Anti-Bribery/Anti-Corruption (ABAC)Compliance Webinar

July 17, 2018

Staci YablonSYablon@Winston.com

212-294-4703New York

Francesca GuerreroFGuerrero@Winston.com

202-282-5647Washington, DC

Agenda• Introduction• Overview of Anti-Bribery Laws• Hallmarks of an Effective ABAC Compliance Program• Key Compliance Flashpoints

2

Poll - Who’s Here?

How much of your day-to-day work involves anti-bribery or anti-corruption compliance?

3

Every day From time to time

Very little Almost none (but I have a general interest)

FCPA Anti-Bribery Provisions

Prohibits offering, making, or authorizing a payment ofAnything of valueKnowing that it will be offered or given to a foreign official (Includes willful ignorance)To obtain or retain businessAnd made corruptly (i.e. with corrupt intent)

Applies to1) U.S. citizens, nationals, or residents

2) Entities that are either located in the U.S. or registered under U.S. law (including all employees working for these entities, regardless of the employees’ nationality)

3) Actions that involve a US nexus 4

FCPA Accounting Provisions

Publicly held U.S. companies are required to:

• Maintain books and records that accurately reflect transactions and dispositions of assets.

• Devise and maintain reasonable internal accounting controls to prevent and detect FCPA violations.

5

Even if the company is not a public company, best practices suggest that employees should accurately report all business transactions and information.

Poll - Global Concerns

Which of the following is addressed by your company's compliance policy?

6

The FCPA

The FCPA and the UK Bribery Act

The FCPA, UK Bribery Act, and other local anti-bribery/anti-corruption statutes

No specific statute

UK Bribery Act Four Major Offenses

7

Promising of or giving of an advantage to another person to reward improper performance1Requesting, agreeing, or accepting an advantage that itself constitutes improper performance2Bribery of a foreign public official 3Failure of commercial organization to prevent bribe being paid to obtain/retain business or business advantage 4

UK Bribery Act Key Differences from the FCPA

8

Facilitation (“grease”) payments are permitted by the FCPA but not under the UK Bribery Act

Both bribers and bribees may be penalized

Also covers commercial bribery

China’s Anti-Unfair Competition Law

A business operator commits an act of bribery if it provides assets or other means merely to obtain a transaction opportunity or competitive advantage.

The scope of bribe recipients includes employees of counterparties as well as third parties.

Employers are liable for misconduct committed by employees.

9

Hallmarks of an Effective ABAC Compliance Program

10

Commitment from senior management and a clearly articulated policy against corruption; oftentimes referred to as “Tone at the Top.” 1Implementation of code of conduct and compliance policies and procedures. (More than a paper policy)2Oversight, autonomy, and resources.3Risk assessment.4Training and continuing advice. 5Incentives and disciplinary measures.6Third-party due diligence and payments.7Confidential reporting and internal investigation.8Continuous improvement: periodic testing and review.9M&As: Pre-acquisition due diligence and post-acquisition integration.10

Morgan Stanley (2012)SEC found that Morgan Stanley’s FCPA compliance program was adequate

• Penalty limited to individual employee, Garth Peterson

Key features of their compliance program:• Trained Peterson on anti-corruption policies at least seven

times between 2002 and 2008

• Distributed written materials to employee

• Received at least 35 FCPA compliance reminders

• Multiple written certifications from employee on compliance with FCPA

• Code of Conduct included a portion referencing corruption risks

• Employees required to annually disclose outside business interests

• Policies to conduct due diligence on foreign business partners 11

Roundtable Discussion – Risk Assessments

How does your Company utilize risk assessments?

Is there anything you’ve learned from doing risk assessments that you want to share?

Do you typically do risk assessments internally or through the assistance of outside advisors?

12

Key Compliance Flashpoints

Drawing the Line Between Reasonable and Excessive Benefits

13

Meals & EntertainmentGratuities, Gifts, and Favors

Travel/Delegation Visits

Third Parties

Appropriate Reporting and Escalation

How much due diligence is enough?How to resolve red flags

When they cannot be resolved

Poll - Meals & Entertainment

Does your company’s compliance policy place a cap on the amount of money that is acceptable for meals and entertainment?

14

$0-$25$25-$50

$50-$75

$75-$100No Specific Cap

Meals & Entertainment –Best PracticesThe level of meals & entertainment should be in accordance with generally accepted business standards. They should not be lavish.

The company should retain control over entertainment events.

Specific caps or approval thresholds can be useful at setting expectations and focusing compliance resources.

15

Gratuities & Gifts – Best Practices

Indicators that a gift is acceptable

Multiple small gifts that take on the pattern of bribes can run afoul of ABAC laws.

As with hospitality, approval thresholds can set expectations and allow compliance personnel to focus resources.

16

(1) small gift or token (2) given openly and transparently

(3) provided to reflect esteem or gratitude

(4) permitted under local law

Case Study: JP Morgan Chase (2016)

JP Morgan influenced government officials in the Asia-Pacific region by giving jobs and internships to their relatives and friends.

17

Client referral hiring program that bypassed normal hiring process

Hired approximately 100 interns and full-time employees at the request of foreign-government officials

Referral hires typically did not meet minimum educational or background qualifications that JP Morgan looked for in its non-referral hiring programs

Paid $72 million to the Justice Department; $61.9 million to the Federal Reserve Board of Governors; and more than $130 million to settle SEC charges.

Roundtable Discussion – Jobs and Favors

What sort of facts and circumstances would make it acceptable for your Company to hire the friend or family member of a client or government official?

What steps should you take on a go-forward basis to ensure the employment relationship is legitimate?

What similar favors or benefits could your Company provide that might lead to trouble like JP Morgan’s?

18

Travel/Delegation Visits

Travel expenses allowed by the FCPA• “Reasonable and bona fide” expenses for foreign officials that are conducting

business with the company• Primary purpose is business, not pleasure

• DOJ evaluates dual purpose trips using “reasonableness standard”

Department of Justice Guidance:• Do not select particular officials that will attend the trip• Pay costs directly to the travel and lodging vendors, or reimburse upon

production of receipt• All stipends should be a reasonable approximation of future cost• Ensure all expenditures are transparent• Obtain written confirmation that the payment does not contradict local law

19

Scenario 1Stillwater is a company that produces machinery used in the drilling of oil wells. They see a business opportunity to provide equipment for use in upcoming projects in Country X. Oil production in Country X is all conducted in coordination with the state oil agency (MinOil), but the actual development and production is always carried out by commercial businesses.

The Stillwater international sales team wants to bring a group of MinOil officials to its headquarters in Dallas. Even though the MinOil officials will not purchase equipment from Stillwater, the sales team thinks they might be open to specifying that their commercial partners use Stillwater products.

The sales team arranges for the MinOil officials to spend 3 days in Houston. • The first morning is spent at the HQ meeting Stillwater executives, while the second day is spent

touring the production facility outside Houston. The remainder of the time in Houston is free time for the MinOil officials.

• Stillwater pays for airfare and hotel costs for the officials. Stillwater provides lunch and dinner each of the days.

• Some of the officials arrange to prolong their trip to fill out the week. Stillwater does not pay for these additional hotel days.

• Stillwater’s CEO takes the officials out to the Gulf for a full day on his yacht. That evening they go out to a nice restaurant and the CEO ends up paying a bill about $200/person. 20

Scenario 1 - Discussion

Are you concerned about Stillwater arranging this trip for the MinOil officials and paying airfare and hotel?

Are there any steps Stillwater should take to mitigate any concerns you have?

Do you have concerns or see any red flags in the 3-day Houston itinerary? Are there any steps that would mitigate those?

Is the boat trip and dinner excessive? If so, what steps, if any, can the Company take to address this?

21

Third Party Risks

Under the FCPA, the UK Bribery Act, and many other anti-bribery and anti-corruption regimes, a company may be held liable not only for the corrupt actions of its employees, but also for the corrupt actions of a third party if the third party was acting on the company’s behalf.

22

90% of reported FCPA cases involve third parties.

Third parties can include local sales agents, consultants, distributors, joint venture partners, customs agents, brokers, or freight forwarders.

Third Party Risks

Companies can be held liable for third party acts when they• Directly participated in or authorized the third-party’s misconduct, or• Knew of the corrupt acts, including when they showed willful blindness

toward, deliberately ignored, or consciously disregarded suspicious actions or circumstances.

If you deliberately ignore warning signs of illegal activity, you may be violating the law (and causing the Company to violate the law, too).

Companies mitigate third party risk by:• Vetting third parties to determine whether there is a likelihood they will take a

corrupt action• Monitoring third parties for red flags

23

Poll - Due DiligenceOn whom does your company conduct due diligence background checks?

24

No oneThird parties engaged in higher risk activity

Third parties active in higher risk countries

Based on a combination of activity and country

We use a risk-based approach to conduct differing levels of diligence on all third parties

Poll - Due Diligence

How do you conduct due diligence background checks?

25

Conduct due diligence internally (internet checks, questionnaires, etc. all handled by Company staff even if you use software screening)

Outside vendor or investigator

Law firm

Some combination of the above

Mitigating the Risk: Conducting Third-Party Due Diligence and MonitoringCompanies should:

• Understand the qualifications and associations of third-party partners• Understand the business rationale for working with the third party in the

transaction• Confirm and document that the third party is actually performing the work• Implement an ongoing monitoring system of third parties• Inform third parties about the company’s compliance programs• Conduct background and reference checks• Ensure that the third parties are being paid fairly, but not overpaid (e.g., that

commissions are commensurate with work performed)

26

Roundtable Discussion –Third Party EngagementHow does your Company determine what sort and degree of background reviews and business justification are required in order to approve a third party engagement?

Are there any steps you take during some or all third party reviews that you think are particularly helpful?

Can you share any examples of third parties that your Company did not engage after review because of bribery concerns?

27

Third Party Red Flags

28

Excessive commissions to agents or consultants

Unreasonably large discounts to distributors

Consulting agreements with only vaguely-described services

Consultant is in a different business than what he has been retained for

Third party is related to or closely associated with a foreign official

Third party becomes part of the transaction at the request or insistence of a foreign official

Third party is merely a shell company incorporated in an offshore jurisdiction

Third party requests payment to offshore bank accounts

Scenario 2MiracleDevices, is a U.S.-based company that produces medical devices used by individuals to monitor the state of various medical conditions. Its products generally acquire approval from FDA-equivalent agencies prior to sales in a given country. MiracleDevices decides to hire a consultant to assist it in getting its product registered in a Middle-Eastern country. As per standard procedure, MiracleDevices orders a Level 2 background report on the two proposed consultants.The report comes back and indicates that Consultant A has been operating in this business field for more than 15 years. The report includes favorable references from other medical device manufacturers. The report also indicates that the consultant is a cousin by marriage to some of the princes of the M-E country.The report on Consultant B indicates that they have been in the business field for less than 2 years. The report includes favorable references, but they are a little dated and for a prior line of business in a neighboring country. Consultant B has requested that payment for services provided be made to his account in this neighboring country.

29

Scenario 2 – Discussion

What red flags, if any, do you see with respect to Consultant A?• What steps could MiracleDevices take to further investigate these red flags?• What additional measures could MiracleDevices take to mitigate some of these

risks?

What red flags, if any, do you see with respect to Consultant B?• What steps could MiracleDevices take to further investigate these red flags?• What additional measures could MiracleDevices take to mitigate some of these

risks?

30

Escalation Protocols Companies should encourage employees and third parties to report any concerns, questions, or red flags

• This must include a mechanism for confidential reporting• Employees should not fear retaliation

Employees can be unsure whether an issue merits reporting to management or escalation to compliance or ABAC leads

• Management should be trained in identifying when problems should be escalated

• Employees should feel free to speak to persons other than their managers when in doubt

A system should be in place to conduct follow-up reports, and take remedial steps for concerns 31

Scenario 3Molly G works in ConsumerDream’s Illinois HQ, but one of her tasks is approving payment to logistics services providers moving goods between China and Malaysia. She notices that an invoice from Quickly Deliver for a shipment includes an expediting fee of $100 that she hasn’t seen before and isn’t on the rate sheet.Molly G decides to hold off on paying the invoice until she has an explanation. She emails Quickly Deliver to enquire. They tell her it was a mistake and issue a new invoice without that fee. She pays the new invoice.Six months later, the corporate audit department is auditing Quickly Deliver. It is on the audit plan because it has become the lead logistics provider in the past year due to its ability to more quickly clear its shipments and deliver to the factories. The audit team finds that Quickly Deliver has a substantial petty cash account for which they don’t require receipts. The audit team also finds that Quickly Deliver has a relationship with a customs consultant, but the services provided are not clearly defined.

32

Scenario 3 - Discussion

• First – go corporate audit!• Do you think that Molly G should have reported the suspicious

expediting fee to anyone? If so, who?• If Molly G had reported the fee, what steps should, or could, the

person receiving that report have taken to investigate?• What steps do you think ConsumerDream should take after

receiving the report from corporate audit?• Do you think the situation indicates that any additional training is

needed for third parties or employees? If so, what training do you recommend?

33

Questions?

34

Staci YablonPartnerLitigation

+1 212-294-4703 syablon@winston.com

Staci focuses her practice on white collar and internal investigations, FCPA, sanctions, and regulatory defense. An experienced investigator, she regularly handles matters for diverse clients including international banks and Fortune 500 companies.

Staci is a member of the firm’s White Collar, Regulatory Defense & Investigations Practice and her clients include financial institutions, public and private companies, corporate executives and other individuals in all aspects of white collar criminal and regulatory matters, government and internal investigations and complex commercial litigation. Her matters involve a wide range of issues including alleged violations of the Foreign Corrupt Practices Act (FCPA), economic and trade sanctions as well collusion/antitrust cases.

Staci regularly represents clients undergoing investigations conducted by the U.S. Securities and Exchange Commission, the United States Department of Justice, the Commodity Futures Trading Commission and the United States Department of Treasury, Office of Foreign Asset Control.

Staci also focuses her practice on compliance counseling, recommending enhancements to clients’ compliance programs to avoid government investigations or remediate after any such investigations. In addition, she regularly advises companies in regard to potential acquisitions, serving as the FCPA and sanctions/trade control expert for potential deals, assisting both in the diligence as well as the creation of new comprehensive compliance policies.

Staci regularly writes and publishes thought leadership on topics including compliance programs.

PracticeBanking LitigationCompliance ProgramsCorporate & FinanceFederal Tax ControversyFinancial ServicesFinancial Services Regulatory / ComplianceLitigationTaxWhite Collar, Regulatory Defense & Investigations

EducationUniversity of Pennsylvania, JD 2005

Bar AdmissionsNew York

Francesca GuerreroOf CounselCorporate

+1 202-282-5647fguerrero@winston.com

Francesca concentrates her practice on international trade and anti-bribery compliance and national security.

Francesca regularly counsels clients on compliance with export controls such as The International Traffic in Arms Regulations (ITAR) and the Export Administration Regulations (EAR), sanctions administered by the Office of Foreign Assets Control (OFAC) and other agencies, import regulations administered by Customs, including NAFTA, and anti-boycott compliance requirements. She assists clients in developing internal procedures and compliance manuals, as well as in applying for licenses and regulatory rulings. Her experience also includes conducting internal investigations and audits and assisting clients through the voluntary disclosure of violations.

She regularly advises clients on compliance with the U.S. Foreign Corrupt Practices Act (FCPA). Her experience includes: performing due diligence on agents, consultants, and distributors; advising clients regarding gifts and hospitalities; reviewing potential acquisitions and joint venture partners; and conducting internal investigations of potential FCPA violations and advising clients regarding voluntary disclosure.

Francesca also counsels clients regarding national security issues relevant to acquisitions of U.S. businesses by foreign acquirers. In particular, she advises clients on the Exon-Florio provisions and related filings before the Committee on Foreign Investment in the United States (CFIUS). She has represented both U.S. businesses and foreign acquirers before CFIUS.

Her experience includes advising clients on cross-border investments, joint-ventures, mergers and acquisitions, private equity transactions, overseas business registration and reporting requirements, and commercial transactions.

PracticeCompliance ProgramsMergers & AcquisitionsWhite Collar, Regulatory Defense & Investigations

EducationHarvard University, JD 2006

Bar AdmissionsVirginiaDistrict of Columbia