Managing Third- party Anti-bribery, Corruption Risks and ... · KPMG's 2011 Anti-bribery and Corruption Survey Total respondents: 214 (United States and United Kingdom Top three anti-bribery
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
1
KPMG Global Energy Institute
Managing Third-party Anti-bribery, Corruption Risks and Investigations in the Energy Sector
The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received orguarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the particular situation. Comments in this document and the related presentation are not intended, nor should they be interpreted to be, legal advice or opinion.
Attorney Client Privileged ‐‐ Confidential Information
Recent FCPA Guidance Issued on November 14, Recent FCPA Guidance Issued on November 14, 2012 2012 DOJ and SEC jointly issue 120 page “Resource Guide”
Basic Overview
Guidance does include:
Compilation of examples from actual enforcement cases, hypotheticals and commentary on existing positions and interpretation including:
Definition of “foreign official”
Successor Liability
Enumerates 10 “Hallmarks of Effective FCPA Program”
Declinations
Guidance does not:
Provide anything “new”, no new interpretations of FCPA provisions or defenses
Still ambiguous benefit or credit from self‐disclosure
Debate regarding unsettled and untested interpretations of law to continue
Attorney Client Privileged ‐‐ Confidential Information
5
2 of the 10 Hallmarks of Effective Compliance Apply to Third Parties
Targeted Risk Assessment
“DOJ & SEC will give meaningful credit to a company that implements in good faith a comprehensive, risk based compliance program, even if that program does not prevent an infraction in a low risk area because greater resources have been given to a higher risk area ”
Guidance on Third Party LiabilityGuidance on Third Party Liability
infraction in a low risk area because greater resources have been given to a higher risk area.
Underscores “Risk Based”, not “One‐Size Fits All”
Risk‐Based Due Diligence and Ongoing Monitoring of Third Parties
“Performing identical due diligence on all third party agents, irrespective of risk factors, is often counterproductive, diverting attention and resources away from those third parties that pose the most significant risks.”
U d d h lifi i d i i f i hi d Understand the qualifications and associations of its third party partners including its business reputation, and relationship
Have an understanding of the business rationale for including the third party in the transaction
Undertake some form of ongoing monitoring of third‐party relationships
Attorney Client Privileged ‐‐ Confidential Information
DOJ and SEC reinforce that these common “red flags” will serve as the basis
for the knowledge requirement for FCPA liability for third party acts:
Excessive commissions to third party agents or consultants;
Guidance Reiterates “Constructive” Knowledge Guidance Reiterates “Constructive” Knowledge of Red Flagsof Red Flags
Excessive commissions to third‐party agents or consultants;
Unreasonably large discounts to third‐party distributors;
Third‐party “consulting agreements” that include only vaguely described services;
The third‐party consultant is in different line of business than that for which it has been engaged;
The third‐party is related to or closely associated with the foreign official;
The third‐party became part of the transaction at the express request or insistence of the foreign official;
The third‐party is merely a shell company incorporated in an offshore jurisdiction; and
The third‐party requests payment to offshore bank accounts.
Bottom line: Still no “head in the sand” defense
Attorney Client Privileged ‐‐ Confidential Information
6
Recent enforcement actions and Recent enforcement actions and l l d di TPIl l d di TPIlessons learned regarding TPI lessons learned regarding TPI
managementmanagement
John RatcliffePartner
Ashcroft Law Firm, LLC
Attorney Client Privileged ‐‐ Confidential Information
U.S. v. Bourke: Business Partner (“Pirate of Prague”)
United Industrial Corp.: Agent (retired Egyptian Air Force general)
“Extensive preretention due diligence requirements pertaining to, as well as postretention oversight of, all agents and business partners, including the maintenance of complete due diligence records at the company …”
“The FCPA prohibits corrupt payments through intermediaries. It is unlawful to make a payment to a third party, while knowing that all or a portion of the payment will go directly or indirectly to a foreign official. The term ‘knowing’ includes conscious disregard and deliberate ignorance.”
The laypersons guide to the FCPA, U.S. Department of Justice
Due Diligence tools enable the automation of the management, measurement, remediation and reporting of FCPA controls and risks in accordance with regulations, policies, and business decisions:
Automate FCPA processes, business rules, and controls
Identify and assess TPI risks
Manage Red Flag triggers and resolutions
Enables end-to-end visibility through real-time reporting and configurable dashboard capabilities
Facilitates central storage of TPI questionnaires, Corporate Intelligence Reports, Contracts, Significant C d t
Enable role-based actions, notifications, and dashboards
Integrate to procurement, training, and third-party databases (D&B, WorldCheck, etc…)
Support audit activities based on identified areas of risk
Facilitates TPI research on historical data
Enables annual or configured periodic Due Diligence renewals
16
FCPA technology elements
Extract global TPI list – i.e. ERP or Procurement systems Import and analyze data source (s) Identify Third Party Intermediaries (TPIs) categories in
scope for due diligence Identify and extract full population of TPIs in scope
TPI Scope ManagementCategories of TPI
FCPA Technology Elements
Initiate Due Diligence process for individual TPIs and conduct qualitative and quantitative analysis: Business Justification, TPI Questionnaire, FMV Assessment
Identify red flags and TPI risk rating – triggers escalation and additional reviews
Determine necessity of corporate intelligence reports. Retain TPI for on-boarding or Not-Retain TPI and capture
assessment data.
Risk & Due Diligence Management
Capture training data and confirmation of completion
Capture contract related information – i.e. contract type, contract start and end dates, contract reference code (s)
Build business rules for notification of contract expiration or renewal
Generate reports to capture TPI status: Retained, Not Retained, In Progress, etc…
Break-out reports by Region, TPI Category, etc… Generate reports for TPIs that are due for renewal Build dashboards to provide real-time data on TPIs, and
accommodate various user roles: business sponsors, regional, compliance officer, regional business & compliance
Reporting Management
Integrate with enterprise systems and applications for downstream or upstream data requirements – – i.e. ERP or Procurement systems
Integrate with third party vendors to capture background check data – i.e. WorldCheck, D&B
TPI Scope Enterprise Integration
Business Representative (BR) logins into TPI DD
Tool
TPI due diligence process – Sample workflow
BR Initiates New DD Process
TPI completes DD Questionnaire
BR completes DD Questionnaire
Manage Contract and DD Training
1. TPI Qualification Process
The TPI qualification process is tracked and managed within the TPI DD tool.
Red Flag criteria/scoring rules are designated within the TPI DD tool, and are automatically flagged to the Compliance Officer and Regional and Compliance Leaders.
3. TPI Risk Assessment
Request is triggered to conduct corporate intelligence gathering to validate self-reported info and assist with assessment of red flags.
4. TPI DD Resolution
Acceptance or Denial of TPIon-boarding.
gRed Flags Assessment On-boarding
17
Knowledge check #5
What is your organization’s biggest challenge regarding third-party intermediaries?
A Identifying the total population of third-party intermediaries
B Determining which third-party intermediaries should undergo some level of due diligence
C Assessing the relative risk of each third-party intermediary
D Determining the appropriate level of due diligence for each third-party intermediary