Banking on Risk - visualwebcaster.com · Banking on Risk: The New Realities ... to reward companies...
-
Upload
dinhkhuong -
Category
Documents
-
view
215 -
download
1
Transcript of Banking on Risk - visualwebcaster.com · Banking on Risk: The New Realities ... to reward companies...
1
Banking on Risk: The New Realities ofThe New Realities of Corruption in the Global Financial Services Environment
September 18, 2013
kpmg.com
Administrative
• CPE regulations require that online participants take part in online questions
- Must respond to a minimum of four questions per 50 minutes.
- Polling questions will appear on your media player
R lt ill b i d i th t ill b t k d b k t- Results will be reviewed in the aggregate; no responses will be tracked back to any individual or organization
- Do not view the presentation on slide show mode – polling questions will not appear
• To ask a question, use the “Ask A Question” icon on your media player
• Help Desk: 1-877-398-1471 or outside the United States at1-954-969-3342
© 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 207921
11
2
Welcome
With you today
Marikay CorcoranManaging Director
KPMG LLP
Raja ChatterjeeExecutive Director, Legal and Compliance,
Global Head of Anti-Corruption Morgan Stanley
© 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 207921
3
Andrew CurtinManaging Director
KPMG LLP
Greg AndresPartner
Davis Polk & Wardwell
3
Setting the context
KPMG’s 2011 Anti-bribery and Corruption Survey
Total respondents: 214 (United States and United Kingdom)
Top three anti-bribery and anti-corruption risk areas:
1 A diti thi d t li1. Auditing third-party compliance
2. Due diligence on foreign agents/third parties
3. Variations with regard to country requirements andlocal laws (e.g., facilitation payments)
© 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 207921
4
“Extensive preretention due diligence requirements pertaining to, as well as postretention oversight of, all agents and business partners, including the maintenance of complete due diligence records at the company …”
– FCPA Review Opinion Procedure Release No. 04-2 (July 12, 2004)
Regulatory update and framework
4
Enforcement trends
In 2012, reported new FCPA enforcement actions declined from previous years.
This may not represent an actual trend, however, as a number of actions may remain unreported. Companies would be well-advised to remain dedicated to structuring and implementing effective anti-bribery compliance programs.
40
No
. o
f E
nfo
rcem
ent
Ac
tio
ns
6 7
19
23
34 33
12 13
8
18
1012
15 15
1010
15
20
25
30
35
DOJ
SEC
© 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 207921
6
N
* Source: U.S. Department of Justice and Securities Exchange Commission Web sites.
46 7
35
0
5
2004 2005 2006 2007 2008 2009 2010 2011 2012
DOJ and SEC release resource guide to U.S. Foreign Corrupt Practices Act
The resource guide to FCPA was released in November 2012. It includes guidance related to:
Anti-bribery provisions
Accounting provisions
Oth l t d U S l h Other related U.S. laws, such as:
– Travel Act
– Money laundering
– Mail and wire fraud
– Certification and reporting violations
– Tax Violations
Guiding principles of enforcement (Discussed in depth on the following slide)
Penalties sanctions and remedies
© 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 207921
7
Penalties, sanctions, and remedies
Resolutions
Whistleblower provisions and protections
DOJ opinion procedure
5
Provides declinations example and issuing factors
Clarifies employees of “instrumentalities” can be deemed foreign officials if a government entity maintains a
DOJ/SEC joint guidance on FCPA enforcement
p y g g ymeaningful stake in the company‘s decision-making process
Identifies principles of corporate liability under FCPA including under accounting provisions andconspiracy or aiding and abetting theories, as well as obligations applicable to internal auditors
Provides insight on compliance programs, and highlights that a company should consider its risk profilewhen designing internal controls
Reminds companies that compliance programs should not be “check-the-box”
© 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 207921
8
Identifies some expenses provided to government officials that are unlikely to result in enforcementaction
Reinforces that the DOJ and SEC can and will prosecute commercial bribery underthe Travel Act
Declinations
Recent high-profile declinations suggest the government may be willing to reward companies for effective and robust compliance programsto reward companies for effective and robust compliance programs
SEC and DOJ announced declination in the Morgan Stanley matter, due in large part to Morgan Stanley’s robust compliance program. Please note, we discuss this in greater detail later in the presentation
Appears that companies can avoid prosecution by implementing compliance programs and undertaking internal reviews designed to detect violations
© 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 207921
9
6
CPE question #1
Please advise what type of company you are currently employed by?
A. Retail Banking
B. Corporate Banking
C I t t B kiC. Investment Banking
D.Broker Dealer
E. Asset Management
F. Private Equity
G.Hedge Fund
H.Money Service Business
I. Consulting Firm
J Law Firm
© 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 207921
10
J. Law Firm
K. Other
Recent cases
Some recent cases have highlighted the risks companies face when engaging third parties to carry out business in foreign countries:
– Morgan Stanley
Goldman Sachs– Goldman Sachs
– JPMorgan
– Omega Advisors
– Direct Access Partners
– Deutsche Bank
– Barclays
© 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 207921
11
7
Rising cost of FCPA investigations
Company Cost components Cost
AvonProfessional and related fees associated with a global FCPA investigation and compliance reviews
$339.7 million (since 2009)
N CLegal and professional fees related to allegations of bribery payments th t d t i ti ith it i f h $179 illiNews Corp. that emerged two years ago in connection with its now infamous phone hacking scandals
$179 million
WalmartProfessional fees and expenses related to its massive bribery and corruption scheme to win market share in Mexico in the early 2000s and for global investigations in Brazil, India, and China
$230 million
WeatherfordLegal and professional fees related to ongoing investigations of alleged bribery payments in Europe, participation in Iraq's oil-for-food program, and past operations in certain sanctioned countries
$125 million
© 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 207921
12
* Source: Compliance Weekly
ABC and financial services
8
Heightened enforcement – Financial services
More recently, financial services firms have come under increased scrutiny regarding FCPA enforcement:
Increased enforcement and “Industry Sweeps” such as the SEC’s FCPA probes of over 10 financial services entities launched last year, including the Aon and Allianz matters, will likely y , g , ybe a continuing trend.
Fines and penalties against organizations relating to FCPA violations have totaled more than $4 billion since 2007, in addition to the long prison sentences handed out to individuals.
115 of 3001 tips received by the commission’s Office of the Whistleblower (OWB), were FCPA-focused.
Considerations:
A key risk area in financial service centers on the use of agents to obtain or retain business. The proper identification and mitigation of such third-party intermediaries is of critical
© 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 207921
14
importance to demonstrating an effective compliance program and adequacy of procedures.
Conduct that may violate the FCPA may also violate multiple federal laws pertaining to money laundering, mail and wire fraud, The Travel Act, export controls, arms trafficking, conspiracy, and tax statutes and regulations.
Heightened global enforcement – Financial services – U.K. Bribery Laws
The U.K. Bribery Act came into effect on July 1, 2011, strengthening the existing U.K. bribery laws, including criminalizing private sector bribery. It also established a requirement for organizations to demonstrate that they have “adequate procedures” in place to mitigate bribery and corruption. The Act is extraterritorial and covers global operations of all institutions operating in the U.K. It includes unlimited fines and possible debarment sanctions in the EU for corporations and a prison sentence p p pof up to 10 years for individuals.
Last December, the Wall Street Journal, reported that the U.K. Financial Services Authority (FSA) (now the Financial Conduct Authority, or FCA) was set to embark on a thematic review focusing on bribery and corruption in the asset management industry, citing to a report by law firm Dechert LLP. The law firm says 22 asset managers have already been identified for review, with the regulator set to publish its report in the third quarter of 2013.
The U.K. FSA, and subsequently the FCA, have highlighted bribery and corruption as a key area of focus from a “systems and controls” perspective. This means that FCA regulated firms face potential civil and criminal risk for failure to build adequate anti-bribery and corruption programs. In 2010, the FSA, legacy organization to the FCA, imposed fines ranging from £5 million to £7 million following its 2010 review of bribery and corruption controls within insurance brokers
© 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 207921
15
following its 2010 review of bribery and corruption controls within insurance brokers.
The FSA and FCA have also undertaken a review of anti-bribery and corruption systems and controls in investment banks. The findings were published in March 2012. In sum, while the FSA/FCA acknowledged that considerable work had been undertaken to implement ABC programs, the majority of firms visited had more work to do, and some firms’ systems and controls fell short of regulatory requirements. As a result, the FSA/FCA is considering regulatory action against a number of firms.
9
CPE question #2
What is your current role/function?
A. Compliance Officer
B. Legal Department
C Ri k M tC.Risk Management
D.Operations
E. Internal Audit
F. External Consultant
G.Counsel
H.Other
© 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 207921
16
Risk assessment and compliance
10
Where are you on the anti-bribery & corruption compliance curve?
DOJ’s three basic questions:
1. Is the company’s compliance program well designed?
2. Is it being applied in good faith?
3. Does it work?
Is it being applied in good faith?
Proper oversight and accountability
Adequate training and supervision
Dedication of appropriate
Does it work?
Routine auditing of controls
Regular monitoring and assessment
Periodic testing
– A Resource Guide to the U.S. FCPA; p. 56
© 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 207921
18
Is the program well designed?
Based on a risk assessment
Including all essential elements
Dynamic and evolving as company and markets change
Tailored to address particular needs of the business
Customized to resonate with targeted employee population
resources
Anti-bribery and corruption compliance program elements
Compliance Oversight/Top Level Commitment
Board/Audit Committee
CEO & Leadership Team
Chief Compliance officer (CCO)
Line ManagementContinuous Improvement: Monitoring & Auditing
Periodic Risk Assessments
Identify principal existing and emerging risk areas
Identify business segments and employees most affected
Asses existing controls and opportunities for enhancement
Clearly Articulated Anti-Corruption Policy
Based on risk profile
Enterprise-wide applicability
Effectively communicated to all affected employees and business partners
Bolstered by appropriate internal controls
Training & Communications
Based on risk profile
Mandatory for all affected employees
Tailored to particular employee populations and needs of business
Periodic reminders
Enforcement & Remediation
Consistent and appropriate discipline
Enhancement of procedures and controls as warranted
g
Periodic re-evaluation of all aspects of program, including risk areas, controls, policies
Recalibrate risk profile and controls as needed
Enterprise-wide effort: Internal Audit, Compliance Group, Finance, Legal, Operations
Asses existing controls and opportunities for enhancement
© 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 207921
19
Retain records of training and attendance
Internal Reporting Channels
Hotline or other confidential reporting processes for employees to raise concerns or seek guidance.
24x7 availability
Procedures for anonymous reporting and protecting complainants from retaliation
Escalation & Investigation
Escalation protocols for instances of potential non-compliance, including reporting significant matters to CCO, Senior Management and Audit Committee.
Coordinate and implement appropriate investigative plan
Oversight/Follow up to confirm escalated matters properly & promptly addressed
Due Diligence & Internal Controls
Screening of third parties
Contractual protections
Financial controls
Legal approvals
11
CPE question #3
What aspects of an effective compliance program do you feel your program focuses most of its efforts around?
A. Risk Assessment
B Governance/OversightB. Governance/Oversight
C.Policies and Procedures
D.Training & Communications
E. Monitoring
F. Auditing
G.Due Diligence
H. Investigations
I. Litigation/Enforcement
© 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 207921
20
I. Litigation/Enforcement
Conducting an ABC/FCPA risk assessment
WHERE DO WE BEGIN???
Partnering amongst legal, compliance and internal audit with top-level management commitment and support
Risk assessment drives ABC/FCPA audit scope Risk assessment drives ABC/FCPA audit scope
– Industry and country specific ABC/FCPA risks
– Country corruption risk based on certain corruption perception indexes
– Degree of interaction and types of transactions with government officials, political parties, government, and state-owned or affiliated entities (SOEs)
– Corporate structure and compliance maturity
– Historic risks – Previous ABC/FCPA compliance exposures (internal or external reports of potential corruption risks)
© 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 207921
21
– Concentration of sales by geographic region
– Recent acquisitions
– Prioritize
12
Third-party intermediary management
TPI Population
Identification of Covered
TPI
Risk Ranking/S i
Due Diligence
Review Follow-up
Technology Enablement and Integration
Obtaining a complete population of third parties
Aggregation, normalization, and deduplication of data sets:
Vendor master files:
– Consultants, lobbyists, agents, brokers, customs vendors, etc.
Customer master files
Customer Master
Vendor Master
Broker Files
PopulationTPIs Scoring
Diligence
© 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 207921
22
Customer master files
Agent distributor listing:
– Broker files
– Distribution records
Joint venture agreements
Agent Listing
Distributor Listing
Layers of due diligence
Limited desktop public records review
KYC and CIP response
Sanctions and PEPs databases
Adverse reputational
Structured-data mapping and change alerting
High-Level sanctions and PEP reporting
(Limited public records review)
(Sh t F ) Corporate databases(Short Form)
Enhanced Due Diligence (KYC)
ABC Due Diligence
(Astrus or Similar)
Integrity Due Diligence
M&A
Comprehensive desktop public records
Detailed corporate filings and shareholder/owner structures
Court filings, regulatory investigation findings, etc.
Detailed multilingual media research, including local and specialist publications
Government contracting/relationships for entity and related parties
© 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 207921
23
M&A
Interviews
Investigations
Fieldwork
and related parties
Crafted source inquiries
Interviews with clients, competitors, government officials, etc.
Management/candidate assessments
Further investigation and clarification of issues identified
“Company X has bid successfully on a number
of ministry supply contracts. These tenders
have always been transparent and competitive.”Health Ministry
procurement official
“It’s common knowledge among my industry sources that the Health Minister has an undisclosed shareholding
interest in Company X. Of course, it’s not reflected in
the filings”Local investigative journalist
“My company uses Mr Z as a supplier. He often asks us to make payments in cash or by bearer cheque, but that’s just
the way business is done here.”Owner of local business
“We considered using Mr Z as a sales agent, but decided to go with someone else. It was
purely a commercial decision –we didn’t have any concerns
about Mr Z’s integrity. ”Manager, international pharma
company
“Mr Z claims to be a big player in the distribution sector, but since he fell out with his brother-in-law at the ministry his
business has struggled.”Local competitor
“Company X has bid successfully on a number
of ministry supply contracts. These tenders
have always been transparent and competitive.”Health Ministry
procurement official
“It’s common knowledge among my industry sources that the Health Minister has an undisclosed shareholding
interest in Company X. Of course, it’s not reflected in
the filings”Local investigative journalist
“My company uses Mr Z as a supplier. He often asks us to make payments in cash or by bearer cheque, but that’s just
the way business is done here.”Owner of local business
“We considered using Mr Z as a sales agent, but decided to go with someone else. It was
purely a commercial decision –we didn’t have any concerns
about Mr Z’s integrity. ”Manager, international pharma
company
“Mr Z claims to be a big player in the distribution sector, but since he fell out with his brother-in-law at the ministry his
business has struggled.”Local competitor
13
The role of data analytics
Policies developed under
Development and enforcement of
Effective compliance infrastructure with autonomy from management and resources to affect sound anti-bribery controls.
Anti-Bribery Governance
Policies Policies developed under the direction of the
compliance officer and committee.
Anti-bribery policies and Periodic activities to
enforcement of policies and procedures, including consistent application of sanctions.
Incident response plan and policies to investigate alleged bribery or corruption.
Ongoing assessment of
internal and external
anti-bribery risks.
Policies, Procedures, & Internal Control
Systems
Investigation
Enforcement, Remediation &
Disclosure
Risk Assessment & Due Diligence
Prevention
Detection
Response
© 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 207921
24
y pprocedures are
communicated to all affected employees and
business partners.
Periodic activities to assess employees and third-party compliance with anti-bribery obligations.
Mechanisms that allow for anonymous reporting of anti-
bribery issues or concerns.
Communication & Training
Reporting Channels
Auditing & Monitoring
ForesightInsightHindsight
Data analytics – Maturity continuum
Predictive
Strategic
IntegratedReal TimeDetection
Reactive
RetrospectiveData
Mining
Prospective
Predictive
Compliancedriven
Reactive Proactive
© 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 207921
25
Ad-hoc
More labor intensive, reliance upon testing and sampling; queries; formula-driven analysis.
Largely ad-hoc
Application of rules to detect known patterns of fraudulent activity and anomaly detection for unknown patterns; includes queries, drill downs, alerts
Repeatable into continuous
Management of known suspicious activities/ claimants/vendors
Continuous into sustainable
Identification of unusual trends, false claims and statistical anomalies
Sustainable
Pattern recognition and prospective management, machine learning and neural networks
14
Procure to pay dashboard – Vendor summary view
© 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 207921
26
Expense reimbursements dashboard – Transaction review
© 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 207921
27
15
CPE question #4
Where along the data analytics continuum would you consider your current capabilities in relation to ABC compliance risk assessment and monitoring?
A. No data analytics performed
B ReactiveB. Reactive
C.Retrospective
D.Prospective
E. Predictive
F. Integrated real-time detection
G.Not applicable
© 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 207921
28
Morgan Stanley and Garth Peterson “Rogue Employee”
16
Case study: Morgan Stanley Overview of declination
Public Declination of Company & Charging of Employee
In April 2012, the DOJ and SEC publicly announced their decision not to charge Morgan Stanley. Former Morgan Stanley executive Garth Peterson was charged with FCPA violations.
First Ever Publically Announced DeclinationFirst Ever Publically Announced Declination
The decision not to charge Morgan Stanley was the first-ever publicly announced decision not to prosecute a company after an FCPA investigation.
Morgan Stanley Compliance Program
In its charging decision and press release, the DOJ specifically cited as relevant Morgan Stanley’s robust anti-corruption compliance program and its cooperation in the investigation.
© 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 207921
30
Case study: Morgan Stanley Model compliance features specifically cited by DOJ
Training
Dedicated compliance officers & anti-corruption specialists
Anti-corruption/FCPA notices and reminders
A l tifi ti Annual certifications
Payment approval process
Transactional due diligence efforts
© 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 207921
31
* Morgan Stanley documented these policies and efforts.
17
Case study: Morgan Stanley Training
Varied Programs: “Morgan Stanley’s FCPA compliance program included live training presentations, Web-based training, and additional FCPA reminders.”
Frequent Training: Between 2000 and 2008, no fewer than 54 trainings were held for various groups of Asia-based employees on anti-corruption policies and the FCPA.g p p y p p
© 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 207921
32
Case study: Morgan Stanley Enhanced training
February – March 2009: Conducted FCPA training in late February/early March 2009 in various cities including Shanghai, Hong Kong, Singapore, Beijing, Hangzhou, Shenzhen, and New York.
March 2009: “Tone from the Top” memoranda from Senior Management emphasizing p g p gcommitment to anti-corruption policies and procedures.
October 2009: Conducted targeted follow-up FCPA training in October 2009, including live, half-day, “deep dive” training in Shanghai for all China Real Estate employees.
© 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 207921
33
18
Case study: Morgan Stanley Dedicated compliance officers & anti-corruption specialists
Compliance Personnel: “Between 2002 and 2008, Morgan Stanley employed over 500 dedicated compliance officers.”
Reporting: “Compliance Department had direct lines to Morgan Stanley’s Board of Directors and reported through the Chief Legal Officer to the Chief Executive Officer and other senior p g gmanagement committees.”
Specialists: Employed dedicated anti-corruption specialists responsible for policies and procedures, training, and coordinating with business units, among other functions.
Regional Officers: Employed “regional compliance officers who specialized in particular regions . . . to evaluate region specific risks.”
© 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 207921
34
Case study: Morgan Stanley Annual certifications
Code of Conduct
“Morgan Stanley required each of its employees to certify adherence to [the company’s] Code of Conduct.”
Annual CertificationAnnual Certification
Beginning in 2006, all employees were required to annually certify that they had read and understood the Code of Conduct.
100% Compliance
The Compliance Department ensured 100% compliance with the certification requirement.
© 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 207921
35
* Morgan Stanley documented these policies and efforts.
19
Case study: Morgan Stanley Payment approval process
“Morgan Stanley also maintained a substantial system of controls to detect and prevent improper payments.”
Multiple Levels of Review: Payments above certain amounts required several levels of approval by multiple employees.pp y p p y
© 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 207921
36
Case study: Morgan Stanley Transactional due diligence efforts
Morgan Stanley maintained “established due diligence practices,” which included, as appropriate:
Reviewing foreign public records;
Speaking with sources familiar with the industry; Speaking with sources familiar with the industry;
Checking third-party’s references;
Site visit to third-party’s office;
Searching media sources re: third-party; and
Running background on third-parties and their principals.
© 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 207921
37
20
Case study: Morgan Stanley Transactional due diligence efforts (continued)
Investigation, Cooperation and Advocacy: Morgan Stanley’s cooperation, together with its fulsome self-disclosure, pre-existing compliance program and various enhancements, positioned the firm to advocate for, and ultimately earn a declination.
Compliance Program in Place that Is Alive and Breathing: Morgan Stanley’s existing p g g g y gcompliance program evolved and responded to the issues uncovered, demonstrating that it was alive and not a “paper program.”
Document Training Efforts: Documentation is an internal metric of your program and becomes important evidence to provide to the government. Here, evidence that the rogue employee was trained and aware of the FCPA allowed Morgan Stanley to ultimately establish that he was engaged in self-dealing.
Value of Immediate Compliance Review: The time between identification of a violation and final negotiations with the government is often significant and must be used to repair and enhance a company’s compliance program; doing so can dramatically alter the ultimate
© 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 207921
38
enhance a company s compliance program; doing so can dramatically alter the ultimate resolution.
CPE question #5
Which one area of your compliance program would you like to invest further in:
A. Understanding global ABC regulatory requirements
B. Assessing risks
C P li i d dC.Policies and procedures
D.Due Diligence on third-party intermediaries
E. Data analytics for risk assessment
F. Data analytics for transaction monitoring
G.Data analytics for vendor oversight
H.Training and communications
I. Auditing
J Staffing/resourcing
© 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 207921
39
J. Staffing/resourcing
22
Third-Party Intermediaries (TPIs)
H d d fi TPI i i ti ?
“73 percent of respondents found performing effective due diligence on foreign TPIs challenging or very challenging.”
KPMG Anti-Bribery and Corruption Survey 2011
How do you define a TPI in your organization?
How do you identify which TPIs should be included in due diligence procedures?
How do you determine the relative risk of each TPI?
How do you determine what level of due diligence to perform on each TPI?
How do you implement a comprehensive TPI management process?
© 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 207921
42
Regulatory definitions
“…any officer, director, employee, or agent…”
§ 78dd-1 (a) Foreign Corrupt Practices Act
“The FCPA prohibits corrupt payments through intermediaries. It is unlawful to make a payment to a third party, while knowing that all or a portion of the payment will go directly or indirectly to a foreign official. The term “knowing includes conscious disregard and deliberate ignorance.”
The laypersons guide to the FCPA, U.S. Department of Justice
© 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 207921
43
“A relevant commercial organisation (“C”) is guilty of an offence under this section if a person (“A”) associated with C bribes another person…”
“…a person (“A”) is associated with C if (disregarding any bribe under consideration) A is a person who performs services for or on behalf of C.”
Sections 7(1) and 8(1) Bribery Act 2010
23
Potential TPI’s
Purchasing Agents
Regulatory Affairs
Consultants
Travel and Expense
Lawyers
Accountants
Distributors
Resellers
Wholesalers
Freight Forwarders Customs
Agents
Product Registration
Agents
Health & Safety
Consultants PromotionalConsultants
ExpenseVendors
Joint Venture Partners
Accountants
Consultants
© 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 207921
44
Sales Agents
Brokers
ShippersLicensees
Consultants Partners
Charities Political
Better model for TPI management
TPI Population
Identification of Covered
TPI
Risk Ranking/S i
Due Diligence
Review Follow-up
Technology Enablement and Integration
Obtaining a complete population of third parties
Aggregation, normalization, and deduplication of data sets:
Vendor master files:
– Consultants, lobbyists, agents, brokers, customs vendors, etc.
Customer master files:
Customer Master
Vendor Master
Broker Files
PopulationTPIs Scoring
Diligence
© 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 207921
45
Customer master files:
– Distributors, resellers, etc.
Agent distributor listing:
Broker files
Distribution records
Joint venture agreements
Agent Listing
Distributor Listing
24
Better model for TPI management (continued)
TPI Population
Identification of Covered
TPI
Risk Ranking/S i
Due Diligence
Review Follow-up
Technology Enablement and Integration
Agents
Suppliers
Customers
Use of data analytics to define population of covered TPIs
Application of risk criteria:
Vendor service code
Vendor industry category
Name
Expense category
Application of Filters and Grouping:
B i it ibilit
PopulationTPIs Scoring
Diligence
© 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 207921
46
Covered TPIs
Business unit responsibility
Geographic
Better model for TPI management (continued)
TPI Population
Identification of Covered
TPI
Risk Ranking/S i
Due Diligence
Review Follow-up
Technology Enablement and Integration
Risk Ranking and/or Scoring
Risks are specific to each client and are agreed in advance with management and legal
Approach is tailored to client based on responses from management and operations
Maximizes compliance resources by focusing on higher risk TPIs
Structured, documented and capable of being articulated in compliance program
Medium priority/risk
Lo priorit
High priority/risk
PopulationTPIs Scoring
Diligence
© 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 207921
47
Low priority
Low priority/low risk
25
Better model for TPI management (continued)
TPI Population
Identification of Covered
TPI
Risk Ranking/S i
Due Diligence
Review Follow-up
Technology Enablement and Integration
Questionnaire-based information request and limited
Due Diligence Reports – Astrus
Advanced Enquiries and Investigation
PopulationTPIs Scoring
Diligence
Medium priority/risk
Lo priorit
High priority/risk
© 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 207921
48
Structured approach to large number of lower risk TPIs
Quest o a e based o at o equest a d tedpublic records verification
Low priority
Low priority/low risk
Better model for TPI management (continued)
TPI Population
Identification of Covered
TPI
Risk Ranking/S i
Due Diligence
Review Follow-up
Technology Enablement and Integration
Review of compliance information can be facilitated by:
Simple and clear report
Single aggregated report
Central Repository for Due Diligence Information and Follow-up
System for retaining current and historic due diligence information
The information collected as part of the TPI management process can be used for:
Compliance decisions
Business decisions
Vendor management
Exclusion/debarment of certain vendors.
PopulationTPIs Scoring
Diligence
© 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 207921
49
Disseminated and available to decision makers, compliance, and legal
Audit trail of requests, responses, and follow-up
26
FCPA technology elements
Extract global TPI list – i.e., ERP or Procurement systems Import and analyze data source (s) Identify Third Party Intermediaries (TPIs) categories in scope
for due diligence Identify and extract full population of Third Party Intermediaries
(TPIs) in scope
TPI Scope ManagementCategories of TPI
FCPA Technology
Elements
Initiate Due Diligence process for individual TPIs and conduct qualitative and quantitative analysis: Business Justification, TPI Questionnaire, FMV Assessment
Identify red flags and TPI risk rating – triggers escalation and additional reviews
Determine necessity of corporate intelligence reports. Retain TPI for on-boarding or Not-Retain TPI and capture
assessment data.
Risk & Due Diligence Management
Capture training data and confirmation of completion Capture contract related information – i.e., contract type,
contract start and end dates, contract reference code (s) Build business rules for notification of contract expiration or
renewal
Training & Contract Management
(TPIs) in scope
© 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 207921
50
Generate reports to capture TPI status: Retained, Not Retained, In Progress, etc…
Break-out reports by Region, TPI Category, etc… Generate reports for TPIs that are due for renewal Build dashboards to provide real-time data on TPIs, and
accommodate various user roles: business sponsors, regional, compliance officer, regional business & compliance
Reporting Management
Integrate with enterprise systems and applications for downstream or upstream data requirements – – i.e., ERP or Procurement systems
Integrate with third party vendors to capture background check data – i.e., WorldCheck, D&B
TPI Scope Enterprise Integration
© 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 207921
The KPMG name, logo and “cutting through complexity” are registered trademarks or trademarks of KPMG International.