence, so therefore the proceeds are
proceeds of crime
What is the legal source of the risks?
• World Bank, Export Credit and other agencies • Blacklist – Canada leads with 195/250 black listed entities;
next is USA with 46 • Events of default
Sources of exposure
• Competition • Whistleblowers • Government regulatory and enforcement agencies and
Embassies – DoJ, SEC, SOCA, RCMP • Change of government • Reporting requirements – Dodd-Frank, EU Transparency
Initiative; Canada initiative – Mining Association of Canada and Prospector and Developers Association
• Audit (Siemens) • Self-reporting
FCA Top 10 – No one is immune
• Siemens (Germany) 2008 - $800 million • * KBR/Halliburton (USA) 2009 - $579 million • BAE (UK) 2010 - $400 million • * Snamprogetti/ENI (Holland/Italy) 2010 - $365 million • * Technip (France) 2010 - $338 million • Daimler AG (Germany) 2010 - $185 million • Alcatel-Lucent (France) 2010 - $137 million • * JGC Corporation (Japan) 2011 - $218.8 million • Magyar Telekom/Deutsche Telekom (Hungary/Germany) 2011
- $95 million • Total SA (France) 2013 - $398 million
* All members of the TSJK Consortium – contractors to Bonny LNG, Nigeria
The lesson?
• These large international businesses: • Weren’t taking the risks seriously • Were easy to catch – leaving trails of paper; plenty of
witnesses; accounting records • In the case of TSJK Consortium, apparently relied on their
US partner (KBR) that they would avoid liability • When caught, mostly failed to cooperate early enough • In summary – they did not have the right culture or adequate
procedures in place
What are anti-corruption procedures and how can they help?
• Procedures have to be the outward reflection of a culture
• Without an anti-corruption culture, they are useless • Everything starts at the top
• Clear message from UK and US prosecutors/ regulators: • Company must have a top down culture of compliance, with
certain key elements in place if it is to avoid criminal prosecution for bribery or corruption
Once the culture is set, what are the procedures which must be put in place?
• First, there must be a Risk Assessment • Both the US sentencing guidelines and the UK MOJ’s guidance
on the Bribery Act provide for Risk Assessment as the initial step to a compliance programme
• The US sentencing guidelines states that a reduction in recommended sentence can only be made if the company conducts a periodic risk assessment
The Risk Assessment - Scope
• Internal Risk – this could include deficiencies in: • Employee knowledge of a company’s business profile and
understanding of associated bribery and corruption risks • Employee training or skills sets • The company’s compensation structure or lack of clarity in
the policy on gifts, entertaining and travel expenses
The Risk Assessment - Scope
• Country Risk – this type of risk could include: • Perceived high levels of corruption as highlighted by
corruption league tables published by reputable Non-Governmental Organizations such as Transparency International
• Factors such as absence of anti-bribery legislation and implementation and a perceived lack of capacity of the government, media, local business community and civil society to effectively promote transparent procurement and investment policies
• A culture which does not punish those who seek bribes or make other extortion attempts
• Facilitation Payments – illegal under UK and Canadian law
The Risk Assessment - Scope
• Transaction Risk – this could entail items such as transactions involving charitable or political contributions, the obtaining of licenses and permits, public procurement, high value or projects with many contractors or involvement of intermediaries or agents
• Partnership Risks – this risk could include those involving foreign business partners located in higher-risk jurisdictions, associations with prominent public office holders, insufficient knowledge or transparency of third party processes and controls
The outcome of the Risk Assessment is procedures to avoid or mitigate risk
• Procedures must be in writing • Best means of preventing an offence • Without them, certainty of criminal rather than civil prosecution • Only defence to the UK corporate offence
• Procedures must be adequate • For the size of the company • For the risks identified
What must the procedures include?
• Management Support and Resources • Top down direction • Resources appropriate to the size of the organisation to
cover: • Risk appraisal • Monitoring • Functional support • Guidance • Training
• Reporting procedures
What must the procedures include?
• Written Standards and Controls • The company must document in writing all elements of the
programme including: • A Code of Conduct and Statement of Ethical Principles, setting
out the key principles which will apply • The anti-corruption policy of the company, including accountability
of all personnel, the minimum requirements of conduct and channels for escalating issues and seeking advice
• Detailed process controls, including necessary due diligence on all potential agents, joint ventures and contractors
• Research tools available to staff, such as databases and specialist agencies
• Documentation and record keeping • Guidance on gifts and corporate entertainment both by the
company and by suppliers and customers
What must the procedures include?
• Training and Communication • E-learning • Face-to-face • Document and record attendance • Self-certification
What must the procedures include?
• Monitoring, Auditing and Communication • Consider a standing Board Committee • Compliance will include the following elements:
• Policing the requirements of the programme • Annual self-certification of non-breach by members of the staff • Terms for an ethics hotline • Annual risk assessment • Review of the register of gifts and entertainment • Review of all appointments of advisers and contractors, including
joint venture partners, agents, consultants, suppliers and sub-contractors
What must the procedures include?
• Enforcement • Incentives • Discipline
• HR • Legal • Compliance • Employment terms
What must the procedures include?
• Delegated Authority • Individuals with substantial control over policy making must
ensure that specific high level personnel are given responsibility
• Day-to-day oversight • Reporting back
What must the procedures include?
• Review of risks and programme’s responsiveness • Particularly for:
• New markets • New territories • New product lines
• Annual appraisal
What must the procedures include?
• “Whistleblowing” Facility • Anonymity and confidentiality • Hotline • Enquiries and reporting • Feed back to the whistleblower
In particular – watch for the Red Flags
• Abnormal cash payments • Pressure exerted for payments to be made urgently or ahead
of schedule • Payments being made through 3rd party country, eg. goods or
services supplied to country 'A' but payment is being made, usually to shell company in country 'B‘
• Abnormally high commission percentage being paid to a particular agency. This may be split into 2 accounts for the same agent, often in different jurisdictions
• Private meetings with public contractors or companies hoping to tender for contracts
Red Flags
• Lavish gifts or hospitality being received • Individual never takes time off even if ill, or holidays, or insists
on dealing with specific contractors him/herself • Making unexpected or illogical decisions accepting projects or
contracts • Unusually smooth process of cases where individual does not
have the expected level of knowledge or expertise • Abusing decision process or delegated powers in specific
cases • Agreeing contracts not favourable to the organisation either
with terms or time period
Red Flags
• Unexplained preference for certain contractors during tendering period
• Avoidance of independent checks on tendering or contracting processes
• Raising barriers around specific roles or departments which are key in the tendering/contracting process
• Bypassing normal tendering/contractors procedure • Invoices being agreed in excess of contract without
reasonable cause • Missing documents or records regarding meetings or
decisions • Company procedures or guidelines not being followed • The payment of, or making funds available for high value
expenses or school fees etc. on behalf of others
Questions for the Board
• Has the right “tone at the top” been set and communicated? • Has an adequate Risk Assessment been carried out and
updated regularly and for each new initiative? • Do we have adequate written policies and procedures to
address the risks identified? • Do we adequately communicate and train on the policies and
procedures? • Have we provided incentives for compliance and disincentives
for non-compliance? • Do we adequately enforce the procedures – by continuous
monitoring and regular compliance audit? • Have we adequately resourced and supported compliance? • Do we adequately review on a regular basis the effectiveness
of the programme? • Do we understand the process to be applied when an offence
is suspected? Is that process adequate?
Conclusion
• Every company should: • Be aware of their own law, laws with which they may
become inadvertently involved and the laws of the country in which business is being done
• Undertake a comprehensive risk assessment • Create an anti-corruption culture • Put in place a programme to give teeth to its anti-corruption
culture, appropriate to its size, business and the risks assessed
• Ensure that the programme is resourced, managed, enforced and kept up to date