canada-south africa chamber of business the risk ...onthegroundgroup.com/documents/8 - fasken...

Canada-South Africa Chamber of Business The Risk Mitigation & CSR Services Series Tuesday October 1st, 2013 - London

Implementing Procedures to Mitigate the Risk of Bribery and Corruption in Developing Countries Steven Beharrell, Partner Fasken Martineau LLP, London

What is the legal source of the risks?

• Domestic law affecting the Resource Company e.g. Bribery Act, FCPA, Corruption of Foreign Officials Act, etc.


• Long Arm Jurisdiction •  FCPA

•  US entities – anywhere; Public Bribery abroad; books and records •  Issuers •  Transactions touching the USA

•  Bribery Act •  UK entities – anywhere – private and public bribery •  The Bribery Act applies to a foreign company failing to prevent bribery

anywhere (so-called "Corporate Offence"): •  If it carries on any business in the UK •  Regardless of where the bribery occurs •  Regardless of where it is incorporated or managed •  Even if the UK office is not involved

•  CFPOA •  Extended to all international activities of Canadian nationals or

residents •  Books and records


• New anti-corruption laws and renewed vigour in anti-corruption in countries where operations are situated •  e.g. Russia •  e.g. China


• Money laundering and anti-terrorist laws •  Bribery is an offence, so therefore the proceeds are

proceeds of crime


• World Bank, Export Credit and other agencies •  Blacklist – Canada leads with 195/250 black listed entities;

next is USA with 46 •  Events of default

Sources of exposure

•  Competition • Whistleblowers • Government regulatory and enforcement agencies and

Embassies – DoJ, SEC, SOCA, RCMP •  Change of government •  Reporting requirements – Dodd-Frank, EU Transparency

Initiative; Canada initiative – Mining Association of Canada and Prospector and Developers Association

•  Audit (Siemens) •  Self-reporting

FCA Top 10 – No one is immune

•  Siemens (Germany) 2008 - $800 million •  * KBR/Halliburton (USA) 2009 - $579 million •  BAE (UK) 2010 - $400 million •  * Snamprogetti/ENI (Holland/Italy) 2010 - $365 million •  * Technip (France) 2010 - $338 million •  Daimler AG (Germany) 2010 - $185 million •  Alcatel-Lucent (France) 2010 - $137 million •  * JGC Corporation (Japan) 2011 - $218.8 million • Magyar Telekom/Deutsche Telekom (Hungary/Germany) 2011

- $95 million •  Total SA (France) 2013 - $398 million

* All members of the TSJK Consortium – contractors to Bonny LNG, Nigeria

The lesson?

• These large international businesses: • Weren’t taking the risks seriously • Were easy to catch – leaving trails of paper; plenty of

witnesses; accounting records •  In the case of TSJK Consortium, apparently relied on their

US partner (KBR) that they would avoid liability • When caught, mostly failed to cooperate early enough •  In summary – they did not have the right culture or adequate

procedures in place

What are anti-corruption procedures and how can they help?

• Procedures have to be the outward reflection of a culture

• Without an anti-corruption culture, they are useless • Everything starts at the top

•  Clear message from UK and US prosecutors/ regulators: •  Company must have a top down culture of compliance, with

certain key elements in place if it is to avoid criminal prosecution for bribery or corruption

Once the culture is set, what are the procedures which must be put in place?

• First, there must be a Risk Assessment •  Both the US sentencing guidelines and the UK MOJ’s guidance

on the Bribery Act provide for Risk Assessment as the initial step to a compliance programme

•  The US sentencing guidelines states that a reduction in recommended sentence can only be made if the company conducts a periodic risk assessment

The Risk Assessment - Scope

•  Internal Risk – this could include deficiencies in: •  Employee knowledge of a company’s business profile and

understanding of associated bribery and corruption risks •  Employee training or skills sets •  The company’s compensation structure or lack of clarity in

the policy on gifts, entertaining and travel expenses


•  Country Risk – this type of risk could include: •  Perceived high levels of corruption as highlighted by

corruption league tables published by reputable Non-Governmental Organizations such as Transparency International

•  Factors such as absence of anti-bribery legislation and implementation and a perceived lack of capacity of the government, media, local business community and civil society to effectively promote transparent procurement and investment policies

•  A culture which does not punish those who seek bribes or make other extortion attempts

•  Facilitation Payments – illegal under UK and Canadian law


•  Transaction Risk – this could entail items such as transactions involving charitable or political contributions, the obtaining of licenses and permits, public procurement, high value or projects with many contractors or involvement of intermediaries or agents

•  Partnership Risks – this risk could include those involving foreign business partners located in higher-risk jurisdictions, associations with prominent public office holders, insufficient knowledge or transparency of third party processes and controls

The outcome of the Risk Assessment is procedures to avoid or mitigate risk

• Procedures must be in writing •  Best means of preventing an offence •  Without them, certainty of criminal rather than civil prosecution •  Only defence to the UK corporate offence

• Procedures must be adequate •  For the size of the company •  For the risks identified

What must the procedures include?

• Management Support and Resources •  Top down direction •  Resources appropriate to the size of the organisation to

cover: •  Risk appraisal •  Monitoring •  Functional support •  Guidance •  Training

•  Reporting procedures


• Written Standards and Controls •  The company must document in writing all elements of the

programme including: •  A Code of Conduct and Statement of Ethical Principles, setting

out the key principles which will apply •  The anti-corruption policy of the company, including accountability

of all personnel, the minimum requirements of conduct and channels for escalating issues and seeking advice

•  Detailed process controls, including necessary due diligence on all potential agents, joint ventures and contractors

•  Research tools available to staff, such as databases and specialist agencies

•  Documentation and record keeping •  Guidance on gifts and corporate entertainment both by the

company and by suppliers and customers


• Training and Communication •  E-learning •  Face-to-face •  Document and record attendance •  Self-certification


• Monitoring, Auditing and Communication •  Consider a standing Board Committee •  Compliance will include the following elements:

•  Policing the requirements of the programme •  Annual self-certification of non-breach by members of the staff •  Terms for an ethics hotline •  Annual risk assessment •  Review of the register of gifts and entertainment •  Review of all appointments of advisers and contractors, including

joint venture partners, agents, consultants, suppliers and sub-contractors


• Enforcement •  Incentives •  Discipline

•  HR •  Legal •  Compliance •  Employment terms


• Delegated Authority •  Individuals with substantial control over policy making must

ensure that specific high level personnel are given responsibility

•  Day-to-day oversight •  Reporting back


• Review of risks and programme’s responsiveness •  Particularly for:

•  New markets •  New territories •  New product lines

•  Annual appraisal


•  “Whistleblowing” Facility •  Anonymity and confidentiality •  Hotline •  Enquiries and reporting •  Feed back to the whistleblower

In particular – watch for the Red Flags

•  Abnormal cash payments •  Pressure exerted for payments to be made urgently or ahead

of schedule •  Payments being made through 3rd party country, eg. goods or

services supplied to country 'A' but payment is being made, usually to shell company in country 'B‘

•  Abnormally high commission percentage being paid to a particular agency. This may be split into 2 accounts for the same agent, often in different jurisdictions

•  Private meetings with public contractors or companies hoping to tender for contracts

Red Flags

•  Lavish gifts or hospitality being received •  Individual never takes time off even if ill, or holidays, or insists

on dealing with specific contractors him/herself • Making unexpected or illogical decisions accepting projects or

contracts •  Unusually smooth process of cases where individual does not

have the expected level of knowledge or expertise •  Abusing decision process or delegated powers in specific

cases •  Agreeing contracts not favourable to the organisation either

with terms or time period

Red Flags

•  Unexplained preference for certain contractors during tendering period

•  Avoidance of independent checks on tendering or contracting processes

•  Raising barriers around specific roles or departments which are key in the tendering/contracting process

•  Bypassing normal tendering/contractors procedure •  Invoices being agreed in excess of contract without

reasonable cause • Missing documents or records regarding meetings or

decisions •  Company procedures or guidelines not being followed •  The payment of, or making funds available for high value

expenses or school fees etc. on behalf of others

Questions for the Board

•  Has the right “tone at the top” been set and communicated? •  Has an adequate Risk Assessment been carried out and

updated regularly and for each new initiative? •  Do we have adequate written policies and procedures to

address the risks identified? •  Do we adequately communicate and train on the policies and

procedures? •  Have we provided incentives for compliance and disincentives

for non-compliance? •  Do we adequately enforce the procedures – by continuous

monitoring and regular compliance audit? •  Have we adequately resourced and supported compliance? •  Do we adequately review on a regular basis the effectiveness

of the programme? •  Do we understand the process to be applied when an offence

is suspected? Is that process adequate?

Conclusion

• Every company should: •  Be aware of their own law, laws with which they may

become inadvertently involved and the laws of the country in which business is being done

•  Undertake a comprehensive risk assessment •  Create an anti-corruption culture •  Put in place a programme to give teeth to its anti-corruption

culture, appropriate to its size, business and the risks assessed

•  Ensure that the programme is resourced, managed, enforced and kept up to date

canada-south africa chamber of business the risk ...onthegroundgroup.com/documents/8 - fasken...

Documents