The recent “Latin America Compliance Congress for Life Sciences” and “Global Anti-Corruption and FCPA Compliance Congress” were co-located and held simultaneously, which was a complimentary combination given the related subject matter.
Many sessions were held together as bribery and corruption, particularly with regards to third party engagements, are among the chief compliance issues in Latin America. Given that, the conferences shared some of the same themes, including the headwinds that make anti-bribery and anti-corruption (ABAC) compliance challenging in Latin America, the tailwinds that make third party engagements susceptible to bribery and corruption, and the importance of having a robust and tailored third party and distributor management program as well as continuous risk-based auditing and monitoring of third parties.
Discussions and debates about the new Trump Administration permeated the conference. In fact, President Trump and the DOJ were front and center during a panel composed of former prosecutors. This session included a lively debate and discussion about how the Trump administration will handle the FCPA. Some postulated that FCPA enforcement will remain strong as there is sufficient bureaucratic inertia in the DOJ behind the FCPA. Additionally, because FCPA settlements are a financial windfall for the U.S. government, there is little reason to believe that the Trump administration would want to give up this steady revenue stream. On the other hand, some panelists believed that the Trump administration will decrease FCPA enforcement – particularly in light of his 2012 comment that the FCPA is a “horrible law and it should be changed” and that it puts U.S. business at a “huge disadvantage.” If the Trump administration takes the backseat on regulatory enforcement, companies have less of an incentive to arm themselves with robust compliance programs. Regardless, all panelists and attendees concluded that amid this instability, the overall risk landscape – taking into account enforcement activity and the cost of complying/not complying with regulations and laws such as the FCPA – has certainly changed.
Contrary to these unknowns in U.S. politics, there is a clear global trend of increased ABAC legislation and enforcement – as was echoed throughout the conference. Some of the catalysts for more robust ABAC regimes globally include:
- The revenue stream from ABAC enforcement actions and settlements,
- Increased global cooperation among regulatory authorities,
- Pressure from the OECD to have stronger ABAC regulations,
- Increased transparency into bribery and corruption scandals globally, and
- The consequent public demand for more robust legislation and enforcement.
Most of the discussion related to new legislative trends focused on Latin America – from Brazil and Columbia to Mexico and Guatemala, all of which have recently enacted ABAC regulatory changes. In fact, some aspects of these changes are even more robust than those in the U.S. and the UK, and seem akin to new and more restrictive ABAC laws in France. For example, Brazil’s compliance guidance to the Clean Company Act, which offers guidance on how companies ought to structure compliance programs in accordance with the law, is more detailed and prescriptive than the FCPA guidance, and may require closer attention from companies that have Brazilian operations. Brazil’s guidance further recommends that all employees receive ABAC-related compliance training. Additionally, the guidance, if read literally, recommends that companies initiate internal investigations upon learning of any evidence of wrongdoing. So even if the U.S. should become more dove-ish in their enforcement of the FCPA, other countries around the world – with the support of the OECD and the UN – are making bribery and corruption very risky business. Thus, while a company’s risk calculus for U.S. enforcement of the FCPA may have changed, the need for robust ABAC compliance programs remains a necessity.
One of the highlights of the conference was a candid discussion with Richard Bistrong, a former FCPA violator and US/UK cooperator and Gary Giampetruzzi, a Partner at the law firm Paul Hastings. Among the topics discussed was the importance of salesforce incentive planning and forecasting. Like prescription medicine, all incentive schemes frequently have side effects and unintended consequences, such as encouraging sales representatives to engage in bribery to meet sales targets. The incentive plans established by Wells Fargo that resulted in thousands of fraudulent new accounts is an example of such an incentive scheme with negative side effects. This analogy demonstrates that a company’s pay and incentive structure is truly a risk decision and warrants careful consideration and risk analysis. Mr. Bistrong also highlighted the importance of involving business leaders who have P&L responsibility in trainings and conversations with those employees who will be on the front lines in corrupt markets. Infusing a shared compliance voice from business leaders who have direct knowledge of the bribery and corruption risks that their employees will be facing will help these employees understand the risks before they are in the middle of a situation, as well as provide tools to deal with the challenges they will be facing.
Additionally, best practices for a third party due diligence and ongoing risk management program were topics that pervaded many sessions. Presenters discussed the foundational elements of these programs, including the support and buy-in from senior executives as this will cascade to the business divisions that ultimately own the relationships with the third parties. In general, a third party management program consists of five stages:
- Identification of a third party (including the business justification, statement of work, compensation structure, etc.),
- Initial screening and risk score calculation (low, moderate, high) to develop a due diligence plan,
- Risk-based due diligence based on third party’s score and due diligence plan (from step 2),
- Ongoing auditing and monitoring (risk-based), and
- Development of an exit strategy, as needed.
Moreover, having a solid governance structure including clear lines of review and approval, as well as structured policies and SOPs, lays the foundation for an effective program. A well-defined governance structure will also create accountability, transparency and efficiency which are frequently lacking in third party management due to the diffused responsibility among various stakeholders (compliance, finance, business, etc.). Other topics related to third party due diligence and management included best practices for contracting with third parties, internal roles and responsibilities within a third party oversight program (compliance, legal, finance and business departments), employee training on the program and implications of not implementing a third party oversight program.
More generally, a reoccurring theme throughout the conference was the importance of tailoring ABAC-related compliance programs – including policies, SOPs and guidelines – to a company’s stage of development and growth strategies. In the case of third party relationship management, implementation of a program must be specific to the risk profile of each third party. Lastly, nearly every session highlighted the importance of training and educating business departments about ABAC and third party risks. The better compliance professionals can articulate the ABAC risks in a relatable and realistic manner, the more likely business lines will understand the risks and will want to partner with compliance. Moreover, in the face of shrinking compliance budgets and personnel, partnering with the business lines is a strategic tactic to reduce the company’s risk exposure, build trust with the business lines and stretch tight resources.