Presenting a live 90-minute webinar with interactive Q&A

FCPA Compliance Audits: Lessons From Recent Investigations Monitoring and Improving the Effectiveness of FCPA Compliance Programs THURSDAY, JULY 14, 2016

1pm Eastern

|

12pm Central | 11am Mountain

|

10am Pacific

Today’s faculty features: Sulaksh Shah, CPA, CFE, CFF, Partner, Forensics, PricewaterhouseCoopers, McLean, Va. James Gargas, MAcc, CPA, CFF, CFE, Director, Forensics, PricewaterhouseCoopers, Washington, D.C.

David A. Wilson, Partner, Thompson Hine, Washington, D.C.

The audio portion of the conference may be accessed via the telephone or by using your computer's speakers. Please refer to the instructions emailed to registrants for additional information. If you have any questions, please contact Customer Service at 1-800-926-7926 ext. 10.

Tips for Optimal Quality

FOR LIVE EVENT ONLY

Sound Quality If you are listening via your computer speakers, please note that the quality of your sound will vary depending on the speed and quality of your internet connection. If the sound quality is not satisfactory, you may listen via the phone: dial 1-866-570-7602 and enter your PIN when prompted. Otherwise, please send us a chat or e-mail [email protected] immediately so we can address the problem. If you dialed in and have any difficulties during the call, press *0 for assistance.

Viewing Quality To maximize your screen, press the F11 key on your keyboard. To exit full screen, press the F11 key again.

Continuing Education Credits

FOR LIVE EVENT ONLY

In order for us to process your continuing education credit, you must confirm your participation in this webinar by completing and submitting the Attendance Affirmation/Evaluation after the webinar. A link to the Attendance Affirmation/Evaluation will be in the thank you email that you will receive immediately following the program. For additional information about continuing education, call us at 1-800-926-7926 ext. 35.

Program Materials

FOR LIVE EVENT ONLY

If you have not printed the conference materials for this program, please complete the following steps: •

Click on the ^ symbol next to “Conference Materials” in the middle of the lefthand column on your screen.

•

Click on the tab labeled “Handouts” that appears, and there you will see a PDF of the slides for today's program.

•

Double click on the PDF and a separate page will open.

•

Print the slides by clicking on the printer icon.

David A. Wilson Thompson Hine, LLP

James Gargas Sulaksh Shah PricewaterhouseCoopers LLP

I. Background II. Compliance Landscape III. FCPA Settlements and Enforcement Trends IV. FCPA Audits – A Key Compliance Component V. Conducting Risk Assessments VI. Conducting Compliance Audit VII. Audit Challenges

6

» FCPA enacted in 1977 to address bribery of foreign officials » Violations: ˃ pays, offers to pay, or authorizes ˃ the payment of money or anything of value ˃ to a foreign official, foreign political party, candidate for political office, or official of a public international organization ˃ in an effort to secure improper advantage to obtain or retain business » Books and records provisions ˃ Make and keep books, records and accounts, which, in reasonable detail, accurately and fairly reflect transactions » Internal controls ˃ Devise and maintain a system of internal accounting controls to provide reasonable assurance that transactions are recorded appropriately 7

» Audits are integral: ˃ U.S. Sentencing Guidelines ˃ DPA/Plea Agreement terms ˃ US/International/UK Bribery Act Guidance ˃ U.S. Government’s evolving concept of “best practices”

8

§8B2.1. Effective Compliance and Ethics Program » The organization shall take reasonable steps— ˃ to ensure that the organization’s compliance and ethics program is followed, including monitoring and auditing to detect criminal conduct; ˃ to evaluate periodically the effectiveness of the organization’s compliance and ethics program; and

» The organization shall periodically assess the risk of criminal conduct and shall take appropriate steps to design, implement, or modify [program elements] to reduce the risk of criminal conduct identified through this process. 9

"Periodic review and testing of the compliance code, standards and procedures designed to evaluate and improve their effectiveness in preventing and detecting violations of anti-corruption laws and [company's] compliance and ethics program, taking into account relevant developments in the field and evolving international and industry standards.“

10

» In addition to discussion of auditor obligations, SEC & DoJ mention internal audits several times in the guidance, including: » “DOJ and SEC encourage companies engaging in mergers and acquisitions to: … conduct an FCPA-specific audit of all newly acquired or merged businesses as quickly as practicable” (page 29) » “As a company’s risk for FCPA violations increases, that business should consider increasing its compliance procedures, including due diligence and periodic internal audits.” (page 59) 11

“Periodic reviews of the ethics and compliance programmes or measures, designed to evaluate and improve their effectiveness in preventing and detecting foreign bribery, taking into account relevant developments in the field, and evolving international and industry standards.” OECD Good Practice Guidance on Internal Controls, Ethics, and Compliance

12

MOJ Guidance regarding Adequate Procedures under UKBA » Principle 3: The commercial organisation assesses the nature and extent of its exposure to potential external and internal risks of bribery on its behalf by persons associated with it. The assessment is periodic, informed and documented. » Principle 6: The commercial organisation monitors and reviews procedures designed to prevent bribery by persons associated with it and makes improvements where necessary. » Recent SFO guidance on self-reporting: “no guarantee that a prosecution will not follow.” 13

Compliance Program Assessment » Company-wide » Review of program components

Risk Assessment » Company-wide or site-specific » Identify corruption risk areas

Compliance/FCPA Audits » Site-specific » Evaluate site’s compliance with laws and policies » Transactional testing and interviews 14

Multi-National Pharma Company DPA (August 2012) » Risk Assessments ˃ Risk-based program of annual reviews of high-risk markets based on business and location ˃ Five markets identified and reviewed annually

15

Each FCPA Audit shall include: » On-site visits by a team from Compliance and, when appropriate, Legal and qualified auditors who have received FCPA and anticorruption training. » Review representative sample of contracts, payments to government officials, healthcare providers and other highrisk transactions. » Creation of action plans resulting from issues identified during audits with undertakings designed to enhance anticorruption compliance, repair process weaknesses, and deter violations. » Where appropriate, feasible, and permissible under local law, review of the books and records of distributors 16

Multi-National Pharma Company DPA (August 2012) ($15MM Criminal Penalties, $45.2 in disgorgement and interest)

» Nine-point compliance program mandated, requiring: ˃ corporate policy against violations; ˃ application to all employees and outside parties acting on company’s behalf; ˃ appointment of responsible executives who report to Board ˃ training and certifications ˃ reporting system for violations ˃ disciplinary procedures; ˃ due diligence on agents and business partners; ˃ standard contract provisions; ˃ periodic testing of code, standards and procedures 17

» Increased resources at DOJ – 10 new prosecutors » More coordination with foreign counterparts » FCPA Enforcement Pilot Program

18

Increase in both Department of Justice (DOJ) and Securities and Exchange Commission (SEC) Settlements: » Increasing company settlements in Q1 2016 compared to 2015. » Fines and penalties in Q1 2016 represent a 259% increase from the total fines and penalties for the full year of 2015. » Life Sciences industry is present in four of the eight settlements of Q1 2016, while the majority of the fines and penalties involved the Telecommunications industry. » 50% of settlements of Q1 2016 include allegations of improper payments in China.

Coordination of regulators globally: » Continued coordination between SEC, DOJ and law enforcement and regulatory authorities in other countries (e.g., Brazil, Poland, UK). 19

» Eight company settlements in Q1 of 2016, compared to: ˃ two settlements in the first quarter of 2015; and ˃ 10 settlements for the full year of 2015. FCPA Settlements with the SEC and DOJ (2015 and Q1 2016) 14 12

Cases

10 8 6

10

4

8

2 0

2 2015

2016 Year Q1

Full Year

20

» Fines and penalties in Q1 2016 total USD 498 million, representing a 259% increase from the total fines and penalties accounted for the full year of 2015. Recent FCPA Fines and Penalties 600 $498 M

USD (in millions)

500 400 300

200

$139 M

100 0 2015

Q1 2016

Period 21

Red flags in recent FCPA violations (July 2015 – March 2016): Third-party intermediaries (e.g. agents, distributors) and business partners (e.g. joint ventures, lobbyists) Product registrations, licenses and permits Discounts and rebates Things of value and benefits: gifts, meals, weekend trips, vacations, sightseeing, cash payments, employment, valuable internship, referrals, speaking engagements and sponsorships for domestic and international conferences and meetings, donations, etc.

Red Flags in Recent FCPA Violations 7

6 5

6

5 4

2

3

2

# of Cases

» » » » »

2 1 0

3rd Parties/Business Partner

Licenses/Permits Discounts/Rebates

Value/Benefits

22

Industry

Where improper payments were made

Date Filed

SEC/ DOJ

Penalties total U.S. settlement

Engineering and Construction Nutrition Financial Services Engineering and Construction

India, Indonesia, Vietnam and Kuwait China Middle East South Africa

7/7/2015 7/28/2015 8/18/2015 9/28/2015

DOJ SEC SEC SEC

$17,100,000 $12,030,000 $14,800,000 $19,000,000

Life Sciences Technology Life Sciences

China Panama China

10/5/2015 2/1/2016 2/4/2016

SEC SEC SEC

$14,692,000 $3,888,896 $12,826,000

Technology Telecommunications

China Uzbekistan

2/16/2016 2/18/2016

Both Both

$28,162,000 $397,663,199

Life Sciences

Argentina, Brazil, Bolivia, Colombia, Costa Rica and Mexico

3/1/2016

DOJ

$22,900,000

Telecommunications Life Sciences Life Sciences Gaming Building products Internet Services

China Russia China China/Macao China China

3/1/2016 3/3/2016 3/23/2016 4/7/2016 6/5/2016 6/8/2016

SEC SEC SEC SEC Both Both

$7,500,000 $375,000 $25,050,104 $9,000,000 $322,000 $672,000

23

• “Slush funds” and third-party margins » In a recent SEC settlement (Global Technology Company 2012), the regulators alleged that a company “…failed to audit and compare the distributor's margin against the end user price to ensure excess margins were not being built into the pricing structure…” and “failed to seek transparency in or audit third party payments made by distributors…” » This case was also the first time the SEC made an FCPA Books & Records and Internal Controls charge without an attendant allegation of bribery, for “creating the potential for bribery or embezzlement.” 24

• Implement and maintain effective controls » » »

2

75% of recent settlements include books and records and internal controls violations Global Pharma Company settlement: improper payments through third-party agents recorded as selling and marketing costs. An industry-wide compliance failure is not a defense to knowing and willful criminal activity.”... “Corporations also must ensure compliance with the laws of all the countries in which they operate. We appreciate that this may present a major compliance challenge, as international corporations often must bridge cultural, as well as geographic, divides. But such challenges do not justify non-compliance.”… “Overall, our message is simple: we expect corporate entities to take compliance risk as seriously as they take other business-related risks.” (Assistant Attorney General Leslie R. Caldwell).2

Source: https://www.justice.gov/opa/speech/assistant-attorney-general-leslie-r-caldwell-delivers-remarks-compliance-week-conference

25

• Increasing emphasis on individual prosecutions. ˃ Recent case - former technology company Vice President ˃ alleged to have funneled bribes to Panamanian government officials via sham distribution agreements. ˃ settled with the SEC for violating the Books & Records and Internal Controls provisions of the FCPA. Sentenced to 22 months in prison in December, 2015.

26

» September 2015 DoJ "Yates memo," Individual Accountability for Corporate Wrongdoing. » Contains six steps that DoJ personnel must follow, including considering individual culpability from the beginning of investigations. ˃ "To be eligible for any cooperation credit, corporations must provide to the Department all relevant facts about the individuals involved in corporate misconduct." (emphasis in original)

27

» April 1, 2016 DoJ Announcement of One-Year Pilot Program to encourage company self-reporting » Up to 50% Credit for Self-reporting, Cooperation and Remediation ˃ Voluntary self-disclosure reasonably promptly ˃ Disclosure of all relevant facts known (including individuals involved) ˃ Proactive cooperation with collection and disclosure of relevant information ˃ Remediation + culture of compliance + quality and experience of compliance personnel + independent compliance function 28

» Benefits of Audits » Goals for designing testing protocol

29

» Detect and deter violations ˃ Learn before the government and before a whistle blows

» » » »

Reassess risk profile Test compliance program effectiveness Satisfy government expectations Involvement of senior management

30

» A risk-based process that can be consistently and systematically applied to operations across the globe » Appropriate depth and scope in light of resources and risks » Cost-effective and non-disruptive to business » Preserve privilege where appropriate

31

I. Why conduct an anti-corruption risk assessment? II. Measuring risk factors III. Scope of an FCPA audit Note: Must overcome “head in the sand” syndrome. Increased danger from whistleblower potential.

32

Downside of forgoing risk assessment » » » » »

Fines and Penalties Reputational risk Shareholder litigation Corollary prosecution Wasting resources on low-risk areas/focusing on the wrong areas

Upside of performing a risk assessment » Cost effective program » Business partner competitive advantage » UK Bribery Act Adequate Procedures Defense » Insurance claims

33

» » » » » » »

Industry’s Compliance Problems Company’s Compliance History, Audit Findings Senior Management – involvement and commitment Nature and locations of business/transactions Use of third parties, vendors, suppliers, joint ventures Documentation and support – books and records Business with government entities ˃ licenses and permits ˃ customs and immigration 34

Type Percent government sales Percent export sales

Industry Relatively Higher Risk

Relatively Lower Risk*

Aerospace & Defense

Retail / Consumer

Health Sciences

Agriculture

Construction/Engineering

Textiles

Energy and Extractive Industries (Oil & Gas)

Computer Hardware

Telecommunications *Note: there have been prosecution in these industries; however, they are relatively fewer than in the higher-risk industries.

35

GEOGRAPHY Operating locations and export destinations 2015 Transparency International Corruption Perception Index: Scores countries 1-100 scale, with 100 representing least perception of corruption and 1 being highest perception of corruption. Top Five

Other notables:

Score

Bottom Five

Score

Denmark

91

South Sudan

15

Finland

90

Sudan

12

Sweden

89

Afghanistan

11

New Zealand

88

North Korea

8

Netherlands

87

Somalia

8

Brazil – 48 India – 38 China – 37 Russia – 29

World Bank’s World Wide Governance Index: Measures regulatory quality, control of corruption, political stability, and absence of violence. 36

HISTORY History of corruption or compliance issues Instances of prior investigation/prosecution

TONE AT THE TOP Messages from senior executives

Senior manager in compliance role Percentage of Senior Manager’s time devoted to compliance Frequency of compliance related communications from senior management Monitoring through frequency of internal audit testing

TRAINING Percentage of sales and finance personnel having received anti-corruption training in prior 3 years Percentage of population covered by training language offerings 37

THIRD PARTIES Percent sales through agent or distributor Percent of disbursements made to government-facing third party vendors Frequency of due diligence performance over potential business partners Use of joint ventures US Department of Commerce rankings

TRANSACTION CONTROLS Accounting Department turnover rate Accounting Department staff education and certification Quantity of significant deficiencies cited in internal audits 38

» Contacts with Government, for example ˃ ˃ ˃ ˃ ˃ ˃ ˃

Customs Immigration Tax Authorities Litigation Customers Regulators Licenses and permits

39

Scope of an FCPA Audit Includes: » Compliance - policies and procedures ˃ Is the policy appropriate? Are procedures followed?

» » » » » » » »

Third party agreements and payments Payments to foreign officials Charitable contributions/donations Payments - gifts, T&E, hospitality, facilitation Sponsorships Opening and maintenance of bank accounts Cash – petty cash/advances Import and export 40

» Finance and Accounting ˃ Discussions to be held with, but not limited to, Accounting Manager ˃ Analyze Chart of Accounts for other high risk accounts; and where high risk transaction could be recorded ˃ Analyze Local Policies and Procedures ˃ Payment testing

» Gifts and Hospitality ˃ Discussions to be held with, but not limited to, Accounting Manager ˃ Analyze Chart of Accounts + Gifts + Gratuities + Entertainment ˃ Analyze Local Policies and Procedures ˃ Payment testing 41

» Expense Reports ˃ Obtain policies regarding employee expense reimbursement ˃ Determine whether reimbursements are made to non-employees + Obtain explanation and purpose ˃ Select representative reports for individuals including but not limited to + Director, managers, sales representatives + Examine approval and documentation for reimbursements + Assess adequacy of documentation + Assess validity of business purpose + Assess compliance with expense reimbursement policies + Identify employee reimbursements where a government official was present ˃ Identify travel or other expenses paid to vendors, representatives or agents on behalf of a government official 42

» Tenders and Contracts ˃ Meetings should be held with, but not limited to, head of sales and/or operations manager. ˃ Obtain an understanding of company’s revenues stream + Main customers + Government (direct or indirect sales) + Contracts ˃ Anything of value provided ˃ Tender process + Responsibility and involvement in participation ˃ Assess policies and procedures related to discounts, rebates, allowances, and commissions, and how they are recorded. ˃ Contract testing ˃ Payment testing 43

» Third Parties ˃ Discussions should be held with personnel dealing with distributors /sales agents and others used as channels to government customers (third parties). ˃ Obtain and analyze a third party listing ˃ Obtain an understanding of policies related to payments to third parties ˃ Is due diligence performed by Company prior to retaining third parties + Are there periodic updates and knowledge of dealings? ˃ Are there any “above average” commissions or discounts? ˃ Approval process for certain third party activities. ˃ Right to audit? Is it exercised? ˃ Does Third Party makes disbursements on behalf of the Company? How are they reimbursed ˃ Contract testing ˃ Payment testing 44

» » » »

» » »

» »

Assignment of a corporate official to oversee compliance with policies, standards, and procedures regarding anticorruption laws. Reports directly to AC and BOD. Issuing clear company policies (in each jurisdiction) on what constitutes unacceptable behavior and enforcing the prescribed consequences. Installation of a mechanism that is accessible and provides anonymity to report concerns. Performing frequent risk assessments/field tests/audits to determine whether employees understand company policies and testing the adequacy of existing programs and controls. Streamlining and integrating payment systems to easily see where, why, and how much money is being spent. Regularly testing payment systems and controls to gain transparency into high risk expenditures. Thoroughly and regularly training employees to address the enforcement of international anticorruption standards. Implementation of annual certification process for senior management. Routinely conducting due diligence on third parties, such as agents, sales consultants, distributors, vendors, and JV partners. Completion of due diligence by legal, accounting and compliance prior to acquisition. 45

» » » » » » »

Scope Resources Control Costs Access to Information Handling the results Collateral consequences

46

» Tailoring scope ˃ Board and senior management involvement to define scope and allocate resources (internal and external) ˃ Business segments; foreign subsidiaries; JVs; third parties ˃ Defining audit period + scale, resources, time to completion

47

» Many levels of audit depending on risks, audit history » Tailor to company’s circumstances ˃ Define clearly up front; refine if warranted ˃ Draft plan before starting with goals, scope, processes, responsibilities and categories of tasks defined ˃ Build in accountability and reporting ˃ Staging with substantive and budgetary review after every stage

48

» » » »

Disruption to business Costs Internal personnel External consultants, lawyers

49

Outside auditors Internal audit Resource constraints? Consultants Counsel Outside lawyers have expertise but are costly In-house lawyers know the company but their objectivity can be questioned » What, if any, privilege can be maintained » » » » » » »

50

» » » »

Board/Audit Committee Internal audit/Compliance In-house counsel Critical component of cost-effectiveness

51

» Develop budget (staged) with input from all participants » Break down tasks and align responsibilities with expertise » Combine audit with training to minimize travel » Stick to audit plan unless explicitly revised » Reporting and accountability

52

Local laws on privacy Interviews Email collection Uncooperative or reluctant employees Third parties Availability of information on agents, business partners » Language barriers » » » » » »

53

» Consult local counsel on privacy issues » Communicate goals of audit to employees » Invoke contractual rights with third parties or revise contracts » Must be even-handed

54

» » » » » » » » » »

Critical for effectiveness and credit Disciplinary action Changes in business partners Training Process changes Preserve information Reporting out To board/audit committee To government authorities (based on advice of counsel) Value of self-disclosure, remediation 55

» Plan for corrective action as part of audit » Regular reporting up when issues arise

56

» Swift action is key » Heightens need for frequent audits » Whistleblower dangers ˃ Incentive to report before company does

» Must show company takes compliance seriously

57

» » » » »

Government investigations Shareholder and derivative litigation Disgorgement and penalties Attorney’s fees Reputational damage

58

David A. Wilson Thompson Hine, Washington, D.C. 202.263.4161 [email protected]

James Gargas

Sulaksh Shah

PricewaterhouseCoopers LLP 703.918.6809 [email protected]

PricewaterhouseCoopers LLP 703.918.4477 [email protected]

59