3. 1. Siemens (Germany): $800 million in 2008.
2. Alstom (France): $772 million in 2014.
3. KBR / Halliburton (USA): $579 million in 2009.
4. BAE (UK): $400 million in 2010.
5. Total SA (France) $398 million in 2013.
6. VimpelCom (Holland) $397.6 million in 2016.
7. Alcoa (U.S.) $384 million in 2014.
8. Snamprogetti Netherlands B.V. / ENI S.p.A (Holland/Italy): $365 million in
2010.
9. Technip SA (France): $338 million in 2010.
10. JGC Corporation (Japan) $218.8 million in 2011
3
FCPA Blog - Top ten FCPA enforcement actions of all time
Source: FCPA Blog – www.fcpablog.com
4. Increasing Complexity of Compliance
4
EY Asia Pacific Fraud
Survey 2015
8 out of 10 respondents
say they would be
unwilling to work for
companies involved in
bribery and corruption.
5. The Statistics
5
AlixPartners Annual
Global Anti-Corruption
Survey, 2014
Respondents said the biggest obstacles to
their companies' anti-corruption efforts
and ability to mitigate risk areas were:
• staffing constraints (65 percent);
• variations in local country regulations
(65 percent);
• pressure to deliver operating results
(58 percent).
In another survey, fewer than half
(43 percent) of respondents said
they regularly conduct due
diligence on third-party agents.
6. Perceptions – Europe v. USA
6
AlixPartners Annual
Global Anti-Corruption
Survey, 2014
One in five respondents at European companies said their industries
are exposed to significant corruption risk, compared with 40 percent of
respondents from U.S. companies.
Twenty-nine percent of European respondents performed due
diligence on prospective employment candidates on a regular basis,
compared with 63 percent of U.S. respondents, according to the
survey.
Only 2 of the top 10 on the FCPA Blog list were US Companies.
7. 7
Trends In The Use Of Third Parties
Internal Auditors
Research Foundation,
Crowe Horwath LLP
8. 8
Trends In The Use Of Third Parties
Internal Auditors
Research Foundation,
Crowe Horwath LLP
11. • On January 8, 2016, the UK Serious Fraud Office (SFO) announced that UK-based
printing company Smith & Ouzman was ordered to pay a total of £2.2 million
(consisting of a £1.3 million fine and £880,000 in forfeiture) in connection with bribes
paid to public officials in Kenya and Mauritania to win business contracts.
• Smith & Ouzman made news when, in December 2014, it became the first company
ever convicted under POCA. The company’s chairman and sales and marketing
manager were also convicted at that time.
• Under POCA, for a company to be charged, it must be shown that those
responsible had the “directing will and mind” of the company, which in the case
of family-run business Smith & Ouzman may have been less difficult to establish than
with a large organization.
• The threshold is much lower under section 7 of the Bribery Act 2010, which is a strict
liability offense prohibiting failure to prevent bribery.
11
Printing Company Fined for violation of
UK’s Prevention of Corruption Act 1906 (POCA)
Source: Morrison & Foerster LLP
12. The UK's Financial Conduct Authority (FCA) fined Besso Limited £315,000 for its
failure to take reasonable care to establish and maintain effective systems designed
to prevent and detect bribery and corruption risks.
The company, a general insurance broker, maintained weak controls that "gave rise
to an unacceptable risk that payments made by Besso to third parties could be used
for corrupt practices, including paying bribes to persons connected with the insured
or public officials," the FCA said in its published findings.
Besso issued a statement to clarify that the FCA "has not said that Besso permitted
any illicit payments or inducement to any such third party," the Financial Times
reported.
FCA Final Notice 2014: Besso Limited, 17 March 2014
12
Failure to Take Reasonable Care – Besso
13. Besso's breaches occurred between 2005 and 2011. They included the
following:
The company had limited bribery and corruption policies and
procedures in place until written ones were created in November
2009.
The 2009 policies weren't adequate in their content or
implementation.
Besso failed to conduct adequate risk assessments of third parties
before entering into business relationships with them.
FCA Final Notice 2014: Besso Limited, 17 March 2014
13
Failure to Take Reasonable Care – Besso
14. Besso's breaches occurred between 2005 and 2011. They included the
following:
It didn't carry out adequate due diligence of third parties to
evaluate the risks involved in doing business with them.
It failed to establish and record an adequate commercial rationale
to support payments to third parties.
It didn't maintain adequate records of the anti-bribery and
corruption measures taken on its third-party account files.
FCA Final Notice 2014: Besso Limited, 17 March 2014
14
Failure to Take Reasonable Care – Besso
15. Fined a record £7m fine by the Financial Services Authority (FSA)for failing to
put in place robust anti-bribery systems, after an investigation unearthed
suspicious payments in Russia and Egypt.
For failing sufficiently to monitor £27m of payments to overseas third parties
who had helped the company win new business.
The FSA said that Willis failed to take appropriate steps to ensure that payments
were not being used for corrupt purposes, despite repeated warnings about
potential corruption in the industry.
www.theguardian.com, 21 July 2011
15
Failure to Take Reasonable Care
Insurance broker Willis fined £7m by FSA (2011)
16. The U.K.'s Financial Services Authority said that it has fined Aon Ltd £5.25
million for failing to recognise and control the risks of overseas payments being
used as bribes.
The regulator concluded that Aon had failed to properly assess the risks involved
in its dealings with overseas firms and individuals (third parties) who helped it
win business and failed to implement effective controls to mitigate those risks.
www.theguardian.com, 8 January 2009
16
Failure to Take Reasonable Care - AON
17. • In mid-January 2016, the CEO and the Finance Director of a New York-based non-profit
organization both pleaded guilty to bribing John Ashe, a former United Nations General
Assembly President.
• Sheri Yan and Heidi Hong Piao were charged in October 2015 as part of a larger group of
defendants that included Ashe. According to the complaint, Yan and Piao arranged for over
$800,000 of payments to Ashe in exchange for official favors by Ashe and other Antiguan
officials for various Chinese businessmen.
• In court, Yan stated that she and others had paid Ashe “with the intent of influencing him
in his official capacity” to promote business ventures from which they intended to profit.
• Piao pleaded guilty to conspiracy, bribery, money laundering, and failure to report
foreign financial accounts and agreed to cooperate with law enforcement in the ongoing
investigation. Yan pleaded guilty to one count of bribery.
17
First Guilty Plea in United Nations Bribery Case – the
legislation that keeps on giving!
Source: Morrison & Foerster LLP
18. Tullow Oil declared force majeure on its offshore exploration block in Guinea following the
disclosure that its partner, U.S.-based Hyperdynamics Corporation, is under investigation by
the DOJ and SEC for possible violations of the Foreign Corrupt Practices Act.
The investigation is focused on whether its "activities in obtaining and retaining the
Concession rights and [its] relationships with charitable organizations potentially violate the
FCPA and anti-money laundering statutes," Hyperdynamics said.
Charitable contributions can violate the FCPA if they benefit foreign officials personally
and are intended to obtain or retain business or gain an unfair advantage.
Tullow Oil had been planning to start drilling off Guinea together with its partners in the
second quarter of 2014, “Tullow has decided that it cannot proceed with activities on the
[exploration] license until these issues are resolved.’’
Petro Global News, 13 March 2014
18
UK Oil Firm Declares "Corruption Force Majeure" in
Guinea Because of FCPA Probe
19. A new survey of general counsels and compliance officers found that 30% of
companies in North America, Europe, and Asia stopped doing business with a
partner because of corruption risks.
19
30% of companies stopped doing business with a
partner because of corruption risks.
AlixPartners Annual
Global Anti-Corruption
Survey, 2014
21. The Adequate Procedures Guidance to the UK Bribery Act provides that “general
training could be mandatory for new employees or for agents (on a weighted
risk basis) as part of an induction process” and adds that “it may be
appropriate to require associated persons to undergo training. This will be
particularly relevant for high-risk associated persons.
In any event, organisations may wish to encourage associated persons to
adopt bribery prevention training”. An “associated person” is defined as an
individual or entity that “perform services for or on behalf” of an organization.
21
Adequate Procedures Guidance to the UK Bribery
Act
World Economic Forum, Partnering Against Corruption Initiative (PACI)
22. The US Federal Sentencing Guidelines for Organizations, which apply to criminal
violations of federal statutes such as the US Foreign Corrupt Practices Act,
mandate that an organization “shall take reasonable steps to communicate
periodically and in a practical manner its standards and procedures, and other
aspects of the compliance and ethics program, to [“members of the governing
authority, high-level personnel, substantial authority personnel, the
organization’s employees, and, as appropriate, the organization’s agents”] by
conducting effective training programs and otherwise disseminating
information appropriate to such individuals’ respective roles and
responsibilities”.
22
US Federal Sentencing Guidelines
World Economic Forum Partnering Against Corruption Initiative (PACI)
29. 1. Communicate with your third parties
2. Perform a compliance audit/due diligence
review
3. Review your standard contract terms
4. Manage policy dissemination and
attestation
5. Provide or source appropriate training
6. Benchmark your program and review
regularly
29
6 Steps for An Effective Third
Party Compliance Program
30. Four things third parties should know about due diligence:
1. We are not questioning your integrity
2. We know this is a burden on you
3. Resisting slows things down and may make it seem like you have something
to hide
4. There is a business advantage to handling compliance well
Alexandra Wrage - Trace International
www.corpcounsel.com, 7 March 2014
30
Step 1 - Communicate With Your Third Parties
31. • Classify and assess your third party relationships. Develop risk rankings.
• Collect and regularly review data. Some data can be collected when on-
boarding a new 3rd party others might come from regular reviews of watch
lists, news stories and PEP screening.
• Evaluate 3rd party’s management’s understanding of compliance with
regulations or policies.
• Evaluate 3rd party compliance activities such as policy management and staff
training effectiveness.
• Confirm that contract terms and service-level agreements are being met.
• Identify and communicate process improvements for 3rd party interactions.
31
Step 2 -Compliance Audit / Due Diligence Review
32. Contractor represents and warrants that, in connection with this Agreement or
the business resulting therefrom:
(a) It is knowledgeable about Anti-Bribery Laws applicable to the performance
of this Agreement and will comply with all such laws; and
(b) Neither is nor a Related Party have made, offered or authorised or will make,
offer or authorise any payment, gift promise or other advantage, including a
facilitation payment.
Contractor will impose the requirements in this Clause XX on any subcontractor,
or other Party from which Goods or Services are procured in connection with
the Agreement.
32
Step 3 - Contract Clauses
33. Company may terminate this Agreement immediately by written notice to
Contractor, if Contractor or any of its Related Parties performing work in connection
with this Agreement:
(a) No longer meet the requirements of the Company's HSE systems or Contractor
fails to observe Company's provisional accreditation requirements where
Contractor has previously been wholly or provisionally accredited by Company
under the Company's HSE systems;
(b) Commits any or causes Company or any Related Parties to be in breach of
applicable Anti-Bribery Laws;
(c) Commits any or causes Company or any Related Parties to be in breach of
applicable competition laws;
(d) Commits any or causes Company or any Related Parties to be in breach of
applicable Trade Control Laws;
(e) Commits a material breach of applicable laws not mentioned in paragraphs (a),
(b), (c) and (d)
33
Step 3 - Contract Clauses – Not just Bribery &
Corruption
34. Corporate policies are no longer just a ‘nice to have’ culture shaping tool for
large businesses. With the introduction of increasingly strict legislation and the
attentions of industry watchdogs focusing in on compliance, policies and policy
management are now essential for all organisations.
Organisations that make a concerted effort to take policy management seriously
will over time be able to audit the real value of their efforts. This will be both in
terms of a discernible reduction in the risk exposure of the organisations and in
the resources that need to be allocated to manage policies.
34
Step 4 - Policy Management – Take Control
35. 1) Establishing policy requirements: Researching relevant law,
regulatory requirements, guidelines and best practice. Identifying the
business’s requirements.
2) Drafting policy: Creating legally-sound statements in plain English.
3) Policy deployment: Distributing policies rapidly and reliably around
the organisation.
4) Testing understanding & affirming acceptance: Ensuring employees
understand policy and agree to abide by it.
5) Auditing policy penetration: Auditing policy and providing
management reports on compliance status
35
Step 4 - Policy Management – Achieve
Compliance
36. • Must be able to provide
documentary evidence that policies
and procedures are in place and are
adhered to.
• Used as an effective compliance
communications tool.
• Provides essential information to
Senior Management and Auditors
that statutory compliance
obligations are accurately
communicated and understood.
• Can clearly see not only who has
accepted but who has truly
understood, then request a retest
where a satisfactory result was not
delivered. 36
Policy Case Study - Allianz
37. Keep reasonable demands on
employees’ time. Compliance
training requirements are high
and continue to rise.
Manage employees’ perception of
compliance training. Staff are
likely to view mandatory training
on the same content year in, year
out as a box-ticking exercise that
doesn’t take into account their
knowledge and experience.
37
Step 5 - Compliance Training
38. 38
Step 5 - Compliance Training
Update courses to stay consistent with latest regulations. Regulations are
changing all the time. This makes it harder to deliver high-quality courses
at a reasonable cost.
Identify problematic areas and pro-actively mitigate risks. Most
organisations lack tools that would allow them to capture and turn
relevant learning data into useful information.
Demonstrate compliance to regulators and shareholders. Given recent
compliance issues in several industries, the relevant stakeholders continue
raising their expectations on compliance training programs.
39. Module Allocation Our courses are modular. They are broken down into 20-minute
components, each containing a series of clear learning outcomes.
Employees are assigned modules of a course based on a risk profile of their
job role. The lower the risk, the less training they should need to do.
Adaptive Learning Adaptive learning is perfect for organisations that need to complete annual
certification for all staff. Employees are assessed on their current
knowledge and then only trained on where they have gaps in that
knowledge. This reduces training time and minimises pushback from
employees.
By determining from the outset which areas learners already possess
competence in, adaptive learning focuses solely on key areas for
improvement.
39
Step 5 - Compliance Training
40. 40
Step 6 - Benchmarking
Reactive
• Ad hoc response to events
• High insurance costs
• Non-existent or expensive reporting structure
• No review of systems or outcomes
• Risk of reputational damage or fines
Active
• Compliance is a developing priority
• Document hierarchy is designed
• Key staff responsibilities are outlined
• Systems are in place for regulatory obligations
• Training is developed
Proactive
• A culture of compliance is encouraged
• Automatic reporting and proactive reviews
occur
• Clear processes and expectations are in place
• Compliance is a partner to new business
ventures
• Compliance/risk executives are assigned overt
accountability
41. 41
Step 6 - Benchmarking
‘How frequently do you train your
third parties on anti bribery and
corruption?’
2015 Anti-Bribery and Corruption
Benchmarking Report,
Kroll/Compliance Week
42. 42
Benchmarking - Third-Party Risk Management
Capability Maturity Model
Internal Auditors
Research Foundation,
Crowe Horwath LLP
43. This may all seem like a huge burden on you, your organisation, your
suppliers, clients and other partners.
The alternative may well be huge fines, ongoing regulatory headaches,
legal fees, the costs of management time, and a hugely detrimental effect
on your firm’s reputation and staff morale.
Your company may be banned from certain markets or from bidding for
certain types of work. Worst case scenario, you are put out of business.
Companies “are not taking advantage of the solutions that are out there to the
extent that they probably could, and frankly should be expected to, based on
potential regulatory scrutiny.” Robert Huff, Managing Director, Kroll
43
Final Thoughts
44. This presentation material is intended to provide a summary of the subject matter covered for training
purposes only. It does not purport to be comprehensive or to render legal advice. No reader should act on
the basis of any matter contained in this presentation without first obtaining specific professional advice.
Sam Gibbins
General Manager, Asia
sam.gibbins@grcsolutions.com.sg
Julian Fenwick
Managing Director
julian.fenwick@grcsolutions.com.au