For years, corporate compliance officers have turned to the U.S. Federal Sentencing Guidelines, which in 1991 were expanded to include a blueprint for developing robust ethics and compliance programs to prevent and detect violations of the law.
When it comes to doing business outside the United States, however, the compliance guardrails are less sturdy. Most countries do not have any direct equivalent to the compliance and ethics standards set forth in the Sentencing Guidelines. The guidelines that some countries do have that are comparable are generally far vaguer, rarely enforced by the countries that have adopted them, or so new that they haven't been tested by courts.
We wanted to get a better idea of the compliance frameworks in place as companies expand operations globally, so we set out to conduct a country-by-country analysis of compliance guidelines around the word.
United Kingdom
Not surprisingly, Britain provides the closest cousin to the U.S. Federal Sentencing Guidelines. Guidance published by the U.K. Ministry of Justice in March of 2011 further sets out six broad principles companies should consider when developing an effective anti-bribery compliance program, including:
· Procedures to prevent bribery that are proportionate to the bribery risks faced by the organization and to the nature and scale of the organization's activities;
· Top-level commitment by senior management to prevent bribery;
· Periodic and documented risk assessments that take into consideration the nature and extent of the organization's bribery risks;
· Risk-based due diligence with respect to individuals who perform services on its behalf;
· Enterprise-wide communication of anti-bribery policies and procedures achieved by internal and external training; and
· Regular monitoring and review of anti-bribery procedures.
“These principles are similar to the features recommended by the Federal Sentencing Guidelines for an effective compliance program,” says Airey. “Notwithstanding, they are anti-bribery specific compared to the prevention of more general criminal conduct by the Federal Sentencing Guidelines.”
In fact, in some ways the U.K. compliance framework goes further than the U.S. Sentencing Guidelines in providing a safe harbor for companies that incorporate its principles, at least on the bribery and corruption front. The U.K. Bribery Act incorporates an explicit compliance defense, giving companies that have “adequate procedures” aimed at stopping bribery a shield from criminal liability if an employee violates those policies.
“To rely on the ‘adequate procedures' defense, the company must demonstrate that it had an effective anti-bribery compliance program in place at the time of the offense,” says Simon Airey, a partner in the London office of law firm DLA Piper.
Italy
Italy is another country that has provisions similar to the Sentencing Guidelines. In June 2001, Italy enacted Decree 231/2001, which for the first time established direct liability of companies for certain crimes committed by their directors, senior executives, employees, or third parties.
“There are no Sentencing Guidelines that speak to the importance of a compliance program like you have in the United States.”
—Mark Morrison,
Partner,
Blake, Cassels & Graydon
Grounds for triggering a company's liability include such criminal offenses as corruption, cross-border crimes, and money laundering. Under the Decree, companies can be exempt from criminal liability if management can provide sufficient evidence that the company had a so-called “Organizational Model” in place designed to prevent such crimes at the time of the offense.
Different from the Sentencing Guidelines, Italian law requires that the Organizational Model have preventative controls in place that are specifically tailored to the criminal offense concerned, and the task of supervising the Organizational Model must have been entrusted to a supervisory body that has adequately exercised its duties.
According to Raffaella Quintana, a partner in the Rome office of DLA Piper, guidelines for building an adequate Organizational Model are provided by the Confederation of Italian Industries, “which provides principles and measures that apply, in general, to all industries, and that serve as the main blueprint for building compliance programs,” she says.
Canada
Several other countries have no direct equivalent to the Sentencing Guidelines, but may still offer companies credit for compliance measures in certain circumstances. In Canada, for example, “there are no Sentencing Guidelines that speak to the importance of a compliance program like you have in the United States,” says Mark Morrison, a partner in the Calgary office of law firm Blake, Cassels & Graydon, but there are ways, he says, that companies can earn credit by demonstrating a proficient compliance program.
The closest equivalent is a provision in the Canadian Criminal Code that establishes factors courts may consider when penalizing companies for misconduct, says Morrison. One such factor is whether the organization implemented any measures that reduce the likelihood of committing subsequent offenses. Such a factor, however, speaks more to compliance measures that are put in place after-the-fact. “There are no sort of proactive requirements like there are with the Sentencing Guidelines,” he says.
Even with no formal compliance framework in place, however “the corporate culture in Canada is very similar to the United States in that virtually all large and mid-size companies have corporate compliance programs or codes of conduct,” Morrison adds.
The frameworks that most companies use are “developed through the sharing of best practices within and across industries,” says Peter Dent, partner and forensic and dispute services leader at Deloitte. “This occurs within Canada but also internationally as well, as many pieces of foreign legislation would still apply to Canadian companies.”
“For example, many Canadian companies either list in the U.S., or have operations in the U.S., or both,” Dent adds. “Therefore, the U.S. Sentencing Guidelines would be applicable to them, and they may develop their compliance programs around it for their global operations as such a compliance program would likely be sufficient in response to the applicable Canadian regulatory framework as well.”
EFFECTIVE COMPLIANCE AND ETHIS PROGRAM
Below is the U.S. Sentencing Commission's requirements for having an effective compliance and ethics program.
(a) To have an effective compliance and ethics program, for purposes of subsection (f) of §8C2.5 (Culpability Score) and subsection (b)(1) of §8D1.4 (Recommended Conditions of Probation - Organizations), an organization shall—
(1) exercise due diligence to prevent and detect criminal conduct; and
(2) otherwise promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law.
Such compliance and ethics program shall be reasonably designed, implemented, and enforced so that the program is generally effective in preventing and detecting criminal conduct. The failure to prevent or detect the instant offense does not necessarily mean that the program is not generally effective in preventing and detecting criminal conduct.
(b) Due diligence and the promotion of an organizational culture that encourages ethical conduct and a commitment to compliance with the law within the meaning of subsection (a) minimally require the following:
(1) The organization shall establish standards and procedures to prevent and detect criminal conduct.
(2) (A) The organization's governing authority shall be knowledgeable about the content and operation of the compliance and ethics program and shall exercise reasonable oversight with respect to the implementation and effectiveness of the compliance and ethics program.
(B) High-level personnel of the organization shall ensure that the organization has an effective compliance and ethics program, as described in this guideline. Specific individual(s) within high-level personnel shall be assigned overall responsibility for the compliance and ethics program.
(C) Specific individual(s) within the organization shall be delegated day-to-day operational responsibility for the compliance and ethics program. Individual(s) with operational responsibility shall report periodically to high-level personnel and, as appropriate, to the governing authority, or an appropriate subgroup of the governing authority, on the effectiveness of the compliance and ethics program. To carry out such operational responsibility, such individual(s) shall be given adequate resources, appropriate authority, and direct access to the governing authority or an appropriate subgroup of the governing authority.
(3) The organization shall use reasonable efforts not to include within the substantial authority personnel of the organization any individual whom the organization knew, or should have known through the exercise of due diligence, has engaged in illegal activities or other conduct inconsistent with an effective compliance and ethics program.
(4) (A) The organization shall take reasonable steps to communicate periodically and in a practical manner its standards and procedures, and other aspects of the compliance and ethics program, to the individuals referred to in subparagraph (B) by conducting effective training programs and otherwise disseminating information appropriate to such individuals' respective roles and responsibilities.
(B) The individuals referred to in subparagraph (A) are the members of the governing authority, high-level personnel, substantial authority personnel, the organization's employees, and, as appropriate, the organization's agents.
(5) The organization shall take reasonable steps—
(A) to ensure that the organization's compliance and ethics program is followed, including monitoring and auditing to detect criminal conduct;
(B) to evaluate periodically the effectiveness of the organization's compliance and ethics program; and
(C) to have and publicize a system, which may include mechanisms that allow for anonymity or confidentiality, whereby the organization's employees and agents may report or seek guidance regarding potential or actual criminal conduct without fear of retaliation.
(6) The organization's compliance and ethics program shall be promoted and enforced consistently throughout the organization through (A) appropriate incentives to perform in accordance with the compliance and ethics program; and (B) appropriate disciplinary measures for engaging in criminal conduct and for failing to take reasonable steps to prevent or detect criminal conduct.
(7) After criminal conduct has been detected, the organization shall take reasonable steps to respond appropriately to the criminal conduct and to prevent further similar criminal conduct, including making any necessary modifications to the organization's compliance and ethics program.
(c) In implementing subsection (b), the organization shall periodically assess the risk of criminal conduct and shall take appropriate steps to design, implement, or modify each requirement set forth in subsection (b) to reduce the risk of criminal conduct identified through this process.
Source: U.S. Sentencing Commission.
BRIC Countries
In comparison, the BRIC countries—Brazil, Russia, India, and China—also do not have any programs equivalent to the Sentencing Guidelines, nor do they generally provide leniency to companies that can show they have good compliance practices, according to several forensic and litigation experts. What's more, each country has its own distinct method of sentencing when it comes to corporate misconduct.
“In the Chinese judicial system, prior case law does not have any binding effect on the courts and, hence, does not serve as clear guidance as to how courts might apply sentencing standards in subsequent cases,” says Sammy Fang, a partner in the Beijing office of DLA Piper.
The closest equivalents to the Sentencing Guidelines in China, Fang says, are interpretations and opinions on specific laws and regulations issued by the Supreme People's Court. These interpretations may be issued by the court alone or jointly with relevant state authorities, such as the Supreme People's Procuratorate (equivalent to the Federal Prosecutors office).
Most recently, the Court and Supreme People's Procuratorate jointly issued the “Interpretations on Several Issues Concerning Application of Law for Handling Criminal Cases of Offering Bribes.” The Interpretations, which went into effect at the start of this year, provide clarity on potential sentencing that Chinese courts can impose for bribery offenses, depending on the degree of seriousness of each case, explains Fang.
“These interpretations and opinions are different from the U.S. Sentencing Guidelines as they are not a full set of guidelines covering all relevant criminal offenses,” he says, “and it is possible that no guidelines are in place for a number of criminal offenses.”
Russia's anti-corruption campaign took its first significant step forward in May 2011 with the enactment of an anti-bribery law that amended the Russian Criminal Code by prohibiting the receiving and offering of bribes to government officials. It also imposed substantial monetary fines of up to 100 times the amount of the bribe.
While the law follows the model of the United States' Foreign Corrupt Practices Act, most didn't expect much enforcement of the measure when it was passed, and so far they have been right. Currently, no major enforcement actions have been brought under the law. With no enforcement examples, it's difficult for companies to gauge what compliance elements could earn them credit if Russia did decide to enforce the anti-bribery law.
Mexico
Other countries merely ride on the coattails of U.S. regulations. Mexico, for example, has historically been a slow-developing economy. Only in the last few years has it been exposed to foreign competition and globalization. “This has dramatically accelerated the growth of the Mexican economy,” says Eduardo Ortega, a consultant with FTI Consulting.
In addition, Ortega adds, new regulations from foreign countries—the United States, in particular—have had the positive effect of helping Mexican companies realize the importance of having compliance measures in place, he says.
Gloria Lerin, a director in the Mexico City office of FTI Consulting, agrees. “They seem to be paying more attention as to what needs to be done in terms of compliance and ethics matters,” she says, “but if the government does not enforce the need to have such programs in place, it's difficult to get results.”
Germany
In many other countries, companies are left up to their own devices to design compliance programs. In Germany, for example, companies are encouraged to take into account their specific risk areas and compliance risks, says Jürgen Taschke, a partner in the Frankfurt office of DLA Piper.
Germany, however, is just as strict—if not more severe—than the United States when it comes to penalizing companies for misdeeds, including foreign corruption. Consider the €596 million ($779 million) administrative fine German authorities levied against Siemens for bribery charges. By comparison, the U.S. Department of Justice hit Siemens with criminal fines of $450 million (€344 million) for related violations of the Foreign Corrupt Practices Act.
Even with the various compliance frameworks that exist, one thing is certain: with global anti-corruption enforcement on the rise and U.S. prosecutors cooperating with foreign law enforcement more closely than ever before, having a robust compliance program in place is crucial no matter where in the world your company operates.
No comments yet