Bribery in your organization? Can you picture any one of your employees saying “all my competitors are doing it, so I am forced to grease the wheels just to compete”, or “there is a small chance that my (corrupt) activities will be uncovered, and even if they are uncovered I may or may not be disciplined; but, if I miss my budget for three quarters I will definitely lose my job.”
Canada is not known for its enforcement of corruption laws. In fact, it is a haven for fraudsters specifically because our weak history of enforcement. However, this is changing and your only protection is a documented effort to reduce corruption. There is considerable international political pressure on Canada to make Anti-Corruption and Anti-Bribery a top enforcement priority. The OECD (here) Phase 3 “Report on the Application of the Convention on Combating Bribery of Foreign Public Officials” mentions “enforcement more generally of the Corruption of Foreign Public Officials Act (CFPOA) may be uncertain, due to significant concerns that remain about Canada’s framework for implementing the Convention.” The OECD has been critical of Canada and our legislation because it is limited to “real and substantial” link to Canada, our interpretation of OECD Convention has been too limited, our enforcement has been “too low to be effective, proportionate and dissuasive”, and we have not committed enough resources to the prosecution of cases. According to the report we are on a tight leash and obligated to provide multiple reports on our progress through 2013. Perhaps the best evidence of our future focus is the Niko Resources case (see previous blog post, here,) which came out shortly following this report.
The enforcers of anti-corruption in other countries have a lot of power, and they are willing to exert it. Recently, the US Department of Justice (DOJ) and the UK Serious Fraud Office (SFO) joined forces in the Aluminium Bahrain B.S.C. (Alba) and Alcoa case. (This case has a Canadian spin, but not on the enforcement side, it just happens that one of the individuals recently arrested in London England on corruption charges was a Canadian citizen.) The case originated as a civil suit in 2008 in the US where Alba accused Alcoa, here, of misappropriating “$2 billion in Alba’s payments under supply contracts passed from Bahrain to tiny companies in Singapore, Switzerland, and the Isle of Guernsey, and that some of the money was then used to bribe Bahraini officials involved in granting the contracts.” The DOJ had a stay of prosecution executed in the civil suit to give them time to purse FCPA options.
I am going to hazard a guess that the top stated priority and top action item for most Compliance Officers in Canada is not controlling corruption. If controlling corruption is not a top priority in your organization, then I doubt you are comfortable that you can quickly document a host of “Significant Measureable Metrics” for Anti-Bribery and Anti-Corruption activities. There is not a lot of guidance to Canadian Officers on the subject of CFPOA loss control, but that is where we can learn from our US, UK and Australian counterparts.
The DOJ provides extraordinary information on its anti-corruptions initiatives. This is a key priority for US companies, and there are many examples of loss control initiatives coming out of US companies and their third party service providers. Thomas Fox and Howard Sklar team up in a production called This Week in FCPA, and in one of their recent sessions concentrated on Tone at the Top. They suggest that this is a key issue in FCPA defense and settlement negotiations. Here are seven ideas for Corporate Compliance Officers:
- Have CEO author a letter and attach it to the Code of Conduct and send to every employee in every country and region stating that breaching this Code of Conduct will not be tolerated;
- Have CEO record a video message to be played at every compliance training session, stating that breaching the Code of Conduct will not be tolerated;
- Have CEO send a quarterly email to every direct report reminding them of the Code of Conduct and that she/he will hold them to that Code and she/he expects them to disseminate this same message to each of their direct reports,
- Put compliance metrics in employee score cards, including the sales team,
- Train CEO to use the six most powerful words in compliance, “What does compliance think about that?” whenever she/he hears of a new market, new idea, new product, new effort, new program – every time, (and document this action),
- Everyone in the organization needs training but the workforce has to be grouped by risk category and the highest priority groups should get “in-person” training specific to their function and to the company’s Codes, Policies and Procedures that are in-force in that organization; and the underlying law (and document this action),
- Every person in the organization needs to know their internal alternative reporting options for conduct that breaches the codes and policies and procedures,
- Incorporate Audit Rights, (see here for more info on Audit Rights) into every contract; the DOJ demands that audit rights exist in every high-risk (anyone who is spending your money) third party contracts, (but there must be evidence of these rights being exercised).
This is very simple, but almost every good loss control technique is simple (see previous blog post “Risk Management is in the Details”). But I recognize this is much easier to say than do. CEO’s might not be the easiest people to train, but they will be the one in the spotlight of the RCMP / SFO / DOJ, and there are many examples (including the Canadian one) of the ultimate punishment being directly related to the value of policies, procedures and related actions of the company and its executives at the time the corruption and/or investigation became known to the executive team.
The above comments will add to the “measureable metric” list and improve the overall compliance evaluation and ultimately reduce the fine or penalty and other loss from an FCPA / CFPOA / UK Bribery Enforcement Action. However, a message is not enough, there must be Evidence of Action. Compliance has to be an integrated business force, not an outside nuisance.
Greg Shields is a Directors’ and Officers’ Liability, Professional Liability, Employment Practices Liability, Fiduciary Liability and Crime insurance specialist and a Partner at the University and Dundas (Toronto) branch of Mitchell Sandham Insurance Services. He can be reached at email@example.com, 416-862-5626, or Skype at risk.first.
CAUTION: This article does not constitute a legal opinion or insurance advice and must not be construed as such. It is important to always consult a registered and truly independent insurance broker and a lawyer who is a member of the Bar or Law Society of the relevant jurisdiction with regard to this material before making any insurance or legal decisions. All material is copyrighted by Mitchell Sandham Inc. and may not be reproduced in any form for commercial purposes without the express written consent of Mitchell Sandham Inc. Anyone seeking to link this document from any external website must receive the consent of Mitchell Sandham Inc. by sending an e-mail to firstname.lastname@example.org.