Courtesy of LexSpan, submitted by Eyal Rosenstock. Originally Published on LexSpan’s Blog
As Latin America’s growth story continues, companies with business in the region will face anticorruption compliance challenges in 2014. U.S. enforcement warns of more enforcement actions. Anticorruption compliance and investigations can be costly. Much of Latin America is in dangerous territory when it comes to corruption compliance, as evidenced in the Corruption Perception Index (“CPI”) scores. Most companies are not focusing enough required attention to monitoring and detection of their compliance programs. But, anticorruption compliance and detection need not be difficult nor very expensive. By implementing relatively easy solutions, the money spent may pay for itself via prevention of more costly enforcement actions. In part I of this piece, I will describe growing risk factors related to anticorruption compliance. In Part II, I will discuss some solutions for those risks: the risk-based audit, and a new vendor solution created by LexSpan Legal Solutions and believed by anticorruption counsel to be a superior tool for conducting risk-based internal audits and related investigations coming out of Latin America.
Part I: The Risks
1. Growing Enforcement Powers
DOJ FCPA Unit Deputy Chief Charles Duross and SEC FCPA Unit Chief Kara Brockmeyer stressed last November that the FCPA is “here to stay” and they have “’more resources than at any time before,’” reports Matt Ellis, a Latin America FCPA practitioner at Miller & Chevalier, Chartered. Ellis reports that the two enforcers boast “new staff with language skills and a rapidly developing ‘bench’ of FCPA talent.” See “What FCPA Enforcement is Thinking in 2013.” In addition to American enforcement, the anticorruption enforcement movement grows in Latin America. Brazil’s new anticorruption law is a game changer. Chile is scoring record high anticorruption fines. Colombia, Peru and Costa Rica are formalizing their participation in the OECD’s Anti- Bribery Convention. See Gibson Dunn LLP’s 2013 Year-End FCPA Update.
2. Legal Spend
Corruption investigations, especially when agency-driven, can become expensive. Ellis reports in his blog, FCPAméricas, that FCPA investigation costs in Latin America, and elsewhere, regularly climb into the millions of dollars. For example, Stryker recently paid $75 million in anticorruption investigation costs (Argentina and Mexico were involved, in part). Avon spent $340 million on its investigation (Argentina, Brazil and Mexico). Walmart has spent over $300 million for its FCPA investigation and compliance matters emanating from Mexico and recently reported it will spend another $160 million in the next two quarters on the same, according to Richard Cassin of the FCPA Blog. See “Adding it Up: Why FCPA Investigations Are So Expensive,” and, “Walmart’s Whopping FCPA tab – $300 Million and Climbing.” According to Gibson Dunn LLP’s 2013 Year-End FCPA Update, “the average ‘closing price’ for a corporate FCPA resolution, inclusive of DOJ and SEC fines, penalties, disgorgement, and prejudgment interest, was more than $80 million in 2013. That is a nearly fourfold increase over 2012.” Those calculations do not include legal spend on outside counsel. See Gibson Dunn LLP’s 2013 Year-End FCPA Update.
3. Much of Latin America Struggles with Corruption
More than half of the world’s Spanish-speaking countries belong to the more corrupt half of the world, according to Transparency International’s 2013 Corruption Perception Index. Six Latin American countries score a low 20 (Venezuela) and 29 (Dominican Republic and Guatemala) out of a 100. Six countries – Colombia, Ecuador, Panama, Argentina, Bolivia and Mexico – fare only slightly better, scoring between 34 and 36 out of 100. See Transparency International’s Corruption Perception Index.
If your company or your clients operate in Mexico or Argentina, watch out. These countries land inside enforcement’s top ten list for the number of known FCPA actions by the SEC and DOJ since 2009. Together, Mexico and Argentina have a 14% share within the global top ten list for known enforcement actions, measured by number of known agency investigations. See Miller Chevalier’s “FCPA Summer Review 2013.”
4. In Compliance, Ignorance is Risk, Not Bliss
Nearly a third of Chief Compliance Officers (CCOs) participating in the 2013 Corporate Compliance & Ethics Survey (the “Survey”) said “they anticipate bribery and corruption will continue to be a future risk area for their companies.” Even if companies have an FCPA compliance program, they still may not be immune from problems because they are not sufficiently aggressive in trying to detect compliance violations. One area in which detection is critical is in companies’ third party interactions. Companies’ FCPA liability extends to third parties and in the past two years, “almost 70% of all FCPA enforcement actions [against companies] have involved [their] 3rd party intermediaries,” reports Matt Ellis quoting senior enforcement officials. See “What FCPA Enforcement is Thinking in 2013.” Nearly two thirds of CCOs in the Survey “know or believe that their third-party suppliers are not sufficiently focused on risk.” But, the Survey further indicates that most CCOs are not pursuing independent assessments of their compliance programs, even though “[i]ndependent external reviews are essential,” writes the survey’s author. See “Bribery and Corruption Top Area of Compliance Risk, According to New Consero Survey.” Ignoring FCPA risks will not mitigate them, it will enhance them.
Part II: The Solutions
Solution #1: Risk-Based Monitoring
Risk-Based Monitoring as a High Quality Detection and Prevention Solution
The experts agree, CCOs and their counsel have relatively inexpensive yet effective tools to reduce risks and prevent FCPA disasters. Jenner & Block LLP investigations and litigation partner Erin Schrantz points out in a recent Corporate Counsel article that CCOs can make modest changes to their compliance program to reduce risk and to know for sure if their programs are working. While companies can do peer review and benchmarking and can conduct employee surveys and focus groups, those efforts are “not effective at detecting the specific conduct and compliance ‘soft spots’ that may put a company at risk of violating the law.” One reason, Schrantz explains, is that those tools rely on self-reporting, which may not always produce forthright responses. See “Auditing Your Company’s Compliance Program.”
After a risk-based internal audit, if an internal investigation is required, “its scope is generally more controlled.” Schrantz explains that a “preemptive, focused review can uncover high-risk behavior before an issue surfaces on the company’s hotline or provokes the regulators.” Periodic testing, as a necessity, is one of the main takeaways from the DOJ’s and SEC’s jointly published 2012 Guidance on the Foreign Corrupt Practices Act. Audits can be expensive, but a “strong, well-tested compliance program minimizes the risk of costly fines, penalties and the reputational damage that ensues.” Early testing and auditing can prevent or reduce the latent costs associated with internal or external investigations. See “Adding it Up: Why FCPA Investigations Are So Expensive.”
Locating the FCPA Risk in Risk-Based Monitoring – Where, Whom and With Whom
As a first step, Schrantz recommends a CCO should identify businesses in their company that pose the greatest risk of compliance violations. Transparency International’s CPI Latin America scores alert CCOs, legal departments and their outside counsel that they face a heightened risk of anticorruption compliance violations in many Latin American countries.
CCOs should look at which of those high-risk businesses, and which individuals in those business, have the most interaction with public officials. After selecting the right target businesses and individuals, Schrantz recommends selecting the right documents to review for anticorruption compliance. The documents could be all communications related to a major transaction pending before a government ministry. Emails are enormously useful in any compliance audit because they can show compliance weaknesses or areas that need improvement. See “Auditing Your Company’s Compliance Program.”
Risk-Based Internal Audits as a Tool to Detect a Big FCPA Danger: Third Parties
Risk-based internal audits can uncover problematic third-party vendors. Often, third-party vendors are the most dangerous element for which a CCO must worry. This is because, as mentioned in Part I, in the past two years, “almost 70% of all FCPA enforcement actions [against companies] have involved [their] 3rd party intermediaries,” as Matt Ellis quotes senior enforcement officials Charles Duross and Kara Brockmeyer, of the DOJ and SEC, respectively.
Ellis also writes on the critical importance of the risk-based audit, “internal auditing, and testing are essential…and companies should take a risk-based approach.” See “What FCPA Enforcement is Thinking in 2013.” Contract-based solutions for mitigating third-party FCPA risks in Latin America and the world can be found on LexSpan’s chart summarizing the FCPAméricas blog article on the same topic.
The Risk-Based Audit as Cost-Saving Prophylactic Solution
Matt Ellis posits that considering the costs of agency investigations, “modest investments in robust anti-corruption compliance programs up front begin to make more economic sense….wrongdoing is often identified before it causes too much damage. See “Adding it Up: Why FCPA Investigations Are So Expensive.”
Keeping It In the Family
Conducting a risk-based internal audit can keep violations from causing reputational damage. Tom Fox, FCPA compliance expert and author writes in the FCPA Compliance and Ethics Blog about New York Times journalists conducting their own review as they investigated the JP Morgan Chase FCPA investigations. They found documents and wrote about them, of course. Companies would undoubtedly prefer their compliance officers, not journalists, finding the problem documents during a less costly risk-based internal audit or investigation.
Like Schrantz and Ellis, Fox stresses the importance of a monitoring and detection program. He writes that “there needs to be ongoing monitoring to determine whether employees are staying within the compliance program.” Fox reports that monitoring, auditing and quick response to allegations of misconduct are “key components enforcement officials look for….” See “And The Hits Just Keep On Coming for the Sons and Daughters Hiring Program.”
Solution #2: Native-Strength, U.S.-Licensed for Spanish-Language Outsourced Review
Often, companies or their outside counsel will hire costly and mediocre vendors and reviewers for their Spanish-language document review. Thankfully, they can now increase quality and reduce costs of their Spanish-language audits or investigations.
LexSpan Legal, of which I am founder and CEO, utilizes a unique service model to increase the quality and efficiency of Spanish document reviews and audits while lowering costs by leveraging native-level Spanish, U.S.-licensed attorneys – a superior solution compared to relying on merely Spanish-proficient reviewers. LexSpan can quickly ramp up teams, review Spanish documents with greater speed and accuracy, and can conclude reviews sooner at lower hourly rates. ”By using only native-level Spanish, U.S.-licensed attorneys, LexSpan is able to achieve improved efficiency, quality, cost and risk thresholds in Spanish-language audits and reviews,” says Jay Rosen, Vice President, Language Solutions for Merrill Brink International, whose article “Translation Considerations for Global Internal Investigations, Ethics and Compliance Matters” discusses best practices for global investigations in Compliance & Ethics Professional’s November/December 2012 issue.