Whose rules to comply with?

Although the meeting was held in Brazil, there was no question of which country’s ethical rules was central to the assembled companies’ compliance concerns – the United States of America. Time and time again, counsel who worked for companies that either did business with the US, or were dual-listed on the New York Stock Exchange, mentioned the need to comply with the US’s stringent anti-corruption legislation, the Foreign Corrupt Practices Act (FCPA). Although some speakers clearly resented this ethical imperialism, FCPA compliance was all-but non negotiable for many participants.

One speaker, whose employer had been caught up in a corruption scandal, recalled that FCPA compliance was now the number one “buzz-word” in their organisation. To assist them spread the message of compliance, the company had created an anti-corruption “took-kit”, which was used to supplement employees’ class-based and online education programmes. The company had also engaged a specialist law firm, with no previous experience of dealing with the organisation, to audit the company’s compliance regime. It was felt that bringing in a law firm with no previous ties to any of the company’s employees would give the company a fresh, impartial assessment of the company’s compliance culture.

Of course, there are some occasions where internal codes of conduct, typically based on the laws of the company’s global headquarters, can cause compliance problems for multinational companies. On occasions, such policies may conflict with the local laws of some countries in which they operate. For this reason, one speaker recommended that all proposed polices should be sent to local legal departments for assessment, prior to their adoption.

Where polices have already been established, the challenge for local legal departments is more pronounced. For example, one speaker suggested that corporate policy may require an employee to be dismissed for a certain specified behaviour - but the local labour laws of the country they work in may not legally allow this. In these situations, a commercial solution – that is, paying an employee to leave - may be the only viable option to resolving such a dilemma. Such scenarios are, of course, one of the more intractable challenges of working in a multinational environment. Other challenges may simply require greater sensitively to differing regulatory regimes, in order to allow an acceptable solution to be implemented.

On this topic, one speaker recalled how head office policy required that the company should take out an insurance policy when developing land, in case the land subsequently turned out to be contaminated. For a company based in a country where punitive damages were the norm, liability insurance is almost certainly an essential purchase. However, this speaker then recalled how the law in their country required that, before any “brown field” land could be redeveloped, the company must clean the site to the satisfaction of the local environmental agency. As a result, it was virtually impossible to imagine a scenario where the company would have to make an insurance claim relating to environmental contamination. As far as this speaker was concerned, spending money on environmental insurance may make sense in their employer’s home territory, but was simply a waste of money in their own country.

More generally, several speakers suggested that the differences in regulatory norms between countries were becoming less pronounced – which may make cross-border conflicts less acute in the future. For example, Brazil has recently introduced an annual Anti-Cartel Enforcement Day, held on 8 October each year. Equivalent anti-trust laws are now being rolled out around the world – even in the notionally non-capitalist China. One counsel said they were surprised by Brazil’s sudden anti-cartel announcement, which was introduced via by a presidential decree. Another speaker added that some Brazilian companies mistakenly thought such international developments would “never arrive” in their country.

Developing a culture of compliance

It is perhaps a cliché that companies’ in-house legal departments have a reputation for “business prevention” rather than “business facilitation”. And, it is certainly true that sometimes the legal department must say “no” to proposed transactions that would simply be illegal to implement. But in-house counsel can make this perception less likely, if they take the time to understand the business’ strategy, working practices and terminology. For example, it was suggested that a legal department should explicitly align its strategic objectives with that of the business. Ideally, the legal department should also submit itself to outside scrutiny, setting itself key performance indicators, such as speed of response or client satisfaction targets. It was suggested that a legal department which implemented such measures would have a far better chance of delivering an effective compliance message than one that was associated with causing sales staff to miss out on their performance bonuses.

But, in general, the counsel’s compliance message is normally made far easier if the company they work for itself embodies a culture of compliance. However, such a culture can only succeed if it is endorsed from the very top of the corporate hierarchy. One speaker proudly recalled how his company’s board had turned down a potentially profitable deal, partially because it raised compliance concerns. “Compliance is in the company’s DNA”, they said. “Our employees understand that the company’s profits are based on it being compliant”. The counsel then recalled how their company was prepared to fire senior employees who misbehaved, as a warning to their fellow workers. “Training works, but so does terror. If you fire one person, the rest understand they have to obey the rules.” Another speaker offered the same message. “In business, a company’s image is everything. Once your image is destroyed, the company loses everything. It’s better for a company to lose a good deal than to lose its image.”

For companies that did not already have a fully-developed culture of compliance, several speakers recalled that it was very difficult to create one. In terms of joining an ethical company, one speaker suggested that there two best types of company to work for: either a domestic operation that had recently been acquired by a multinational, where a culture of compliance was more likely to be ingrained, or alternatively, they should join a domestic company that was about to go through an IPO. Such companies are normally willing to submit themselves to substantial regulatory, organisational and cultural change, as a prelude to raising new funds.

Delivering internal compliance

In most C2C events, there is a debate as to whether compliance should be part of the legal function or separate from it. This meeting was no exception. Whatever internal reporting lines companies use to deliver their compliance objectives, the legal department can still play a useful role. In particular, the legal department can ensure that all of the companies contracts do not leave it open to charges of corruption or anti-competitive behaviour.

In practical terms, this often means ensuring most contracts the company uses are in standard-form. This minimises the possibility that employees can vary the contract’s terms in a way that could cause regulatory or compliance problems for the company. Several speakers at the meeting had implemented such a programme of contract standardisation, typically accompanied by technology that allowed their sales staff to draft and approve the contracts themselves. Where any contract customisation was required, this technology allowed the sales staff to request authorisation from the legal department – but also blocked their ability to vary the terms unilaterally. In general, it was felt that the slight loss in flexibility that standard form contacts required was more than outweighed by the speed that which they could be drafted, coupled with the reduced risk of corporate liability for non-standard terms.

Besides automating the process of contracts creation, the legal department can also take the lead in assessing more general legal risks the company is exposed to. Depending on the company’s internal characteristics, or the business sector is involved in, this could require involvement in a wide range of issues. For one speaker, compliance involved checking the text of their employers’ adverts, while for others it involved issues of labour or competition law compliance.  When deciding which areas of compliance requires the legal department’s most urgent attention, the obvious starting point is an assessment of the specific legal risks the company is exposed to. This assessment can either be based an assessment of the likelihood of the compliance breach happening, or the likely financial consequence for non-compliance – or a mixture of both factors.

In relation to quantifying costs of non-compliance, one speaker around the table had developed a very sophisticated methodology. The local counsel recalled how their department had identified every single dispute their branch of the company was exposed to, and had assigned it a notional financial value. These values were audited by an external law firm, but the final decision was always left to the in-house legal team. Once signed off on a local basis, the local legal department sent a quarterly summary report to both the company’s global CFO and its chief legal officer. Where a significant new matter occurs between reporting periods – typically a matter worth US$250,000 or more – this matter was immediately referred upwards, in order to notify key head office personnel. “This reporting system means our head office is always made aware of the most important cases we are involved with, in case they need to inform the market”, the speaker explained. “In my company, we have a culture of total transparency”.

Spreading the message of compliance to the wider community

For several speakers around the table, it was not sufficient for companies to be compliant internally. Instead, the compliance message was being extended to those organisations their companies did business with. To ensure this happened, these external stakeholders were either being offered compliance training by the company itself, or alternatively were being asked to provide undertakings that they were compliant, as a condition of doing business with the company.

From a narrow, legalistic point of view, such as approach makes obvious sense. Many companies employ resellers and agents to promote and sell their products on their behalf. These stakeholders have a direct contractual relationship with the company, and any misbehaviour on their part could potentially expose the company itself to liability risks. More generally, it makes reputational sense for companies to push their own compliance agenda with their key external stakeholders. There is little point for companies investing millions of dollars in their own compliance programmes, if the behaviour of their associated stakeholders causes them reputational damage in any event. This is because it is generally recognised that the “newspaper test” is always less forgiving than any test of legal liability – and also far more swift to deliver its judgment.

Takeaways

• Of all international standards, the need to comply with the US FCPA is perhaps the most universally accepted. More generally, local counsel may have reconcile company-wide policies with local legal conditions. This is not always easy to achieve.
• Top level buy-in is required to foster a culture of compliance, but so is a sense of commercial awareness from the legal department. A legal department that facilitates business is far more credible than one that prevents it.
• The legal department should focus its compliance programme on key risks relevant to its business. The use of standard form contracts can help minimise the risk of unexpected liability issues.
• There is no point in developing an expensive and time-consuming compliance regime, if a company’s clients and suppliers inflict compliance damage. Consider expending your compliance training regime to key external stakeholders.