1
|
Anti-Corruption Compliance Program Benchmarking Survey
Anti-Corruption Compliance Program Benchmarking Survey
2
|
Anti-Corruption Compliance Program Benchmarking Survey
3
|
Anti-Corruption Compliance Program Benchmarking Survey
Introduction by Kaplan & Walker LLP Over the years, the FCPA Blog has been an indispensable resource for Anti-Corruption related information and ideas. We are delighted and honored to have had this opportunity to partner with Dick Cassin and his colleagues at the Blog (and their new partners at Ethics360) on this benchmarking survey, which we hope will be viewed as part of that tradition. We have been providing compliance program related legal services to organizations since the 1990’s and during that time have frequently seen the important role that benchmarking can play in helping companies and their advisors develop, improve and assess compliance programs generally. The case for Anti-Corruption compliance program benchmarking in particular is, we believe, especially strong. This is due in part to the increasingly grave consequences of sub-optimal performance in this area and also to the high degree of operational complexity for Anti-Corruption compliance programs. As much as any other area of law, the devil is in the details when it comes to ensuring compliance program effectiveness here. In drafting this survey, we drew upon various Anti-Corruption related best practices of organizations with which we are familiar. Of course, we do not suggest that any particular compliance tool or approach necessarily makes sense for all organizations. Like any compliance area, Anti-Corruption efforts require mechanisms that are riskbased and otherwise well-tailored to an organization’s particular needs. However, we hope that having the data contained in this report will allow companies to address the challenge of ensuring compliance efficacy in an informed way, based in part, and as appropriate, on the experience of others.
Kaplan & Walker LLP
4
|
Anti-Corruption Compliance Program Benchmarking Survey
Introduction by Richard L. Cassin The Anti-Corruption Compliance Program Benchmarks Survey was the creation of Jeff Kaplan and Rebecca Walker. I had the pleasure to help get the word out about it through the FCPA Blog. The response from the global compliance community was enthusiastic. That’s partly because Jeff and Rebecca wrote the Survey to be, among other things, an inventory of compliance best practices. Just taking the Survey could help a company diagnose its compliance condition and find ways to make it better. The positive response was also due to the growing worldwide interest in compliance. That phenomenon prompted me to ask on the FCPA Blog not long ago if ours will be the time when international public corruption is finally tossed into the trashcan of history? There are plenty of reasons to think so. Only five years ago, even thoughtful people believed overseas bribery was a victimless crime -- a harmless agreement between two consenting adults. Happily, that idea is largely gone, replaced by awareness, still growing, that graft’s victims can be counted in the billions. What changed attitudes? Not one thing but many. Respected NGOs are now speaking for the victims. The stories aren’t pleasant (think ‘Blood Diamond’) but the links between graft and human rights abuses are now in plain sight. Though the damage from corruption can be seen and felt, it’s hard to measure, putting it in the realm of ‘soft’ science. Still, some brave academics have taken up the cause of compliance. The U.N. and OECD are promoting the links between compliance, ethics, and human rights. It’s one of the most important new trends of corporate citizenship. And ordinary people have more power to fight corruption than at any time in history. There’s easy access to online public and private hotlines. Cell phones record ‘secret’ shakedowns in the tax office, snap photos of cash-grabbing clerks, and capture videos of corrupt cops and judges that might appear on YouTube an hour later. Through Facebook, victims find each other and lock arms. And with Twitter, a hundred thousand people can be in the streets by noon to march against sleaze. No wonder the interest in compliance is spreading well beyond the United States. The U.K. is now on the front lines, Canada has joined the fight, the G-7 has more attention on enforcement than ever, and the OECD is pushing all of its members to get on board. Sure, there’s lots of work ahead. But these really are hopeful times. Part of that hope is based on the work of people like Jeff Kaplan and Rebecca Walker. And of all those who completed the Anti-Corruption Compliance Program Benchmarks Survey. Their thoughtful responses made this landmark Report possible. Richard L. Cassin The FCPA Blog
5
|
Anti-Corruption Compliance Program Benchmarking Survey
Content 06
Selected Highlights Of The Survey
07
Introduction And Demographic Information
08
Risk Assessment
11
Policies And Procedures
11
Overall approach to Anti-Corruption policy
12
Specific requirements concerning providing items of value to government officials
12
14
Travel
16
Charitable contributions and community support payments
18
Facilitating payments
20
Personal safety payments
21
Requirements concerning retaining and using third-party intermediaries
21
Due diligence requirements in engaging tpis
23
General TPL agreements/certifications regarding Anti-Corruption laws
24
Specific TPL compliance program requirements: training, auditing and monitoring
26
Requirements concerning mergers, acquisitions and joint ventures
29
Program Governance And Management
33
Training And Communications
33
Web-based training
35
In-person training
36
Role-based training
36
Training best practices
37
Other communications
38
Compliance Checking
38
Auditing
39
Self-assessments
41
Incentives
42
Program Documentation
43
Authority And Independence
43
Other Best Practices
45
Appendix – Demographic Information Regarding Respondents
Gifts and entertainment
6
|
Anti-Corruption Compliance Program Benchmarking Survey
Selected Highlights of the Survey •
One third of respondents utilize a stand-alone, documented risk assessment process dedicated solely or largely to Anti-Corruption risk.
•
Nearly three quarters have a stand-alone Anti-Corruption manual or other policy document (separate from an Anti-Corruption provision of the Code of Conduct).
•
One third require that employees seek approval of the Compliance function or someone else other than their manager (e.g., the legal department) prior to providing gifts or entertainment to government officials in all instances.
•
Forty-six percent require the Compliance function or another independent function to approve the retention of some third- party intermediaries (“TPIs”); 29% do so for all TPIs.
•
Forty-three percent require some TPIs to certify periodically that they are in compliance with Anti-Corruption laws; 27% do so for all TPIs.
•
Thirty-eight percent require compliance training of some or all TPIs.
•
More than half have formal standards for monitoring compliance by TPIs (such as requirements that, on an ongoing basis, business personnel review TPIs’ invoices to ensure that they do not suggest violations of Anti-Corruption laws).
•
About two thirds of respondents have formal Anti-Corruption compliance integration procedures of acquisitions and JVs.
•
Only 4% have not designated a senior company official to oversee the Anti-Corruption compliance program.
•
At close to two thirds of the companies, the board of directors or a board committee periodically receives reports about the Anti-Corruption compliance program.
•
Only 10% of respondents believe their organization has been very successful in tailoring Anti-Corruption training to the various roles played by employees of their organizations.
•
Nearly half have had a discussion of their Anti-Corruption compliance program in a company newsletter.
•
Three out of every eight companies conduct stand-alone Anti-Corruption audits.
•
13% of respondents use compliance criteria in performance evaluations, some of which is specific to Anti-Corruption.
•
At more than three fifths of companies, the Chief Compliance Officer reports directly to the board or a board committee about the Anti-Corruption compliance program.
•
One third of respondents have a written charter (or charter-type document) specifically for their Anti-Corruption compliance program.
7
|
Anti-Corruption Compliance Program Benchmarking Survey
Introduction and Demographic Information From early May until mid-July 2011 Kaplan & Walker LLP and the FCPA Blog, which is edited by Richard L. Cassin of Cassin Law LLC, hosted a benchmarking survey on Anti-Corruption compliance programs. This report is based on the results of that survey. Given the sensitivity of some of the topics being surveyed (such as board of directors oversight of and senior management support for Anti-Corruption compliance programs) the authors decided to conduct the survey anonymously. Ninety-five complete responses were received, and an additional eight partially-completed responses were used in compiling this report.1 Manufacturing and technology sectors were the most heavily represented among the respondents, and there was also a relatively high degree of representation from the energy, pharma, aerospace and financial services areas. Table A in the Appendix provides a complete breakdown of survey participants by sector. Respondents also tended to be larger companies – both by revenue and number of employees, and a clear majority were publicly traded. See Tables B-D in the Appendix for further information about these demographic dimensions. Not surprisingly given the survey topic, many respondents are organizations that operate on a global basis. See Table E for further detail on this. For the most part data was sought in the form of multiple choice questions. However, respondents were given the opportunity to provide text answers, too (both where they selected “other” to a multiple choice question and where the survey solicited information about “best practices.”)2
This was out of nearly 30 partially-completed responses received. We were unable to include the remaining 22 partially-completed responses because we were unable to verify to a reasonable degree the accuracy of the data therein.
1
The survey did not define best practices, and the inclusion of responses to best practice questions does not signify that the survey authors necessarily would consider the practices described as being best practices. Rather, text answers were included in this report where the authors felt that they would be of interest to readers of the report.
2
8
|
Anti-Corruption Compliance Program Benchmarking Survey
Risk Assessment Risk assessment plays an important role in any effective compliance program, and this is particularly the case regarding Anti-Corruption compliance programs, as reflected in official Anti-Corruption compliance standards. Perhaps most significantly, under the Recommendation of the Council for Further Combating Bribery of Foreign Public Officials in International Business Transactions, published in 2009/2010 by the Working Group on Bribery in International Business Transactions of the Organisation of Economic Cooperation and Development (“OECD Anti-Bribery Guidance”), risk assessment is seen as a foundational component to effective Anti-Corruption compliance.3 The same can be said of the Guidance about Procedures which Relevant Commercial Organisations can Put into Place to Prevent Persons Associated with Them from Bribing (section 9 of the Bribery Act 2010), published in 2011 by the United Kingdom’s Ministry of Justice (“UK Anti-Bribery Guidance”).4 Risk assessment is clearly important, too, to the United States Department of Justice and the Securities and Exchange Commission, as evidenced by cases brought under the Foreign Corrupt Practices Act (“FCPA”). One sees an emphasis on risk assessment both in aspects of FCPA enforcement decisions identifying defendants’ internal controls and in model AntiCorruption compliance program requirements that defendants agree to implement.5 (Both types of enforcement proceedings are referred to collectively herein as “FCPA Compliance Cases.”) Most respondent companies not only conduct some form of Anti-Corruption risk assessment, but do so in a formal, documented way. However, there is a fairly even spread among companies as to the extent to which the Anti-Corruption risk assessment effort is a stand-alone process or part of a larger process, i.e., a broader compliance risk assessment or an even broader “ERM” one.
“Effective internal controls, ethics, and compliance programmes or measures for preventing and detecting foreign bribery should be developed on the basis of a risk assessment addressing the individual circumstances of a company, in particular the foreign bribery risks facing the company (such as its geographical and industrial sector of operation). Such circumstances and risks should be regularly monitored, re-assessed, and adapted as necessary to ensure the continued effectiveness of the company’s internal controls, ethics, and compliance programme or measures.”
3
Principle 3, Risk Assessment: “The commercial organisation assesses the nature and extent of its exposure to potential external and internal risks of bribery on its behalf by persons associated with it. The assessment is periodic, informed and documented.”
4
5
E.g., SEC v. Alcatel-Lucent, S.A. (S.D. Fla. Dec. 27, 2010), available at http://www.sec.gov/litigation/complaints/2010/comp21795.pdf.
9
|
Anti-Corruption Compliance Program Benchmarking Survey
Which of the following best describes Anti-Corruption risk assessment at your company?
3.9%
My company does not conduct an Anti-Corruption risk assessment
11.8%
2% Other
A largely informal, undocumented process
33.3%
A stand-alone, documented process dedicated solely or largely to Anti-Corruption risk
26.5%
Part of a documented, enterprise-wide process focusing on risks of all kinds – meaning not only compliance risks, but others encompassed within an “ERM” framework
22.5%
Part of a documented process focusing on compliance risks of all kinds
Comments of note about risk assessment included the following: Fewer than 4% of respondents do not conduct any type of Anti-Corruption risk assessment, and fewer than 12% have a largely informal, undocumented Anti-Corruption risk assessment process.
•
A combination of internal and external assessments.
•
No formal risk assessment has been performed; however, during an FCPA investigation [a] significant amount of information was gathered and used in the same manner as if a risk assessment had [been] conducted.
•
Global and focused risk assessment in each of the big ticket compliance areas, i.e., AntiTrust, Anti-Bribery.
•
On an annual basis, we distribute a self-assessment for our locations around the world to complete. The self-assessment includes information such as % of sales to government entities, third party sales agents, training, etc. The information is then included in the risk assessment and scored to identify the higher risk locations who then receive an on-site review of transactions the following fiscal year.
10 |
Anti-Corruption Compliance Program Benchmarking Survey
Not only should risks be assessed, but the assessment results should be put to use with respect to various compliance program elements. The survey revealed the following regarding such uses:
The results of the risk assessment are •
Used in determining aspects of Anti-Corruption training and communication 80.8%
•
Used in determining audit priorities and/or approaches 78.8%
•
Used to draft or revise Anti-Corruption policies and procedures 78.8%
•
Reported to the Board 67.7%
•
Don’t know 4%
•
Other 2%
80.8% 78.8% 78.8% 67.7% 4% 2%
“Other” uses of risk assessment were “to determine monitoring” and “to vet customers and suppliers.”
11 |
Anti-Corruption Compliance Program Benchmarking Survey
Policies and Procedures Anti-Corruption policies and procedures play a central role in Anti-Corruption compliance programs. They are addressed in a variety of ways in the OECD Anti-Bribery Guidance6 and UK Anti-Bribery Guidance,7 and the US Department of Justice has also emphasized their importance in a key guidance in this area.8 Indeed, Anti-Corruption policies and procedures are affirmatively required by the internal controls provisions of the FCPA and other AntiCorruption laws. Given the central role they play in Anti-Corruption compliance programs, the survey asked a number of questions about Anti-Corruption policies and procedures.
Overall approach to Anti-Corruption policy A clear majority of companies have a stand-alone Anti-Corruption policy in addition to an AntiCorruption related provision in the code of conduct, and nearly half distribute a version of the policy to third party intermediaries:
Which of the following describes your Company’s approach regarding written Anti-Corruption policies? •
The Code of Conduct includes a provision on the Company’s Anti-Corruption policy 82.4%
•
There is a stand-alone Anti-Corruption manual or other separate policy document (i.e., separate from the Code of Conduct) 74.5%
•
There is a written policy that has been prepared for and is disseminated to our third party intermediaries and/or other third parties 46.1%
•
We do not have a written Anti-Corruption policy 2.0% 82.4% 74.5% 46.1% 2.0%
Additionally, two respondents indicated that they are in the process of drafting stand-alone policies and another noted that his/her organization has local Anti-Corruption standard operating procedures for each market.
The second item of the OECD Anti-Bribery Guidance provides that companies should have “a clearly articulated and visible corporate policy prohibiting foreign bribery.” The fifth item provides that companies should have “ethics and compliance programmes or measures designed to prevent and detect foreign bribery, applicable to all directors, officers, and employees, and applicable to all entities over which a company has effective control, including subsidiaries, on, inter alia, the following areas: i) gifts; ii) hospitality, entertainment and expenses; iii) customer travel; iv) political contributions; v) charitable donations and sponsorships; vi) facilitation payments; and vii) solicitation and extortion.”
6
Principle 1 Proportionate Procedures: “A commercial organisation’s procedures to prevent bribery by persons associated with it [should be] proportionate to the bribery risks it faces and to the nature, scale and complexity of the commercial organisation’s activities. They are also clear, practical, accessible, effectively implemented and enforced.”
7
U.S. Department of Justice Opinion Procedure Release 04-02 (July 12, 2004) (the ‘‘Opinion Procedure Release’’) speaks to the need for a “clearly articulated corporate policy against violations of the FCPA and foreign anti-bribery laws and the establishment of compliance standards and procedures to be followed by all directors, officers, employees, and all business partners, …that are reasonably capable of reducing the prospect that the FCPA or any applicable foreign Anti-Corruption law or [the company’s] Compliance Code will be violated.”
8
12 |
Anti-Corruption Compliance Program Benchmarking Survey
Specific requirements concerning providing items of value to government officials Given the thrust of Anti-Corruption laws, policies and procedures regarding providing things of value to government officials are central to effective Anti-Corruption compliance. Such policies and procedures typically address the issues noted immediately below,9 with a key consideration being the extent of approval requirements for sensitive transactions.
Gifts and entertainment Which of the following best describes your company’s approach to gifts and entertainment? •
Employees must seek approval of the Compliance function or someone else other than their manager (e.g., the legal department) prior to providing gifts or entertainment to government officials in all instances 33.3%
•
Employees must seek approval of the Compliance function or someone else other than their manager (e.g., the legal department) prior to providing gifts or entertainment to government officials in certain instances 24.5%
•
Employees must comply with the Company’s standards governing providing gifts and entertainment to government officials, but need not seek prior approval from management or the Compliance function 20.6%
•
Employees must seek approval of their manager prior to providing gifts or entertainment to government officials in certain instances 9.8%
•
Employees must seek approval of their manager prior to providing gifts or entertainment to government officials in all instances 7.8%
•
Other 3.9%
•
Don’t know 1%
33.3% 24.5% 20.6% 9.8% 7.8% 3.9% 1.0%
9
These topics also largely track those in Item 5 of the OECD Anti-Bribery Guidance, quoted above in footnote 6.
13 |
Anti-Corruption Compliance Program Benchmarking Survey
“Other” responses and comments included the following:
“We have set dollar thresholds by country as well as tiered approvals based on not only the dollar amount but the nature of the gift/ entertainment.
”
•
Employees in certain high risk countries require approval from management for expenditures over a specified limit. Employees in the remaining locations follow the standard gift and entertainment policy.
•
No gifts are provided to government officials in any circumstances.
•
Amount of gift/entertainment to be provided dictates what approvals are required. Gifts/entertainment over certain amounts triggers Compliance function approval, but management approval is always required.
•
We recently enacted a gifts and hospitalities procedure that requires prior written approval for giving gifts and hospitalities to government officials. Only nominal gifts (e.g. logoed pens, ball caps) or hospitalities (e.g. soft drinks, coffee) may be given to government officials without obtaining prior approval.
•
We have a dedicated international business services office that conducts compliance analysis for all hosting and hospitalities provided, come to legal for additional support as needed; legal “owns” the business rule; also have mandatory annual training for all engaged in international travel involving foreign officials or all who host foreign officials in US.
•
We have set dollar thresholds by country as well as tiered approvals based on not only the dollar amount but the nature of the gift/entertainment.
•
We set some thresholds. Each has different approval requirement.
•
Our company policy sets a dollar limit as well as a frequency limit. While the dollar limit is easily auditable the frequency limitation is very difficult to track and verify.
14 |
Anti-Corruption Compliance Program Benchmarking Survey
Travel Some FCPA cases have involved providing travel to government officials,10 and AntiCorruption policies and procedures generally address this issue. The majority of respondents (53.1%) indicated that their organizations require approval of the Compliance function or someone else other than a manager (e.g., the legal department) before offering to provide travel expenses to a government official in all instances.
Which of the following best describes your company’s approach to providing travel to government officials?
13.3%
Employees must comply with company standards regarding providing travel to government officials but need not seek prior approval
6.1% Other
5.1%
Employees must seek prior approval of their manager before offering to provide travel expenses to a government official in certain instances
7.1%
Employees must seek prior approval of their manager before offering to provide travel expenses to a government official in all instances
15.3% 53.1%
Employees must seek approval of the Compliance function or someone else other than their manager (e.g., the legal department) before offering to provide travel expenses to a government official in all instances
10
E.g., US v Ingersoll Rand Company Limited, DDC 1:07-cr-00294-RJL.
Employees must seek approval of the Compliance function or someone else other than their manager (e.g., the legal department) before offering to provide travel expenses to a government official in some instances
15 |
Anti-Corruption Compliance Program Benchmarking Survey
Most of the “other” responses were to the effect that this activity was barred under all circumstances. In addition, respondents noted: •
International travel must be pre-approved by a manager and there are strict limits as to how the travel support is to be provided (e.g., payable to vendors where possible, etc.).
•
Pre-approvals are based on different threshold amounts.
•
No gifts or entertainment may be given to any government official or employee without the prior consent of our General Counsel.
•
All travel for government related customers must be approved in advance by an attorney knowledgeable in FCPA.
•
Our policy does not allow for the payment of travel expenses for government officials with the rare exception that must be approved by Compliance. In all cases the travel expenses will be paid directly to the service provider and never reimbursed to the government official.
16 |
Anti-Corruption Compliance Program Benchmarking Survey
Charitable contributions and community support payments Contributions to charitable causes or payments in support of communities are less likely to serve corrupt purposes than are gifts, entertainment and travel, but they are not entirely without such risk.11 Organizations address the issue of charitable payments through a fairly wide range of relevant practices, but in this question, as in the prior question, the largest number of respondents (nearly 44%) indicated that employees must seek approval of the Compliance function or someone else other than their manager (e.g., the law department) in all instances of such payments.
Which of the following best describes your company’s approach to making charitable contributions and/or community support payments that could benefit government officials?
13.3% 6.1%
Employees must comply with company standards regarding charitable contributions and community support payments, but need not seek prior approvals
10.2%
Other
Employees must seek prior approvals of a manager in certain instances
9.2%
Employees must seek prior approvals of a manager in all instances
43.9%
Employees must seek approval of the Compliance Function or someone else other than their manager (e.g., the law department) in all instances
17.3%
Employees must seek approval of the Compliance function or someone else other than their manager (e.g., the law department) in some instances
11
See SEC v. Schering-Plough Corp., No. 04-0945 (D.D.C. 2004).
17 |
Anti-Corruption Compliance Program Benchmarking Survey
Several of the “other” responses were to the effect that charitable contributions are not made
“Local counsel is hired to assist with evaluating legitimacy, credibility of charity.
”
by the respondent organization. In addition, noteworthy comments to this question included: •
Local counsel is hired to assist with evaluating legitimacy, credibility of charity.
•
All charitable contributions must be approved by our parent company Chief Compliance Officer. No charitable contributions are allowed at the division level.
•
We are drafting a charitable contributions procedure which will require each business unit to develop an annual plan for giving. Each intended recipient named in the annual plan will be subject to Anti-Corruption due diligence. All variations from the approved annual plan will be required to be approved in advance and accompanied with a rationale for the deviation.
18 |
Anti-Corruption Compliance Program Benchmarking Survey
Facilitating Payments As might be expected, with the advent of Anti-Corruption laws that do not contain the exception for facilitating payments that the FCPA contains, a strong plurality of respondents (44.4%) indicated that such payments are prohibited in all circumstances. Several respondents also commented that, while their policies currently permit facilitation payments, they are now or soon will be revising their policies to prohibit such payments. The full range of responses to a question addressed to this area is as follows:
Which of the following best describes your company’s written policy with respect to providing facilitating payments to government officials?
9.1% Other
44.4%
We do not permit facilitating payments under any circumstances
39.4%
We permit facilitating payments under some specified circumstances, but require that they be pre-approved if practical to do so and be accurately recorded in the company’s books and records
7.1%
We permit facilitating payments under some specified circumstances, but require that they be accurately recorded in the company’s books and records
19 |
Anti-Corruption Compliance Program Benchmarking Survey
Comments and “other” answers to this question included the following: •
“We allow
We allow today only with prior approval by the compliance function, but we’ll be revising to strictly prohibit any such payments. Revisions will happen in next few months.
[facilitating payments today] today only with prior approval by the compliance function, but we’ll be revising to strictly prohibit any such payments.
”
•
Policy is currently silent so as to discourage such payments.
•
Mention the exception in FCPA, but require compliance with local law. Revising to explicitly state no facilitation payments.
•
We discourage facilitating payments but require that they meet FCPA allowances and are accurately recorded in books and records if made.
•
We are considering an update to this policy to explicitly disallow all facilitating payments (except where personal safety or emergency circumstances exist) in light of the U.K. Bribery Act.
•
Permit them, but require legal approval and have not yet granted approval.
•
Realistic policy in place regarding the making of facilitation payments only when required and below a nominal value. Any payments made must be recorded and reported to allow the company to gather information on where and why these payments are being made.
•
Reconsidering in light of UK Bribery Act (multiple responses).
•
We have a very limited exception from our general prohibition on facilitation payments in situations when an individual’s health or safety may be threatened.12
12
Note that personal safety payments are also addressed in the section immediately following this one.
20 |
Anti-Corruption Compliance Program Benchmarking Survey
Personal safety payments13 The possibility of being prosecuted for bribery based on a true personal safety payment is presumably remote. Still, such payments do have some potential for corruption-related abuse, and could give rise to record-keeping related risks as well. We therefore asked respondents about their approach to personal safety payments. Interestingly, just under half (48.2%) of respondents have a written policy regarding safety payments, although, as expected, nearly all respondents indicated that they permit safety payments as necessary.
Which of the following best describes your program’s approach to providing safety payments (where an employee’s personal health, safety or freedom is at risk) to government officials?
48.2% 37.6%
14.1% Other
We have a written policy that specifies that the Company permits necessary safety payments, but requires that they be accurately recorded in the company’s books and records
We do not have a written policy regarding safety payments, but we permit them as necessary
Several of the “other” comments indicated that the organizations would address personal safety payments through their facilitating payments policies, although given the movement away from permitting facilitating payments at some organizations, that may be a less useful approach than it was previously. Strictly speaking, personal safety payments are distinct from facilitating payments - but, as one of the responses to our question about the former reflects, the two are sometimes dealt with together.
13
21 |
Anti-Corruption Compliance Program Benchmarking Survey
Requirements concerning retaining and using thirdparty intermediaries Retaining and using third-party intermediaries (“TPIs”) has, of course, been an area of major Anti-Corruption related risk.14 For this reason, this area is also a major focus of all relevant Anti-Corruption compliance program standards,15 as well as of this survey.
Due Diligence Requirements in Engaging TPIs The first set of questions here concerned the due-diligence-related mechanics of retaining TPIs – both in terms of securing information about the TPI and seeking appropriate approval regarding their use:
TPIs must complete a due diligence questionnaire or similar document. This requirement applies with respect to: Table legend: Some TPIs All TPIs We don’t have this requirement Don’t know
44.3% 35.1% 16.5% 4.1%
The employee proposing to use the TPI must complete a due diligence questionnaire or similar document. This requirement applies with respect to:
41.5% 33.0% 21.3% 4.3%
14
E.g., US v. Siemens Aktiengesellschaft, No. 1:08-cr-00367-RJL (D.D.C. 2008).
For example, the OECD Anti-Bribery Guidance provides that companies should have “ethics and compliance programmes or measures designed to prevent and detect foreign bribery applicable, where appropriate and subject to contractual arrangements, to third parties such as agents and other intermediaries, consultants, representative distributors, contractors and suppliers, consortia, and joint venture partners (hereinafter “business partners”), including, inter alia, the following essential elements: i) properly documented risk-based due diligence pertaining to the hiring, as well as the appropriate and regular oversight of business partners; ii) informing business partners of the company’s commitment to abiding by laws on the prohibitions against foreign bribery, and of the company’s ethics and compliance programme or measures for preventing and detecting such bribery ; and iii) seeking a reciprocal commitment from business partners.”
15
22 |
Anti-Corruption Compliance Program Benchmarking Survey
The employee’s supervisor or other operations personnel must expressly approve the retention. This requirement applies with respect to:
35.8%
Table legend: Some TPIs All TPIs
48.4% 11.6% 4.2%
We don’t have this requirement Don’t know
The Compliance function or another independent function, such as the legal department, must approve the retention. This requirement applies with respect to:
46.4% 28.9% 20.6% 4.1%
23 |
Anti-Corruption Compliance Program Benchmarking Survey
General TPI agreements/certifications regarding Anti-Corruption laws The next set of questions concerned what might be called general16 Anti-Corruption-related agreements required of TPIs.
The TPI must contractually agree to abide by Anti-Corruption laws. This requirement applies with respect to:
30.9% 59.8%
Table legend:
5.2% 4.1%
Some TPIs All TPIs We don’t have this requirement
The TPI must agree to certify periodically that it is in compliance with Anti-Corruption laws. This requirement applies with respect to:
Don’t know 42.6% 27.7% 25.5% 4.3%
16
More specific compliance program undertakings are addressed in the section immediately following this one.
24 |
Anti-Corruption Compliance Program Benchmarking Survey
Specific TPI compliance program requirements: training, auditing and monitoring The next aspects of TPI-related policies and procedures in the survey concerned three key (and in this context, often challenging) compliance program components - training, auditing and monitoring.
The TPI must agree to provide Anti-Corruption training to personnel acting on behalf of your company. This requirement applies with respect to: Table legend: Some TPIs
25.0%
All TPIs
13.0%
We don’t have this requirement
57.6% 4.3%
Don’t know
The TPI must agree to submit to Anti-Corruption audits conducted by your company or a third party on your company’s behalf. This requirement applies to: 46.2% 29.0% 20.4% 4.3%
25 |
Anti-Corruption Compliance Program Benchmarking Survey
Actual audits of TPIs
48.2% 4.4%
47.8%
Don’t know
We have conducted Anti-Corruption audits of TPIs, but only in situations suggesting a need to do so (e.g., where there is an indication of possible misconduct)
We have never conducted Anti-Corruption audits of TPIs
3.3%
12.2%
We have conducted Anti-Corruption audits of TPIs on a risk-based or a random basis, but not where there is an indication of possible misconduct
We have conducted Anti-Corruption audits of TPIs on a risk-based or a random basis and also done so where there is an indication of possible misconduct
Twelve percent of respondents have conducted AntiCorruption audits of TPIs on a risk-based or a random basis and have also done so where there is an indication of possible misconduct.
We have formal standards for monitoring compliance by TPIs (such as requirements that on an ongoing basis business personnel review TPIs’ invoices to ensure that they do not suggest violations of AntiCorruption laws) •
Yes - for all TPIs 17.8%
•
Yes - for some TPIs 37.8%
•
No 37.8%
•
Other 2.2%
•
Don’t know 4.4%
17.8% 37.8% 37.8% 2.2% 4.4%
26 |
Anti-Corruption Compliance Program Benchmarking Survey
Worried about the compliance practices of your third-party intermediaries? Ethics 360 has complete solutions to put your company in a safe place and your mind at ease. For more information please visit www.ethics360.com
An example of TPI monitoring given by one respondent was: “Annual refresh of due diligence;
“We
use a riskbased approach to these assessments. The types of questions, level of review, need for external investigations and contractual terms all increase as the risk with the particular TPI rise.
”
annual performance review and continuing business justification by the business sponsor.” TPI compliance-related best practices identified by respondents included the following: •
TPIs must renew their TRACE memberships and submit new compliance certificates annually.
•
Global Distributor Assurance Program.
•
We use a risk-based approach to these assessments. The types of questions, level of review, need for external investigations and contractual terms all increase as the risks with the particular TPI rise.
Requirements concerning mergers, acquisitions and joint ventures Mergers, acquisitions and joint venture formation/investments have given rise to FCPA exposure in a number of circumstances.17 The survey sought information concerning compliance measures addressed to risks of this nature by asking “Which of the following are required by your program’s approach to mergers, acquisitions, and joint venture investments related to its Anti-Corruption policies, procedures and practices?”
Table legend:
The other party to the transaction must complete a due diligence questionnaire or similar document.
In some cases In all cases We don’t require this Don’t know
14.5% 59.0% 20.5% 6.0%
See Jacobson, Singer, Levy and Murray, Caveat Emptor: Why and How FCPA Due Diligence Should Be Conducted Prior to Mergers and Acquisitions, Corporate Counsel Review, May 2010.
17
27 |
Anti-Corruption Compliance Program Benchmarking Survey
We use a third party to conduct an integrity screening report. • In some cases – but of target entity only 12.8% • In some cases – both of target entity and key individuals 34.6% • In all cases – but of target entity only 2.6% • In all cases – both of target entity and key individuals 23.1% • We don’t require this 20.5% • Don’t know 6.4%
12.8% 34.6% 2.6% 23.1% 20.5% 6.4%
Table legend: In some cases
We conduct a review of inherited contracts and third-party relationships
In all cases We don’t require this Don’t know
36.5% 45.9% 11.8% 5.9%
We conduct a forensic review of the entity’s books and records
35.1% 28.6% 29.9% 6.5%
28 |
Anti-Corruption Compliance Program Benchmarking Survey
We require Anti-Corruption representations and warranties from the other party 15.0% 71.3%
Table legend:
7.5%
In some cases
6.3%
In all cases We don’t require this Don’t know
We have formal Anti-Corruption compliance integration procedures of acquisitions and JV’s 29.6% 38.3% 25.9% 6.2%
Best practices relating to Anti-Corruption M&A and JV activity included: •
“We
have a dedicated team for M&A FCPA due diligence.
We are currently rewriting our M&A procedures to require Anti-Corruption due diligence on all targets and buyers.
•
We have developed standard form due diligence checklists on corruption/bribery issues - each form is tailored to different size deals/sophistication levels of the target. And
”
we have created a formal process flow chart to indicate how M&A due diligence will incorporate corruption/bribery issues. •
We have a dedicated team for M&A FCPA due diligence.
29 |
Anti-Corruption Compliance Program Benchmarking Survey
Program Governance and Management Due to their operational complexity and resource needs, Anti-Corruption programs generally require good program governance and management to be effective. Program governance and management expectations are set forth in various Anti-Corruption standards.18 In a related vein, at least under U.S. law, members of boards of directors increasingly face the prospect of shareholder litigation for Anti-Corruption compliance program failures.19 A number of questions addressed to this aspect of Anti-Corruption compliance were posed by the survey.
Some companies have designated a senior company official to oversee their Anti-Corruption compliance programs. Which of the following best describes your company’s approach to this aspect of its program
1.0%
Senior operations personnel has been designated to oversee the Anti-Corruption compliance program
3.0%
Chief Financial Officer has been designated to oversee the AntiCorruption compliance program
46.5%
4.0%
We have not designated a senior company official to oversee the Anti-Corruption compliance program
3.0% 6.1% Other
Don’t know
31.3%
General Counsel, who also serves as Chief Compliance Officer, has been designated to oversee the Anti-Corruption compliance program
5.1%
General Counsel, who does not serve as Chief Compliance Officer, has been designated to oversee the AntiCorruption compliance program
Chief Compliance Officer, who does not also serve as General Counsel, has been designated to oversee the Anti-Corruption compliance program For example, Item 4 of the OECD Anti-Bribery Guidance provides that “oversight of ethics and compliance programmes or measures regarding foreign bribery, including the authority to report matters directly to independent monitoring bodies such as internal audit committees of boards of directors or of supervisory boards, [should be] the duty of one or more senior corporate officers, with an adequate level of autonomy from management, resources, and authority.” Relatedly, in the 2011 settlement of Foreign Corrupt Practices Act charges, the Department of Justice required Johnson & Johnson to “appoint heads of compliance within each business sector and corporate function. These compliance heads will have reporting obligations to the Chief Compliance Officer and the Audit Committee” and also to “[m]aintain a global compliance leadership team, including regional compliance leaders and business segment compliance leaders, with responsibility for overseeing its company-wide compliance program. That leadership team will have reporting obligations directly to the Chief Compliance Officer.” Letter from US Department of Justice dated January 14, 2011 to Eric A. Dubelier, Reed Smith LLP, filed in United States v DePuy Inc., DDC 11-Cr-99 (available at http://lib.law.virginia.edu/Garrett/prosecution_agreements/pdf/johnson.pdf.)
18
Grow, “Bribery investigations spark shareholder suits,” Reuters, Nov. 1, 2010 available at http://www.reuters.com/article/2010/11/01/us-briberylawsuits-idUSTRE6A04CO20101101.
19
30 |
Anti-Corruption Compliance Program Benchmarking Survey
“Other” answers included
In close to half of respondent companies, the Chief Compliance Officer, who does not also serve as General Counsel, has been designated to oversee the Anti-Corruption compliance program.
•
Overseen by an FCPA Steering Committee.
•
Bank Secrecy Act Officer oversees FCPA. This person is not the Chief Compliance Officer.
•
General Counsel, who serves as Chief Compliance Officer and another executive officer have been designated to oversee the Anti-Corruption compliance program.
Who is principally responsible for managing your Anti-Corruption compliance program on a day-to-day basis? •
Chief Compliance Officer, who does not also serve as General Counsel 33.0%
•
A member of the law function other than the General Counsel or Chief Compliance Officer 23.0%
•
A member of the Compliance function other than the Chief Compliance Officer 17.0%
•
General Counsel, who also serves as Chief Compliance Officer 10.0%
•
No one employee is principally responsible for managing the Anti-Corruption compliance program on a day-to-day basis 4.0%
•
General Counsel, who does not serve as Chief Compliance Officer 3.0%
•
Operations personnel 2.0%
•
Other 2.0%
33.0% 23.0% 17.0% 10.0% 4.0% 2.0% 2.0%
“Other” answers here were •
FCPA Steering Committee and
•
Senior Vice President for Human Resources and Compliance.
Did you know Ethics 360 has a wide variety of unique and industry-leading tools to help compliance officers effectively manage compliance programs? Our powerful tools give you the information you need when you need it. For more information please visit www.ethics360.com
31 |
Anti-Corruption Compliance Program Benchmarking Survey
Which of the following best describes how your board of directors (or committee thereof) oversees the Anti-Corruption compliance program?20
64.2%
6.3% Don’t know
42.1%
Board/board committee periodically receives reports about general compliance program but not specifically about the Anti-Corruption compliance program
Board/board committee periodically receives reports about the AntiCorruption compliance program
Which of the following best describes the training that your company provides to the board of directors regarding Anti-Corruption compliance? (For the purposes of this question, such training does not include receiving reports about the Anti-Corruption compliance program in connection with the board’s program oversight.)
32.5%
The board/board committee receives Anti-Corruption training on a periodic basis
26.5%
The board/relevant board committee has never received AntiCorruption training
24.1%
The board/board committee has received AntiCorruption training in the past, but we do not currently have plans to provide additional board training
6.0%
The board/board committee has not yet received Anti-Corruption training, but we intend to provide them with training in the next year
32 |
Anti-Corruption Compliance Program Benchmarking Survey
At one company, “The CCO’s twice yearly reports to the Audit Committee include discussion of the status of anti-bribery compliance efforts. This includes discussion of the risk areas and
At nearly a third
how the laws (particularly FCPA and now UK Bribery Act) apply to our businesses. This is
of respondent companies, the board or a board committee receives AntiCorruption training on a periodic basis.
not the same as the type of computer-based and live training that we offer to employees, but there is a training element.”
Which of the following types of reports are provided periodically to the board/board committee?
45.6% 3.9%
41.7%
Results of Anti-Corruption risk assessment
Don’t know
Other
42.7% Anti-Corruption training/ communications
51.5%
Reports regarding suspected violations of the Anti-Corruption policy
44.7%
Revisions to the AntiCorruption policy
45.6%
Implementation of AntiCorruption procedures
One of the “Other” answers was “Risk associated for future ventures.”
Note that the survey authors mistakenly coded this as a “select all that apply” – rather than “check one” question, which is why the percentages add up to more than 100.
20
33 |
Anti-Corruption Compliance Program Benchmarking Survey
Training and communications Training and other communications play a vital role in effective Anti-Corruption compliance programs. This is due partly to the fact that the full meaning and import of Anti-Corruption laws may not be obvious to all relevant parties acting on behalf of an organization. AntiCorruption training and other communications are featured prominently in the OECD AntiBribery Guidance and UK Anti-Bribery Guidance, and in FCPA Cases.21 The survey sought a wide array of information concerning this aspect of Anti-Corruption compliance programs.
Web-based training Which of the following best describes your company’s approach to delivering web-based Anti-Corruption training as part of the general code of conduct (or other general C&E) web-based training?
7.0%
15.0%
Don’t know
No employees receive Anti-Corruption webbased training as part of the general code of conduct/general C&E web-based training course
4.0%
7.0%
All employees receive Anti-Corruption training as part of the general code of conduct/general C&E webbased training course only once
Other
14.0%
All employees receive Anti-Corruption training as part of the general code of conduct/general C&E web-based training course once, and some employees receive the training on a periodic basis
27.0%
All employees receive Anti-Corruption training as part of the general code of conduct/general C&E webbased training course on a periodic basis
4.0% 22.0%
Some but not all employees receive Anti-Corruption training as part of the general code of conduct/ general C&E web-based training course only once
Some but not all employees receive Anti-Corruption training as part of the general code of conduct/general C&E web-based training course on a periodic basis
For example, the OECD Anti-Bribery Guidance recommends that companies take “measures designed to ensure periodic communication, documented training for all levels of the company, on the company’s ethics and compliance programme or measures regarding foreign bribery, as well as, where appropriate, for subsidiaries…”). The UK Anti-Bribery Guidance, in Principle 5 Communication (including training), provides that “The commercial organisation [should] seek to ensure that its bribery prevention policies and procedures are embedded and understood throughout the organisation through internal and external communication, including training, that is proportionate to the risks it faces.” FCPA Cases routinely involve Anti-Corruption training. For instance, a 2011 settlement involving Johnson & Johnson (“J&J”) required the company to “provide: a. Annual training on anticorruption laws and regulations to directors, officers, executives, and employees who could present corruption risk to J&J. b. Enhanced and in-depth FCPA training for all internal audit, financial, and legal personnel involved in FCPA audits, due diligence reviews, and acquisition of new businesses. c. Training as necessary based on risk profiles to relevant third parties acting on the company’s behalf that may interact with government officials at least once every three years.” Letter from US Department of Justice dated January 14, 2011 to Eric A. Dubelier, Reed Smith LLP, filed in United States v Johnson & Johnson, at 37, DDC 11-Cr-99 (available at http://lib.law.virginia.edu/Garrett/prosecution_agreements/pdf/johnson.pdf ).
21
34 |
Anti-Corruption Compliance Program Benchmarking Survey
Which of the following best describes your company’s approach to delivering web-based Anti-Corruption training as a separate (i.e., separate from general C&E training) training course?
3.9% 6.9% Don’t know
11.0%
All employees receive a stand-alone Anti-Corruption web-based training course only once
17.6%
All employees receive a stand-alone Anti-Corruption web-based training course on a periodic basis
Other
15.7%
2.0%
All employees receive a standalone Anti-Corruption web-based training course once and some employees receive it on a periodic basis
4.9%
No employees receive a standalone AntiCorruption webbased training course
Some employees receive a standalone Anti-Corruption web-based training course only once
48.0%
Some employees receive a stand-alone Anti-Corruption web-based training course on a periodic basis
Ethics 360 offers customized Anti-Corruption training solutions for both in-house and international vendor needs to protect you and your company. We work with the world’s leading experts to craft training programs that perfectly fit your needs. For more information please visit www.ethics360.com
35 |
Anti-Corruption Compliance Program Benchmarking Survey
In-person training Which of the following best describes your approach to delivering in-person Anti-Corruption training?
2.0%
All employees receive in-person Anti-Corruption training only once
6.9% Don’t know
7.9%
No employees receive in-person Anti-Corruption training
66.3%
Some employees receive in-person Anti-Corruption training on a periodic basis
1.0%
6.9%
All employees receive in-person Anti-Corruption training on a periodic basis
1.0%
All employees receive in-person Anti-Corruption training once and some employees receive it on a periodic basis
Other
7.9%
Some employees receive in-person Anti-Corruption training only once
36 |
Anti-Corruption Compliance Program Benchmarking Survey
Role-based training How successful do you think your organization is in tailoring Anti-Corruption training to the various roles played by employees of your organization (e.g., different training for sales personnel as opposed to financial personnel)?
3.1% 19.6%
Other
10.3% Very successful
Not successful
59.8%
Somewhat successful
Training Best Practices Best practices in this area included the following:
“We have a robust risk-based training approach to ethics. Courses are assigned based on level within the organization and functional responsibilities.
”
•
Developed and trained on country specific sales and marketing codes of conduct.
•
We designed a training matrix including the training principle, objectives, targets, contents, agenda, etc., which help us manage the training in an efficient way. Each time. We usually tailor the materials in local language or bilingual, redesign the scenario discussion/quiz part for each training.
•
Sales, Finance and Legal receive periodic face-to-face and online training specifically on Anti-Corruption. All employees receive updates via periodic communications.
•
We have a robust risk-based training approach to ethics. Courses are assigned based on level within the organization and functional responsibilities.
•
Almost all of our training is done live and focused upon facts and issues for particular populations (e.g., logistics team, real estate team, finance team, operations team).
37 |
Anti-Corruption Compliance Program Benchmarking Survey
Other communications In addition to true training, a robust Anti-Corruption compliance program typically includes non-training communications, which the survey sought to explore.
Have you communicated about your Anti-Corruption compliance program in the following ways
42.7%
Communications regarding the Anti-Corruption compliance program that are disseminated to third parties, including TPIs (such as letters or electronic communications to third parties)
7.3% Don’t know
6.3%
40.6%
Written communication from or speeches by CEO
Other
61.5%
19.8%
Written communication from or speeches by other senior business leaders
Posters concerning the Anti-Corruption compliance program
47.9% 62.5%
Discussion of Anti-Corruption compliance program on Company intranet site
Discussion of AntiCorruption compliance program in company newsletter (general newsletter or a Compliance specific one)
At more than three in five respondents, senior business leaders other than the CEO have made speeches about the company’s AntiCorruption compliance program.
“Other” answers include “Communication to internal teams based on recommendations from Anti-Corruption risk assessment.”
38 |
Anti-Corruption Compliance Program Benchmarking Survey
Compliance Checking Auditing is another essential component of effective Anti-Corruption compliance for a variety of reasons, including that corruption can be resistant to the “soft side” of compliance (such as training) and because these functions are deemed essential to internal controls provisions of Anti-Corruption laws. Anti-Corruption compliance standards contain significant expectations in these areas.22 Related to auditing are assessments, which are generally taken to mean more qualitative forms of checking. The Department of Justice and the OECD have emphasized the importance of program assessments to achieving and maintaining program effectiveness – the former by, among other things, a 2010 speech by the Attorney General calling on companies “to change the tone at the top, to re-evaluate their compliance programs and internal controls, to find ways to encourage a culture of compliance…”23; the latter in item 12 of the Anti-Bribery guidance stating that companies should conduct “periodic reviews of the ethics and compliance programmes or measures, designed to evaluate and improve their effectiveness in preventing and detecting foreign bribery, taking into account relevant developments in the field, and evolving international and industry standards..”
Auditing Which of the following describes Anti-Corruption auditing at your company? (Select all that apply.)
7.3% Don’t know
11.5%
Our company does not audit for Anti-Corruption compliance
2.1% Other
37.5%
Our audit (or other appropriate) department conducts stand-alone Anti-Corruption audits, meaning audits entirely or largely addressed to corruption-related issues
21.9%
Our audit (or other appropriate) department does not conduct stand-alone Anti-Corruption audits but does devote a minor portion of general audits to AntiCorruption compliance
19.8%
Our audit (or other appropriate) department does not conduct stand-alone Anti-Corruption audits but does devote a substantial portion of general audits to AntiCorruption compliance
Principle 1 of the UK Anti-Bribery Guidance provides that companies should have “[f]inancial and commercial controls such as adequate bookkeeping, auditing and approval of expenditure.” See also SEC v. Monsanto Company, Case No. 1:05CV00014 (D.D.C) (2005).
22
23
Available at http://www.justice.gov/ag/speeches/2010/ag-speech-100531.html.
39 |
Anti-Corruption Compliance Program Benchmarking Survey
Comments here included
• Our internal audit function will perform its own risk assessment to determine the frequency of its audits. • Legal Department oversees the audits. • As we expand international presence, auditing will be integrated with program.
Self-Assessments Which of the following best describes internal self-assessments of your Anti-Corruption compliance program?
7.1% Don’t know
16.2%
40.4%
Formal (i.e., documented in a report of some kind) self-assessment by the Compliance function
No self-assessment
41.4% Informal self-assessments
12.1%
Formal review of Anti-Corruption-related internal controls by finance department
Principle 1 of the UK Anti-Bribery Guidance provides that companies should have “[f]inancial and commercial controls such as adequate bookkeeping, auditing and approval of expenditure.” See also SEC v. Monsanto Company, Case No. 1:05CV00014 (D.D.C) (2005).
22
23
Available at http://www.justice.gov/ag/speeches/2010/ag-speech-100531.html.
40 |
Anti-Corruption Compliance Program Benchmarking Survey
Nearly a quarter
Which of the following best describes external (i.e., by a third party) assessments of your Anti-Corruption compliance program?
of respondents have conducted an external assessment devoted largely or entirely to their Anti-Corruption compliance program.
7.4% Don’t know
2.1% Other
23.4%
We have conducted an external assessment devoted largely or entirely to our Anti-Corruption program
19.1% 47.9%
We have not conducted an external assessment of our Anti-Corruption compliance program
We have conducted an external assessment of our general compliance program, which included some assessment of our Anti-Corruption compliance program
Finally, note that in the earlier discussion about TPI-related procedures, there is data concerning monitoring – which is yet another form of compliance checking.
41 |
Anti-Corruption Compliance Program Benchmarking Survey
Incentives Incentives are a relatively new form of compliance “tool.” However, they are important under Anti-Corruption compliance standards.24
Which of the following are part of your company’s approach to AntiCorruption compliance incentives?
15.2%
7.6% Don’t know
Other
7.6%
52.2%
We use compliance criteria in performance evaluations, but it is not specific to Anti-Corruption
We give financial awards for exceptional contributions to the compliance program
16.3%
The Compliance function provides information in personnel decisions (such as promotions or succession planning) for key employees
13.0%
We use compliance criteria in performance evaluations, some of which is specific to Anti-Corruption
At more than 16% of responding companies, the Compliance function provides information in personnel decisions such as promotions or succession planning for key employees.
One respondent commented: “Managers have the option to include Anti-Corruption compliance criteria in performance evaluations of at-risk functions.”
Item 9 of the OECD Anti-Bribery Guidance provides that companies should have “appropriate measures to encourage and provide positive support for the observance of ethics and compliance programmes or measures against foreign bribery, at all levels of the company.” See also Kaplan, The First Word On Compliance Incentives, the FCPA Blog, Jan. 19, 2011 available at http://www.fcpablog.com/blog/2011/1/19/the-first-word-on-compliance-incentives.html.
24
42 |
Anti-Corruption Compliance Program Benchmarking Survey
Program Documentation Documentation of the governance aspects of an Anti-Corruption compliance program can be important to ensuring the effective operation of the program, providing a basis for program audits and helping an organization get credit for its program in the event of an investigation.
Which of the following best describes governance documentation for your Anti-Corruption compliance program?
7.1% Don’t know
33.7%
We have a written charter (or chartertype document) specifically for our Anti-Corruption compliance program
21.4%
We do not have a written charter specifically for our Anti-Corruption compliance program nor do we have a written one for our overall compliance program
37.8%
We do not have a written charter specifically for our Anti-Corruption compliance program but do have a written charter for our overall compliance program
43 |
Anti-Corruption Compliance Program Benchmarking Survey
Authority and Independence Sufficient authority and independence are keys to effective Anti-Corruption compliance programs, as is evidenced by cases where they were arguable absent25 and by AntiCorruption compliance standards.26
Which of the following factors contribute to the authority and independence of your Anti-Corruption compliance program?
4.1%
Chief Compliance Officer has other employmentrelated protections (such as requirement that board committee must pre-approve any adverse employment action concerning him or her)
51.5%
Strong measures are in place to protect independence of investigations and discipline measures
7.3% Don’t know
6.3%
60.8%
Strong and active endorsement of the CEO
Other
8.2%
63.9%
Chief Compliance Officer has employment contract with strong protections
Strong and active endorsement of other senior business leaders
42.3%
Chief Compliance Officer reports in executive session to a board committee
59.8%
Strong endorsement/ support of the board or a board committee (or committees)
60.8%
Chief Compliance Officer reports directly about AntiCorruption compliance program to the board or a board committee
25
See, e.g., U.S. v. Siemens Aktiengesellschaft, No. 1:08-cr-00367-RJL (D.D.C. 2008).
Item 4 of the OECD Anti-Bribery Guidance recommends that “oversight of ethics and compliance programmes or measures regarding foreign bribery, including the authority to report matters directly to independent monitoring bodies such as internal audit committees of boards of directors or of supervisory boards, [be] the duty of one or more senior corporate officers, with an adequate level of autonomy from management, resources, and authority.�
26
44 |
Anti-Corruption Compliance Program Benchmarking Survey
“We have a robust program that is carefully monitored by our senior executive team, international attorneys, audit and compliance team.
Comments here included: •
Formal, documented escalation protocol is in place to ensure the head of the compliance function, reporting up to the Chief Compliance Officer, has independent reporting line to the Chair of the board committee overseeing the compliance program to raise concerns.
•
We have a robust program that is carefully monitored by our senior executive team, international attorneys, audit and compliance team.
”
Other Best Practices Other best practices of note included: •
Semi Annual Anticorruption Sales Certifications are required of any sales person who may interact with a government entity.
•
Alerts automatically sent to all employees booking international travel, reminding them of our Anti-Corruption policy and referring them to the Compliance internet site for more information/details.
45 |
Anti-Corruption Compliance Program Benchmarking Survey
Appendix – Demographic Information Regarding Respondents What is your company’s principal line of business?
3.9% Other [4] 2.9% Utilities [3]
Defense [5] 4.9% Aerospace/ Services [4] 3.9% Business
2.9% Transportation [3]
Engineering [4] 3.9% Construction/ Products [1] 1.0% Consumer
3.9% Telecomm [4] 9.7% Energy [10] 15.5% Technology [16]
Mining, 3.9% Extractive, Chemicals [4] Services (Bank, 4.9% Fin. Insurance, Broker, Real Estate) [5]
3.9% Retail [4]
5.8% Food & Beverage [6]
7.8% Pharma [8]
1.9% Leisure/Entertainment/ Media [2]
for Profit/ 1.0% Not Government [1]
18.4% Manufacturing [19]
0%
Education [0] Healthcare [0]
(“Other” industries include medical device, distribution, security and fire protection products and services, and professional services.)
46 |
Anti-Corruption Compliance Program Benchmarking Survey
What is your company’s annual revenue?
2.9% $1 million - $5 million [3] 2.9% Less than $1 million [3]
4.9% $5 million - $10 million [5]
39.8% More than $5 billion [41]
3.9% $10 million - $100 million [4] 8.7% $100 million - $500 million [9] 9.7% $500 million- $1 billion [10]
27.2% $1 billion - $5 billion [28]
How many people does your company employ?
1.9% 10 – 49 people [2] 1.9% Less than 10 people [2] 60.2% 10,000 people or more [62]
2.9% 50 – 99 people [3] 3.9% 100 – 499 people [4] 5.8% 500 – 999 people [6] 16.5% 1,000 – 4,999 people [17]
6.8%
5,000 – 9,999 people [7]
47 |
Anti-Corruption Compliance Program Benchmarking Survey
What is your company’s ownership?
1.0% Non-profit/government [1] 31.1%
68.0% Public [70]
Private [32]
Your company has operations in which of the following locations?
53.4%
Australia [55]
93.2%
North America [96]
79.6% Asia [82] 72.8% Latin America [75] 51.5% Africa [53]
64.1% The Middle East [66]
79.6% Europe [82]
48 |
Anti-Corruption Compliance Program Benchmarking Survey
About Ethics 360 Ethics 360 is a group of companies that provides services related to antibribery education, training and publishing for multi-nationals and their third party intermediaries. Ethics 360 aims to create a greater awareness and knowledge of Anti-Corruption and bribery legislation and practical tools that stakeholders can deploy to ensure compliance with the FCPA, UKBA and similar legislation. Ethics 360’s management teams work over the past decade with governments and multinationals has led them to uncover many unique public record sources around the world that have since been aggregated into topic-specific areas of concern to their clients. Over 500 man-years of effort have gone into identifying, collating and maintaining these innovative data systems. For more information, please visit www.ethics360.com
About The FCPA Blog The FCPA Blog was created by Richard L. Cassin with the goal of providing practical information about the FCPA and compliance in plain English to anyone with an interest in the topic. Cassin was named one of the 100 Most Influential People In Business Ethics in 2010 by Ethisphere Magazine, and the FCPA Blog was listed by the Risk Management Monitor as one of the ten best risk-management and insurance-industry blogs. To read the daily posts, or for more information, please visit www.fcpablog.com
About Kaplan & Walker LLP Kaplan & Walker LLP is a law firm based in Princeton New Jersey and Santa Monica California whose practice is devoted entirely to providing compliance/ ethics program related legal services. Since the 1990’s the firm’s partners have conducted compliance/ethics risk and program assessments, written/ edited codes of conduct and other policy documents, counseled companies in matters regarding training and communications, drafted compliance audit protocols and reporting systems, established compliance/ethics offices, and assisted boards of directors in meeting their fiduciary duties under the Caremark case. They have also published and lectured widely in the field and conducted many compliance-related benchmarking studies. For more information please go to www.kaplanwalker.com
49 |
Anti-Corruption Compliance Program Benchmarking Survey
50 |
Anti-Corruption Compliance Program Benchmarking Survey
Š Kaplan & Walker LLP 2011. All Rights Reserved.