Managing Third- party Anti-bribery, Corruption Risks and ... · KPMG's 2011 Anti-bribery and...
Transcript of Managing Third- party Anti-bribery, Corruption Risks and ... · KPMG's 2011 Anti-bribery and...
1
KPMG Global Energy Institute
Managing Third-party Anti-bribery, Corruption Risks and Investigations in the Energy Sector
© 2013 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved.
0
February 14, 2013
Disclaimer
The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received orguarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the particular situation. Comments in this document and the related presentation are not intended, nor should they be interpreted to be, legal advice or opinion.
© 2013 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved.
1
2
Welcome
Mike Schwartz
Advisory Partner
KPMG LLP (U.S.)
Administrative
CPE regulations require online participants take part in online questions.
You must respond to four questions per hour.
Questions will appear on your media player.
Results are reviewed in the aggregate; no responses will be tracked back to any individual or organization.
Do not view the presentation in slide show mode; polling questions will not appear.
To ask a question, use the “Ask a Question” icon on your media player.
© 2013 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved.
3
Help Desk: 1-877-398-1471 or outside the United States at 1-954-969-3342
3
Today’s agenda
Questions and answers4
Recent enforcement actions and lessons learned regarding TPI management
2
Identifying and managing TPI risk3
Recent DOJ/SEC FCPA guidance1
© 2013 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved.
4
Presenters
Mike Schwartz
Principal, Advisory Servicesp , y
KPMG LLP (U.S.)
Brent McDaniel
Director, Advisory Services
KPMG LLP (U.S.)
J h R t liff
© 2013 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved.
5
John Ratcliffe
Partner
Ashcroft Law Firm, LLC
4
Recent DOJ/SEC FCPA guidanceRecent DOJ/SEC FCPA guidanceJohn Ratcliffe
PartnerAshcroft Law Firm, LLC
Attorney Client Privileged ‐‐ Confidential Information
Recent FCPA Guidance Issued on November 14, Recent FCPA Guidance Issued on November 14, 2012 2012 DOJ and SEC jointly issue 120 page “Resource Guide”
Basic Overview
Guidance does include:
Compilation of examples from actual enforcement cases, hypotheticals and commentary on existing positions and interpretation including:
Definition of “foreign official”
Successor Liability
Enumerates 10 “Hallmarks of Effective FCPA Program”
Declinations
Guidance does not:
Provide anything “new”, no new interpretations of FCPA provisions or defenses
Still ambiguous benefit or credit from self‐disclosure
Debate regarding unsettled and untested interpretations of law to continue
Attorney Client Privileged ‐‐ Confidential Information
5
2 of the 10 Hallmarks of Effective Compliance Apply to Third Parties
Targeted Risk Assessment
“DOJ & SEC will give meaningful credit to a company that implements in good faith a comprehensive, risk based compliance program, even if that program does not prevent an infraction in a low risk area because greater resources have been given to a higher risk area ”
Guidance on Third Party LiabilityGuidance on Third Party Liability
infraction in a low risk area because greater resources have been given to a higher risk area.
Underscores “Risk Based”, not “One‐Size Fits All”
Risk‐Based Due Diligence and Ongoing Monitoring of Third Parties
“Performing identical due diligence on all third party agents, irrespective of risk factors, is often counterproductive, diverting attention and resources away from those third parties that pose the most significant risks.”
U d d h lifi i d i i f i hi d Understand the qualifications and associations of its third party partners including its business reputation, and relationship
Have an understanding of the business rationale for including the third party in the transaction
Undertake some form of ongoing monitoring of third‐party relationships
Attorney Client Privileged ‐‐ Confidential Information
DOJ and SEC reinforce that these common “red flags” will serve as the basis
for the knowledge requirement for FCPA liability for third party acts:
Excessive commissions to third party agents or consultants;
Guidance Reiterates “Constructive” Knowledge Guidance Reiterates “Constructive” Knowledge of Red Flagsof Red Flags
Excessive commissions to third‐party agents or consultants;
Unreasonably large discounts to third‐party distributors;
Third‐party “consulting agreements” that include only vaguely described services;
The third‐party consultant is in different line of business than that for which it has been engaged;
The third‐party is related to or closely associated with the foreign official;
The third‐party became part of the transaction at the express request or insistence of the foreign official;
The third‐party is merely a shell company incorporated in an offshore jurisdiction; and
The third‐party requests payment to offshore bank accounts.
Bottom line: Still no “head in the sand” defense
Attorney Client Privileged ‐‐ Confidential Information
6
Recent enforcement actions and Recent enforcement actions and l l d di TPIl l d di TPIlessons learned regarding TPI lessons learned regarding TPI
managementmanagement
John RatcliffePartner
Ashcroft Law Firm, LLC
Attorney Client Privileged ‐‐ Confidential Information
U.S. v. Bourke: Business Partner (“Pirate of Prague”)
United Industrial Corp.: Agent (retired Egyptian Air Force general)
Alcatel‐Lucent: Consultant
Maxwell Technologies: Chinese agent
Recent enforcement actionsRecent enforcement actions
InVision Technologies, Inc.: Distributor
Data Systems & Solutions LLC: Subcontractor
Tyco Valves & Controls: Local sponsor
Attorney Client Privileged ‐‐ Confidential Information
7
Lessons LearnedLessons Learned
Lesson 1
No matter the sales model…
Employee based sales force
Distributor models with discounts Distributor models with discounts
Commission based agents
…there is a bribery scheme that places you at risk
Lesson 2
You get three bites at Third Party Liability
Prevent it
Attorney Client Privileged ‐‐ Confidential Information
Detect it
Remedy it
Knowledge check #1
How does your organization identify local representatives in overseas markets:
A Word of mouth from others in the market
B Recommendations from third parties
C
D
Independent research
All of the above
© 2013 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved.
13
8
Id tif i d iIdentifying and managing TPI riskBrent McDaniel
Director
KPMG LLP (U.S.)
Setting the context
KPMG's 2011 Anti-bribery and Corruption Survey
Total respondents: 214 (United States and United Kingdom
Top three anti-bribery and anti-corruption risk areas:
1. Auditing third-party compliance
2. Due diligence on foreign agents/third parties
3. Variations with regard to country requirements and local laws (e.g., facilitation payments)
© 2013 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved.
15
“Extensive preretention due diligence requirements pertaining to, as well as postretention oversight of, all agents and business partners, including the maintenance of complete due diligence records at the company …”
– FCPA Review Opinion Procedure Release No. 04-2 (July 12, 2004)
9
Setting the context
“73 percent of respondents found performing effective due diligence on foreign TPIs challenging or very challenging.”
KPMG Anti-Bribery and Corruption Survey 2011
How do you define a TPI in your organization?
How do you identify which TPIs should be included in due diligence procedures?
How do you determine the relative risk of each TPI?
How do you determine what level of due diligence to perform on each TPI?
How do you implement a comprehensive TPI management process?
© 2013 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved.
16
Knowledge check #2
During which stage does your organization perform risk assessments on third-party intermediaries in the normal course of business?
A Proactive M&A due diligence
B Retrospectively (e.g., after on-boarding a third party;, a joint venture/business partner)
C Occasionally as required (e.g., when areas of concern or certain risks come to light )
D Almost never
© 2013 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved.
17
10
What is a TPI?
Regulatory definitions
“…any officer, director, employee, or agent…”
§ 78dd-1 (a) Foreign Corrupt Practices Act
“The FCPA prohibits corrupt payments through intermediaries. It is unlawful to make a payment to a third party, while knowing that all or a portion of the payment will go directly or indirectly to a foreign official. The term ‘knowing’ includes conscious disregard and deliberate ignorance.”
The laypersons guide to the FCPA, U.S. Department of Justice
© 2013 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved.
19
“A relevant commercial organisation (“C”) is guilty of an offence under this section if a person (“A”) associated with C bribes another person…”
“…a person (“A”) is associated with C if (disregarding any bribe under consideration) A is a person who performs services for or on behalf of C.”
Sections 7(1) and 8(1) Bribery Act 2010
11
Broad range of potential TPIs
Purchasing Agents
Regulatory Affairs
ConsultantsTravel and Joint Local
Distributors
Resellers WholesalersFreight
ForwardersCustoms Agents
Lobbyists
Product Registration
Agents
Health & Safety
ExpenseVendors
Venture Partners
Local Sponsors
Landlords
© 2013 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved.
20
Sales Agents
Brokers
Shippers
Licensees
yConsultants
PromotionalConsultants
Better model for third-party management – Identification
TPI Population
Identification of Covered
TPI
Risk Ranking/S i
Due Diligence
Review Follow-up
Technology Enablement and Integration
Obtaining a complete population of third parties
Aggregation, normalization, and de-duplication of data sets:
Vendor master files:
– Consultants, lobbyists, agents, brokers, customs vendors, etc.
Customer master files:
– Distributors, resellers, etc.
Agent/distributor listing
B k fil
Customer Master
Vendor Master
Broker Files
PopulationTPIs Scoring
Diligence
© 2013 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved.
21
Broker files
Distribution records
Joint venture and local sponsorship agreements
Lease agreementsAgent Listing
Distributor Listing
12
Better model for third-party management – Identification (continued)
TPI Population
Identification of Covered
TPI
Risk Ranking/S i
Due Diligence
Review Follow-up
Technology Enablement and Integration
Agents
Suppliers
Customers
PopulationTPIs Scoring
Diligence
Use of data analytics to define population of covered TPIs
Application of risk criteria:
Vendor service code
Vendor industry category
Name
Expense category
Application of Filters and Grouping:
B i it ibilit
© 2013 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved.
22
Covered TPIs
Business unit responsibility
Geographic
Knowledge check #3
Does your organization have a customized definition of a TPI?
A Yes, the definition is based on our business and operational understanding of the services our vendors provide to us.
B Yes, the definition was provided by external counsel/consultant.
C No, there is no definition but we historically do include certain types of vendor in our due diligence program.
D No, we do not have a customized definition.
© 2013 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved.
23
13
Risk ranking and due diligence of covered TPIs
Better model for third-party management – Risk ranking and due diligence
TPI Population
Identification of Covered
TPI
Risk Ranking/S i
Due Diligence
Review Follow-up
Technology Enablement and Integration
PopulationTPIs Scoring
Diligence
Risk Ranking and/or Scoring
Risks are specific to each client and are agreed in advance with management and legal
Approach is tailored to client based on responses from management and operations
Maximizes compliance resources by focusing on higher risk TPIs
Structured, documented and capable of being articulated in compliance program
Medium Priority/Risk
Low Priority
High Priority/Risk
© 2013 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved.
25
Low Priority
Low Priority/Low Risk
14
Better model for third-party management
TPI Population
Identification of Covered
TPI
Risk Ranking/S i
Due Diligence
Review Follow-up
Technology Enablement and Integration
Review of compliance information can be facilitated by:
Simple and clear report
Single aggregated report
Central Repository for Due Diligence Information and Follow-up
System for retaining current and historic due diligence information
The information collected as part of the TPI management process can be used for:
Compliance decisions
Business decisions
Vendor management
Exclusion/debarment of certain vendors.
PopulationTPIs Scoring
Diligence
© 2013 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved.
26
diligence information
Disseminated and available to decision makers, compliance, and legal
Audit trail of requests, responses, and follow-up
Knowledge check #4
What is your typical time frame to assess your service providers, business partners, and other third-party intermediaries?
A One week to 10 days.
B More than two weeks.
C Up to a month or longer.
D We have no uniform time frame.
© 2013 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved.
27
15
Technology enablement of TPI management
Better model for third-party management
TPI Population
Identification of Covered
TPI
Risk Ranking/S i
Due Diligence
Review Follow-up
Technology Enablement and Integration
Due Diligence tools enable the automation of the management, measurement, remediation and reporting of FCPA controls and risks in accordance with regulations, policies, and business decisions:
Automate FCPA processes, business rules, and controls
Identify and assess TPI risks
Manage Red Flag triggers and resolutions
Enables end-to-end visibility through real-time reporting and configurable dashboard capabilities
Facilitates central storage of TPI questionnaires, Corporate Intelligence Reports, Contracts, Significant C d t
PopulationTPIs Scoring
Diligence
© 2013 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved.
29
Correspondence, etc.
Enable role-based actions, notifications, and dashboards
Integrate to procurement, training, and third-party databases (D&B, WorldCheck, etc…)
Support audit activities based on identified areas of risk
Facilitates TPI research on historical data
Enables annual or configured periodic Due Diligence renewals
16
FCPA technology elements
Extract global TPI list – i.e. ERP or Procurement systems Import and analyze data source (s) Identify Third Party Intermediaries (TPIs) categories in
scope for due diligence Identify and extract full population of TPIs in scope
TPI Scope ManagementCategories of TPI
FCPA Technology Elements
Initiate Due Diligence process for individual TPIs and conduct qualitative and quantitative analysis: Business Justification, TPI Questionnaire, FMV Assessment
Identify red flags and TPI risk rating – triggers escalation and additional reviews
Determine necessity of corporate intelligence reports. Retain TPI for on-boarding or Not-Retain TPI and capture
assessment data.
Risk & Due Diligence Management
Capture training data and confirmation of completion
Capture contract related information – i.e. contract type, contract start and end dates, contract reference code (s)
Build business rules for notification of contract expiration or renewal
Training & Contract Management
© 2013 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved.
30
Generate reports to capture TPI status: Retained, Not Retained, In Progress, etc…
Break-out reports by Region, TPI Category, etc… Generate reports for TPIs that are due for renewal Build dashboards to provide real-time data on TPIs, and
accommodate various user roles: business sponsors, regional, compliance officer, regional business & compliance
Reporting Management
Integrate with enterprise systems and applications for downstream or upstream data requirements – – i.e. ERP or Procurement systems
Integrate with third party vendors to capture background check data – i.e. WorldCheck, D&B
TPI Scope Enterprise Integration
Business Representative (BR) logins into TPI DD
Tool
TPI due diligence process – Sample workflow
BR Initiates New DD Process
TPI completes DD Questionnaire
BR completes DD Questionnaire
Manage Contract and DD Training
1. TPI Qualification Process
The TPI qualification process is tracked and managed within the TPI DD tool.
Identifies and Reviews Red Flags
Regional Business and Compliance Leader Reviews
Red Flags
Route Red Flags for Corporate Intelligence Risk
Assessment
Final Report Review, Approve/Deny TPI
On boarding
DD Survey may include the following sections:
Business justification
FMV assessments
Government connections
Selection criteria
Sub-TPI due diligence
Background check
Annual certification
Renewal – 3 years
Etc.
© 2013 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved.
31
2. TPI Profile Review – Red Flag ID
Red Flag criteria/scoring rules are designated within the TPI DD tool, and are automatically flagged to the Compliance Officer and Regional and Compliance Leaders.
3. TPI Risk Assessment
Request is triggered to conduct corporate intelligence gathering to validate self-reported info and assist with assessment of red flags.
4. TPI DD Resolution
Acceptance or Denial of TPIon-boarding.
gRed Flags Assessment On-boarding
17
Knowledge check #5
What is your organization’s biggest challenge regarding third-party intermediaries?
A Identifying the total population of third-party intermediaries
B Determining which third-party intermediaries should undergo some level of due diligence
C Assessing the relative risk of each third-party intermediary
D Determining the appropriate level of due diligence for each third-party intermediary
© 2013 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved.
32
Questions and answers
© 2013 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved.
33
18
Contact us
Name E-Mail Phone
Mike Schwartz [email protected] 713-319- 2258
Brent McDaniel [email protected] 713-319-2313
John Ratcliffe [email protected] 214-871-2244
© 2013 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved.
34
Closing remarks
Thank you for joining us.
Please send any questions to [email protected].
For more information,
visit the KPMG Global Energy Institute at www.kpmgglobalenergyinstitute.com.
Save the date!
2013 KPMG Global Energy Conference, May 22 – 23, 2013 in Houston, TX
www.kpmgglobalenergyconference.com
© 2013 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved.
35