by Lee Kirschbaum, SVP, Product, Marketing, and Alliances at Opus
Siemens. Alstom. Teva. Telia.
Sound familiar? They’re recipients of some of the largest fines levied by the Foreign Corrupt Practices Act (FCPA) in recent years – including, with Telia, the largest single fine to date.
And they’re far from alone. As business becomes more global by the day, bribery and corruption risk grows along with it, with more than $1.5 trillion paid out every year in bribes. As just one example, China and India, the world’s two fastest growing economies, are also in the top 10 countries most acted against by the FCPA. With growth comes risk.
And among the biggest risks of all is third parties. Third parties – such as business partners, agents or distributors — all present extensive financial and reputational risk, especially when it comes to bribery and corruption. A recent OECD reportfinds 75% of enforcement actions involved bribes paid through third parties.
Managing these external risks can seem challenging, especially when a company is doing business with potentially tens of thousands of third parties. Navigating both local and global regulations such as the Foreign Corrupt Practices Act (FCPA) and UK Bribery Act (UBKA), training third parties, and ensuring appropriate policies and procedures to comply may seem like a daunting task.
It’s no wonder companies took ABAC risk seriously in 2017 — and continue to look for help in 2018.
So what ABAC lessons have we learned in 2017 and what should we expect this year?
Lessons Learned from 2017
- Enforcement actions remain strong and steady
2017 started out with a cautious “wait and see” approach but it ended confidently in line with previous years, with a total of 39 DOJ/SEC enforcement actions, including the largest fine FCPA enforcement action to date, Telia. Of note, there were more DOJ enforcement actions than since 2010 (29 in total).
Of these combined actions, two stand out in size and scope:
The largest case ever investigated by the Serious Fraud Office (SFO) in the UK included the US and Brazilian authorities as well. Rolls Royce was found guilty of systematically paying bribes to foreign officials through third parties between 2000 and 2013.
There were 12 countries in total where this took place including China, Brazil, Angola and Iraq. Fines totalled $800 million with deferred prosecution agreements (DPAs) in the UK and US.
Telia Company AB
At $965 million, Telia Company AB was the largest FCPA enforcement action of all time. Telia paid this sum to the DOJ, SEC, Dutch and Swedish authorities to resolve its FCPA violations in Uzbekistan. The offenses dated back to 2007 when it bought an Uzbek subsidiary, Coscom, to provide telecom services. After Telia acquired Coscom, it paid $80 million through its subsidiary to a government official to acquire mobile phone assets.
- ABAC regulation has truly gone global
2017 saw no slow-down in the development of new international ABAC regulations as government appetites to tackle corruption and bribery increased.
France had a banner year for introducing ABAC regulation, with Sapin II coming into force in June to address economic modernisation, transparency and corruption and align itself with the FCPA and UK Bribery Act.
The Australia Criminal Code Act 1995 saw proposed changes following OECD criticism of the Australian regime, while Canada saw its first individual foreign bribery conviction.
Not only are international regulations being strengthened, they’re also being enforced on the global scale first laid forth by the OECD convention in the 1990s. 2017 saw multiple actions with increased co-operation between international regulatory bodies.
The greatest showing of global cooperation in 2017 was seen in the Telia case, in which U.S., Dutch and Swedish regulators came together to bring the $965 million settlement.
- A continued focus on holding individuals culpable
In 2015 the Yates Memo signalled a shift toward holding individuals, not just companies, accountable for bribery and corruption.
The Department of Justice (DOJ) continues to demonstrate a focus on culpable individuals with clear language in its documentation and public speakingand following up with clear action. 2017 saw the DOJ charge, making up 70% of its total cases.Additionally, 30% of the SECs total enforcements for 2017 were also focused on individual actions.
Notable cases from 2017 include:
The CEO and Sales Director at SBM Offshore faced up to five years imprisonment for commissions paid to intermediaries that went on to bribe officials in Brazil, Angola, Equatorial Guinea, Kazakhstan and Iraq. This was one of the first individual bribery cases brought to court by the US Justice Department relating to Petrobras.
- Due diligence on third parties continues to be critical
The common factor in many of the enforcement actions of 2017, as in previous years, is the role of third parties in paying bribes or facilitating payments. Enforcement agencies are committed to taking a tough stance on companies. With 75% of past enforcement actions involving third parties, it’s an obvious place to start an investigation.
Many of the actions we saw involved companies whose internal controls and third party due diligence failed them. Examples of such cases include:
Launched in July of 2016 and continued into 2017, the Serious Fraud Office (SFO)’s investigation of bribery and fraud concerning the company’s use of middlemen to secure backing from the British government demonstrates the global trend of enforcement when it comes to third parties. Following the SFO’s investigation launch, AirBus initiated its own internal investigation after leaked bank records revealed more than €19m in transactions were unaccounted for.
What to Expect from ABAC Moving into 2018
The last two years have seen significant ABAC activity. The forecast for 2018 looks no different. These are the key trends for businesses to be aware of:
- Enforcement actions will continue to grow globally
In the past, the driving forces behind ABAC enforcements were the U.S. and more recently the U.K. The past few years have seen France, China and many Latin American countries develop their own anti-bribery laws in line with the FCPA and UK Bribery Act. It’s likely enforcement actions will follow suit.
We’re already seeing this happen in Latin America with the Rolls Royce and Odebrecht actions. In both cases we saw the leading enforcement agency reach across its borders to bring the enforcement to a head.
This globalisation of enforcements also reflects a growing awareness corruption is bad for business and bad for society. A clear sign we’ve only just seen the tip of the iceberg of global enforcements.
- Continued cooperation in multi-jurisdictional investigations.
The international cooperation between enforcement agencies we’ve seen in the last year will continue into 2018.
As borders are crossed, or even broken down, we see the power of enforcement agencies grow. What does this mean for businesses? Well, it’s increasingly important to co-operate with the authorities with strategies such as self-reporting and DPAs.
With more established relationships and a clear desire to support global enforcement, international governments and their respective agencies are willing to work closely to bring corruption to the fore. What will be interesting to watch this year is which agencies will come together.
- Further adoption of globally recognised standards
Based on recent trends, we believe this year will continue to see a rise in the adoption of standards like ISO 37001 for providing a flexible framework for complying with global ABAC regulations. Alstom, Walmart and Microsoft have all been early adopters of ISO 37001 in its first year and other corporations will likely follow suit at this early stage. While there are mixed opinions about the efficacy of ISO 37001, it’s clearthere are many benefits to having this standard in place.
ISO 37001 also forms the basis for the Shenzhen Standard, China’s anti-bribery management system piloted in June 2017. A clear signal by the Chinese they’re taking ABAC seriously, and perhaps more importantly, a step towards creating a truly global anti-bribery and corruption standard.
- A focus on holistic third-party management
Based on the history of causes of FCPA enforcement actions, there’s no doubt managing third parties will be a significant part of businesses’ risk and compliance programs in 2018. Third parties represent the largest risk in many areas of compliance, not just anti-bribery and corruption.
We’ve seen a major proportion of companies with over 1,000 third parties – and in one of our recent studies, the number of third parties businesses have is growing by 25% per year.
The starting point for all third-party relationships should be consistent across departments: identify the third party, know what they do for you, understand what risks they pose and plan how to manage them.
Budgets for risk and compliance are under pressure, just as they are in many other company departments. Do you have enough resources allocated to your own budget to manage all of the above?
Perhaps the answer doesn’t lie in more people and money – it lies in the automation of processes and the reduction of paper-based systems. Using automation to address human capital and funding issues will give you a force multiplying effect, and one that makes for more efficient use of your existing resources.
Tackling bribery and corruption on a global scale isn’t a challenge that can be addressed overnight, but armed with continuous learning, international cooperation and intelligent use of technology, major strides are being made.