understanding the risks of operating in a global market n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Understanding the Risks of Operating in a Global Market PowerPoint Presentation
Download Presentation
Understanding the Risks of Operating in a Global Market

Loading in 2 Seconds...

play fullscreen
1 / 57

Understanding the Risks of Operating in a Global Market - PowerPoint PPT Presentation


  • 73 Views
  • Uploaded on

Understanding the Risks of Operating in a Global Market. January 19, 2011. Faculty. Moderator:. Michael Samonas Compliance Solutions Specialist , LexisNexis. Faculty. Speakers:. Paul J. McNulty Partner Baker McKenzie LLP. Stephen Martin

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Understanding the Risks of Operating in a Global Market' - liluye


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
faculty
Faculty
  • Moderator:

Michael Samonas

Compliance Solutions Specialist,

LexisNexis

faculty1
Faculty
  • Speakers:

Paul J. McNulty

Partner

Baker McKenzie LLP

Stephen Martin

General Counsel and Chief Compliance Officer

Corpedia

Matthew B. Pachman

Vice President and Chief Compliance Officer

Altegrity

overview of enforcement issues the big picture
Overview of Enforcement Issues: The Big Picture
  • A decade of enforcement milestones
    • Enron
    • SOX
    • Thompson / McNulty / Filip
    • FCPA enforcement surge
    • Mortgage mess
    • Pharmaills
  • Technology – Transparency –Tolerance
top 10 fcpa settlements millions
Top 10 FCPA Settlements (millions)

Start of 2010

Start of 2011

2006

2005

2008

2009

2010

2007

slide7

40%

30%

20%

10%

0%

95

96

97

98

99

00

01

02

03

04

05

06

-10%

-20%

-30%

S&P 500 Chg

SEC Enf Actions Chg

  • Counter-Cyclical Enforcement of Corporate Law1

1Associate Professor AmitaiAvisam, Yale Journal on Regulation, Vol. 25:1, 2008

slide8
Corruption

Securities and financial fraud

Procurement fraud

Health care fraud

Mortgage fraud

  • Top Federal Enforcement Priorities
slide9
Corruption

Securities and financial fraud

Procurement fraud

Health care fraud

Mortgage fraud

Consumer fraud

  • Top National (Federal and State) Enforcement Priorities
slide10
Corruption

Financial crime

Fraud in Multilateral Development Projects

Consumer protection

Competition

Privacy / Data Security

  • Top Global Enforcement Priorities
slide11
Does it really matter?

How does it really work?

How do we really know if we’ve done enough?

  • Great Expectations for Compliance Programs
slide12
Nature and seriousness of the offense;

Pervasiveness of the wrongdoing within the business;

History of similar misconduct;

Timely and voluntary disclosure of wrongdoing and willingness to cooperate in the investigation;

Existence and effectiveness of pre-existing compliance program;

Remedial actions, including efforts to implement corporate compliance program;

Collateral consequences, including existence of disproportionate harm to shareholders;

Adequacy of prosecution of individuals responsible;

Adequacy of civil or regulatory remedies.

  • Corporate Prosecution Principles – USAM 9-28-3.00
slide13
“We know when we see good compliance. We have a good sense of whether it’s robust and real or created on the cheap. … [I]t’s stunningly bad business not to have a state-of-the-art compliance program. You’ll get a better deal.”

PLI Conference (11/4/2010)

“Strengthen FCPA compliance program, including internal controls; top-notch program will improve standing with DOJ.”

ACI Conference (11/16/2010)

  • DOJ Criminal Division AAG on Corporate Compliance
slide15

The Essential Ingredients of Corporate Compliance

Leadership

Risk Assessment

Standards and Controls

Training and Communication

Monitoring, Auditing and Response

slide16

The Essential Ingredients of Corporate Compliance

USSG’s 7 Elements of an Effective Compliance Program

13 Good Practices by the OECD on Internal Controls, Ethics, and Compliance

UK’s 6 Principles for “Adequate Procedures”

1. Standards and procedures to prevent and detect criminal conduct

1. Risk assessment as basis for effective internal controls and compliance program

1. Risk assessment

2. Top level commitment

2. Policy that clearly and visibly states bribery is prohibited

2. Leaders understand / oversee the compliance program to verify effectiveness and adequacy of support; specific individuals vested with implementation authority / responsibility

3. Due diligence

3. Training – periodic, documented

4. Clear, practical and accessible policies and procedures

4. Responsibility – individuals at all levels should be responsible for monitoring

5. Effective implementation

5. Support from senior management – strong, explicit and visible

3. Deny leadership positions to people who have engaged in misconduct

6. Monitoring and review

6. Oversight by senior corporate officers with sufficient resources, authority, and access to Board

4. Communicate standards and procedures of compliance program, and conduct effective training

7. Specific risk areas – promulgation and implementation programs to address key issues

5. Monitor and audit; maintain reporting mechanism

8. Business partners due diligence

9. Accounting – effective internal controls for accurate books and records

Prepared by:

Paul J. McNulty

Chair, Global Compliance

Baker & McKenzie

6. Provide incentives; discipline misconduct

10. Guidance – provision of advice to ensure compliance

7. Respond quickly to allegations and modify program

11. Reporting violations confidentially with no retaliation

NOTE: A general provision requires periodic assessment of risk of criminal conduct and appropriate steps to design, implement, or modify each element to reduce risk

12. Discipline for violations of policy

13. Re-assessment – regular review and necessary revisions

slide17

13 Good Practices by the OECD on Internal Controls, Ethics, and Compliance

Panalpina Corporate

Compliance Program

1. Risk assessment as basis for effective internal controls and compliance program

1. Clearly articulated and visible policy

2. Senior management’s strong, explicit, and visible support

2. Policy that clearly and visibly states bribery is prohibited

3. Develop and promulgate compliance standards and procedures governing gifts, hospitality, travel, etc.

3. Training – periodic, documented

4. Risk assessment as basis for standards and procedures

4. Responsibility – individuals at all levels should be responsible for monitoring

5. Annual review of program

5. Support from senior management – strong, explicit and visible

6. Assign responsibility to one or more senior corporate executives for implementation and oversight; directly reporting to the Board; adequate level of autonomy and sufficient resources

6. Oversight by senior corporate officers with sufficient resources, authority, and access to Board

7. Specific risk areas – promulgation and implementation programs to address key issues

7. System of financial and accounting procedures

8. Effective communication and periodic training and certifications

8. Business partners due diligence

9. Accounting – effective internal controls for accurate books and records

9. System for guidance, confidential reporting, response

10. Guidance – provision of advice to ensure compliance

10. Disciplinary procedures

11. Reporting violations confidentially with no retaliation

11. Agent and business partner due diligence

12. Agent and business partner agreements

12. Discipline for violations of policy

13. Periodic review and testing of standards and procedures (monitoring)

13. Re-assessment – regular review and necessary revisions

slide18

Major Compliance Challenges

Leadership Structure

Emerging Markets

Oversight and Responsiveness

benchmarking your program
Knowing your story

Avoiding a “paper program”

“Everyone’s got an ethics policy, but you’d be surprised at the number of big name companies that have paper-only policies.”

Keeping it current

Risk assessment

Reviews

Benchmarking Your Program
slide21

Antitrust Enforcement: Annual DOJ Criminal Antitrust Fines

Source: Gibson Dunn & Crutcher 2010 Year-End Antitrust Update

slide22

FCPA Enforcement: Actions Filed by SEC & DOJ

Source: Gibson Dunn & Crutcher 2010 Year-End FCPA Update 

slide23

Full-time Employee Equivalent Dedicated to Ethics and Compliance Activities

Source: Corpedia-ACC Compliance Program Benchmarking and Risk Assessment Survey 2010

slide24

Approximate Annual Spend on Compliance and Ethics Activities

Source: Corpedia-ACC Compliance Program Benchmarking and Risk Assessment Survey 2010

slide25

67% of corporations with 5k-10k employees spend

less than $150k

annually on ethics and compliance. This is up from 55% in 2007 and36% in 2005.

Source: Corpedia-ACC Compliance Program Benchmarking and Risk Assessment Survey 2010

slide26

Does Your Organization Conduct a Compliance Risk Assessment?

Source: Corpedia-ACC Compliance Program Benchmarking and Risk Assessment Survey 2010

slide27

How Often Do You Conduct Compliance Risk Assessments?

Source: Corpedia-ACC Compliance Program Benchmarking and Risk Assessment Survey 2010

what is a compliance risk assessment
FSG says… “in implementing [the elements of an effective compliance and ethics program] the organization shall periodically assess the risk of criminal conduct and shall take appropriate steps to design, implement, or modify each requirement [as set forth in the elements] to reduce the risk of criminal conduct identified in this process”What is a Compliance Risk Assessment?
why conduct a compliance risk assessment
Prevention and mitigation

FSG §8B2.1

Needs-gap analysis

Budget prioritization

COSO internal control environment self-assessment

Affirmative defense for organization & oversight personnel

SEC May 2005 guidance on SOX 404

Why Conduct a Compliance Risk Assessment?
why have second thoughts
Results must be acted on

Poor execution not defensible

Leadership may not be supportive

Discovery

Attorney-client privilege erosion

Cost/ROI

Disruption

Ownership (IA, C&E)

...Why Have Second Thoughts
the prosecutor s view
What resources were appropriated?

How do I know the risk assessment was objective?

Were risks in the C-suite and boardroom addressed?

How was risk examined at vendor/agent level?

If raw work product was not retained, does the final report provide sufficient detail on methodology?

Was culture and attitude measured (tone from the top)?

Was knowledge assessed?

The Prosecutor’s View...
the prosecutor s view1
Was anyone terminated or disciplined as a result of the risk assessment?

Who among the governing authority of the corporation received the final report or was briefed on the outcome?

How were the risk assessment outcomes used?

The Prosecutor’s View...
slide33

Which Methodologies Were Used in Conducting Your Risk Assessment?

Source: Corpedia-ACC Compliance Program Benchmarking and Risk Assessment Survey 2009

slide34

Does the Compliance Risk Assessment Take into Account One or More of the Following:

Source: Corpedia-ACC Compliance Program Benchmarking and Risk Assessment Survey 2009

slide35

12 Common Pitfalls

Expectations (unclear, undefined, unrealistic)

Unrealistic deadlines

Lack of resources

Ownership

Coordination

Lack of objectivity, credibility

Qualitative skew

Narrow and deep vs. shallow and wide

Document availability (e.g. ,policies)

Too much focus on the perceived “priority” risks

Lack of follow through

One-time event

slide36

9 Tips for Success...and to Stay Sane!

Don’t rush into it – “lite” may be possible first

Use outcomes to improve program structure and focus

Use it to prove program efficiency, not vice-versa

Strive for objectivity - open-ended questions (3x rule)

Document structure is key

Know what the measures will be

Message clear, concise and unique from IA

Cross-pollinate non-compliance ideas and feedback – you are in a unique facilitating position

Be prepared to deal with what you find – and steer leadership accordingly in ADVANCE

evolution of the code
Evolution of the Code
  • Codes of Today
  • The Beginning
code 3 0 the future code
Code 3.0: The Future Code

Code Hosted on Intranet

Activities/Quizzes

Interactive and Dynamic

Corporate Policies

Case Studies

Reporting

Resources

why code 3 0
Why Code 3.0?

Current Codes

Code 3.0

accountable knowledgeable oversight
Accountable, Knowledgeable Oversight
  • Hallmark 2 of the Guidelines looks not only at Board oversight, but management oversight as well
  • Governing authority must
      • Be knowledgeable about the content and operation of the ethics and compliance program
      • Exercise reasonable oversight with respect to the implementation and effectiveness of the program
      • Be adequately resourced
accountable knowledgeable oversight1
This means Board oversight is no longer optional

Delaware courts have made clear it is part of the duty of good faith

SOX 301

Listing requirements

The Board is required to ensure that:

The compliance program is truly effective

High-level individuals are assigned responsibility for the compliance program

These persons take an active role in promoting ethical conduct

Accountable, Knowledgeable Oversight
accountable knowledgeable oversight2
Accountable, Knowledgeable Oversight
  • Oversight responsibility may be delegated to a committee of the Board
    • Should be defined in the committee’s charter
  • The individual with overall responsibility for ethics and compliance and the person with day-to-day responsibility should update the committee at least quarterly
    • Make sure organizational charts reflect the reporting structure
    • Discuss material reports and investigations, new large scale issues in the Company’s program, as well as other topics (hotline reporting results, etc.)
  • Committee should then update the full Board
accountable knowledgeable oversight3
A word about training…

Board should receive training on the compliance program and their responsibilities

Board should be knowledgeable about the training employees are receiving

Only 44 percent of companies surveyed in the 2010 ACC Survey train their Board

Accountable, Knowledgeable Oversight
slide45

Training

Local anti-corruption training and messaging at appropriate levels

Risk based approach in training content and frequency requirements

Accounting/Audit

Anti-corruption risk assessments performed on an annual basis

Incorporate anti-corruption audits as part of corporate internal audit

Systems

Automated risk assessment tools that assist in the identification and evaluation of significant anti-corruption risks

Track high risk payments and entertainment expenses for government employees

Government contracts can be segregated, identified and tracked

Use of technology to prevent and detect questionable payments

Anti-Corruption Compliance—Leading Practices

slide46

Compliance Environment

Strong and regular message from leadership emphasizing the importance of compliance and zero tolerance policy

Compliance officer charged with responsibility and supported by adequate resources

Anti-corruption and FCPA guidelines built into ethics framework

Legal

Centralization of legal approval of agents and standard anticorruption provisions

Risk based approach in due diligence guidelines

Supply chain management/tracking/verification

Anti-Corruption Compliance—Leading Practices

slide47

Benchmarking and Certification

  • Certifications
        • Program (Ethics Inside Certification, Compliance Leader Verification)
        • Specific areas (Anti-Corruption Program Verification)
  • Benchmarking
        • Best practices
        • Industry peers
        • Regulatory specific requirements
implementation the road map
Key program elements

Risk assessment

Program governance

Written standards

Communications and training

Monitoring/auditing

Are there special considerations for global programs?

Implementation: The Road Map
implementation risk assessments
Tone/culture

How might cultural differences affect your program?

Anti-corruption

What are your risks with respect to FCPA, UK Bribery and other anti-corruption prohibitions?

Privacy/data protection

Will you be transferring data across jurisdictions? Customer data? Employee data?

Export controls

Will you be exporting items or information that require a license? What about “deemed” exports?

Implementation: Risk Assessments
implementation program governance
Assigning responsibility for compliance

Compliance officer charged with responsibility and supported by adequate resources

Legal

Centralization of legal approval of agents

Standard anti-corruption provisions for agreements

Risk-based approach in due diligence guidelines

Implementation: Program Governance
implementation written standards
Is your policy (or Code) consistent with local law? Culture?

Do you need translations?

Have you checked for idioms?

Isyour policy too centered around U.S. law?

Do you need to clear the policy with a works council or similar organization? Are there any reasons why employees won’t sign a certification?

Implementation: Written Standards
implementation written standards1
Communication

Culture of compliance – tone at the top

Strong and regular messages from leadership emphasizing the importance of ethics and compliance

Distance matters – frequent communication is important

Training

Consider language and culture issues

Local training on local issues

Local anti-corruption training and messaging at appropriate levels

Risk-based approach to training content and frequency

Implementation: Written Standards
implementation monitoring auditing
System for reporting violations – helpline

But consider data-privacy and cultural concerns

Investigation of reported violations

Discipline for misconduct

Monitoring

Look for anti-corruption red flags

Automated tools can assist in the identification and evaluation of significant risks including fraud, sanctions/watchlists, anti-corruption

Internal accounting, audits and controls systems

Incorporate anti-corruption audits as part of annual corporate internal audit

Track high-risk payments and entertainment expenses for government employees

Implementation: Monitoring/Auditing
implementation other program elements
Documentation

Due diligence

Agreements

Contacts

Periodic certifications from employees, agents and vendors

Budget

Corporate

Business units

Projects

Implementation: Other Program Elements