Scott Gilbert, Chief Compliance Officer, Marsh & McLennan Companies, Inc
Keith Ruddock, General Counsel Exploration and Production, Shell International BV
Jonathan Crook, Partner, Eversheds LLP, UK
Paul Worth, Head of Fraud, Eversheds LLP, UK
Leigh Dance, president, ELD International Inc.
Whose standards to apply?
With record numbers of FCPA investigations, and competition authorities around the world issuing ever larger fines for anti-trust violations, companies are under ever greater pressure to behave as good corporate citizens. The challenge for multinational companies in particular is working out which form of behaviour amounts to internationally-accepted standards of good corporate citizenry. For example, the US FCPA explicitly permits what are known as “facilitation payments” – payments made to overseas officials to expedite the availability of licences and permits. By contrast, such facilitation payments are illegal under UK law, even if a company makes them outside UK waters. “We have tougher laws in the UK than in the US – the difference is, the UK laws aren’t enforced,” Eversheds’ Head of Fraud, Paul Worth, told the meeting.
The issue of facilitation payments was a particular challenge in emerging markets – increasing a target for expansion by western companies. In some countries, such practices are not yet illegal, and are almost seen as a standard operating procedure. C2C facilitator Leigh Dance added rhetorically to this debate: “What do you do if half of your company’s legal team don’t accept that Western standards should apply?”
Faced with such a challenge, several speakers suggested that corporate counsel should simply insist on adherence to the most rigorous international standards of ethical behaviour internationally, no matter what the local law specifically required. Although local business managers may not like being forced to adhere to higher standards than they were legally obliged to, such an approach would “future proof” the organisation from any improvements in accepted “best practice” within that country. “Once a transaction is tainted with corruption, it’s tainted forever – like nuclear waste”, said one in-house speaker. “You become a hostage to fortune, especially if the country subsequently adopts internationally-accepted standards. Some day a former employer, competitor or politician will be only too willing to use your past behaviour as a weapon against you.”
Nevertheless, a company that goes down that route faces one major pitfall: specifically, what happens if their global standards and local employee protection laws clash irreconcilably? One speaker recalled how employment laws in one former soviet state made it effectively impossible to dismiss an employee if they had recently adopted a child, no matter how serious the unacceptable activities they may have been involved in.
Whatever standards companies do decide to adopt, it is imperative that they adhere to, and preferably exceed, the standards that apply to each of their local business areas. What they must not do is decide to ignore existing laws – perhaps because they believe the law seems nonsensical or outdated.
The danger of the remote outpost
Several speakers at the event highlighted the importance of staff training and effective monitoring, to reduce the risk of “rogue” employees from engaging in corporate wrongdoing. But, as the debate progressed, the question of how resources for such training programmes and monitoring programmes should be deployed was discussed at some length.
Some speakers thought it important to concentrate resources in the company’s main centres of operation, where most personnel were based and revenues were concentrated. Others, though, took the contrary view. “What about the so-called ‘popcorn stands’ – the remote locations, which may not be linked into the company’s global financial management systems?” asked a senior corporate counsel. This counsel argued that such operations may pose a disproportionate risk to some companies, because “structural” compliance checks and balances did not always work effectively. “There’s likely to be less segregation of duties in these operations, and more possibility of collusion among staff,” they warned. “Staff may be more loyal to each other than to the company. Together, these factors may defeat a traditional audit.”
Other speakers suggested that their very remoteness made some workers less in tune with their employers’ core values, and therefore more likely to take risks than other staff. Former owners of businesses which had been acquired and who retained operational duties, or, typically, smaller companies which have recently been acquired but not yet integrated into global systems, were cited as being particularly risky. “Former owners can sometimes be more relaxed with the way they account for the company’s money,” said Shell’s Keith Ruddock. “In a way, they may have been previously used to being able to treat their business’s money as if it were their own.”
The use of third-party agents
Faced with increasingly strict rules on anti-corruption, many companies may be tempted to try to reduce their exposure by engaging third-party agents. However, as several speakers at the meeting suggested, this should not be a company’s preferred course of action. Where they suspect fraud or corruption, regulators are increasingly investigating “up the chain” of transaction – from agent, to branch office, to regional hub – even the company’s headquarters. Wilful blindness on the part of the company would not be tolerated. Increasingly companies are being held accountable for the actions of their third party agents and contractors.
“Our company now has a rigorous process for engaging third parties,” said one corporate counsel. “You can’t just use third parties to do what you’d never consider doing yourself. If an employee wants to engage a third party, they have to fill out a form online and make a business case for doing so. A potential agent’s references will always be checked by some fairly cynical people. What’s more, they’ll only get paid for their work if we provide them with a payment authorisation code.”
Devising an anti corruption programme
Thankfully, many regulators now publish suggested fraud prevention or investigation procedures on the internet, which counsel can adapt for use in their own companies. For example, the US Department of Justice produces useful fraud prevention guidelines on what might be described as ongoing, low-level “civics” corruption.
During the course of the debate, several speakers suggested hypothetical scenarios, to facilitate a discussion of how such programmes would work on the ground. “If your company is involved in a joint venture with an overseas government, are they entitled to use the joint venture’s recreational facilities in proportion to their ownership share?” asked one participant. “If your company is asked to contribute to community facilities, what should you do if the mayor’s sister works in the affected hospital, or if their cousin runs the local community centre? What happens if a government official wishes to visit one of your facilities in a foreign country – and suggests bringing his wife?” For this corporate counsel, one helpful test would be how the company would respond to a similar request from one of its own employees. “As a company, you have to really investigate where your money is going, and be honest with yourself as to why you are thinking of doing it,” they said.
In relation to formulating a Fraud Response Plan, Eversheds’ Paul Worth suggested a simple “Google” search would provide counsel with a wealth of relevant information for devising a suitable plan. “Virtually every local authority in the UK has a fraud response plan, and many of them will be available on the internet,” he said “These plans provide a useful checklist of what companies should do if they suspect fraud – even whether and when the company should notify its insurance providers.”
During the course of the debate, the idea of trying to encourage industry-wide anti-corruption initiatives was occasionally floated. Could groups of companies within the same sector come together to refuse to take part in dubious behaviour? Is this a realistic option, especially if companies from developing countries chose not to engage in such a process? How can an industry-wide anti-corruption strategy be thrashed out, without giving the appearance of lurching into an anti-competitive collusion between supposed competitors?
The challenges of cross-border fraud
When a company uncovers a corporate fraud or other wrongdoing, there is now a strong incentive to “come clean” and alert the relevant regulator as soon as the basic facts are established. But this poses a particular challenge for counsel, where the wrongdoing is suspected to occur across several jurisdictions. Regulators may be willing to make arrests and seize assets in one country, but completely disinterested in attempting to coordinate their activities with equivalent regulators in other countries – assuming such regulators actually exist.
During his presentation, Eversheds’ Paul Worth discussed a real-life case history of a corporate fraud involving a single company in two different EU jurisdictions. “A regulator in one EU state told the company they planned to arrest a senior executive at an early stage of their operation, but the general counsel couldn’t persuade the UK authorities to meet the same timescale. It’s possible that the UK authority would have interviewed the suspect on day 22, and charged them on day 122, but that wasn’t acceptable to the company.”
To overcome this problem, the general counsel let the regulator take the lead in one country, but ran the initial phase of UK fraud investigation himself. Working with the company’s internal audit, IT and HR function, the counsel was able to get the suspected fraudster offsite and close down their remote access to the company’s computer network. Eversheds then helped the general counsel obtain a search order and a freezing injunction in relation to the suspects’ assets, enabling the company to subsequently recover its money. To enable the police to follow up on the company’s own activities, the operation was run according to standards expected on a criminal investigation. “Hard drives were ‘mirrored’, all relevant documents were ‘bagged and tagged’,” Mr Worth recalled.
It is worth noting that this situation also provided a useful example of how a company can avoid “over investigating” an alleged wrong, and running up costs that are disproportionate to the problem in hand. Here, the investigation was only carried out to the extent to which it was necessary to achieve the company’s objectives.
Blowing the whistle
It is now generally accepted that confidential whistleblower hotlines are an effective method of allowing ordinary employees to highlight possible wrongdoings by their colleagues. And, while such hotlines invariably attract troublemaking employees, they also provide an effective – and internal – safety value for raising more significant concerns. However, speakers also agreed that simply offering a whistleblowing facility is not, by itself, sufficient. Ideally, the outcomes from the hotline should be promoted widely within the company – if possible, illustrated with examples of where a call has lead to a tangible course of action. One speaker suggested that just 25 per cent of phone calls to their hotline were “spurious”, whereas 50 per cent indicated a serious problem that required further investigation. At this person’s company, the remaining quarter of all calls were classified as having some genuine basis even if not sufficient to require a detailed investigation after an initial review.
During the course of the meeting, Eversheds’ Paul Worth gave an example of a spectacular failure of an English local authority to follow up best practice in relation to dealing with whistleblowers. “Four separate local authority employees raised serious concerns,” he recalled. “Their complaints were investigated – but they were fired for being troublemakers. Not surprisingly, they contested their dismissal at an employment tribunal. In normal circumstances, the value of their claims would have been capped at relatively low levels. But in the event, the employees won their claim, and the council was forced to pay out a substantial seven figure sum in compensation.”
Dealing with regulators
When dealing with local regulators in relation to alleged fraud, several speakers complained that the people they dealt with seemed to be often more concerned with “getting a scalp” than coming to an acceptable solution to a genuine problem.
While such concerns may be dismissed as inevitable grumbling, a more serious concern was also raised by one participant: that law firms, engaged by companies to act for them in relation to bribery and corruption situations, did not always seem to advise their client in a way that was necessarily in their best interests. “Some law firms seem to be suffering from a conflict of interest,” said one speaker. “At times, they seem too keen to impress the regulators in the way they approach the issue, perhaps to preserve wider relationships. As a company, we don’t engage these law firms to act for the regulator – we are their client.” This speaker then gave the remarkable example of how his own law firm advisor had attempted to reopen a regulatory issue that had become statute barred – against his client’s interests.
Where companies – especially multinationals – believe they are unlikely to receive a fair hearing at the hands of the regulatory authorities, this poses some awkward questions on how they should proceed. Will reporting an incident of alleged corruption expose their employees to the dangers of mercenary or extra judicial justice? In those circumstances, is it preferable to remove a company’s personnel from that jurisdiction before reporting the problem? If certain members of a country’s judiciary are known to be less than impartial in their treatment of alleged corporate fraud, should the company attempt to transfer proceedings to more neutral surroundings – such as a provincial court? From a purely legal perspective, none of these options may be particularly edifying for principled corporate counsel. However, this may be the best approach for the company when trying to balance the need to root out illegal behaviour, without also endangering company employees’ lives.
Takeaways
- Global standards of ethical behaviour will help mitigate against different standards in different countries. But under no circumstances ignore compliance with the law of the countries in which you operate – no matter how outdated or difficult they are to comply with.
- Remote outposts, isolated from the company’s compliance programmes and general culture, may pose a disproportionate risk of illegal behaviour. Pay particular attention to operations that are not “plugged in” to company-wide best practice systems.
- Do not use third parties to engage in behaviour you would not accept from your own staff – regulators will not accept such wilful blindness. Where agents are used, scrutinise their working practices closely.
- Best practice guides in relation to corruption avoidance, together with investigation checklists, are readily available on the internet. Use them as a basis for developing your own internal systems.
- Cross-border fraud poses a particular challenge for multinationals, especially if regulators do not coordinate their investigations. If necessary, companies may need to launch their own investigations to protect their interests.
- Whistleblower hotlines are an important mechanism for enabling employees to disclose wrongdoing in a safe environment. Highlight the successes of such helplines to promote their use, where possible.
- Dealing with regulators may be fraught with problems. In extreme situations, you may be forced to consider your own employees’ safety as well as your company’s reputation and adherence to local laws.
Recent sponsors of our C2C programme
