Accepting the need for compliance

Many international companies operate in overseas markets where they face strong competition from domestic operators. These companies face a particular challenge in obtaining internal “buy in” for high ethical standards – particularly if local competitors are not bound by the same set of rules. One speaker spoke for many when they complained that: “In the sector I work in, the playing field is definitely not level.”

Such perceptions often lead to the opinion among a company’s sales team that its in-house lawyers should be viewed as “business prevention officers”. Nevertheless, one speaker at the meeting spiritedly rejected this charge, arguing that they only acted as a “bad business prevention officers”.

Tension between head office policies and local market conditions is, of course, nothing new. The ideal is to keep such tension to a minimum, by encouraging a process of alignment between head and local office culture, wherever possible. To achieve this objective, one speaker recalled how their company has established a compliance committee at corporate level. The committee included all relevant stakeholders – including the company’s chief operating officer, finance officer and regional representatives, and was tasked with establishing universally-accepted compliance policies and procedures. By seeking opinions of regional officers, it enabled to committee to evaluate the practical implications of implementing global policies in each of its local markets.

On this theme, one private practice speaker said that arguably the best time to engage in cultural due diligence was prior to entry into a new market. To re-enforce this point, they gave an example of a company who had moved into China without first checking whether their domestic expansion strategy was permitted under the Chinese investment laws. “Their whole business model was challenged by local law requirements,” the law firm speaker said.

In terms of promoting the compliance message to your local workforce, various speakers offered practical suggestions. Some attempted to persuade their peers of the need for compliance by highlight the potential penalty for not doing so. For example, one participant pointed out how much additional turnover the company would be forced to raise, in order to both maintain profits at existing levels, and also pay a fine resulting from non-compliance.

Besides appealing to their employee’s good nature, “fear” was also a favoured method of compliance enforcement. The possibility of dismissal would help to reduce the threat of “bad apples”, who could otherwise infect a company culture with their unethical working practices. “Unfortunately, you have to kill a few chickens and put a couple of heads on spikes,” said one speaker. “You might even look at requesting a criminal prosecution – so long as you can manage the PR implications of doing so.” Another speaker suggested that it was important to find “allies” in the mid-tier of the company’s hierarchy, who can act as compliance advocates on behalf of the legal department. “You have to convince these people that compliance isn’t just about paperwork,” they said. “These people typically have supervisory responsibility, so can’t point the finger of blame for non-compliance at anyone else.”

If building acceptance for compliance is difficult within one’s own company, enforcing compliance among key suppliers and vendors is even more of a challenge. Arguably the best time to for a company to obtain buy-in for its ethical position is before new vendors or suppliers are engaged. One speaker recalled how they required their preferred vendors to certify their compliance with the company’s policies twice a year, as a condition of doing business with them. In return, all preferred vendors were provided with regular compliance training, to explain what standards were expected of them.

Delivering compliance

In general, it was felt that all compliance training should be kept appropriate to its intended audience – simple, when training masses of unskilled or semi-skilled personnel, but more sophisticated for more senior level employees. That said, “scenario” and “hypotheticals”-type training appeared to be universally popular among many of the seminar’s attendees.

On the specific issue of training for compliance with the US Foreign Corrupt Practices Act (FCPA), speakers at the meeting fell into two distinct camps: those who mentioned the Act by name when delivering their training programme, and those who didn’t. For those that did mention the Act by name, some thought it important that they could prove their compliance education programme explicitly covered all aspects of the FCPA, in the event of a investigation or audit by the US authorities. By contrast, for those that specifically decided not to mention the Act by name, various reasons were given for not doing so. For some, asking Chinese employees to comply with US legislation might cause problems in relation to acceptance. For others, their compliance programme simply avoided mentioning all legislation by name – instead, they merely told their workforce that they should not “engage in bribery or corruption”.

Paying for compliance

Building a culture of compliance can be an expensive business – both in terms of employing staff to monitor it, and also in the logistics of providing the associated training programmes. At the very least, compliance is often thought of as an irritating overhead. At worst, compliance obligations can actively cost the company income, if it refuses to sanction questionable deals.

This perception raises two specific challenges. Firstly, how should the compliance function be paid for? Secondly, how can internal stakeholders become more accepting of its role? Various speakers at the two sessions offered some valuable suggestions.

In relation to cost allocation, Sharon Chen, vice present and general counsel to AIG General Insurance Company China, discussed how this matter was dealt with within her own company. She explained how various different alternatives were examined, including allocating legal expense on a branch and functional basis. However, she also said it was always difficult to keep everyone happy – one profit centre had asked her team to use time sheets, so they could assess whether they were paying a “fair” share of the legal overhead.

Discussing her company’s present arrangement, Ms Chen said that legal department was now regarded as a corporate resource, which should be used as much as required, for the benefit of the whole company. “We should not discourage our business people from approaching us because of cost,” she said. This approach was also endorsed by David Huebner, who heads Sheppard Mullin’s China Practice and International Disputes Practice. “In my experience as a CEO and practice head, when people thought they were being allocated general counsel office costs based on usage, they stopped using the service,” Mr Huebner recalled. “I had to remind stakeholders regularly that the goal was to keep the institution safe, which transcends accounting allocations. To reinforce that message and simplify matters, I ended up simply imposing a per capita allocation not tied to usage.”

However, Benjamin Dornic, senior vice president and China general counsel for construction materials provider Lafarge, differentiated between routine compliance and compliance associated with special projects, such as corporate acquisitions. “We have a fast-developing business, and our view is that the business unit is responsible for the costs associated with its growth,” he said. Other speakers tended to allocate transactional cost to specific departments, with varying degrees of sophistication. And, while recognising that time sheets were extremely fair – not least because they allocated a financial value to the “odd call” to compliance that may actually result in a large amount of work, it was also recognised the tracking software to facilitate it also had a financial cost. “We all hate time sheets, so we haven’t got there yet,” said one in-house speaker.

Another corporate counsel described how their department actively canvassed their company’s business units, to ask them for their anticipated future compliance costs, on a regular basis. “It doesn’t really matter if their estimates are out by 10 per cent or 200 per cent,” they said, explaining their reason for doing do. On the same topic, another in-house lawyer added: “What’s important is that someone from the legal department has sat down with key departments in November, and asked them how much they plan to spend on legal fees in new year – it makes them think about what they’re doing. Anything is better than allowing them to spend half a million dollars on legal fees doing a deal without telling us, and then being surprised about the size of the bill when it arrives.”

When should corporate counsel become involved in compliance issues?

In most counsel to counsel events, there is a debate about whether compliance should be part of, or separate to, the legal function. On some occasions, this may simply be a matter of resourcing – companies with limited headcounts in a particular location may simply decide to combine the two functions. In other situations, a split may be made for strategic reasons. For example, it may be preferable to require the (normally more expensive) legally qualified legal team to engage in matters where their professional status as lawyers carries a specific benefit – especially in relation legal professional privilege, or their knowledge of the market for external counsel.

Unusually, during this debate, several speakers indicated they had developed a two-stage approach to compliance. That was, they would expect relevant line managers within their organisation to carry out an initial compliance evaluation, but then ask the legal department to become involved at a later stage. To facilitate this process, several had created preliminary compliance “checklists” that their various line managers could work through, before asking for their opinions. Not only did this relieve the initial “information gathering” burden from the legal department, it also allowed these other stakeholders to carry out an initial evaluation of whether the deal they were proposing actually made commercial or ethical sense.

From the comments at those at both seminars, this two-stage process appeared to be particularly prevalent when a new commercial arrangement was being planned – for example, the company hoped to engage a new agent or distributor. Here, one of the main aims of the checklist was to “weed out” undesirable organisations that it may not be in the companies’ interests to do business with, particularly in relation to FCPA compliance. Several speakers appeared nervous about any vicarious liability that may arise out of doing business with questionable third parties. As a result, it was felt that the checklist was a useful way of forcing internal stakeholders to address these concerns directly.

Another crucial point at which compliance can be injected into the corporate decision-making process is during the stage at which commercial contracts are being prepared. This could be achieved in two ways: firstly, the legal department could insist that its sales team only use the company’s approved standard form contracts. By banning any alternation to these standard terms without the express approval of the legal department, companies can help the company avoid exposure to any unexpected liability issues arising from such alternations. Secondly, the legal department could use IT systems to enforce a requirement that all contract templates must only be downloaded from the company’s intranet, rather than allowing employees to use old versions of these documents, stored on their local PC. If this requirement is enforced, the company can minimise the risks that its employees are using out-of-date versions of its standard form contracts. “Our employees must visit our company server to download our contract templates when preparing a contract because the server maintains the latest contract templates approved by the legal department,” said Benjamin Huang, legal counsel to Bayer (China) Ltd.

When is "enough?"

With the world economy under sustained pressure, several speakers believed their legal department was heading into a perfect storm. On the one hand, companies were becoming more risk-adverse. This meant they increasingly requested assurance from the legal department that they were fully compliant, just in case they were subject to a regulatory investigation. On the other hand, falling profits invariably meant pressure to reduce overheads – and in-house lawyers or compliance officers can be expensive to employ. “Some business people will attempt to cut corners, when pressure comes to increase the company’s revenue,” said one in-house counsel. “Some deals will be OK, some will not. Either way, the due diligence involved will lead to enhanced demand for legal services.”

For several speakers, the question was therefore how far should they go in facilitating deals about which they had lingering doubts. For one speaker, the basis for their position would be to consider how they would feel if asked to justify their decisions in a witness box. “I use a decision tree to help me make my decisions,” they said. “First, I ask is it legal? Then, is it ethical? Then, is it customary – is it in line with local business practices? Can I sleep well at night? Would I be embarrassed to see this in the newspaper? Sometimes, it’s better to sleep a little less – but sleep a little better.” For one in-house speaker, even private practice law firms were sometimes guilty of pushing marginal deals too far. “I am aware of respected US law firms who make my hair stand on end when I see their name on a deal,” they said. “We know they’re good lawyers, but we also know from experience that these guys will talk a deal to the edge of legality. It should be the job of outside lawyers to represent the institution they are instructed by, not just the people they are directly working with.”

“If firms have concerns about a particular deal, they should find a way to effectively communicate the risk issues to the institution they are advising,” they continued. “All too often, messages of concern don’t work their way up the chain of command, to reach those who have to sign the deal. These concerns are often only communicated to the bankers – who are remunerated when the deal is done. That’s a crazy situation to be in.”

Takeaways

• It is always difficult to gain internal acceptance for compliance, particularly if your company’s standard of behaviour are higher than local market conditions require. Try to engage senior local “champions” to spread the compliance message – but also be prepared to use fear to get your way.
• Ensure your compliance programme is appropriate to your target audience. Hypothetical scenarios are a useful way of engaging all types of employees.
• Companies that charge for compliance on a “per use” basis may find it difficult to persuade employees to use their resource. Try to ensure that costs are allocated fairly, but do not penalise those who are keen to make use of your services.
• Making departmental heads use compliance checklists to review their own business proposals can force them to address the consequences their decisions – and free up the legal department’s time to focus on more serious matters.
• Reflect on what you consider the boundaries of acceptable behaviour, and communicate that position – both internally, and also to your external counsel.