Essential Elements of Global Compliance Programs

© 2015 Baker & McKenzie LLP
GOOD. SMART. BUSINESS. PROFIT.
TM

Essential Elements of Global
Compliance Programs
June 4, 2015

Chelsie Chmela
Global Events Manager
Chelsie.chmela@ethisphere.com
847.293.8806
We encourage you to engage during the Q&A portion
of today’s webcast by using the chat function located
within your viewing experience.
HOST
QUESTIONS
RECORDING The event recording and PowerPoint presentation will
be provided post event.
3

4
SPEAKING TODAY
Adam Briggs
Regulatory Compliance & Ethics Attorney, United Parcel
Service
Karen Benson
Director, Compliance & Ethics, Royal Caribbean Cruises
Rafael Jimenez-Gusi
Partner, Baker & McKenzie, Barcelona
Brian L. Whisler
Partner, Baker & McKenzie, Washington, DC

Baker & McKenzie LLP is a member firm of Baker & McKenzie International, a Swiss Verein with member law firms around the world. In accordance with the common
terminology used in professional service organizations, reference to a "partner" means a person who is a partner, or equivalent, in such a law firm. Similarly, reference to an
"office" means an office of any such law firm.
Adam Briggs, Regulatory Compliance & Ethics Attorney, United Parcel Service
Karen Benson, Director, Compliance & Ethics, Royal Caribbean Cruises
Rafael Jimenez-Gusi, Partner, Baker & McKenzie, Barcelona
Brian L. Whisler, Partner, Baker & McKenzie, Washington, DC
June 4, 2015
Essential Elements of Global Compliance
Programs

© 2015 Baker & McKenzie LLP 6
Overview
‒ Global Enforcement Trends
‒ Increasing Global Focus on Compliance
‒ Designing a Global Compliance Program: Key
Elements

Global Enforcement
Trends

Global Enforcement Trends
‒ Growing cooperation between foreign and US enforcement
authorities in prosecution of corruption, money laundering and other
criminal cases
‒ Increased enforcement of local and extra-territorial corruption laws
‒ Growing recognition of the importance of effective compliance
programs
‒ Self-reporting, cooperation (including with respect to individuals),
and remediation are important factors in reducing penalties in a
growing number of countries
‒ Individual prosecutions continue as a priority
‒ Liability for failure to implement an effective compliance program
8

Complexities of US Enforcement
‒ US Department of Justice and US Securities & Exchange
Commission aggressively pursue corruption matters, often
accompanied by violations of export controls, sanctions violations
and violations of other laws
‒ Aggressive assertion of US jurisdiction to reach conduct of global
companies overseas
 Sharing information with other prosecuting authorities
 Whistleblower reporting channels at government agencies
‒ Well-developed system of investigations and case resolutions
‒ US investigations extremely time-consuming and costly for
companies; parallel investigations even more so

Effective Compliance Continues to be Rewarded
‒ Ralph Lauren settled with a non-prosecution agreement (NPA) with both the
SEC and the DOJ (first NPA for the SEC)
‒ An example of DOJ and SEC seeking out an opportunity to publicize credit
given for a compliance program
‒ Credited for enhancement of its third-party due diligence procedures,
implementation of a global risk assessment process, and improvement to its
internal controls
‒ SEC’s FCPA Unit Chief Kara Brockmeyer emphasized that the NPA “shows
the benefit of implementing an effective compliance program,” adding that
the company “discovered this problem after it put in place an enhanced
compliance program and began training its employees”
‒ Distinguished from Morgan Stanley, which received a declination, because
Morgan Stanley had comprehensive anti-corruption compliance program in
place when the alleged violations surfaced
10

Case Study: Panalpina
‒ Represented Panalpina, a global freight forwarding company in a multi-country
investigation of accounting and bribery issues under the FCPA
 Nigeria, Brazil, Angola, Congo, India, Mexico, Russia, Saudi Arabia, Kazakhstan, United
States; limited investigations in other countries
‒ Multiple presentations of findings to DOJ and SEC
‒ Company undertook a global risk assessment and upgraded its compliance
program throughout the process
‒ Negotiated a global settlement with the SEC and DOJ
‒ Served as compliance consultant for the company for the duration of its three-year
Deferred Prosecution Agreement with DOJ
‒ Collateral consequences: shareholder lawsuits, shut down operations in Nigeria
‒ Compliance take-away:
 Local systemic failures may be evidence of a global systemic compliance gap
or compliance program failure
 Bribery in one country resulting from a systemic compliance gap or
compliance program failure may suggest that there is similar misconduct
occurring in other high-risk locations or operations
11

Increasing Global
Focus on Compliance

Global Compliance Trends and Expectations
‒ Governments are increasingly introducing criminal liability for legal
entities for bribery and other offenses committed by their directors,
officers or employees
‒ Recognition of compliance programs as mitigating mechanism or
as a defense for legal entities
‒ Regulation of the content of essential elements of the compliance
program
‒ Effective implementation of the compliance program
‒ Increased global cooperation between the enforcement authorities
13

Benefits of Compliance in US
‒ Adequacy of a company’s compliance program will be taken into
account when the DOJ and SEC consider what action to take
against a company
‒ Includes whether to resolve the matter through a deferred
prosecution agreement (DPA) or a non-prosecution agreement
(NPA), the length of a DPA or NPA, or the term of corporate
probation
‒ Can also impact penalty amount and whether retention of a
monitor is required or the subsequent reporting on compliance
program enhancements to DOJ
14

Spain’s Compliance Program Requirements
15
• Spanish Criminal Code introduced Criminal liability for
legal entities for selected number of crimes (public and
private corruption, tax and social security evasion,
money laundering, environmental crimes, etc…)
• The effects of a Compliance program as a defence were
unclear.
• Spanish Criminal Code will recognize the adoption of a
Compliance program as a valid defence to avoid criminal
liability for the legal entities.
2010 
2015 

The Spanish Criminal Code regulates and defines
the content of compliance programs
16
• Article 33 bis of the Spanish Criminal Code establishes that if:
a) The directors of a company have adopted a compliance program that meets the
legal requirements under Spanish law;
b) The supervision of the program is entrusted to a company’s body or individual
with authorized powers of initiative and control (Compliance Body);
c) The officers or the employees have committed a crime by intentionally violating
the Compliance Program; and
d) The Compliance Body has not neglected its duties of supervision, surveillance
and control;
The company will be exempted from criminal liability for the
crimes committed (including corruption offences) by its officers and
employees.

The six elements of a Compliance Program under
Spanish Criminal Code
17
1) Risk assessment of the crimes that should be prevented.
2) Standards and controls to mitigate any criminal risks detected.
3) Financial management system in place to prevent the identified
crimes.
4) Obligation to report to the Compliance Body any violation of the
standards and controls (whistleblowing channel).
5) Disciplinary system to sanction the violation by officers and
employees of the Compliance Program.
6) Periodic review of the Compliance Program, making the necessary
adjustments when serious violations occur or when the company
undergoes organizational, structural or economic activity changes.

Designing a Global
Compliance Program:
Key Elements

Key Elements of Compliance
Enforcement authorities across the globe are placing an increased emphasis on the importance of
establishing robust and risk-based corporate compliance programs. While the precise formulation and
detail of the guidance issued varies, for example, under the U.S. Federal Sentencing Guidelines, by the
U.K. in relation to the Bribery Act, or by the OECD, there are key themes that are common. Baker &
McKenzie has distilled those key themes into the following essential elements of corporate compliance:
Monitoring, Auditing and Response
Training and Communication
Standards and Controls
Risk Assessment
Leadership
19

Essential Elements of Compliance
13. Re-assessment – regular review and
necessary revisions
12. Discipline for violations of policy
11. Reporting violations confidentially with no
retaliation
10. Guidance – provision of advice to ensure
compliance
9. Accounting – effective internal controls for
accurate books and records
8. Business partners due diligence
7. Specific risk areas – promulgation and
implementation programs to address key issues
7. Respond quickly to allegations and
modify program
6. Monitoring and review
6. Oversight by senior corporate officers with
sufficient resources, authority, and access to Board
6. Provide incentives; discipline
misconduct
5. Communication
5. Support from senior management – strong,
explicit and visible
5. Monitor and audit; maintain
reporting mechanism
4. Due diligence
4. Responsibility – individuals at all levels should be
responsible for monitoring
4. Communicate standards and
procedures of compliance program,
and conduct effective training
3. Risk assessment
3. Training – periodic, documented
3. Deny leadership positions to people
who have engaged in misconduct
2. Top level commitment
2. Policy that clearly and visibly states bribery is
prohibited
2. Leaders understand / oversee the
compliance program to verify
effectiveness and adequacy of
support; specific individuals vested
with implementation authority /
responsibility
1. Proportionate procedures1. Risk assessment as basis for effective internal
controls and compliance program
1. Standards and procedures to
prevent and detect criminal conduct
UK’s 6 Principles for
“Adequate Procedures”
13 Good Practices by the OECD on Internal
Controls, Ethics, and Compliance
USSG’s 7 Elements of an Effective
Compliance Program
NOTE: A general provision requires periodic
assessment of risk of criminal conduct and
appropriate steps to design, implement, or
modify each element to reduce risk
20

Global Compliance Program Key Elements
− An independent compliance function
− A Chief Compliance Officer (“CCO”) reporting directly to Board of
Directors (or designated Board Sub-Committee)
− Dedicated compliance staff to support CCO and compliance function
− Global anti-corruption, trade sanctions and other key policies
− Global due diligence procedure for business partners
− Global monitoring mechanism for high-risk business partner
engagements and financial transactions
− Regular compliance auditing
− Whistleblower reporting process
− Defined investigation procedures
21

Leadership – Board of Directors
− Board of Directors, CEO, and CCO should work collaboratively to
lead a company’s global compliance program:
 Board of Directors (or designated Board Sub-Committee)
should oversee the compliance organization at the highest
level of the Company
 CEO should provide management leadership to set the
appropriate tone at the top and help ensure compliance with
laws and regulations
 CCO and compliance staff should provide day-to-day
management of the compliance program
22

Leadership – Compliance Department
− Duties of the Compliance Department should include:
 Oversight of Code of Conduct
 Design and management of anti-corruption risk assessment process
 Create and revise Code of Conduct, policies, and procedures for
compliance program
 Guide and/or conduct due diligence on business partners, including
third-party intermediaries
 Develop communication channels and training programs to promote
awareness of the Code of Conduct, policies, and procedures
 Monitor business partner relationships and high-risk transactions
 Oversee compliance program monitoring and testing functions
 Manage whistleblower reporting process
23

Risk Assessment
− Risk assessment process should include the comprehensive
evaluation of factors affecting company’s risk profile:
 Country risk
 Industry risk
 Nature of transactions
 Amount/value of transactions or engagements
 Business/operating unit profile, headcount, revenue
 Type of business partner (e.g. third-party intermediaries)
− Findings communicated to Board of Directors (or designated Board
Sub-Committee) and Senior Management
− Subsequent program enhancements should be made by the
Compliance Department in consultation with other departments and
Senior Management
24

Standards and Controls – Code of Conduct
− A Code of Conduct (“Code”) should be in place and address key
risks specific to the company such as anti-corruption, including gifts
and entertainment, charitable contributions, business partner
engagements, books and records, conflict of interest and antitrust
− All Board Members, officers and employees should be required to
review and acknowledge receipt and understanding of the Code and
key policies
− The Code should apply to all company operations including
subsidiaries and affiliates
− The Code should also prominently display contact information
allowing for confidential reporting (including anonymous reporting in
countries where such reporting is allowed)
25

Standards & Controls – Global Anti-Corruption
Policy
− Enforcement agencies will expect multinational companies to have
a global anti-corruption policy in place that:
 Prohibits bribery throughout global operations;
 Requires due diligence and an anti-corruption risk appraisal on
business partners, with an emphasis on third-party
intermediaries; and
 Provides guidelines for gifts, entertainment, travel, education,
and related hospitality expenses to government officials
(including charitable donations)
− Many countries prohibit facilitation payments, thus, multinational
companies should consider prohibiting such payments to ensure
compliance with these laws
26

Standards & Controls – Business Partner
Due Diligence
− Vast majority of global anti-corruption enforcement actions
involved third party intermediaries – regulators will expect you to
know who you do business with
− Due diligence should be risk-based, with higher risk entities
receiving enhanced due diligence review
− Compliance function should oversee due diligence conducted on
business partners (including third-party intermediaries), in
collaboration with a risk screening vendor as appropriate
− A contract should be in place for business partners incorporating
robust compliance representations
27

− Officers & employees should receive periodic anti-corruption
training
− Risk areas identified by the Compliance Department should be
targeted for training
− Risk factors considered include:
 Type and value of work performed by a business unit or
employee (e.g. sales, marketing, accounts payable)
 Frequency of interaction with government officials and third-
party intermediaries
 Corruption perception in relevant business locations
− High risk business partners should receive company training as
necessary and appropriate
Training & Communication
28

Training & Communication
− Company leadership communicates the importance of compliance
through:
 Annual meetings;
 Annual reports and other publications;
 Management conferences;
 Large employee gatherings; and
 Intranet and other company sources.
29

Monitoring, Auditing & Testing
− Compliance Department should coordinate compliance program monitoring
efforts with Internal Audit, Accounts Payable, Business Units, and any other
appropriate business functions
− Policies, procedures, and training modules must be updated based on
program testing and monitoring results
− Accounts Payable, Internal Audit, and Business Units should monitor third-
party payment and monetary disbursements for red flags and ensure
consistency of contract terms
− Any exceptions to business partner engagement process (or other incident
of non-compliance) must be reported to Compliance Department or
designated reporting channel
30

Monitoring, Auditing & Testing (cont’d)
− Internal audit should focus on transactions involving higher risk
business engagements such as
 Payments to third-party intermediaries;
 Business units with elevated risk profiles; and
 Countries with elevated risk profiles.
− Audit priorities should be determined in consultation with the
Compliance Department based on audit findings and evaluation of
risk
− Internal Audit findings should help dictate appropriate compliance
program enhancements
31

Baker & McKenzie - Additional Resources
Follow ongoing developments in global compliance
and anti-corruption via:
 http://globalcompliancenews.com/
 Baker & McKenzie’s “Inside the FCPA” Newsletter
http://www.bakermckenzie.com/insidethefcpa/

Our Presenters
.
Rafael Jimenez-Gusi, Partner, Baker & McKenzie, Barcelona
Tel: +34 93 206 08 24
Rafael.Jimenez-Gusi@bakermckenzie.com
Brian L. Whisler, Partner, Baker & McKenzie, Washington, DC
Tel: +1 202 452 7019
Brian.Whisler@bakermckenzie.com
Adam Briggs, Regulatory Compliance & Ethics Attorney,
United Parcel Service
Karen Benson, Director, Compliance & Ethics, Royal
Caribbean Cruises Ltd.

This webcast and all future Ethisphere webcasts are
available complimentary and on demand for BELA
members. BELA members are also offered
complimentary registration to Ethisphere’s Global
Ethics Summit and other Summits around the world.
For more information on BELA contact:
Laara van Loben Sels
Senior Director, Engagement Services
laara.vanlobensels@ethisphere.com
480.397.2663
Business Ethics Leadership
Alliance (BELA)

Tuesday, June 9 at 12:00 p.m. ET
Anti-Corruption and Third Parties: Mitigating the Risks
All upcoming Ethisphere events can be found at:
http://ethisphere.com/events/
PLEASE JOIN US FOR

www.latinamericaethicssummit.com
June 17-18, 2015 – Rio de Janeiro, Brazil
15% off Discount Code: WEBCAST15

THANK YOU

Essential Elements of Global Compliance Programs

Recommended

Recommended

More Related Content

Viewers also liked

Viewers also liked (6)

Similar to Essential Elements of Global Compliance Programs

Similar to Essential Elements of Global Compliance Programs (20)

More from Ethisphere

More from Ethisphere (20)

Recently uploaded

Recently uploaded (20)

Essential Elements of Global Compliance Programs