On February 22, 2015, the Office of the Comptroller General (CGU) issued guidance entitled Compliance Programs – Guidelines for Private Companies (Programa de Integridade: Diretrizes para Empresas Privadas) (“CGU Guidance”) clarifying the elements of compliance programs set forth in the Clean Companies Act and further regulated by Decree 8.420/2015 (further discussed here , here, and here). Like the DOJ and SEC Resource Guide to the FCPA, the CGU Guidance is not binding. Rather, it helps clarify CGU’s expectations for compliance programs under the Clean Companies Act. The CGU Guidance is organized around 5 major pillars that the CGU considers to form the basis of a compliance program. They are: i) commitment and support from high level management; ii) adequate authority, autonomy, human and financial resources to the compliance function; iii) risk assessment and specifics of the company; iv) structuring corporate compliance policies and procedures; and v) continuous monitoring and testing of the compliance program. Though organized in a different structure, in many ways the CGU Guidance follows the DOJ and SEC Resource Guide to the FCPA and The Bribery Act Guidance. There are, however, some noteworthy aspects to take into consideration. This post highlights five. Scope of the program. From the outset, the CGU Guidance makes clear that even companies that have compliance programs in place “specifically to comply with foreign anti-bribery laws, should acknowledge the necessity of adapting them to Brazil’s new legislation, in particular to cover fraud in public procurement and in the execution of contracts with the Public Administration. That is because the scope of laws like the FCPA and the Clean Companies Act are different (further information about how Brazil’s Clean Companies Act compares to the FCPA can be found here and here). While the FCPA covers the bribery of foreign officials (and the accounting / internal controls provisions include certain requirements applicable to issuers), the Clean Companies Act covers more than just corruption. Significant parts of its prohibited acts address illegal conduct related to public tenders and public contracting (not necessarily linked to corruption). Given this, the CGU Guidance highlights that compliance programs designed to prevent and detect only corrupt conduct might not address all the conduct prohibited by the Clean Companies Act. Therefore, companies operating in Brazil should revise their compliance programs to make sure they cover all conduct prohibited by the Clean Companies Act. Importance of monitoring corporate goals. Under the “risk assessment” pillar, the CGU Guidance notess that the pressure on companies to meet unrealistic commercial goals may lead employees to commit wrongdoing, in violation of the company’s compliance program. Given this, the CGU Guidance considers it important for companies to monitor the stated goals of their enterprises so they are not conveying the impression that business should be obtained at any cost, at the expense of compliance. Accurate and complete books and records. Decree 8.420/2015 provides a substantive list of 16 elements that will be taken into consideration when authorities evaluate a company’s compliance program. One of them is accurate and complete books and records. Under the fourth pillar, the CGU Guidance highlights that CGU expects companies to have controls in place to guarantee that the accounting records are detailed. CGU suggests that such records should, for example, justify the need to hire third parties and include information about the price agreement and the market price, with justification for payments above market value. Moreover, the CGU Guidance provides that companies should designate a unit or individual to monitor documentation related to transactions that represent higher compliance risks. Furthermore, it states that companies should be watch for abrupt changes in revenue (e.g., significant unexpected increase in sales to public entities in a region) and expenses (e.g., significant unexpected reduction in a specific tax). Finally, the CGU Guidance recommends that large companies consider engaging external auditors to audit the company’s accounting documentation. Additional detail for the hotline. The CGU Guidance provides that it is desirable that companies provide means for whistleblowers to track the progress of their complaints. According to the CGU Guidance, transparency with respect to progress of responses to reports provides more credibility to the proceeding. Further, the CGU Guidance suggests that companies implement channels to give reports and answer questions about the compliance programs. The channels should be free and easily accessible to everyone in the company and open to third parties and the public, where appropriate. Increased importance of internal investigations. The CGU Guidance expressly notes the importance of conducting internal investigations in order to stop wrongdoing, take remedial actions against wrongdoers, understand the facts and update the compliance program, and use the information, where appropriate, to cooperate with authorities. More specifically, the CGU Guidance highlights that “the detection of evidence of the occurrence of illegal acts against the local or foreign Public Administration should lead the company to initiate an internal investigation which will serve as basis for appropriate actions to be taken”. The CGU Guidance further provides that internal rules should address core aspects of internal investigations, such as deadlines, responsibilities for investigating allegations, and identification of who should receive the results of the investigation. Given this, companies should consider implementing internal investigations policies. They are useful not only because of the Guidance but also to avoid pushback and resistance during the investigation process. This blog post was originally published on FCPAméricas.
Carlos Ayres is an attorney with the law firm Trench, Rossi e Watanabe Advogados (associated with Baker McKenzie) in São Paulo, Brazil. He focuses on anti-corruption and compliance issues, with a particular emphasis on Brazil and other regions of Latin America. Mr. Ayres co-chairs the Anti-Corruption and Compliance Committee of IBRADEMP (The Brazilian Institute of Business Law) and teaches FCPA and Compliance as a visiting professor at the Post-Graduate Program of GVLaw, School of Law, in São Paulo. He is also a visiting professor at the Post-Graduate Program in Risk Management and Fraud Prevention of FIA (Fundação Instituto de Administração) Business School in São Paulo