Business Ethics and Anti-Corruption World a Global Bulletin on Recent Business Ethics and Anti-Corruption Developments

Financial institutions Energy Infrastructure, mining and commodities Transport Technology and innovation Life sciences and healthcare

Business ethics and anti-corruption world A global bulletin on recent business ethics and anti-corruption developments

Issue 05 / February 2017

In this issue:

Human rights and finance: an angle for NGOs

But does it really work? The value of ISO certification of anti-bribery compliance

Culture and compliance – new best friends?

SEC fines Nu Skin US$765,688 to settle FCPA charges

This time it’s personal: senior management liability in ‘books and records’ offences

The World Bank Office of Suspension and Debarment reflects on lessons learned

UK’s second Deferred Prosecution Agreement

Managing third party corruption risk

Does it work: testing and assurance of compliance programs

Compliance due diligence from a company perspective – An interview with Roland Kemper, DEKRA SE

Compliance due diligence in Germany

Bribery and public policy in the English courts

Exploring human rights due diligence

A call for Collective Action Business ethics and anti-corruption world

Foreword

Welcome to the fifth edition of Business In this edition we • Comment on the legal issues raised ethics and anti-corruption world. As with by engagement, monitoring and our previous issues, we aim to highlight • Highlight the proposed amendment to termination of third parties. Norton Rose Fulbright’s global reach the Criminal Finance Bill, which reflects through analysis and reflection of key a broader agenda which aims to • Highlight the need for testing and updates and events related to business ensure that financial institutions and assurance of ethics and compliance ethics, anti-corruption and business and other professional service providers do programme. human rights developments. not facilitate the retention of funds derived from human rights abuses. • Interview a senior counsel of an Our business ethics and anti-corruption international provider of testing, practice helps clients to navigate national • Reflect on the publication of the ISO inspection and certification services and international anti-corruption, standard for anti-bribery management on compliance due diligence. regulatory and compliance issues and systems and how to test if anti-bribery investigations wherever they arise. We management programmes truly are • Provide an overview of new trends advise corporates, financial institutions effective. and developments in connection with and senior executives extensively on the compliance due diligence processes in implications of international business • Comment on the remediation standards Germany. ethics and anti-corruption best practice for FCPA compliance programmes. standards, wider developments in the • Highlight a recent legal precedent legislative and corporate landscape, and • Summarize the recent Nu Skin related to bribery and public policy in in relation to internal and government- settlement with the FCPA. the English courts. led investigations. We work closely with colleagues across our global platform of • Discuss how Singaporean authorities • Provide an overview of key findings more than 50 offices throughout Europe, are using a prosecutorial techniques from our recently published joint the United States, Canada, Latin America, similar to US-style ‘books and records’ project with the British Institute of Asia, Australia, Africa, the Middle East offences to bring senior managers to International and Comparative Law on and Central Asia to advise clients on account for corrupt schemes. human rights due diligence. international compliance needs across a wide range of risks. • Summarize and comment on the World If you would like to discuss business Bank’s suspension and debarment ethics and anti-corruption issues relevant Our team also recognizes that human system. to your organization, please feel free to rights represent an evolving area of contact us or our global network. Contact emerging risk for businesses which • Highlight the UK’s second deferred details are at the end of this issue. is assuming an increasingly legal prosecution agreement (XYZ Limited) dimension. With initiatives like our and note similarities between this case recently published joint Business and and the UK’s first deferred prosecution Human Rights Due Diligence Project with agreement (Standard Bank). the British Institute of International and Comparative Law (see article below), we are a leading force in providing guidance to businesses on human rights related risks and obligations.

More than 50 locations, including Houston, New York, London, Toronto, Hong Kong, Singapore, Sydney, Johannesburg, Dubai.

Attorney advertising

02 Norton Rose Fulbright – March 2017 Contents

Contents

Foreword 02

Human rights and finance: an angle for NGOs 04

But does it really work? The value of ISO certification of anti-bribery compliance 07

Culture and compliance – new best friends? 10

SEC fines Nu Skin US$765,688 to settle FCPA charges 14

This time it’s personal: senior management liability in ‘books and records’ offences 16

The World Bank Office of Suspension and Debarment reflects on lessons learned 19

UK’s second Deferred Prosecution Agreement 22

Managing third party corruption risk 24

Does it work: testing and assurance of compliance programs 26

Compliance due diligence from a company perspective – An interview with Roland Kemper, DEKRA SE 28

Compliance due diligence in Germany 32

Bribery and public policy in the English courts 35

Exploring human rights due diligence 37

A call for Collective Action 40

Key contacts 42

Norton Rose Fulbright – March 2017 03 Business ethics and anti-corruption world

Human rights and finance: an angle for NGOs

An amendment to the Criminal Finances Bill1 (the Bill) The Amendment currently before Parliament has recently been proposed Designating orders to amend the Proceeds of Crime Act 2002 (POCA) to The amendment proposes that the High allow the High Court to make orders designating the Court be given the power to make an conduct of a person – wherever it occurs – as connected order designating that the actions of a person (the respondent) constitute to a gross human rights abuse, and to set prohibitions conduct connected to a gross human on that person’s ability to deal with property, funds rights abuse and further order that and finances and access related services. Following • A person is prohibited from dealing an order designating conduct as connected to a gross with property, funds or economic human rights abuse it will be incumbent on the relevant resources owned, held or controlled by the respondent if the person authorities to seek a civil recovery order of any proceeds knows or has reasonable cause of such conduct. to suspect that he/she is dealing with property, funds or economic The amendment has cross-party support against persons responsible for human resources owned. and, all things being equal, stands a rights abuses. good chance of being adopted. It • A person is prohibited from making anticipates an important role for civil The amendment also reflects a property, funds or financial services society by empowering individuals and broader agenda which aims to ensure available, directly or indirectly to the NGOs to make applications for designating that financial institutions and other respondent if the person knows or orders. This bears some resemblance to professional service providers do has reasonable cause to suspect that the proposed Global Magnitsky Human not facilitate the retention of funds he/she is making property, funds Rights Accountability Act in the US, derived from human rights abuses. or economic resources services so which would require the President to Mindful of the reputational and legal available. consider ‘credible information’ obtained risks associated with dealing in such by NGOs of human rights abuses when assets, as well as the expectations of • A person is prohibited from making determining whether to apply sanctions the UN Guiding Principles on Business & funds or financial services available on foreign individuals or entities. This Human Rights (UN Guiding Principles), to any person for the benefit of the potentially represents the beginning a growing number of financial respondent if the person knows or of a broader trend towards a greater institutions are reviewing their money- has reasonable cause to suspect that reliance by governments on the expertise laundering policies and procedures he/she is making funds or economic and evidence-gathering skills of NGOs as part of their human rights impact resources services so available. to ensure effective enforcement action mitigation strategies.

1 The Criminal Finances Bill had its first reading on October 13, 2016. A Home Office press release of the same day stated that the bill was “new legislation to tackle money laundering and corruption, recover the proceeds of crime and counter terrorist financing”.

04 Norton Rose Fulbright – March 2017 Human rights and finance: an angle for NGOs

These prohibitions will in effect prevent Conduct connected to a gross • Commission by Person E, whether the respondent from dealing with his human rights abuse or not a public official, of the illegal assets or availing himself of services in Conduct connected to a gross human activity carried out by foreign public relation to his property, funds or finances. rights abuse is defined as officials. They can be imposed for a maximum of two years, and there is no need to • Involvement by Person A in torture Civil recovery: gross abuse establish a connection between the gross or other serious breaches of human of human rights human rights abuse and the property rights and fundamental freedoms Conduct that has been designated as subject to the designating order. against Person B, where Person B connected to a gross human rights sought or seeks to expose illegal abuse and would amount to a criminal An application for such an order activity carried out by foreign public offence had it occurred in the UK will may be made by the Government, officials or to obtain, exercise, also be deemed to amount to what is individuals and entities, expressly defend or promote human rights and known as ‘unlawful conduct’. This including NGOs. The High Court must fundamental freedoms. means that the proceeds of such be satisfied that it is in the public conduct can be subject to the existing interest to make such an order. The • Activities by Person C as an agent civil recovery regime under POCA. Government will be under a duty to in connection with the activity by The relevant authorities will be under apply for such an order where the Person A. a duty to seek to initiate recovery requirements are met and it is in the proceedings where they have evidence public interest. • Activities by Person D to profit from, of the existence of proceeds of conduct materially assist, sponsor or provide designated as connected to a gross financial, material or technological human rights abuse. support for, or goods and services in support of, the activity by Person A.

Norton Rose Fulbright – March 2017 05 Business ethics and anti-corruption world

Discussion Protection of Minorities noted that For more information contact: “distinguishing between gross and To date, the UK Government’s efforts to less serious human rights violations curtail access to finance and financial … cannot be done with complete services for human rights abusers has precision”. This reflects current largely focussed on slavery and human thinking, although the following trafficking. In particular helpful guidance can be found in the Interpretative Guide to the UN Guiding • The Modern Slavery Act 2015 (MSA) Principles published by the Office of Sam Eastwood amended the list of ‘lifestyle offences’ the United Nations High Commissioner Head of business ethics in Schedule 2 of POCA to include for Human Rights (OHCHR). and anti-corruption Partner, London offences under the MSA, making it Tel +44 20 7444 2694 easier for the prosecuting authorities There is no uniform definition of [email protected] to bring confiscation proceedings gross human rights violations in against persons convicted of slavery or international law, but the following human trafficking. practices would generally be included: genocide, slavery and • The Transparency in Supply Chains slavery-like practices, summary or etc. practical guide, published by arbitrary executions, torture, enforced the government to assist businesses disappearances, arbitrary and in preparing slavery and human prolonged detention, and systematic Stuart Neely trafficking statements pursuant to discrimination. Other kinds of Associate, London section 54 of the MSA notes the risk human rights violations, including of Tel +44 20 7444 3289 of financial institutions laundering economic, social and cultural rights, [email protected] funds derived from modern slavery. can also count as gross violations if they are grave and systematic, for This amendment recognizes that example violations taking place on abuses relating to a wider range of a large scale or targeted at particular human rights can bring commercial population groups.1 benefits for perpetrators and their associates, and seeks to remove that Ultimately, the effectiveness of the new financial incentive. Having said that, law will hinge largely on the number there remain a number of unanswered of applications made to the High questions which the Court would need Court by NGOs capable of complex to consider if the amendment to the Bill investigations involving asset-tracing became law in its current form. exercises such as Global Witness, Amnesty International and Human Firstly, the amendment envisages that Rights Watch. the respondent’s abusive conduct would need to occur in response to Such investigations are on the increase, another person seeking to ‘exercise’ and the link between human rights and human rights. It is unclear what finance is very much in focus. Against circumstances would be necessary this backdrop, the amendment to fulfil this criteria. This may well highlights the importance of financial be a low hurdle, as the Bill is already institutions and other professional restricted to gross abuses. service providers ensuring their due diligence and on-going monitoring The meaning of ‘gross human rights processes are well-attuned to identifying abuse’ has been the subject of much clients and business partners with debate over the years. In a 1993 potential links to human rights abuses. working paper, the UN Commission 1 OHCHR, The Corporate Responsibility to Respect Human on Human Rights’ Sub-Commission Rights: An Interpretative Guide, United Nations, 2012, on Prevention of Discrimination and available at http://www.ohchr.org/Documents/ Publications/HR.PUB.12.2_En.pdfsee (Accessed: December 21, 2016).

06 Norton Rose Fulbright – March 2017 But does it really work? The value of ISO certification of anti-bribery compliance

But does it really work? The value of ISO certification of anti-bribery compliance

The highly-anticipated ISO standard for anti-bribery • Top management leadership and management systems – ISO 37001 – was recently commitment. published. The standard and its guidance represent the • Providing appropriate resources for outcome of an arduous process, where stakeholders the operation of the anti-bribery from many nations and representing a range of interests management system. agreed a set of principles that organizations of all sizes • Implementing appropriate financial (whether public, private or not-for-profit) can use to and commercial controls to mitigate design anti-bribery management programs. The ISO the risk of bribery. does not intend or purport to create new ground, but • Having whistle-blowing procedures rather consolidates existing guidance from regulators, in place. intergovernmental organizations and NGOs. • Monitoring and testing the program’s effectiveness on a regular basis. Organizations might consider program is genuinely effective in its obtaining ISO certification for any day-to-day application. ISO certification can be a useful range of reasons. First and foremost, indication to external stakeholders such a certification can indicate to that these elements exist within an a company’s customers, business ISO 37001 in summary organization. For the business partner partners, investors and any others who requests information about a exposed to the company’s risk profile In terms of content, ISO 37001 defines company’s anti-bribery management that the organization’s program meets bribery by reference to the laws program, ISO certification could be baseline standards. applicable to each organization and shorthand for describing the various prescribes various actions, measures elements in place. However, companies considering and controls that would be familiar to certification should be mindful that an experienced legal, compliance and risk Further, regulators who want to ISO 37001 certification means that an professionals. These include encourage a compliance culture in anti-bribery management program of jurisdictions with less enforcement a certain design exists, with all of the • Conducting a risk assessment to history than the United States or United constituent parts prescribed by ISO; it determine the risks faced by the Kingdom may point to ISO 37001 does not mean that the program really organization. as guidance for local organizations. works. This is an important point, as Because ISO 37001 is a global any government agency looking to • Providing related training for all commercial standard, it may be better take enforcement action against an relevant employees and business received than standards promulgated organization for bribery and corruption associates. by the US or UK regulators, whose related offences will inevitably extraterritorial reach is sometimes undertake its own assessment of • Conducting appropriate due perceived as unreasonable. whether that organization’s compliance diligence to assess bribery risks.

Norton Rose Fulbright – March 2017 07 Business ethics and anti-corruption world

Genuinely effective? mitigation or, where applicable, an US authorities ask three basic questions: affirmative defence. In fact, the UK “Is the company’s compliance program Anti-bribery management programs Government Guidance on Corporate well designed? Is it applied in good have two main aims Prosecutions1 lists an ineffective faith? Does it work?”.4 US regulators compliance program as an aggravating often give some weight to a respondent’s • To mitigate the risk and incidence factor that should encourage a compliance program, but mitigation is of corruption within an organization. decision to prosecute. Similar language only awarded in cases where the appears in the UK Deferred Prosecution program is truly effective – and where • To provide a credible response to Agreements Code of Practice.2 A key the alleged corrupt activity took place prosecutors when, despite best takeaway from the Standard Bank DPA despite the company’s best efforts. efforts, a corrupt act occurs. is that ineffective anti-bribery programs will not be considered ‘adequate Programs that achieve those two aims procedures’, despite the moving parts What is a corporate to do? are those that actually work, rather that may exist.3 than just exist. ISO certification could certainly be a valuable exercise for any organization The message from relevant authorities 1 See page 7, available at: https://www.sfo.gov.uk/ looking to ascertain whether its publications/guidance-policy-and-protocols/codes-and- is unambiguous: only truly effective protocols/. program – or at least its plan for 2 See page 5, available at: https://www.sfo.gov.uk/ anti-bribery management programs publications/guidance-policy-and-protocols/deferred- developing the program – hits all merit consideration in terms of penalty prosecution-agreements/. 3 For further information about the Standard Bank DPA, 4 See page 56, available at: https://www.sec.gov/spotlight/ please see Norton Rose Fulbright’s prior client alert. fcpa/fcpa-resource-guide.pdf.

08 Norton Rose Fulbright – March 2017 But does it really work? The value of ISO certification of anti-bribery compliance

the right marks. Seeking certification Ensuring that your anti-bribery Norton Rose Fulbright was delighted should not, however, direct company management program really works to be represented as the only legal resources away from focussing on takes genuine review and assurance: practice on the UK based BSi Anti- meeting the standards regulators set: not just an auditing process, but Bribery Committee which worked is the program mitigating the risk substantive transaction testing to on the ISO standard on anti-bribery and incidence of corruption, and is it ensure that legal risks are being (ISO 37001). This followed our providing a credible response when appropriately identified and mitigated, earlier work on the British Standards impropriety nonetheless occurs? that processes are being followed Institute’s panel in connection with the and that the correct decisions are drafting of the first British Standard on Achieving these goals – as opposed being made by businesses, legal Anti-Bribery (BS 10500). to a certification – is hard work and and compliance personnel. Such an takes planning, expertise and cultural outcomes-based assessment provides change management. Reflecting metrics and management information For more information contact: this, the ISO standard notes in its to executives and boards, which appendix that senior managers must enables a company to determine with have ‘genuine intent’ and a ‘genuine confidence whether their program commitment to prevent, detect and really works. The same can be done, address bribery in relation to the albeit with more qualitative feedback, organization’s business’.5 This matches with respect to development of ethical various guidance documents issued by culture and training effectiveness. What the authorities, such as the UK Ministry dilemmas are facing your managers, Jason Hungerford of Justice Bribery Act Guidance,6 the and how effectively does their reflex Partner, London FCPA Resource Guide7 and the US meet the challenge? Is your training Tel +44 20 7444 2474 Federal Sentencing Guidelines.8 program changing hearts and minds, [email protected] and how can you do better? Is your

The dangers of an over-reliance on message being heard? certification were highlighted earlier this year when Australian journalists Real commitment and action is the alleged that Monaco-based Unaoil challenge in any organization and had helped various multi-national the key to effective anti-bribery companies secure government licences management programs. The new ISO using improper payments. Unaoil had standard gives corporates a set of tools Stuart Neely previously been certified by a well- by which they can meet that challenge, Associate, London Tel +44 20 7444 3289 known due diligence provider. The but whether those tools are deployed [email protected] matter is now subject to a number effectively is a matter of real testing of criminal inquiries by authorities and assurance. including the SFO, and the press has labelled the agent, ‘The intermediary that allegedly bribed the entire oil industry’.9

Paul Sumilas Senior associate, Singapore Tel +65 6309 5442 5 See paragraph A.3.1., available at: http://www.iso.org/ [email protected] iso/catalogue_detail?csnumber=65034. 6 See in particular Principle 2, available at: https://www. justice.gov.uk/downloads/legislation/bribery-act-2010- guidance.pdf. 7 See page 56, available at: https://www.sec.gov/spotlight/ fcpa/fcpa-resource-guide.pdf. 8 See § 8B2.1(b), US Sentencing Guidelines, available at: http://www.ussc.gov/sites/default/files/pdf/guidelines- manual/2014/CHAPTER_8.pdf. 9 http://www.forbes.com/sites/jwebb/2016/07/26/serious- fraud-office-moves-against-unaoil-the-intermediary-firm- that-bribed-the-entire-oil-industry/#6d8b5aad435c.

Norton Rose Fulbright – March 2017 09 Business ethics and anti-corruption world

Culture and compliance – new best friends?

Following the release by the United States Department Establishing a culture of Justice (DoJ) of new remediation standards for of compliance FCPA compliance programs (see: DOJ launches pilot ‘Culture’ in this context is not easily program for FCPA cases), compliance professionals defined and will vary between are once again revisiting the key components of their businesses. An organization should have a clear sense of purpose, with programs. Beyond the US, the standards reinforce every employee, wherever located or the requirements of the Bribery Act in the UK1 and in whichever business line, knowing what the organization stands for. In prospective legislation in other jurisdictions which large multi-nationals, this will be is seeking to place a similar onus on businesses to difficult. The more remote an office prevent, detect and report financial crime. in terms of its geography, including distance from and degree of control by ‘headquarters’, the harder it can Key elements the DoJ will assess • Auditing of the compliance program. be to assert a particular global culture. in determining effectiveness of a As Hui Chen, DoJ Compliance Expert compliance program are • The reporting structure of compliance has acknowledged1, compliance officers personnel within the company. often have to ‘help their colleagues • The ‘culture of compliance’. … navigate towards [compliance] The challenge for businesses is to expectations in societies that are not • The resources dedicated to the go beyond a ‘tick- box’ approach necessarily accustomed to these compliance function. to compliance, to implementing, behaviors’. and maintaining, a positive culture • The quality of the compliance of compliance. The above criteria The establishment of a robust sense personnel. alone may prove challenging for of purpose that can withstand the businesses headquartered beyond the pressures of the local environment • The independence of the compliance United States in jurisdictions where is not easy. A concise set of values, function. compliance and its associated concepts communicated both internally and may be less developed. Below, we externally, is a first step, providing • Whether the compliance program consider how organizations might steer a reference point for the standards has performed an effective risk their employees towards complying according to which an organization assessment. both with the letter of the law and, just wishes to conduct its business and by as critically, the spirit of the law. which it would like to be judged. Those • How compliance personnel are compensated and promoted. 1 Interview with Ethics & Compliance Initiative, February 1, 2016.

1 Note that the UK Ministry of Justice is now consulting on plans to extend the scope of the criminal offence of a corporate ‘failing to prevent’ beyond bribery and tax evasion to other economic crimes.

10 Norton Rose Fulbright – March 2017 Culture and compliance – new best friends?

values need to be reiterated at the start Regular communication by leadership, Dedicating sufficient of every new policy, survey or training both internally and externally, about resources to the compliance so that all rules and guidance are set the company’s values, compliance function out in context. initiatives, and stakeholder response to any compliance progress made, will Embedding a compliant culture takes The recent Deferred Prosecution serve to promote effective compliance more than ‘tone from the top’. The most Agreement agreed between the UK’s as a key business strategy. Thus, demonstrable evidence of a company’s Serious Fraud Office (SFO) and Standard responsibility for ‘compliance’ should commitment to a compliant culture is Bank Plc2 reveals the extent to which be shared across the company and the extent of the resources allocated to the SFO, and indeed the courts, will test compliance fully integrated with the compliance function. the underlying culture of compliance other risk management functions. The within an organization when considering HR function, for example, should be Human resource and budget a potential settlement; in this case, the aligned with compliance to conduct (with compliance having its own compliance training was deemed to be background checks, to test attitudes independent budget, rather than inadequate and the internal policies to compliance during recruitment and shared with, say, the office of the not sufficiently well-understood. promotion, to assess the impact of General Counsel) is key. These Combined with a lack of co-ordination remuneration practices and incentives resources should be sufficient to between group entities, this resulted in on culture, to engage in relevant allow effective integration across the the compliance procedures as a whole disciplinary action and to report on business, proportionate to the size being found to be lacking taking into ‘lessons learned’. As Hui Chen has of the organization, and reflect the account the risks posed. stated3, “compliance can identify issues risk of doing business in the relevant in a company’s financial controls, sectors and jurisdictions. An effective The senior management of a company, HR processes, or sales strategy but … compliance program cannot be static. including the most senior executives, without the commitment of finance, HR A company should periodically undoubtedly have the greatest influence or sales leadership, these issues cannot review its compliance program and in driving a particular culture. They be remediated.” update in light of new developments, need to lead by example and establish such as changes in business focus, the appropriate ‘tone from the top’. A A framework of employee engagement, new regulatory pronouncements compliance program that lacks the feedback and review is important to or other developments pertinent to visible and demonstrable backing of sustain the established culture. The the company’s operations. Ideally, senior management will have limited results of this engagement should be resources should extend to the periodic effect. Senior management should subject to review and analysis which engagement of external consultants make ethical conduct and ethical should in turn inform changes to the to provide an independent analysis decision-making normal business program. Following instances of unethical of the effectiveness of the compliance practice and emphasise, through their behavior, there should be demonstrable program and insight on how to build or messaging and conduct, the importance sanctions, which could include such sustain the desired culture. of a compliant culture. To do so, they things as claw-back of bonuses and will need to be well-informed about demotion. Equally critical, appraisals Ms Chen argues4 that, in all areas, each element of the compliance program, should start rewarding behaviors that “strong compliance must be data being provided with high-quality go toward embedding the company’s driven”. Therefore, resources should management information and updated values and move away from traditional also allow a compliance function to use risk assessments. That way, they can metrics that often have a narrow focus technology to facilitate the assessment, ensure that the program is embedded on achieving financial targets. limitation and detection of risk, taking across the business when visiting into account the proliferation of ever- different offices, communicating with changing business systems. country or divisional management, and generally on a day-to-day basis.

2 SFO v Standard Bank Plc, November 30, 2015 – 3 Interview with Ethics & Compliance Initiative, Case no: U20150854. February 1, 2016. 4 Ibid.

Norton Rose Fulbright – March 2017 11 Business ethics and anti-corruption world

A compliance function created as exposure to risk or more experience in A risk assessment cannot be a one-off an after-thought out of necessity in, establishing effective compliance. exercise but should be carried out as say, rushed remediation efforts will regularly as practicable. Businesses struggle to be effective. However, a should assess the risks to which function established to work in tandem Independence of the they are subject, analyze the most with senior management, which is compliance function significant risks and allocate sufficient fully and thoughtfully resourced and resource to remediate accordingly. integrated with other risk management The DoJ expects that compliance functions, will play a significant role personnel and, in particular, the head Broader questions of culture, attitude in an organization meeting its strategic of compliance, are not placed in a and knowledge should be tested, compliance objectives. position of possible conflict of interest measured and the information gleaned between their compliance work and then used to enhance the program. other responsibilities. It is thus prudent Quality and experience of for an organization, where possible, to compliance personnel require compliance personnel only to How a company’s perform compliance tasks. If this is not compliance personnel are The DoJ considers whether compliance realistic, such as in smaller companies, compensated and promoted personnel can understand and appropriate steps should be taken to identify transactions identified as ensure potential conflicts of interest If the commitment to a compliant posing a potential risk. Compliance are avoided. culture truly exists, the management professionals should have relevant of regulatory risk will be afforded the qualifications and experience for the The concept of independence does not same importance as that of other senior role. Personal qualities are equally rule out close co-operation between the management positions. Consequently, important; the head of compliance compliance function, management and businesses should assess carefully should be an individual of sufficient staff. This relationship will be crucial whether the pay and promotion gravitas to reinforce the importance if compliance risks are to be detected prospects of its compliance personnel which management places on early and managed effectively. reflect this principle. compliance and ethical conduct. In a large organization, one would According to Hui Chen5, being in Whether the compliance expect the remuneration of the head compliance requires “backbone and program has performed an of compliance to be in line with other good judgment and excellent people effective risk assessment heads of department. To maintain skills”. With the right characteristics, and tailored the compliance independence, a sub-committee of the a successful head of compliance can program accordingly Board should determine the level of engage effectively to attract the support remuneration. of the entire work-force. This support The most effective compliance will underpin changes in compliance programs are underpinned by regular Any remuneration linked to the culture far more effectively than, say, risk assessments. The concept of financial performance of the business a whistleblowing hotline or online ‘compliance by design’, pursuant to line for which an individual exercises training program. which the compliance program is compliance responsibilities may tailored according to the sector that undermine his/her independence and Compliance personnel should be the organization is operating in, its should be avoided. Remuneration proactive in learning about the risks geographical spread, case studies related to the financial performance of implicit in their organization’s sector based on issues faced by competitors the organization as a whole, however, including continually anticipating new, and the organization’s own historical is generally deemed to be acceptable. emerging risks. They should learn from issues, is the most effective basis. Promotion should be linked to the their peers through networking at effective management of risk over industry events and sharing best practice. a defined period, combined with It is often instructive to learn from noticeable improvements in culture. those operating in sectors with greater

5 Ibid.

12 Norton Rose Fulbright – March 2017 Culture and compliance – new best friends?

Auditing of the compliance Reporting outcomes (negative or For more information contact: program to assure its positive) to management makes effectiveness leaders accountable for compliance and allows them to assess how well The DoJ takes into account whether the organization is managing its the compliance program has been the compliance risk. subject of an external or in-house audit, including whether it has been designed There should be clear policies in appropriately to identify key risks and, place concerning the escalation of, Sam Eastwood if so, what action has been taken. Any and response to, significant issues. Head of business ethics gaps noted should be remediated as Direct access to the board should be and anti-corruption Partner, London soon as practicable and the program granted to the head of compliance Tel +44 20 7444 2694 improved accordingly, not allowed to where necessary, such as in the case of [email protected] remain unchanged and stagnant until a possible breaches identified during the particular event provides the necessary course of an investigation. impetus for change.

In order to maintain a compliant culture, Conclusion regular feedback (from both management and employees) on the compliance While there is no shortage of guidance program, including levels of confidence concerning compliance ‘best practice’, Kevin James Harnisch in the ethical conduct of the leadership the more intangible concept of ‘culture’ Partner, Washington, DC team, and monitoring to ensure is more difficult to define. Tel +1 202 662 4520 continuous improvement, are crucial. [email protected] At its most basic, culture should be the creation of a common purpose across Reporting structure of an organization, with a set of values compliance personnel within reinforced from the top that permeate the company through every aspect of the business. In contrast to a time when too many The DoJ expects that the head of organizations’ cultures were found by compliance should have formal reporting regulators and prosecutors to be failing, Holly Quinnen obligations directly to the board, or at a compliant culture may start to become Senior associate, London the least the senior management team, a company’s most valuable asset. The Tel +44 20 7283 6000 to facilitate sufficient influence among challenge for businesses globally is to [email protected] leadership. Reporting too far down in a establish, maintain and resource an company structure may limit the effective framework to support their effectiveness of a compliance leader. desired culture of compliance.

The nature of the reporting line between the remainder of the compliance team and the head of compliance will depend on how the organization has chosen to organise its compliance function. Some companies opt for stand-alone compliance reporting lines; others report through the risk function; others report through the office of the General Counsel. However structured, organizations must have in place reporting lines that are clearly articulated and operationally effective.

Norton Rose Fulbright – March 2017 13 Business ethics and anti-corruption world

SEC fines Nu Skin US$765,688 to settle FCPA charges

On September 20, 2016, Nu Skin Enterprises, Inc. US$431,088). Nu Skin China offered (Nu Skin) paid US$765,688 to settle allegations by the to “donate some money instead of [paying] a fine” to avoid any charges. US Securities and Exchange Commission (SEC) that Senior personnel at Nu Skin China also Nu Skin violated the accounting provisions of the US requested that the official personally Foreign Corrupt Practices Act (FCPA) in connection with intervene in the matter in exchange for 1 a RMB1 million donation to the charity. a charitable donation. Specifically, the conduct relates Soon after the charitable donation was to payments made by Nu Skin’s Chinese subsidiary, made, the AIC notified Nu Skin China of its decision to neither charge nor fine Nu Skin (China) Daily Use And Health Products Co. the company. Ltd. (Nu Skin China) to a charity tied to a high ranking official in the Chinese Communist party.2 Nu Skin The parent corporation identified the donation as a potential FCPA issue China allegedly made the payment in an effort to before it occurred and recommended end an investigation by the Chinese Administration that its Chinese subsidiary consult with for Industry and Commerce (AIC) into Nu Skin US counsel. US counsel recommended that the subsidiary include anti- China’s marketing and sales practices. The resolution corruption language in the donation underscores the importance of caution and diligence in agreement. The parent corporation making charitable donations in foreign countries. reviewed the draft of the anti-corruption provisions, but they were removed by the subsidiary just prior to execution.

Facts and requested the name of a charity to The SEC alleged that Nu Skin violated which Nu Skin China could donate. The the FCPA’s accounting requirements The AIC had been investigating whether official suggested a charity that was because it recorded the payment as a Nu Skin China had been conducting created by an entity with which the charitable donation and failed to business activities in a particular city official was previously associated. adequately investigate the circumstances without the necessary licenses. In an of the charity and donation. effort to influence the AIC’s investigation, After the discussion with the official, a Nu Skin China employee contacted the AIC informed Nu Skin China that the Communist party official, who was there was enough evidence to file also the former boss of the head of the charges that would result in a fine AIC branch investigating Nu Skin China, of RMB2.8 million (approximately

1 SEC Charges Nu Skin Enterprises, Inc. with FCPA Violations, US Securities and Exchange Comm’n (September 20, 2016), https://www.sec.gov/litigation/ admin/2016/34-78884-s.pdf. 2 Nu Skin Enterprises, Inc., Exchange Act Release No. 78884, at *2 (September 20, 2016).

14 Norton Rose Fulbright – March 2017 SEC fines Nu Skin US$765,688 to settle FCPA charges

Key takeaways Geographic risk China continues to be a hot spot This settlement highlights a number of for corruption and a focus for the key issues for companies subject to the US regulators – in 2016 alone, the FCPA. SEC has brought over ten actions based on misconduct in China. As Charitable donations are back this case shows, even companies Sun Hong in the crosshairs taking appropriate steps, such as Head of Shanghai This is the second time that the SEC has engaging external counsel to assist Tel +86 21 6137 7020 [email protected] brought an enforcement action based on corruption-related matters, must entirely on a charitable donation. take special care in the region. In this Companies need to carefully scrutinize regulatory environment, companies charitable donations in foreign countries must consider whether to conduct anti- to maintain compliance with the FCPA. corruption audits and reviews of their They should always determine why the Chinese operations. donation is being made and who outside the company requested it. Donations Paul Sumilas requested by foreign government For more information contact: Senior associate, Singapore officials should not be approved unless Tel +65 6309 5442 the company can prove it has no matters [email protected] before the foreign government that the official may influence. The conclusions should be documented in advance of the donation.

Instilling a compliance culture Wilson Ang Multinational companies must not only Partner, Singapore embrace the ‘tone at the top’ message Tel +65 6309 5392 Ilana B Sinkin [email protected] that US regulators identify as a key Associate, Washington, DC element of a compliance program, but Tel +1 202 662 4651 also ensure that the proper tone permeates [email protected] further down in the organization. This resolution demonstrates that the US regulators are not excusing US public companies when the parent corporation is asking the right questions. The parent corporation took appropriate action by Michael Edney requiring Nu Skin China to consult with Partner, Washington, DC external US counsel regarding the Tel +1 202 662 0410 [email protected] adequacy of the donation documentation. But the subsidiary ignored that advice and removed the anti-corruption terms from the donation agreement, without the knowledge of parent personnel. The regulators are holding US companies responsible for the unauthorized actions of subsidiary employees. US companies Kevin James Harnisch must follow up to make sure its anti- Partner, Washington, DC corruption instructions were followed. Tel +1 202 662 4520 [email protected]

Norton Rose Fulbright – March 2017 15 Business ethics and anti-corruption world

This time it’s personal: senior management liability in ‘books and records’ offences

Senior managers who choose to turn a blind eye disguising the bribes as bogus towards the corrupt practices of their companies and entertainment expenses which were paid out from petty cash vouchers as the employees they supervise may find themselves approved by the senior management personally liable for allowing the company’s books to of ST Marine, i.e. the accused and his be altered to conceal the corrupt nature of the payments co-conspirators. It is pertinent to note that Han and his colleagues were not made – even if it could not be shown that they had the ones who carried out the payment actually engaged in the payment of bribes. of the bribes. Rather, they approved the fraudulent petty cash vouchers, which they knew were not genuine Corruption is by nature a secretive accounting and money-laundering entertainment expense claims, that economic crime that is both difficult to offences. This approach shows a were presented to them. detect and prove. As both the bribe striking similarity with the US-style giver and recipient are liable for the ‘books and records’ offences often Even though Han and a number offence of bribery, there is little used by US prosecutors in complex of his co-accused admitted their incentive for any party to a corrupt bribery schemes, and the new false involvement and cooperated in the transaction to report the offence to the accounting offences recently enacted course of investigations, it was evident authorities or to fully cooperate in any in Australia which will bolster the that proving the individual acts of investigation. Conversely, the parties anti-bribery toolbox of the Australian bribery was difficult. This was because may be more inclined to collude and Federal Police, available at http://www. investigations were hampered by conceal their involvement in the corrupt nortonrosefulbright.com/knowledge/ the fact that key witnesses and the transaction. The difficulty in detecting publications/137893/new-false- receivers of the bribes were mainly and proving corruption is further accounting-offences-bolsters-bribery- located overseas. complicated where a corporate entity is toolbox-for-australian-federal-police. involved. In such cases involving the Nevertheless, this difficulty was corporatization of bribery, complex surmounted by the use of section corporate structures and creative ST Marine 477A of the Penal Code Cap. 224 accounting practices may be employed (section 477A), which criminalizes to conceal the involvement of the In PP v Han Yew Kwang, Han Yew the falsification of a company’s individuals, especially those occupying Kwang (Han), a former deputy accounts by a clerk or servant of the senior positions in the company. president at ST Marine, was prosecuted company with intent to defraud. Given for conspiring with a number of that the bribes were essentially paid Nevertheless, recent cases in Singapore colleagues, who were all senior out of petty cash payment vouchers have shown that Singapore authorities executives at ST Marine at the material falsely recorded as ‘entertainment are prepared to deploy a range of time, to pay bribes to employees of ST expenses’, this approach had the prosecutorial techniques so as to bring Marine’s customers in order to obtain effect of bringing the accused and his senior managers to account for their business from these customers. An conspirators to account for their role in role in corrupt schemes through false integral part of this scheme involved the corrupt scheme, i.e. for approving

16 Norton Rose Fulbright – March 2017 This time it’s personal: senior management liability in ‘books and records’ offences

the individual fraudulent payments, in needed to prove that the invoice was of LAN Airlines S.A. (LAN), for his role addition to the general conspiracy to false, in respect of the section 477A in authorizing US$1.15 million in pay bribes. charge; and that the monies paid out payments to a consultant pursuant to pursuant to the invoice – which would a sham consulting contract. The SEC be proceeds of crime or property used alleged that Cueto “understood that Questzone in connection with criminal conduct it was possible the consultant would – were transferred to Li and the then pass some portion of the [payment] The authorities adopted a similar tactic Prime Minister of the Asia-Pacific to union officials” in an effort to in the prosecution of Thomas Philip country, in respect of the money- resolve a dispute between LAN and its Doerhman (Doerhman) and Lim Ai laundering offences. employees. Although unable to prove Wah (Lim), who were sentenced to that a bribe payment occurred, the SEC 60 and 70 months jail respectively stated: on September 1, 2016, for falsifying US and Australian approach: accounts under section 477A and ‘books and records’ “The payments were made pursuant money laundering offences under to an unsigned consulting agreement the Corruption, Drug Trafficking and The use of false accounting offences to that purported to provide services that other Serious Crimes (Confiscation prosecute senior management for their Cueto understood would not occur. of Benefits) Act Cap. 65A (CDSA). involvement in corrupt transactions Cueto authorized subordinates to make Doerhman and Lim, who were both is well established in the US. The the payments that were improperly directors of Questzone Offshore Pte Securities and Exchange Commission booked in the Company’s books and Ltd (Questzone), were prosecuted for (SEC) is known to utilise the ‘books and records, which circumvented LAN’s conspiring with a third individual, records provision in the Foreign Corrupt internal accounting controls.” Li Weiming (Li), in 2010 to issue Practices Act (FCPA) to prosecute a Questzone invoice to a Chinese senior managers in listed entities for In another recent example, the SEC telecommunications company their role in the corrupt transactions. charged Jun Ping Zhang (Zhang), seeking payment of US$3.6 million The relevant provision requires listed the former CEO and Chairman of for a fictitious sub-contract on a entities in the US to keep books and Harris Corporation’s (Harris) Chinese government project in a country in records that fairly and accurately reflect subsidiary CareFx China, for his role the Asia-Pacific. Li was the chief the transactions of the corporation. in facilitating a bribery scheme that representative for the Chinese company Therefore, a scheme involving the provided illegal gifts to Chinese officials in that country. A portion of the monies doctoring or manipulating of company in exchange for business. Pursuant paid out by the Chinese company to records in order to conceal the corrupt to the scheme, Zhang authorized and Questzone pursuant to its invoice was transactions would cause the company approved false expense claims that then subsequently redistributed by to be in violation of this provision. were used to provide gifts to officials. Doerhman and Lim to Li and the then Senior management who engage in or The SEC charged Zhang with violations Prime Minister of that Asia-Pacific otherwise permit such conduct could of both the anti-bribery and accounting country in 2010. be found similarly liable. provisions of the FCPA, alleging:

Even though no corruption charges As far back as 2009, the SEC has used “[Zhang] was Harris’ gatekeeper at were brought under the Singapore the books and records provisions CareFx China, but he nonetheless Prevention of Corruption Act against aggressively to charge individuals. In authorized false expense claims that he the parties, it is plainly conceivable that the Nature’s Sunshine case, the CEO knew were going to be used to provide Questzone functioned as a corporate and CFO of the company were charged gifts to government officials. Moreover, conduit for corrupt payments to be with FCPA violations for failure to Ping helped his subordinates at CareFx made. On the facts, some key witnesses adequately supervise employees to China hide the bribe scheme from were overseas – with Li having make and keep accurate books and Harris auditors and employees.” absconded soon after proceedings records and implement an adequate set against him commenced. The use of of internal controls, despite not having In a move that will bring the Australian section 477A and money-laundering direct knowledge or involvement in anti-corruption regime closer to the charges under the CDSA allowed the bribery scheme. In a more recent US and Singapore approach, new the prosecution to proceed against example, the SEC charged Ignacio offences involving false dealing with Doerhman and Lim as they only Cueto Plaza (Cueto), the former CEO accounting documents came into effect

Norton Rose Fulbright – March 2017 17 Business ethics and anti-corruption world

on March 1, 2016. Under the new law, to prior criticism that not enough For more information contact: it is an offence for an individual or had been done to hold individuals to corporation to intentionally or recklessly account for their decisions which led to facilitate, conceal or disguise in their the financial crisis of 2007-2009. accounting documents an occurrence of bribery, corruption or loss to a person This approach of targeting individuals that was not legitimately incurred. in general, and senior executives in Importantly, proof that a benefit (not particular, was echoed in Singapore legitimately due) was actually received by Attorney-General VK Rajah SC Wilson Ang or given by the accused or another (A-G Rajah) in an opinion editorial Partner, Singapore person is not required. This overcomes in November 2015, where he urged Tel +65 6309 5392 [email protected] an evidentiary limitation that has corporates to adopt a culture of historically been difficult for prosecutors compliance in order to combat to overcome, available at http://www. commercial crime. In a portentous nortonrosefulbright.com/knowledge/ statement threatening to pierce the publications/137893/new-false- corporate veil, A-G Rajah warned that accounting-offences-bolsters-bribery- there was ‘no certainty of escape from toolbox-for-australian-federal-police. liability’ for those seeking to hide behind complex corporate structures. Abigail McGregor Partner, Melbourne It’s personal: liability of Senior management cannot act in Tel +61 3 8686 6632 senior executives under conscious disregard or be wilfully [email protected] scrutiny blind to corrupt practices in their organizations. The specific targeting of Senior managers who choose to turn a individuals by the authorities, through blind eye towards the corrupt practices the use of ‘books and records’ type and of their companies and the employees anti-money laundering offences, puts they supervise may find themselves senior executives on notice of the need personally liable for allowing the for them to prevent, detect and properly company’s books to be altered to respond to corporate wrongdoing – and Paul Sumilas conceal the corrupt nature of the to set the right tone from the top. Senior associate, Singapore payments made – even if it could not be Tel +65 6309 5442 shown that they had actually engaged [email protected] in the payment of bribes. As far as liability is concerned, this time it’s personal The approach adopted by the SEC, which focuses on the complicity of An earlier version of this article was senior executives and their failure to first published on Thomson Reuters ensure that the company maintains Accelus Regulatory Intelligence and accurate books and records and Compliance Complete. implements appropriate internal Jeremy Lua controls, should not be surprising Associate, Singapore in light of the memorandum titled Tel +65 6309 5336 [email protected] Individual Accountability for Corporate Wrongdoing issued in September 2015 by the US Assistant Attorney General, Sally Yates, to all US Department of Justice (DOJ) prosecutors and civil litigators. The ‘Yates Memo’ is largely seen as a signal of intent by the DOJ to pursue and punish individuals for their role in corporate crime, in response

18 Norton Rose Fulbright – March 2017 The World Bank Office of Suspension and Debarment reflects on lessons learned

The World Bank Office of Suspension and Debarment reflects on lessons learned

“The World Bank Group is fully committed to its experience documentation; forged fiduciary responsibility to see that funds are used for bank guarantees or securities; or misrepresentation regarding past their intended purpose: ending extreme poverty and performance or experience. The OSD boosting shared prosperity” acknowledges in the Report that one of the key lessons learned in its 8 years of Jim Young Kim, President, World Bank Group operation, is that fraudulent practices can be as damaging to development as The World Bank’s Report on Functions, The Report, and specifically the use of corruption or collusion. Data and Lessons Learned (the Report), debarment as an effective sanctioning issued in the spring of 2016, explains mechanism, should however be viewed the sanctions process adopted when a in the wider context and as a reflection The process adopted by the firm (or individual) involved in a World of a more general desire to supplement World Bank Bank-financed project is accused of traditional monetary fines with other a sanctionable practice, and reflects penalties. In addition to the World Where sanctionable practices are on lessons learned as the World Bank Bank, many governments and leading suspected, the Integrity Vice President seeks to build a more transparent, International Financial Institutions (INT) will first conduct an initial fact- fair and effective suspension and (IFIs) implement similar debarment finding exercise. Where it believes debarment system. procedures, as discussed in further there to be sufficient evidence of detail below. sanctionable misconduct, it will initiate In the fiscal year ending June 30, proceedings by issuing a Statement 2015, the International Bank of of Accusations and Evidence (SAE) Reconstruction and Development Sanctionable practices in relation to the accused firms or (IBRD) and the International individuals (Respondent(s)) to the Development Association (IDA), The Report recognizes and defines OSD. The OSD’s Chief Suspension and which together comprise the World five sanctionable practices as: fraud; Debarment Officer (SDO) will then Bank, committed US$42.5 billion in corruption; collusion; obstruction; thoroughly evaluate the information loans, grants, equity investments and and coercion. Of the 303 sanctions contained in the SAE and determine guarantees to help promote economic cases brought before the Office of whether INT has presented ‘sufficient growth and overcome poverty in Suspension and Debarment (OSD) by evidence’ that the Respondent engaged developing countries. The World Bank the end of the 2015 fiscal year, the in the alleged sanctionable practice(s). has a fiduciary duty to ensure that vast majority (83 per cent) related If sufficient evidence is found, the the proceeds of these financings are to a ‘fraudulent practice’, defined SDO will issue a Notice of Sanctions used for their stipulated purpose. The as “any act or omission, including a Proceedings and formally notify the sanctions system (as the suspension misrepresentation, that knowingly Respondent of the commencement and debarment process is often called) or recklessly misleads, or attempts to of sanctions proceedings against it. excludes proven wrongdoers from mislead, a party to obtain a financial or The SDO will also recommend an operations financed by the World Bank other benefit or to avoid an obligation”. appropriate sanction, which will be and is a tool through which it seeks to According to the Report, most cases implemented unless the Respondent enforce this duty. involved forged performance or contests the allegations.

Norton Rose Fulbright – March 2017 19 Business ethics and anti-corruption world

As such, the OSD is primarily designed civil penalties – the World Bank may Canada Supply Manual in 2014, mean to act as a check and balance and refer cases to national governments that companies convicted of dishonesty must impartially review the evidence where the wrongdoing would likely be offences (including bribery, extortion, before it. Since its inception, the OSD considered a criminal act. forgery and insider dealing, as well has referred 36 per cent of cases back as the offences under the Corruption to INT having determined that there Once the investigation has been of Foreign Public Officials Act) are was insufficient evidence to support concluded, and likely wrong doing prohibited from obtaining a federal one or more of the accusations made. established, there are five possible government contract for a period of However, only four per cent were sanctions that may be implemented: ten years, regardless of subsequent rejected in their entirety. debarment with conditional release; efforts to ‘clean house’ and remediate debarment for a fixed period (without corrupt behaviors within the business. One of the underlying objectives of the conditional release); conditional In contrast the UK imposes a maximum sanctions process is to ensure that it is non-debarment; public letter of debarment of five years and enables fair to the Respondents and that they reprimand and restitution. By far the companies convicted of a corruption or have the right to be heard. To this end, most common sanction is debarment dishonesty offence to recover eligibility INT must disclose all relevant evidence – meaning that the Respondent is to bid for public contracts having including that which does not support declared ineligible to receive World undergone a ‘self-cleaning’ process. its case. A Respondent has 30 days to Bank financed contracts. Where a submit a written explanation to OSD debarment with ‘conditional release’ Interestingly in the US, an upward and 90 days to appeal the case to the is granted, the conditions for release trend in suspension and debarment World Bank’s Sanction Board, which will focus on the debarred party actions has recently plateaued. will review the case de novo. Having demonstrating that it has in place, The Interagency Suspension and done so, the Sanctions Board will issue and has implemented for an adequate Debarment Committee Annual a fully reasoned decision stating whether period, an integrity compliance Report, suggests that after consistent it is ‘more likely than not’ that the program satisfactory to the World Bank increases from 2009, the number Respondent engaged in sanctionable (using standards reflective of global of cases levelled off in 2015 with a misconduct. If their finding is affirmative, consensus). Debarments are public and slight decrease in reported instances it will then impose the appropriate printed on the World Bank’s website. of debarment from 1,929 in 2014 to sanctions having considered any 1,873 the following year. According mitigating or aggravating circumstances. As of June 30, 2015, the World Bank to the Committee, this should not According to the Report, appeals to the has publicly debarred or otherwise however be seen to reflect the Sanctions Board were only made in 33 sanctioned more than 700 firms effectiveness or otherwise of the system per cent of cases. and individuals. Of the 368 cases but regarded as ‘purely a function of concluded since the creation of the need’. Ultimately, Congress remains two-tier sanctions system in 2008, 39 keen that the administrative powers of Sanctions per cent have been sanctioned during suspension and debarment are utilized the last two fiscal years. The recent where appropriate, a sentiment that It is common for the OSD to impose a increase in suspension and debarment is echoed in other quarters. The most temporary suspension on a Respondent actions suggests the efficacy of the recent OECD Foreign Bribery Report preventing it from entering into new OSD’s sanctions regime has improved dated December 2014, for example, contracts for World Bank financed and further demonstrates the World notes that out of 427 cases brought projects whilst investigations are on- Bank’s continued commitment in the only two resulted in debarment going. Whilst a temporary suspension fight against corruption. and concluded that countries need is not announced publicly, it is posted to do more to ensure those that on the World Bank’s intranet and the This trend is reflected in the legislative are sanctioned for having bribed a Client Connection extranet site used changes in Canada, the EU and UK foreign public official are suspended by borrowing countries. It should be where the number of offences for from participation in national public noted that, whilst the sanctions system which companies can be debarred procurement contracting. is a ‘quasi-judicial administrative has recently increased. In Canada, for process’ – meaning that it does not example, amendments to the Public have jurisdiction to enforce criminal or Works and Government Services

20 Norton Rose Fulbright – March 2017 The World Bank Office of Suspension and Debarment reflects on lessons learned

Settlement Whilst we expect the number of For more information contact: debarments imposed by the World Following amendments to the Bank and government agencies to sanctions system in 2010, cases before continue to rise, sanctions alone are the World Bank may be resolved prior not sufficient to combat the problem to, or during, sanctions proceedings of fraud and corruption. As such by means of a negotiated resolution these institutions would be advised to agreement or settlement. In these begin focussing more on incentives for circumstances, the SDO’s role is cooperation in addition to the adoption Sam Eastwood limited to reviewing the settlement to of robust compliance measures. Head of business ethics ensure it was entered into voluntarily, and anti-corruption Partner, London without duress and the agreed-upon Going forward, the World Bank is Tel +44 20 7444 2694 sanction is broadly consistent with the likely to continue to work with other [email protected] Sanctioning Guidelines. The SDO may multilateral development banks and not modify the terms of the settlement organizations, as well as national in any respect. The proportion of cases governments. After all, the more concluded pursuant to settlement rigorous those organizations and agreements has increased from 17 per governments are in their pursuit of cent to 21 per cent since the World misconduct, the more straightforward Bank’s first edition of this report in the World Bank’s own mission will be 2014, suggesting that the World Bank to ensure that its funds are used for Holly Quinnen has become more open to Respondents their intended purpose. Senior associate, London seeking negotiated solutions. Tel +44 20 7283 6000 In the meantime, the Report is an [email protected] important tool for seeking to balance Conclusion requirements of confidentiality with the need for transparency. To be effective, The suspension and debarment the OSD must retain its independence system presents (as it is intended to) from external and internal pressures a significant deterrent for businesses and must resist pressure to impose particularly those that rely heavily on sanctions where there is insufficient World Bank or government contracts. evidence of wrongdoing. Molly Seymour For those companies that do little else, Associate, London a debarment may have a significant Tel +44 20 7444 5877 adverse impact on its ability to generate [email protected] revenue. Debarment, as a sanction of choice, has a number of advantages. Not only does it act as a financial deterrent, it also excludes dishonest contractors from significant business transactions and sends an important message that sanctionable practices are not and will not be tolerated.

Norton Rose Fulbright – March 2017 21 Business ethics and anti-corruption world

UK’s second Deferred Prosecution Agreement

On Friday July 8, 2016, the second UK Deferred seen as fundamental to the DPA Prosecution Agreement (DPA) between the Serious outcomes. Both companies provided oral summaries of first accounts of Fraud Office (SFO) and a company anonymized as interviews, facilitated interviews with XYZ Limited (XYZ) was approved by the High Court. A current employees and provided timely redacted approved judgment was made available and and complete responses to requests for information and material, save for the company has not been named, in all likelihood, those subject to proper claims of legal because the individuals involved are being prosecuted professional privilege. Further self- reports came out of the subsequent and their later trial should not be prejudiced. In XYZ investigation phase. It is worth conjunction with the first DPA for Standard Bank in emphasizing that the cooperation by 2015, this case gives essential guidance on the new XYZ was described as ‘exemplary’. No criticism was made of the company DPA regime. (nor indeed Standard Bank) in providing only oral summaries of first accounts rather than the first accounts The importance and form case therefore suggests that there is an themselves. Both companies were able of voluntary cooperation acknowledgement on the part of the to carry out their own initial internal SFO that a firm will need to have some investigation to understand the extent The key themes of engagement and co- handle on the matter before making and facts of the wrongdoing without operation chime with the judgment in itself and the issue known to the losing credit. Standard Bank. SFO. No adverse comment was made about the first anonymous ‘self-report’ Taking immediate action following the and may have some value. Equally a Parental responsibility discovery of improper conduct again period of investigation of ten weeks had considerable weight in gaining from discovery may be considered The financial penalties against XYZ judicial approval for the DPA. With an appropriate period before self- include XYZ a law firm was retained within a reporting. The key is the effective use of week after concerns came to light and whatever time is taken. • Disgorgement of gross profits of £6.2 the SFO was orally informed less than million. a month later that a self-report may be After the notifications to the SFO made by an ‘unidentified party’. The were made, both XYZ and Standard • A fine of £352,000. SFO was not made aware of the identity Bank agreed to conduct internal of the company for another five weeks investigations with the direction of £1.9 million of the disgorgement will or so. Similarly, with Standard Bank, the SFO in order to report back to be contributed by the company’s US a law firm was instructed within a the SFO within a period of around parent in repayment of dividends week and the concerns were reported three months. The openness of the innocently received. The judgment to the SFO within 30 days. The XYZ information provided thereafter was makes it plain that there is no

22 Norton Rose Fulbright – March 2017 UK’s second Deferred Prosecution Agreement

obligation on an innocent parent The court further reduced XYZ’s fine to shown to represent the company’s company to support a subsidiary in £352,000 because this was calculated controlling mind. It was taken as a the financial obligations involved in to be the maximum amount that the significant factor in the court’s approval satisfying a DPA and it therefore seems company would be able to pay without of the DPA that since identifying the that XYZ’s US parent has chosen to risking insolvency. For the same reason, misconduct the senior employees support XYZ for reputational reasons. costs were not awarded to the SFO involved in the conduct were The precedent may create additional whereas Standard Bank had to pay dismissed, seven suspect agents were reputational pressure for parent around £300,000 towards the SFO’s costs. terminated and bids for two suspect companies finding themselves faced potential contracts were withdrawn. with a similar situation in the future. In In reaching the reduced fine the court The court concluded that XYZ was a the words of the judgment, “a parent found it “relevant (as a measure of culturally different company to that company receiving financial benefits the commitment to improve and which committed the offences. arising from the unlawful conduct the extent of co-operation) that XYZ of a subsidiary (albeit unknown) (with the financial assistance of ABC The SFO’s press release and final must understand how this will be by way of further loan) has spent redacted judgment is available at perceived.” There may also have been some £3.8 million in fees arising https://www.sfo.gov.uk/2016/07/08/ good commercial reasons for the from the responsible steps it has sfo-secures-second-dpa/. parent disgorging profit. Had the SFO taken through its own investigation, not accepted lower fines for a DPA self-reporting, co-operating with the and prosecuted instead, the company SFO and completing what might be For more information contact: would have been debarred from described as a thorough ‘self-cleansing’ continuing to operate in the markets. process”. For companies (and their parents) in this situation this is notable as it acknowledges the importance Mitigation and financial of committing to a proper response hardship upon discovery of an issue. The SFO’s DPA Code of Practice for Prosecutors In the Standard Bank DPA, the gross explicitly recognizes as public interest Neil O’May profit was US$ 8.4 million multiplied factors against prosecution: (1) a Partner, London by 300 per cent (the upper end of genuinely proactive approach adopted Tel +44 20 7444 3499 medium culpability) but reduced by by the management team when the neil.o’[email protected] a third due to the self-reporting and offending is brought to their notice, full cooperation with the SFO. In including taking remedial actions; XYZ’s case the court applied an uplift and (2) the existence of a proactive of 250 per cent to the gross profit of corporate compliance program at the £6.5 million, arriving at £16.4 million, time of reporting. but reduced it by 50 per cent because it considered that XYZ’s admissions were made “far in advance of the First DPA for offences Andrew Wallis first reasonable opportunity” to do of substantive bribery Associate, London so. The court also justified such a Tel +44 20 7444 3443 [email protected] discount “not least to encourage others Both XYZ and Standard Bank were how to conduct themselves when considered to have failed to have confronting criminality as XYZ has”. adequate procedures to prevent bribery One interpretation would be that the under section 7 of the Bribery Act court was giving an additional discount 2010. The potential draft indictment (over the usual 30 per cent for an early against XYZ however also related admission) for a DPA. There has been to offences of conspiracy to corrupt pressure to include a higher discount and bribe (under the old and new for DPAs than for an early plea of legislation). This was because the guilty in a prosecution and this may be bribes were known to and authorized behind the decision in this case. by senior executives who could be

Norton Rose Fulbright – March 2017 23 Business ethics and anti-corruption world

Managing third party corruption risk The legal issues raised by the engagement, monitoring and termination of third parties

“When a company discovers potential Should payments be suspended • Examine any contractual rights to corruption issues with one of its while the company investigates information or to investigate. active third parties, it faces a difficult the allegation? balancing act between litigation, • The seriousness of the allegation • Suggest disclosing to the client that commercial and regulatory risks” and associated regulatory risks you have paid a third party and needs to be balanced against the obtain their approval. Third party service providers are commercial risks of suspending businesses’ single biggest corruption payments. Should outstanding payments risk. The vast majority of prosecutions be made unless and until hard and regulatory settlements arise out Does the company need to evidence of corruption is found? of payments to agents, distributors, self-report to financial/criminal • Hard evidence of corruption will brokers, consultants, or other third authorities or seek consent to rarely be unearthed during an parties. deal with potentially tainted internal investigation given the funds? limitations on evidencing-gathering. Below, we highlight the key legal • The company needs to consider The criminal and regulatory risks issues that commonly arise when an early on whether it may need to self- need to be carefully considered in allegation of corruption is received report under applicable anti-bribery light of the weight of the evidence in relation to an active third party financial regulations or money and may override the civil risks of and outline steps that can be taken laundering legislation – or whether being sued. when engaging third parties to enable it will want to seek consent to deal in companies to better deal with these potentially tainted funds to provide How can a company determine legal issues as they develop. itself with a defence to money whether the third party has laundering offences. If so, this is provided genuine services for What immediate steps should likely to impact on the company’s which it should be paid? be taken by the company in the broader reporting strategy. • Consider identifying an independent event of discovering an allegation senior employee or advisor who in relation to a third party that it What should the company do can assess the value of the services has engaged? if it does not discover specific provided and asking for evidence of • Steps should be taken to determine evidence of corruption but has those services. the scope and nature of the issue, residual concerns about the third identify upcoming payments party? • For ‘introduction services’ consider (outgoing and incoming) or other • Consider re-running enhanced whether an introduction was truly actions, ascertain its contractual due diligence processes, including necessary. rights, consider reporting obligations interviewing the third party face- (internal and external) and preserve to-face to determine whether to data as necessary. continue with the relationship and the risks of making future payments.

24 Norton Rose Fulbright – March 2017 Managing third party corruption risk

How should the company deal For more information contact: with any civil claim from the third party in relation to its fees in circumstances where there is strong evidence of corruption? • Onsider a strategy of resisting payment until you have comfort that it is legitimate. James Thomas Sam Eastwood Senior associate, London Head of business ethics Tel +44 20 7444 2470 Does it assist to structure the [email protected] payment as a settlement of a civil and anti-corruption dispute as to the third party’s Partner, London Tel +44 20 7444 2694 fees? [email protected] • Structuring any payment as a settlement does not in itself mitigate the risk of making payment: what is important is the reality of the services for which payment is to be Andrew Reeves provided. Associate, London Tel +44 20 7444 3138 Positive steps that can be taken Ruth Cowley [email protected] Contractual provisions are important Partner, London in terms of providing tools to deal with Tel +44 20 7444 3396 the legal issues arising out third party [email protected] engagement. Ideally, a company should aim to give itself rights to

• Audit and investigate issues and

suspend payments while doing so.

• Terminate and withhold outstanding payments on the basis of non- Jason Hungerford cooperation or breach of the Partner, London company’s ABC policy. Tel +44 20 7444 2474 [email protected]

Norton Rose Fulbright – March 2017 25 Business ethics and anti-corruption world

Does it work: testing and assurance of compliance programs

“The DOJ and SEC have no formulaic requirements and cooperation, the key factor “that regarding compliance programs. Rather, they [ask] three mitigate[s] the ultimate punishment of an organization [is] the existence basic questions: Is the company’s compliance program of an effective compliance and ethics well designed? Is it being applied in good faith? Does it program … including monitoring and work?” (DOJ/SEC Resource Guide to the FCPA) auditing to detect criminal conduct [and evaluating] … periodically the effectiveness of the organization’s Multinational companies have invested and business partners and to the compliance and ethics program”. heavily in ethics and compliance public) if improper behavior occurs, programs in recent years, in response notwithstanding the company’s best Done right, systematic and periodic to accelerating regulatory enforcement efforts. testing, monitoring and reinforcement and high-profile investigations: processes not only mitigate risk, but Petrobras, FIFA, VW and so on. A failure to test the effectiveness of a also have major benefits in driving While US and UK regulators have compliance program guarantees that the effectiveness and efficiency of given clear guidance – supported by neither goal will be fully realized. a compliance program. Testing and consistent guidance from the United Failing to test or monitor the program monitoring helps to identify areas for Nations, World Bank, Transparency means that weaknesses in its design improvement before more costly issues International and others – most or implementation are unlikely to be arise and helps to root out inefficiencies corporates have largely neglected identified and remediated until it is or inconsistencies. Testing can also the requirement that, to be effective, too late. A failure to test or monitor the drive effective implementation and compliance programs must periodically program also devalues it in the eyes provide a significant deterrent: if, be tested. Companies new to modern of regulators, particularly where an for example, employees know that ethics and compliance programs issue arises in an area of weakness that a sample of expenses or gifts and rightly focus on developing policies, could have been previously identified entertainment records will be reviewed, procedures and training, but in short and remediated. This can have serious it is likely to encourage them to order those measures should be implications: prosecutors will be more abide by company policy and follow assessed and tested. likely to pursue a case, and less likely proscribed procedures and controls. to give the company credit for their Testing and monitoring also provides compliance program. Under the UK valuable management information Why test? Bribery Act, that means potentially not that senior personnel can assess in qualifying for the section 7 ‘adequate discharging their responsibilities Ethics and compliance programs have procedures’ defence: ‘monitoring to ensure that compliance risks are two primary purposes: and review’, encompassing both properly managed. internal and external verification, is • First, to actually reduce the risk that one of six principles set out by the Done wrong, ‘certification’ can be improper behavior may occur. Ministry of Justice in its ‘outcome dangerous. Many companies have focussed’ assessment of a corporate’s sought ‘certification’ from external • Second, to provide a serious and compliance program. Similarly, US consultants that they have in place a credible response (to regulators, Federal Sentencing Guidelines make compliance program. Such certification to shareholders, to customers clear that, along with self-reporting is of limited value because what needs

26 Norton Rose Fulbright – March 2017 Does it work: testing and assurance of compliance programmes

to be tested – and what regulators are The scope, methodology and results of is a fundamental requirement for interested in – is whether the program the review should be carefully recorded. an effective ethics and compliance is effective, not whether it exists. The exact nature of the monitoring will program that meets regulatory vary depending on the company’s expectations. It is also not merely “A good compliance program should structure and the risks relevant to it, a matter of determining whether constantly evolve … compliance but reviews can include some or all of processes are being followed: it is programs that do not just exist on the elements set out below. ensuring that policies and standards paper but are followed in practice will are understood and being met on inevitably uncover compliance First, the framework, content and a daily basis, and that employees weaknesses and require enhancements. ownership of policies and associated are well-equipped to make the right Consequently, DOJ and SEC evaluate training should be reviewed on a periodic decisions. Put another way, testing whether companies regularly review basis. This review provides a systematic ensures that the company’s ethics and and improve their compliance programs check that policies and training are compliance program really works, and and not allow them to become stale … up-to-date with legal requirements, that it continues to work as its business An organization should take the time to properly owned by an appropriate changes and grows. review and test its controls, and it individual or team, and ensures should think critically about its consistency as between various policies. potential weaknesses and risk areas.” For more information contact: DOJ/SEC Resource Guide to the FCPA Second, a sample set of recent transactions should be tested. This is likely to involve a combined review of How? accounts, supporting documentation and interviews. This is not primarily “Commercial organizations will … a matter of auditing compliance wish to consider how to monitor and with internal procedures, but rather evaluate the effectiveness of their a substantive review to identify Jason Hungerford procedures and adapt them where strengths and weaknesses of existing Partner, London necessary … Organizations could… processes and controls, deficiencies Tel +44 20 7444 2474 consider formal periodic reviews and in comprehension and to detect [email protected] reports for top-level management… broader issues for remediation. Such

[and] seeking some form of external an assessment adds rigour to and verification or assurance of the supplements the company’s ongoing effectiveness of procedures” Ministry risk assessment process. This is of Justice UK Bribery Act Adequate particularly suitable for higher-risk Procedures Guidance third parties, markets and transactions and/or as a periodic in-depth review on Monitoring and testing should follow a a rolling market-by-market basis. Andrew Reeves systematic and risk-based methodology. Associate, London Tel +44 20 7444 3138 It should be conducted periodically Third, comprehension of legal [email protected] by individuals independent from the requirements, risk factors and ethical matters reviewed. A hybrid team of responses should be tested. For the company personnel (from audit, legal general employee population, this and/or compliance, and possibly with usually means evaluating the uptake representatives from the business) from your existing training program and outside advisors ensures that the and making improvements where company’s internal team benefits by appropriate. For senior managers, more learning the review process, whilst sophisticated exercises can be used receiving the outside perspective of to assess whether proper ‘tone from experts who have experience across the top’ is being set, which can inform a range of companies and sectors. broader strategy discussions. Such an approach also leverages the company’s existing resources, helping Testing and assurance is not an to control external costs. optional bolt-on, a ‘nice to have’: it

Norton Rose Fulbright – March 2017 27 Business ethics and anti-corruption world

Compliance due diligence from a company perspective – An interview with Roland Kemper, DEKRA SE

Roland Kemper, 40, is a senior counsel in DEKRA What does a standard SE’s Legal & Compliance department. DEKRA is an compliance due diligence at DEKRA look like? international provider of testing, inspection, and certification services. Roland focuses on the legal side As a matter of principle, in-house of M&A projects and on corporate governance matters. legal counsel at DEKRA must involve themselves heavily in the legal due In addition, he is a non-executive member of DEKRA’s diligence process on the basis of the management holdings in the UK, the US, and Denmark. experience they gain in advising the operative business. Further, each Roland is a law graduate (University of Bonn, The DEKRA in-house legal counsel is called George Washington University Law School, King’s upon to integrate the compliance College London) and a management graduate (FU perspective into every step of the advisory process, be it in an operations Hagen, LSE). He is admitted to the New York State Bar or transactional context. If they lack and to the German Bar. the required knowledge or experience to deal with a certain compliance issue, or if a conflict of interest arises, we Compliance has received ever Spain and with subsidiaries in Taiwan, expect them to take the initiative and more attention in the last few Chile, and in the US, and QuieTek involve the Group’s Compliance Office years. This is particularly so Corporation in Taiwan, and the Scottish and, if needed, outside counsel. when it comes to acquiring a company Optimus Seventh Generation, company in relation to which a provider of safety consultancy As to the depth of, and the aspects a compliance due diligence services to oil platforms. Again in covered by, the standard compliance has evolved significantly. Taiwan, DEKRA formed a joint venture due diligence process, it is necessary How is this handled at DEKRA? company in 2015 for ‘electromagnetic to remember that DEKRA’s core compatibility testing’ together with the expertise consists in delivering TIC DEKRA carries out a compliance due iST Group. Transactions hence often services. TIC services mean that diligence in every acquisition process, involve jurisdictional and cultural DEKRA assesses whether products, with varying intensity of course. In the contexts that may not be well-known appliances, and processes comply with last ten years, acquisitions have played to the in-house legal counsel. And for certain standards. These standards a major role in accelerating DEKRA’s this reason, it is even more important regularly relate to features that express growth in the testing, inspection, to engage in due diligence that covers the technical safety or the quality of and certification business (TIC). compliance aspects as well. the product, appliance or process at Generally, these acquisitions have issue. In fact, DEKRA’s historical core targeted companies outside of DEKRA’s business is ensuring the road safety German home market. In recent years, of trucks and cars. More generally, DEKRA acquired, for instance, the AT4 these standards may be regulatory Wireless, a group headquartered in standards imposed by governmental

28 Norton Rose Fulbright – March 2017 Compliance due diligence from a company perspective

agencies or they may be standards that Practices Act and the UK Bribery Act. trade associations and, in particular, are related to certain industries. Often, On the other hand, the structure, home the International Federation of the authority assessing compliance jurisdiction and place of business of Inspection Agencies (IFIA). The IFIA with such standards depends on the our target companies’ shareholders, as has a set of compliance principles respective DEKRA company being well as the target companies’ financing that binds its members which are specifically accredited. For instance, and payment arrangements, are usually broader than what is required by law. DEKRA’s Product Certification service very straightforward. Hence, we would In addition to reviewing whether a unit is specifically accredited under the not initially focus on anti-money target company has complied with European Electromagnetic Compatibility laundering as much as you would do certain standards in the past, however, Directive 2014/30EU (EMC) to assess in settings that are more susceptible we use the compliance due diligence whether devices that contain an or in the financial services industry. process to really understand whether electrical energy source interfere with DEKRA’s target companies are mostly the target company’s organizational the operation of other products or are in the small to mid-size range and culture supports a mindset that tries affected by themselves by the operation privately held. As a result of this, tax to minimize issues like employment of other products. Another example compliance is an important topic, safety incidents. We invest a lot of effort is the periodic safety testing of trucks and DEKRA’s in-house legal counsel in understanding the target company’s and cars in France, Germany and will closely cooperate with the tax attitude to safety. Sweden. In these countries, the state department and external tax specialists has delegated DEKRA the authority to to minimize DEKRA’s exposure to legal assess whether trucks and cars comply and reputational risks stemming from What time period do you with certain road safety standards. tax law violations. generally cover in your It is paramount for DEKRA to ensure compliance due diligence? compliance with all aspects of the law. Governmental and non-governmental Does DEKRA’s compliance While the statute of limitations accreditation bodies are key due diligence also comprise provided in applicable laws tends stakeholders for DEKRA. Consequently, a review of compliance with to frame our scope of attention, we our compliance due diligence always industry specific standards try to fully exhaust the information covers all areas that may be deemed as which go beyond the legal available publicly, in the data room and compliance relevant. requirements? delivered in management meetings. This is not only a question of diligence Yes, it does, and that is a consequence or thoroughness. DEKRA’s business is In your practice, which are of how DEKRA positions itself in the not heavy in physical assets. Quite to the areas that are generally market. Being a ‘neutral third-party’ the contrary, the success of DEKRA’s compliance relevant and provider of TIC services lies at the business largely hinges on DEKRA’s hence a main part in your heart of DEKRA’s identity. Integrity reputation as an independent and compliance due diligence? is one of DEKRA’s five core ‘people neutral third-party provider of TIC values’. In addition, DEKRA’s ‘Vision services. This reputation materializes Depending on the nature, size, and 2025’ is to ‘be the global partner for in the daily behavior of DEKRA’s location of the business conducted a safe world’. Part of this positioning employees and in how the market by the target company, we investigate is that most of DEKRA’s TIC services participants perceive DEKRA’s brand. certain areas more intensely. For actually contribute to reducing the risk Consequently, it is very important for instance, if the target conducts its of accidents at work, in traffic and at DEKRA to ascertain that the target business in regions with a low ranking home as well as to change conditions company’s organizational culture and on Transparency International’s that lead to health impairments. the behavior of its leadership is such Corruption Perception Index and works In line with this positioning, our that the target aligns with DEKRA’s with freelance sales agents in order compliance due diligence always reputational demands. Because of to enlarge its customer base, we will assesses whether the target company this need for alignment, we look at heavily emphasise anti-bribery aspects. has had employment, safety or any available piece of information, Here, we take into account specific environmental issues. You asked about irrespective of its age, that may cast a compliance requirements set out in industry specific standards: DEKRA doubt on this potential alignment. laws such as the US Foreign Corrupt indeed is a member of TIC specific

Norton Rose Fulbright – March 2017 29 Business ethics and anti-corruption world

How and with what kind and controls system. In addition, whether there is a hotline or external of focus do you review the all owners of potential compliance ombudsman. As already said, we target’s existing compliance risks, in particular the leaders of the find it very important to understand management system? operational units, must be involved in whether the target company has an such an integrated risk and compliance organizational culture that fosters In order to understand whether a management system. In order to test compliance with the law, integrity and target company has implemented and such involvement, and depending on respect for the rule of law and, thus, oversees an adequate compliance the size of the target company, we look buttresses the rather formal compliance management system, we try to at whether the company has appointed measures mentioned previously. understand how the target company’s compliance officers across service leadership defines what the risks to units and functional units who report the company are and how the target compliance matters to a top compliance What is DEKRA’s general company’s leadership describes the officer. We also try to understand approach in a compliance management systems put in place whether such formal organization is due diligence? Do you to tackle such risks. That said, it is brought to life by specific measures- proceed in a step-by-step DEKRA’s stance that a well-designed e.g. regular interviews between the approach and if yes, what are compliance management system must compliance officers, regular training, the respective steps? be the result of an integrated concept of regular town hall meetings, annual risk management and internal controls. ‘compliance leadership dialogues’, In terms of our practical approach At the end of the day, compliance risks ad-hoc compliance audits, and an to compliance due diligence, we have the potential to become business appropriate level of documentation. certainly recognise that we have to risks. Thus, the scope of attention to Certainly, we try to understand follow the customary systematic the compliance management system whether the top compliance officer approach whereby the level of naturally overlaps with and is part and has been formally designated to intensity of compliance due diligence parcel of a company’s risk management receive whistleblower messages or increases as the transaction proceeds

30 Norton Rose Fulbright – March 2017 Compliance due diligence from a company perspective

to completion. Within the initial stage DEKRA’s audit department regularly How do you make use of the of the transaction process, which may runs audits on all subsidiaries and, findings of the compliance start even before the conclusion of a hence, the newly acquired business. due diligence when integrating non-disclosure agreement, we try to the target company into the categorise certain compliance risks, DEKRA group? e.g. corruption, based on indicators How are the findings of your that may have become apparent or are compliance due diligence Any results of compliance due diligence public anyway. E.g. do the company’s generally taken into account that indicate a relevant level of risk shareholders have links to public in the negotiations and the will be used to inform risk mitigation officials? Is the target company located transaction documentation? measures. The clear message to any or doing business in a jurisdiction with target company’s leadership is that significant institutional voids? What is DEKRA’s business model largely hinges, DEKRA will make no concessions when the target company’s record in online as already outlined, on the integrity of it comes to its five core people values. and other publicly available media? DEKRA’s employees, the perception of As indicated earlier, integrity is one of That said, we make a preliminary DEKRA’s brand by market participants these principles. Even if compliance assessment of compliance risks and and on DEKRA’s reputation as a neutral, due diligence does not uncover distinct try to identify potential red flags even independent third party provider of compliance risks, it will help DEKRA before we initiate more formal due TIC services. DEKRA’s approach to to assess the costs, time, and effort diligence investigations. The heavy compliance risks is that it avoids related to the integration of the target lifting of compliance due diligence then acquiring target companies with a company into the Group’s compliance takes place before we sign a definitive compliance history that have the management and into the Group’s agreement, which implies the use of potential to infect DEKRA’s reputation. compliance culture. outside counsel and other external Having said this, inserting compliance specialists. Such heavy lifting regularly related representations, warranties, involves active communication to and specific indemnities into the For more information contact: the target company’s leadership. definitive agreement is only a minimum Here, in-house legal counsel jointly requirement. Generally, DEKRA will with outside counsel and relevant acquire a company only if DEKRA’s operational leadership at DEKRA compliance experts have strong reason interview the target company’s to believe that compliance risks will not leadership as well as certain members materialise at all or beyond of what is of middle management in face-to- already known. Sometimes a carve-out face interviews that take place as part can help, especially if the target Nicolas Daamen of the ‘management meetings’. In company has various service lines that Of counsel, Munich exceptional circumstances, DEKRA conflict with the TIC idea. If, in Tel +49 89 212148 346 might insist at this stage that the exceptional cases, the ‘heavy lifting’ of [email protected] target company’s leadership discloses the compliance due diligence mentioned certain internal communications above could not sufficiently ascertain a that surround incidents that DEKRA potential compliance risk or the extent of perceives as potential compliance risks. a risk partly materialized, we may either Depending on the weight and type of abstain from the transaction or insist on the compliance risks identified, DEKRA having the right to rescind the may also decide prior to completion transaction or reduce the purchase price that it will engage in certain post- ex-post. Reducing the purchase price Michael Gaul completion compliance investigations may already be part of the purchase Associate, Munich Tel +49 89 212148 308 spearheaded by the Legal & price mechanism in ‘staggered [email protected] Compliance department. Irrespective acquisitions’ where DEKRA has partly of whether we have been able to bought out the management/owners. identify certain compliance risks Here, the right to purchase further shares prior to completion and in line with later on will include a pricing model that DEKRA’s insistence on integrated risk reflects an impact of compliance risks and compliance management systems, should these materialise.

Norton Rose Fulbright – March 2017 31 Business ethics and anti-corruption world

Compliance due diligence in Germany

The assessment of compliance risks target group as well as breaches of the corruption risks. The trend is triggered in connection with legal due diligence following regulations by the increasingly strict prosecution upon the acquisition of a company is and sanctions practice implemented increasingly becoming market standard • Competition and antitrust law by German authorities, which not only in Germany. Proceeding without a targets large company groups but also compliance check is hardly conceivable • Procurement law extends to medium-sized companies, – not only in larger corporate transactions as is clear from recent enforcement but also in small and mid-size transactions. • Data protection law patterns. One of the reasons for this trend is that, in accordance with the business • Customs and foreign trade judgment rule which is also applicable regulations. Process of compliance to companies in Germany, the purchaser’s due diligence management is obliged to evaluate all Nevertheless, there is a tendency available information and to exploit in Germany not to devote the same In Germany, there are two concepts for sources of information in all important amount of attention to all potential the organization of compliance due managerial decisions within reasonable breaches when checking such breaches diligence: there is a three step approach limits. Due to the complex nature of against the aforementioned legal in which the compliance due diligence corporate transactions as well as the provisions in the course of compliance is carried out in three phases: pre- economic significance of compliance due diligence procedures. In many signing, post-signing and post-closing. risks for the target group and the cases, risk assessment is limited to Alternatively, there is a two-step purchaser, it is in almost all cases corruption and breaches of antitrust approach in which the assessment is necessary to address compliance issues law, as sanctions for misconduct limited to the pre-signing and post- in the course of due diligence assessments. in these areas are often the most closing phases. severe. Furthermore, companies are This article seeks to provide an overview mindful that they can be excluded The two step approach seems to have of the standards which have evolved from public procurement and tenders gained a foothold on the market. over time as well as new trends and due to corruption offences and thus developments in connection with will additionally suffer considerable The three step approach is only applied compliance due diligence processes reputational damage. in exceptional cases and is usually in Germany. limited to those in which possible compliance risks have been identified In-depth assessment during the pre-signing due diligence Compliance risks connected of corruption risks which need to be clarified further before to company acquisitions closing. At the same time, the identified Whilst the scope of assessment is compliance risks must not be so severe When acquiring a company, the often focused on corruption and as to be a deal breaker to the signing. purchaser faces a number of different breaches of antitrust law, the extent Thus, the scope of application for a three compliance risks. These include, in of assessment of these areas have step approach is conceivably narrow. particular, corruption and bribery increased significantly. This is by management or employees of the particularly relevant for dealing with

32 Norton Rose Fulbright – March 2017 Compliance due diligence in Germany

Pre-signing compliance diligence is required if it transpires Further, a guarantee has a narrower due diligence during the pre-signing due diligence scope than an indemnification. In the that the target group does not have a currently prevailing seller-friendly With regard to the pre-signing phase, functioning compliance management market environment in Germany, the the compliance due diligence process system or that there are specific seller will not be prepared to assure is usually limited to a desktop review indications of compliance breaches. In that the target group is not in breach of and risk analysis. In this context, the practice, the trend focuses on the areas any and all material regulations and target group’s existing compliance of corruption and antitrust law. laws. The market trend rather suggests management system as well as that the seller will only guarantee the respective report and control In case of continuation of possible compliance with the German anti- lines are checked with regard to corruptive practices after closing, corruption laws (and, if applicable, with key measures, e.g. code of conduct, German law provides not only for a the FCPA and UK Bribery Act) in the policies, organization chart of continued liability on the part of the framework of a compliance guarantee. compliance structure, identification target group and its management but and competence of compliance officers, also for administrative offence law etc. This enables the purchaser to make liability on the part of the purchaser. Problems and tendencies a preliminary assessment of whether in contract implementation compliance is an unknown concept for the target group or if management Principles of compliance risk One of the outstanding issues with and employees have at least a general implementation in sale and regard to contract implementation awareness of compliance. purchase agreement is the legal consequence of an infringement of a compliance Furthermore, there is an increasing Compliance risks are usually guarantee. Compensation for lost trend in which the purchaser tries incorporated into the sale and profits (e.g. exclusion from public to use compliance expert sessions purchase agreement in two ways: an tenders) as well as for internal with the seller’s (or target group’s) indemnification clause between seller administrative costs and external compliance officers to help the and purchaser is agreed with regard to advisers’ fees (e.g. legal advice purchaser develop an increased known risks, or, for unknown risks, the and court costs regarding internal sensitivity for identifying possible seller gives a guarantee. investigations) are often excluded compliance risks in the target group. in the sale and purchase agreement. Thus, with regard to the liability regime Furthermore, any reputational damage in a sale and purchase agreement, the incurred is hard to measure in numbers Post-closing compliance purchaser benefits from pre-signing which means that, due to strict due diligence compliance due diligence. Where specific legal consequences, the compliance risks have been clearly identified by guarantee is only of limited value when During the post-closing phase, the way of a pre-signing assessment, the it comes to effectively protecting the purchaser is mainly confronted with seller will agree to issue an indemnity purchaser. However, it remains to be two challenges for such risks. Otherwise, the seller will seen whether there will be changes only provide the purchaser with a to this trend in the current market First, the target group has to be integrated compliance guarantee. From the standard in Germany. into the purchaser’s compliance purchaser’s perspective, the clear benefit management system by adapting the of an indemnity over a guarantee is that There is an increasing trend among report and control lines and by an indemnity is usually not subject to W&I insurers – depending on the transferring the purchaser’s compliance the same restrictive limitations as a thoroughness of the due diligence and standards to the target group. guarantee (e.g. de minimis, threshold, the scope of the compliance guarantee cap, limitation period). As a rule, an – to insure compliance guarantees, Secondly, possible compliance risk indemnity is granted on the basis of a especially in connection with issues, which are substantially 1-to-1 Euro compensation for occurred corruption and bribery. Concluding based on the results of pre-signing damages, hence no de minimis or a W&I insurance often constitutes compliance due diligence, have to be threshold, and normally with a a sensible possibility for reaching clarified further. In this case, a more deviating cap and a longer limitation an agreement, although the seller extensive post-closing compliance due period than the guarantee claims. is not prepared or only prepared to

Norton Rose Fulbright – March 2017 33 Business ethics and anti-corruption world

cover compliance risks up to a certain • The pre-signing compliance For more information contact: amount- an option with which the due diligence is limited to a purchaser may not accept. desktop review, risk analysis and (increasingly becoming more common) compliance expert Conclusion sessions.

Compliance due diligence procedures • The post-closing compliance due have become market standard in diligence has the aim of an in-depth Nicolas Daamen Germany for every large transaction. In analysis of possible compliance risks Of counsel, Munich the case of medium-sized and smaller identified in the course of the pre- Tel +49 89 212148 346 [email protected] transactions, compliance due diligence signing due diligence. is becoming more common, depending on the target group’s industry. The criteria • Taking on guarantees and regarding the scope of assessment, the indemnities for compliance/ procedure and the depth of assessment corruption risks in SPAs. are becoming increasingly standardised. Such criteria are • Hedging compliance/corruption risks by W&I insurance. Michael Gaul • Content-based focus on corruption Associate, Munich and anti-trust risks. Tel +49 89 212148 308 [email protected] • Implementation of compliance due diligence in two phases: pre-signing and post-closing.

34 Norton Rose Fulbright – March 2017 Bribery and public policy in the English courts

Bribery and public policy in the English courts

In National Iranian Oil Company v National Iranian Oil Company contended that public policy and Crescent Petroleum [2016] EWHC 510 v Crescent Petroleum legislative approach had hardened had (Comm), the High Court held that the in recent years hardened against bribery court would not, as a matter of English The proceedings in National Iranian Oil and corruption such that a court would public policy, refuse to enforce a contract Company v Crescent Petroleum arose not now take the same view as suggested procured by bribery. The decision out of a long term gas supply contract. at first instance inWestacre Investments provides a reminder that notwithstanding It was alleged by Crescent that NIOC v Jugoimport-SPDR [1999] QB 740, namely the English courts’ apparent willingness had failed to deliver any gas in breach that the public policy of sustaining to provide a remedy to victims of bribery of the terms of the agreement. Crescent international arbitration awards and corruption, the courts will still began arbitration proceedings and outweighed the public policy in operate in accordance with established obtained an award. In the course of discouraging international commercial legal principles. the arbitration it was argued by NIOC corruption. that the claim should not succeed because the underlying contract had However, even if recent case law has The legal landscape been procured by corruption. However, marked a policy shift to act even more after hearing the evidence, the tribunal robustly against bribery and corruption, As Lord Neuberger stated in FHR v ultimately rejected the corruption a mere suggestion that a contract has Cedar [2014] UKSC 45, “… concern argument. been ‘tainted’ without further evidence, about bribery and corruption generally cannot be enough. As Burton J concluded, has never been greater than it is now ... Subsequently, NIOC applied to set aside to introduce a concept of tainting of an Accordingly, one would expect the law the arbitration award under section 68 otherwise legal contract would create to be particularly stringent in relation of the Arbitration Act on the grounds of uncertainty, and would in any event to a claim against an agent who has serious irregularity (specifically section wholly undermine party autonomy. received a bribe or secret commission.” 68(2)(g): “the award or the way in There may be many contracts which The case is one of several recent which it was procured being contrary have been preceded by undesirable decisions in which the victim of bribery to public policy”), again relying on the conduct on one side or other or both, or corruption has sought a remedy in previous allegations of corruption. such as lies, fraud or threats. However, English civil proceedings. the Court will not interfere with such a contract unless: (i) the contract itself In the FHR case, the Supreme Court The court’s decision was illegal and unenforceable; or confirmed that where an agent has (ii) one or more of the acts induced the received a bribe or secret commission The application ultimately failed on the contract, in which case it might be in breach of its fiduciary duty, not only basis that, as the tribunal had previously voidable at the instance of an innocent must the agent account to the principal found, the underlying contract had not party. The Judge went so far as to say that for the secret commission, but the been procured by corruption. this would be the case even if one or principal has a proprietary claim to it – more of those parties had committed thereby strengthening of the principal’s The court also rejected NIOC’s alternative criminal acts for which they could be rights as against an agent in such submission that the agreement was prosecuted. circumstances. nevertheless ‘tainted’ by corruption. In support of this argument, NIOC had

Norton Rose Fulbright – March 2017 35 Business ethics and anti-corruption world

Of perhaps greater significance, the contract at the instance of one of the Commentary court held that even if a different parties. It is not that the contract is conclusion had been reached on the unenforceable by reason of public As a matter of law, the decision must facts, there is no English public policy policy, but that the public policy be correct insofar as it accords with the that requires a court to refuse to enforce impact would not relate to the established principle that contracts a contract procured by bribery. This contract but to the conduct of one procured by bribery are voidable fits with the principle that contracts party or the other.” rather than void. Nevertheless, insofar procured by bribery are voidable as recent cases had shown a trend to rather than void and so a court might • In particular, there is “no English provide a remedy to victims of bribery decide to enforce such a contract at the public policy to refuse to enforce a where possible, this decision provides instance of one of the parties. contract which has been preceded, a sobering reminder that the courts will and is unaffected, by a failed and must operate in accordance with In reaching the above decision, Burton attempt to bribe, on the basis that established legal principles. J set out various conclusions such contract, or one or more of the parties to it, have allegedly been • “English public policy applies so as tainted by the precedent conduct.” For more information contact: to lead a court to refuse to enforce an illegal contract, even if not illegal • In any event in the present case, at relevant foreign law, such as a the tribunal had concluded that contract to pay a bribe.” However, the contract in question had not in the present case, the contract in been procured by bribery after full question was not an illegal contract. consideration and evidence. The court should not interfere with • With regard to bribery, there “is the tribunal’s decision save where Andrew Sheftel no English public policy requiring there is fresh evidence or in very Senior knowledge lawyer a court to refuse to enforce a exceptional circumstances – neither Tel +44 20 7444 5682 contract procured by bribery. A of which existed in the present case. [email protected] court might decide to enforce the

36 Norton Rose Fulbright – March 2017 Exploring human rights due diligence

Exploring human rights due diligence Executive summary of a human rights due diligence project run by Norton Rose Fulbright and British Institute for International and Comparative Law

Business and human rights represents joint study (the Study) comprising The forum discussed the findings an evolving area of risk for businesses academic research, an anonymous of a report released by Norton Rose which is assuming an increasingly legal survey and interviews with business Fulbright and the British Institute of dimension. As in many other areas, the representatives, with the aim of International and Comparative Law prudent response is due diligence. clarifying issues of law, principle and on human rights due diligence. The Indeed, many businesses already conduct practice in the area of human rights speakers and audience were made due diligence in a variety of contexts, due diligence. up of legal professionals, academics including mergers & acquisitions and and representatives of businesses and project finance. However, the nature of Our study international organizations. human rights due diligence is different from the due diligence that companies • Clarifies the meaning and scope are used to conducting. of human rights due diligence. Key takeaways

The UN Guiding Principles on Business • Examines its legal basis, developments The following are the key takeaways and Human Rights (the Guiding and underlying requirements. from the forum. Principles) set out the components of human rights due diligence. Recognizing • Analyses the actual practice • Why conduct human rights due the unique characteristics of human currently undertaken by companies diligence: The top incentives for rights due diligence is fundamental through the lens of the core elements conducting human rights due to the effective identification and of the Guiding Principles. diligence include brand, reputation, management of human rights impacts corporate legal risk avoidance which may be associated with a The primary purpose of the Study is to and compliance with reporting business’ operations, supply chains provide practical recommendations for requirements and applicable laws. or value chains. businesses in relation to their approach to human rights due diligence. The key • Focus due diligence on human rights Although much has been written about findings from our Study are set out in impacts: Focusing due diligence on human rights due diligence, there this summary briefing, while a detailed the impact of the business enterprise is still a lack of clarity about what is 15,000 word peer reviewed article will on human rights is the best way required amongst many businesses. appear in a forthcoming edition of the to implement the United Nations Further guidance is needed to help Business and Human Rights Journal Guiding Principles on Business and businesses understand the scope, published by Cambridge University Press. Human Rights (UNGPs). Only those meaning and consequences of human businesses which had undertaken rights due diligence as described in the On October 17, 2016, Norton Rose specific human rights due diligence Guiding Principles. Fulbright in collaboration with the processes had identified a significant British Institute of International number of human rights impacts. With this in mind, Norton Rose Comparative Law hosted a forum Fulbright and the British Institute on human rights due diligence of International and Comparative which explored good practices and Law decided to collaborate on a challenges for business enterprises.

Norton Rose Fulbright – March 2017 37 Business ethics and anti-corruption world

• Corporate perspective: When • Cross-departmental approach: In out in the black letter law, so conducting human rights due order to have a better understanding companies should look to these diligence, companies need to look of their human rights impacts, standards as their guiding point. beyond the impact on the enterprise business enterprises need to get to the impact on the affected rights away from the modern corporate • Voluntary principles treated as hard holder, as a stakeholder. This means structure where each department is law: When determining what standard that when conducting human working in a silo and concentrates of due diligence is necessary, it can rights due diligence, the concept on its own specific mandate. Human be helpful to look at the UNGPs, the of ‘materiality’, so ingrained into rights due diligence is most effective leading soft law in this area. Although the mind-set of corporations, is when it is cross-departmental. To get these principles are voluntary, courts superseded by the actual and the best results, a combination of are starting to mention these potential impact on stakeholders. legal, compliance, human resources, Principles in their rulings. procurement and corporate social • Mind the gap: Normal corporate responsibility teams is desirable. • An effective system without budget processes such as audit and record is a myth: It is not enough to ask keeping are not usually effective in • Roles, responsibilities and objectives: lawyers to draft human rights revealing the impact of the business Human rights is not an ‘add-on’ policies and risk assessments if enterprise on human rights. The feature of the organization but should there is no budget allocated to board of directors and the C-Suite be central to the business strategy. the implementation, training and need to dig deeper and conduct Consequently, it is the responsibility enforcement of these. A business specific human rights due diligence of the board to identify, own, manage enterprise which is serious about in order to bridge the gap between and mitigate risks. This means that assessing and improving its impacts what is being reported and the risk owners need to be clearly on human rights will therefore look reality. They also need to ensure that identified, resources need to be to allocating a sufficient budget for the legal function undertakes careful targeted to the most significant risks work in this area. verification of companies’ public and controls, and prevention activities statements. These steps will serve to should align with any changes in the • Collective action: One of the most mitigate potential liability for actual risk profile of the organization. The effective ways to deal with human adverse human rights impacts. objective of leaders at all levels rights issues is to work collectively across the organization should be to with other companies, NGOs, • Nature of the modern corporate build a culture where human rights law firms and experts to address group: Global businesses should are respected. effectively the human rights risks be aware that there is an increasing which are most serious and salient. trend for companies in countries • Look back principle: The law is This collaboration can provide a such as the UK, Canada, Germany developing and in many years to fresh perspective on human rights and the US to suffer reputational come businesses could be held to impacts and can demonstrate, often damage and sometimes even legal account for their actions today. For publically, a company’s commitment action because of the acts of their this reason, it is not enough to look to human rights. subsidiaries or subcontractors only at where the law is now; abroad. An enterprise can no longer businesses need to look at the • Capacity building: Even though just look at its own business. It direction in which the law is travelling terminating a contract which is needs to make sure that proper to influence their current behavior, particularly problematic in terms systems and processes are in place the so-called ‘look back principle’, of human rights impacts can in other companies in the group. It which has already been applied in sometimes seem like the easier also needs to understand the human other areas like anti-bribery and option, it is generally a better rights impacts of other businesses corruption and tax avoidance. In the investment for businesses to work within its supply and value chains. sphere of business and human with the relevant companies within rights, it would seem that the courts their supply chains and value chains are moving towards enforcing higher in order to improve their human standards than those currently set rights standards.

38 Norton Rose Fulbright – March 2017 Exploring human rights due diligence

• Potential defence: Effectively For more information contact: addressing potential human rights

issues in supply chains can mitigate these risks and can serve as a defence if something does go wrong.

• Be proactive: The best way to protect yourself is to be proactive – prepare human rights specific Robin Brooks Gal Levin training sessions, conduct human Partner, London Associate, London rights impact assessments and Tel +44 20 7444 Tel +44 20 7444 5034 [email protected] [email protected] comprehensive human rights due diligence and put in place a human rights policy.

For more information and a detailed analysis by industry sector please see the full report available at human-rights-due-diligence. Milana Chamberlain Dan Jarman nortonrosefulbright.online. Partner, London Senior associate, London Tel +44 20 7444 3289 Tel +44 20 7444 3619 [email protected] [email protected]

British Institute of International and Comparative Law Professor Robert McCorquodale Institute director Tel +44 20 7862 5151 Sam Eastwood [email protected] Head of business ethics and anti-corruption Lise Smit Partner, London Research fellow in business Tel +44 20 7444 2694 and human rights [email protected] Tel +44 20 7862 5162 [email protected]

Stuart Neely Associate, London Tel +44 20 7444 3289 [email protected]

Norton Rose Fulbright – March 2017 39 Business ethics and anti-corruption world

A call for Collective Action

Collective Action is gaining attention Collective Action to tackle these systemic corruption issues. as a powerful tool for businesses, NGOs For example, in a tender process, and policymakers to fight corruption Collective Action is a process of Collective Action commitments like together. cooperation amongst various stakeholders, integrity pacts promote increased including businesses, governments and prospects of fair selection. For all The UK Anti-Corruption Summit, civil society. Fighting corruption stakeholders concerned, Collective held in May 2016, was a valuable collectively increases the impact and Action contributes to enhanced public opportunity for Government Leaders credibility of individual action. Common reputation and credibility. actively to promote Collective Action, forms of anti-corruption Collective Action which directly addresses two key include anti-corruption declarations; At an international level, Collective themes of the London Anti-Corruption integrity pacts; principle-based initiatives; Action can be used as a tool to help Summit’s agenda, namely and certifying business coalitions. ensure the consistent and fair enforcement of regulations. National • The need collaboratively to Businesses recognise that there are legislation and international improve the standards of various certain corruption issues which cannot conventions are further supplemented international anti-corruption efforts be tackled alone. Collective Action and bolstered by engaged industry provides opportunities for businesses, stakeholders. If approached correctly, • The need to engage stakeholders the public sector, and civil society to Collective Action can fill lacunae within society to promote these efforts. empower themselves through in legislation or augment inadequate collaboration to develop new initiatives local law.

40 Norton Rose Fulbright – March 2017 A call for Collective Action

Call to action Challenges A version of this article was included in • Does your government understand the Leader’s Anti-Corruption Manifesto Collective Action efforts can be fostered the potential impact of Collective published by Transparency International internationally with renewed engagement Action? UK in advance of the Summit. from interested stakeholders (including most notably national governments) at • Is your government committed a national and international level and to supporting Collective Action? For more information contact: increased publicity of the success of significant projects already underway, • Is this commitment articulated in like initiatives within the extractive, a formalised and published Anti- shipping and energy industries. Corruption plan?

In anticipation of the Summit, now • Could your government engage is the time to think about what more with businesses and NGOs in governments can do to engage in promoting and developing Collective Sam Eastwood Collective Action in the wider business Action initiatives? Head of business ethics environment. and anti-corruption Leaders should use the Summit as a key Partner, London platform to support Collective Action and Tel +44 20 7444 2694 [email protected] create opportunities for Collective Action initiatives. Furthermore, Government Leaders should recognise and promote Collective Action as a collaborative and innovative tool to address systemic and deep-rooted corruption.

Norton Rose Fulbright – March 2017 41 Business ethics and anti-corruption world

Key contacts

Sam Eastwood Head of business ethics and anti-corruption London Tel +44 20 7444 2694 [email protected] Asia Pacific Ep Hannema Middle East Alfred Wu Amsterdam Patrick Bourke Hong Kong Tel +31 20 462 9413 Dubai Tel +852 3405 2528 [email protected] Tel +971 4 369 6305 [email protected] [email protected] Jason Hungerford Abigail McGregor London Orlando Vidal Sydney Tel+44 20 7444 2474 Dubai Tel +61 408 833 490 [email protected] Tel +971 4 369 6398 [email protected] [email protected] Aydin Jebrailov Sun Hong Moscow South Africa Shanghai Tel +7 499 924 5101 Andre Vos Tel +86 21 6137 7020 [email protected] Johannesburg [email protected] Tel +27 11 685 8865 Christian Dargham [email protected] Wilson Ang Paris Singapore Tel +33 1 56 59 52 92 United States [email protected] Tel +65 6309 5392 Michael J. Edney [email protected] Washington, DC Piotr Strawa Tel +1 202 662 0410 Warsaw Canada [email protected] Sally Gomery Tel +48 22 581 4994 [email protected] Ottawa Kevin James Harnisch Tel +1 613 780 8604 Washington, DC [email protected] Latin America Tel +1 202 662 4520 Glenn Faass [email protected] Richard Wagner Rio de Janeiro Ottawa Tel +5521 97220 9314 Tel +1 613 780 8632 [email protected] [email protected] Andrew Haynes François Fontaine Rio de Janeiro Montréal Tel +5521 3616 6996 Tel +1 514 847 4413 [email protected] [email protected] Mauricio Zagarra-Cayón Bogotá Europe Tel +57 1 746 4601 Sam Eastwood [email protected] London Tel +44 20 7444 2694 Luis Ernesto Andueza [email protected] Caracas Tel +58 212 276 0007 Lista M. Cannon [email protected] London Tel +44 20 7444 5991 [email protected]

42 Norton Rose Fulbright – March 2017 Global resources

Global resources

Norton Rose Fulbright is a global law firm. We provide the world’s preeminent corporations and financial institutions with a full business law service. We employ 3500 lawyers and other legal staff based in more than 50 cities across Europe, the United States, Canada, Latin America, Asia, Australia, Africa, the Middle East and Central Asia.

Our office locations

People worldwide Europe Latin America Africa Amsterdam Monaco Bogotá Bujumbura3 7000+ Athens Moscow Caracas Cape Town Brussels Munich Rio de Janeiro Casablanca Frankfurt Paris Dar es Salaam Legal staff worldwide Hamburg Piraeus Asia Pacific Durban London Warsaw Bangkok Harare3 3500 Milan Beijing Johannesburg Brisbane Kampala3 Offices United States Hong Kong Nairobi3 Austin New York Jakarta1 50+ Dallas St Louis Melbourne Middle East Denver San Antonio Port Moresby Abu Dhabi (Papua New Guinea) Key industry strengths Houston San Francisco Bahrain Perth Financial institutions Los Angeles Washington DC Dubai Shanghai Energy Minneapolis Riyadh2 Singapore Infrastructure, mining Sydney and commodities Canada Central Asia Tokyo Transport Calgary Québec Almaty Technology and innovation Montréal Toronto Life sciences and healthcare 1 TNB & Partners in association with Ottawa Vancouver Norton Rose Fulbright Australia 2 Mohammed Al-Ghamdi Law Firm in association with Norton Rose Fulbright (Middle East) LLP 3 Alliances

Norton Rose Fulbright – March 2017 43 nortonrosefulbright.com

Norton Rose Fulbright Norton Rose Fulbright is a global law firm. We provide the world’s preeminent corporations and financial institutions with a full business law service. We have more than 3500 lawyers and other legal staff based in more than 50 cities across Europe, the United States, Canada, Latin America, Asia, Australia, Africa, the Middle East and Central Asia. Recognized for our industry focus, we are strong across all the key industry sectors: financial institutions; energy; infrastructure, mining and commodities; transport; technology and innovation; and life sciences and healthcare. Wherever we are, we operate in accordance with our global business principles of quality, unity and integrity. We aim to provide the highest possible standard of legal service in each of our offices and to maintain that level of quality at every point of contact.

Norton Rose Fulbright Verein, a Swiss verein, helps coordinate the activities of Norton Rose Fulbright members but does not itself provide legal services to clients. Norton Rose Fulbright has offi ces in more than 50 cities worldwide, including London, Houston, Toronto, Sydney and Johannesburg. For more information, see nortonrosefulbright.com/legal-notices. The purpose of this communication is to provide information as to developments in the law. It does not contain a full analysis of the law nor does it constitute an opinion of any Norton Rose Fulbright entity on the points of law discussed. You must take specifi c legal advice on any particular matter which concerns you. If you require any advice or further information, please speak to your usual contact at Norton Rose Fulbright.