With Britain's Bribery Act taking effect in July, enforcement of the U.S. Foreign Corrupt Practices Act at an all-time high, and similar laws either on the books already or likely to be there shortly in many other countries such as China and India, it's no surprise that compliance officers worry almost nonstop about bribery and corruption risks today.
THE PANELISTS
The following executives participated in the June 15 roundtable on globalizing your anti-corruption program.
Sue Bettman,
Exec. VP, Gen. Counsel, Corp. Secretary & CCO,
RR Donnelley
Stephen Boettinger,
Asst. Gen. Counsel for Compliance,
Harley-Davidson
Maurice Crescenzi,
Global Compliance & Ethics Officer,
DeVry
Carrie Di Santo,
VP, Global Chief Compliance Officer,
Aon Corp.
Brian Dockendorf,
VP, Corporate Risk Management,
U.S. Bancorp
Bob Herst,
VP & Chief Compliance Officer,
Kraft Foods
Steve Heyroth,
General Auditor,
Joy Global
Michael Pryal,
VP Internal Audit,
Federal Signal Corp.
Howard Sklar,
Senior Counsel,
Recommind
For More Information on Compliance Week Roundtables
At a recent editorial roundtable in Chicago hosted by Compliance Week and software firm Recommind, compliance, legal, and audit executives talked through their efforts to get ahead of corruption risk and to comply with a more aggressive anti-corruption climate generally—and how to do that in today's economy, where doing business in questionable parts of the world is a fundamental fact of business.
One chief complaint wasn't new: securing enough time and attention (“getting enough airtime,” as one roundtable participant phrased it) among busy executives and employees to address corruption risks. Communicating corruption risks and anti-corruption policies isn't easy, many roundtable participants said, especially in industries already facing other broad regulatory challenges.
In the banking sector, for example, compliance departments are still working to meet the demands of new regulation stemming from the Dodd-Frank Act. In higher education, the Department of Education is scheduled to implement new regulations on July 1 covering more than a dozen areas of education-specific compliance topics, including misrepresentation and incentive compensation.
“In addition to managing potential risks associated with traditional areas of compliance and ethics, such as anti-bribery and anti-corruption, organizations must also devote resources to ensuring compliance with [new Education Department] rules,” said Maurice Crescenzi, global compliance and ethics officer for DeVry, which operates for-profit universities. “Of course, the notion of complying with all applicable laws and regulations isn't anything new. It just means that compliance officers must work harder to prioritize and manage their list of potential risks.”
What is new, for many companies, is today's global economy, where growth in North America and Europe is sputtering, while growth in emerging markets such as Asia, Africa, and Latin America booms. That is forcing many U.S. companies to embrace business in those emerging markets, simply because that's where the business is. Compliance officers then get saddled with the inevitable cultural differences over bribes, business entertainment, and the like.
Case in point is Harley-Davidson, the legendary U.S. maker of motorcycles. The company is now rapidly expanding into Russia, China, and India, with a goal of getting 40 percent of its growth from overseas sales by 2014.
“Compliance can be viewed differently by various cultures, and it takes different strategies and tactics to make a compliance program successful globally,” said Stephen Boettinger, assistant general counsel for compliance for motorcycle manufacturer Harley-Davidson.
Roundtable participants agreed that sales and marketing departments are often most vulnerable to bribery risks. Howard Sklar, senior counsel of Recommind and co-host of the event, warned that sales and marketing teams often try to be more creative in drumming up new business during down economic times, driving the need for greater oversight.
“As people get more creative, you need that bottom-up knowledge: What are your sales and marketing people doing right now that you didn't know they were doing?” Sklar said. In many instances, he added, employees may not even know the local laws they're breaking. He offered an example where a company's sales teams was entering government employees into a lottery, unaware that local lottery laws forbid that sort of campaign.
All those global challenges are formidable, and the Justice Department will take good-faith efforts into consideration, Sklar added. “What we've found is if you have a reasonable plan in place, if you can demonstrate that you thought you've recognized the problem, that you've come up with as close to a rational process as you can have in this situation—the Justice Department is not going to second-guess business decisions,” he said.
Whistleblower Concerns
Another new pressure are the recently promulgated rules from the Securities and Exchange Commission to offer rewards to whistleblowers whose tips leads to successful enforcement actions. Considering the huge size of fines related to the FCPA—hundreds of millions of dollars for egregious offenses—a 30 percent cut of that action will be mighty tempting for employees to report bribery allegations straight to regulators.
More and more whistleblowers are reporting issues to the SEC with documents in hand, and even counsel at their side. “They're getting serious,” said Sklar.
Bob Herst, vice president and chief compliance officer of Kraft Foods, and Sue Bettman, general counsel, corporate secretary, and chief compliance officer for RR Donnelley, listen to the discussion.
“ As people get more creative, you need that bottom-up knowledge: What are your sales and marketing people doing right now that you didn't know they were doing?” said Howard Sklar, senior counsel of Recommind.
That means companies must act even more aggressively to court whistleblowers first, so they'll report misconduct internally.
“We make sure we train all levels of supervisors on our open-door policy,” said Sue Bettman general counsel and chief compliance officer for R.R. Donnelley. “They know that if they receive a concern, they should send it to the person who runs the hotline. That person then categorizes the concern, puts it onto a spreadsheet, and ensures the appropriate department handles the situation, whether it be HR or internal audit, for example.”
Roundtable participants also mulled over the idea of getting an agreement from employees that they would first report any problems to the company before going to a regulator—although some experts say such an agreement wouldn't be legal, since companies cannot act to prevent an employee from reporting a crime. Others were frustrated that so many “whistleblower” complaints are really about mundane spats such as who hogs the best space in the parking lot. As one executive bluntly said, “Some of the people who make reports are really out of their mind.”
Then again, the same gadflies hyper-vigilant about parking spaces can often be the same ones who know when something serious goes wrong. The challenge, roundtable participants agreed, is how to separate the substantive from the inconsequential.
At Kraft Foods, managers gauge the validity of whistleblower claims based on whether the reporter has shared enough information or supporting documents to enable the company to pursue an investigation. “If the report is anonymous, it's often much more challenging to investigate, but the company tries to continue the dialogue with the anonymous reporter to see if they're willing and able to share additional information,” said Bob Herst, chief compliance officer of the food and beverage giant.
If the report is determined to be legitimate, Herst added, the company conducts a “full-blown audit” under an audit protocol developed jointly by internal audit and his compliance group. The company has begun using an analytical tool for transactional data to assist in certain audits, he said.
Risk Metrics
Attendees also discussed what role compliance officers should play in risk management, since assessing the risks facing the company—corruption among the most grave—can dictate much else that compliance departments subsequently do. But not everyone agreed that risk assessments should occupy so much of a compliance officer's time.
Carrie Di Santo, global FCPA compliance director for Aon Corp., said that unless the business model is continuously changing, the responsibility of compliance professionals should be to “direct the resources to the risk mitigation efforts,” rather than “assessing, assessing, assessing.”
“[C]ompliance officers must work harder to prioritize and manage their list of potential risks,” said Maurice Crescenzi, global compliance & ethics officer at DeVry. Looking on from left is Carrie Di Santo, Aon's global chief compliance officer.
In some industries, regulators are not always enamored of risk self assessments. “They want an independent party to be doing the risk assessments,” one participant said. Many attendees, however, disliked the idea of independent parties conducting risk assessments. In general, they agreed that outside parties don't know their business well enough and cannot gauge risks as well as an internal staff.
Sklar mapped out the basic conversation compliance officers should have about risk with corporate leaders; the focus, he said, should be on the leaders to sniff out their own risks: “Here is the risk that you've identified. Here are our priorities based upon the data we compliance officers have. Here is how we plan to do it. Here's the money it's going to take.'”
“You have to be able to convince and get buy-in from the senior management,” Sklar said. Once that support exists throughout the business, securing the desired budget and guiding the company in the direction it should go become much easier.
No comments yet