We asked Mini vandePol (Head of the Baker & McKenzie Global and Asia-Pacific Compliance Practice Group) and Joanna Ludlam (Head of the Baker & McKenzie EMEA Compliance Practice Group) 10 questions about current compliance trends and developments. Here are their answers which every compliance professional should read attentively:
|Mini vandePol (Hong Kong)||Joanna Ludlam (London)|
1. Mini, as the head of the Baker & McKenzie Global Compliance Practice Group, and Joanna as regional heads, what are the global compliance hot topics at the moment? Mini: What is really noticeable from a global perspective is that compliance issues are no longer the domain of US regulators. Accordingly being based in Hong Kong, I am able to work with our regional heads and our team of lawyers in each of our 77 offices in 47 countries to ensure that our clients are aware of legal developments and practical issues as it impacts on their global and local strategy. This strategy may involve organic growth where new operations are being set up or expanded or inorganic growth through acquisitions or joint venture relationships. Our clients want to know what compliance risk looks like in the real world. Compliance codes of conduct and policies are only a foundation – the key factor which differentiates clients with a strong compliance culture versus a weak one is their understanding of specific business models used in different countries and investing the time and resources to ensure that the model incorporates a risk mitigation and management component. With the “tigers and flies” enforcement activity in China, the headline-grabbing Petrobras case in Brazil together with the long-awaited passage of regulations relating to the Clean Company Act in that jurisdiction, we are dealing with a changing landscape in relation to how business is to be conducted around the world. Joanna: Mini is absolutely right: the compliance landscape is constantly evolving. My specific experience in the EMEA region is that there are three prevailing hot topics: the first is how, in practical terms, can clients really ensure that their business partners and intermediaries are respecting the same high standards as the clients themselves require. No matter how much due diligence clients conduct on the third parties with whom they do business, the real challenge is embedding a compliance culture and having the time and resources effectively to audit third parties on an ongoing basis. The second hot topic is meeting the challenges of doing business in high growth markets where the approach to compliance differs wildly from that of the established markets; and the third one is the increase in cybersecurity as a key risk area. 2. Mini, you are not only heading the global compliance steering committee but also the steering committee for Asia Pacific. Have you identified any trends or focus areas of enforcement agencies in your region. Are there any trends? How do domestic or multinational companies respond to these enforcement actions? Mini: In addition to increased regulatory activity in anti-trust, cybersecurity, privacy and trade sanctions, I am seeing a marked decrease in the tolerance of corruption, which tolerance has hitherto been a hallmark of many Asian countries. In Asia, a major talking point is the increased enforcement by local governments, such as in the People’s Republic of China where we are seeing unprecedented regulator activity including dawn raids, public “confessions” and multi-million dollar penalties and India where the new Modi government is under increased pressure to combat corruption for India’s economic viability. We are also aware of increased US enforcement focus on Asia particularly by the FBI who are dissatisfied with settlements and deferred prosecution agreements secured by Main Justice and are looking to levy criminal sanctions against individuals. Asia continues to dominate US probes into transnational corruption — Asia is the center of US enforcement of its Foreign Corrupt Practices Act, with at least 115 pending FCPA investigations underway, more than twice as many as any other region. And it is not necessarily compliance regulators alone, other government agencies such as tax authorities and newly formed privacy regulators are also jumping on the bandwagon. However, the response to such enforcement activity is not to wait until you are in the spotlight to try and effect change in a crisis situation. We are assisting our clients with practical and proportionate ways of improving and enhancing their risk mitigation and management strategies using the Baker 5 Elements of Corporate Compliance – Leadership; Risk Assessment; Standards & Controls; Training & Communication; Monitoring, Auditing & Response. Our lawyers on the ground have already done a lot of the hard work by considered these elements in relation to local risk management as well as oversight by global enforcement bodies. We are able to translate this knowledge into action points which demonstrably supports a strong compliance program for clients even in the most challenging industries and jurisdictions. 3. Joanna, you are leading the compliance practice group of Baker & McKenzie’s EMEA region. Where does the EMEA region stand with regards to compliance in relation to the rest of the world? Joanna: The EMEA region comprises such a varied group of jurisdictions that it is impossible to generalise. For Baker & McKenzie, EMEA extends from Western Europe right across to the Middle East and right down to South Africa. It even covers Russia and Kazakhstan. It is difficult to compare the approach to compliance of, for example, a German corporation operating in a jurisdiction where enforcement has been very active for a number of years to, say an Azerbaijani or Middle Eastern corporation, where there a far fewer drivers of a culture of compliance. What is clear, however, is that there is a developing appreciation everywhere that to do business on a global scale, companies have to take compliance very seriously, and so we are seeing evidence of cultural change even in the less progressive locations. In our region there remain some very challenging locations as far as doing business in a “compliant” was is concerned. Last month I was down in South Africa, meeting clients at a Compliance Summit organised by our Johannesburg office. Many South African businesses spoke to me about the difficulties of doing business with neighbours such as the DRC, or Angola (where virtually all commercial enterprises are linked with the government or public officials). The commercial opportunities in such locations are immense, but so are the compliance challenges. 4. Joanna, just recently, we saw the conviction of a company for bribery of foreign officials under the UK Bribery Act. After a slow start, is the UK Bribery Act tanker making headway? Joanna: One of my colleagues refers to the UKBA as “the FCPA on steroids”, but you could not compare the enforcement record of the SFO with that of the US DOJ in quite the same terms! That said, it is clear that enforcement activity in the UK is really starting to ramp up. Although we are yet to see a successful corporate prosecution for offences under the Bribery Act, the SFO has had a spate of recent successes in non-bribery cases: including successful prosecutions of JJB Sports ( for fraud, furnishing false information and attempting to pervert the course of justice), Innospec Limited (for conspiracy to corrupt in relation to payments made to public officials in Iraq and Indonesia) and Alcoa (for corruption and money laundering in relation to the payment of bribes in Bahrain). We also know that there are a number of high profile companies currently under investigation by the SFO, including Rolls Royce and Tesco. Many expect to see the first deferred prosecution agreement under the UKBA over the next few months. 5. Mini, you are based in the Hong Kong office but practiced for over 15 years in Australia. Have you seen any changes in how compliance is perceived in the Asia Pacific region? Mini: Transparency International rates most countries in Asia as “red”, that is “high-risk”. However even Australia which is “yellow” and perceived to have a lower risk of corruption has attracted a great deal of negative publicity with Australian companies implicated in corrupt conduct while conducting business in other parts of Asia, Middle East, Eastern Europe, Latin America and Africa. Historically, there has been a seemingly greater acceptance of corruption as a means of speeding up bureaucracy or establishing “relationships” to win work than might exist in North America or Europe, and compliance has traditionally been viewed as detrimental to business growth. That said, as stated earlier, China’s recent efforts to stamp out corruption – via Operation Foxhunt and other similar directives – are noteworthy and potentially transformative. Many Asian jurisdictions, such as India and Indonesia, are passing or tightening legislation aimed at rooting out corruption. In other examples, Japan very recently asked Vietnam to return monies corruptly paid to officials in its Railway Ministry by a Japanese company and Korea may be appointing its third Prime Minister within a year following corruption scandals involving the highest levels of its government. What is also key is that European and North American multinationals operating in Asia Pacific – and who have taken advantage of the laxity in both laws and enforcement – are increasingly aware that multinationals no longer face threat of prosecution solely from the DOJ or the UK SFO, but from Asian enforcement bodies as well. That said, changing the mindset within the commercial sector that compliance is anti-growth and anti-profit is likely to take longer, and will require a paradigm shift in thinking. One of the key objectives for Baker & McKenzie’s Compliance Group is to educate clients to reject the segregation of compliance from the rest of the business, and to return ownership of compliance-risk mitigation and management to the commercial team. 6. Are there any legislative activities in your regions that multinational companies should be aware of? Mini: Asia Pacific is an enormous and varied region in terms of legal systems, legislation and enforcement. It includes countries like New Zealand which is #2 on Transparency International’s Corruption Perception Index, as well as Myanmar, which comes in at a lowly #156. The recent launch of the Baker ABC Laws Handbook was designed to keep our clients aware of the activities in the region which are too many to mention in detail here. 7. Lately, we have seen many enforcement actions in the healthcare sector, especially in China. Looking forward, which industries are most likely to be scrutinized by compliance enforcement agencies? Mini: In China, we anticipate a great deal of continuing enforcement in respect of the healthcare and pharmaceuticals industry, but also foresee clients in the manufacturing and heavy engineering sector to be prepared for dawn raids and other attention from the regulators. Close scrutiny of government contracts is also to be expected. A former top executive at Volkswagen’s China joint venture with FAW Group Corp has been sentenced to life in prison for accepting bribes. Similarly, the former chief of China National Petroleum Corp. (China’s biggest oil company), Jiang Jiemin, went on trial for bribery charges on April 13. In EMEA the financial services regulators are currently the most active. 8. Here is probably the most difficult question: Assuming you would be appointed as Chief Compliance Officer of a multinational company. What would you be your first measures during the first 30 days in office? Mini: Let me answer that question by starting what isn’t effective in terms of satisfying the regulators: It is no longer enough for the company’s top management to set the “tone at the top”. Compliance efforts need to be seen as being embedded in the organizational strategy and cultural principles of a company. Needless to say, this takes time, and certainly a lot longer than 30 days. But keeping this end goal in mind, the first measures I would undertake would be as follows:
- Do a legally privileged health check of the company’s compliance program and run an in-depth risk assessment of the key jurisdictions in which the company operates – taking a proportionate approach focusing on the high risk industry sectors and jurisdictions as a priority. This step is essential to identify gaps in the current compliance policies, and their implementation.
- Once the risk assessment is completed, I would ask for an in-depth Gap Analysis, which is essentially a report on what is missing. One key point to remember here is that cultural sensitivities, language barriers, differences in the manner of doing business – all of these must be taken into account. A “one size fits all” approach is not sufficient in today’s global business environment, and these differences must be clearly understood so that appropriate strategies can be put in place to assist employees to mitigate and manage the risks. I would expect the Gap Analysis to address all of the above but in doing so, prepare a 3 to 5 year practical plan to improve and enhance the current program – setting out key milestones and ongoing monitoring of the implementation.
- I would also request – and this is another important element that is overlooked – a review by my team of all key contracts with JV partners or agents or any other third party in high-risk jurisdictions. Very often, businesses are unaware of the risks that irregular acts by its third parties pose to their businesses. A company can be found liable for acts committed by third parties, even when the company was unaware of these risks. As a corollary, I would make it a priority to review HR policies for management in high risk jurisdictions to ensure that their contracts also adequately protect the company in the event there are lapses in control on their part. Finally, training for the business side is key. Again, it is not enough for compliance efforts to be limited to the CCO and her team. Ownership of compliance needs to vest with the people who make commercial decisions, so that compliance is no longer viewed as business roadblock. The better the commercial side understands the egregious harm lack of compliance can cause a business – both monetarily and reputationally – the easier it will be to ensure business buy-in.
Joanna: I would do all of the above, but in addition I would talk face to face to as many people in the business as humanly possible during that period. I firmly believe that is the best way of taking the temperature of an organization’s culture and of understanding the nature and source of the compliance risks it faces. 9. There have been enforcement actions against compliance officers in some countries recently. Should compliance officers be afraid of being prosecuted if illegal activities are detected in their company? Mini: The short answer is yes. However the more interesting development relates to an announcement by the US Securities and Exchange Commission (the “SEC”) on April 22, 2015 of an award of more than $1 million to a compliance officer who provided information assisting the SEC in an enforcement action against the whistleblower’s employer. The award was made under the Dodd-Frank whistleblower bounty provisions and in this case, the SEC noted that the compliance officer reported the company’s misconduct to the SEC “after responsible management at the entity became aware of potentially impending harm to investors and failed to take steps to prevent it.” This award underscores the negative consequences to a company of both failing to take appropriate and timely action to address compliance problems once they are reported internally and of ignoring the warnings of its own compliance officers. In making the recent award, the SEC invoked for the first time the exception that permits the SEC to reward information from an employee having compliance responsibilities if the individual has “a reasonable basis to believe that disclosure of the information to the Commission is necessary to prevent the relevant entity from engaging in conduct that is likely to cause substantial injury to the financial interest or property of the entity or investors . . . .” Without providing any details, the SEC’s release confirmed that the compliance officer had “a reasonable basis to believe that disclosure to the SEC was necessary to prevent imminent misconduct from causing substantial financial harm to the company or investors.” Pursuant to the SEC rules, neither the whistleblower nor the nature or target of the enforcement action was publicly disclosed.