By: Christian D. de Fouloy
Global compliance – the need to comply with all national requirements that are critical to a company’s ongoing business in foreign countries in which it has operations is one of the most challenging issues facing the home office of multinational companies.
Compliance programs are formal systems of policies and procedures adopted by corporations that are designed to detect and prevent violations of law by employees and other agents and to promote ethical business cultures. One of the primary goals of compliance programs is to control for the risk of legal and regulatory violations. In other words, companies adopt compliance programs, in part, to attempt to minimize the risk to the organization of an employee or other agent violating law, regulation, or company policy.
The increasing popularity of compliance programs is not limited to the United States. Many U.S. corporations are disseminating their compliance programs on a global scale, and compliance programs are being adopted by an ever-increasing number of non-U.S. organizations and fostered by other countries and multilateral organizations.
Multinational companies need to be cognizant of the laws and regulations of a variety of local and national governments. In addition, the speed with which information can be communicated around the world creates significant reputational (as well as legal) risk to those organisations that do business in multiple jurisdictions. In today’s world, it is almost impossible to confine the fallout from a violation of law or regulation; information can and often does spread everywhere, instantaneously. Many organizations that had previously focused their compliance efforts on their U.S. holdings are now compelled to extend those programs on a global basis, given that a violation anywhere in the world can result in significant reputational harm worldwide, and potential enforcement actions from a variety of governments.
Shareholder activists have also increased pressure on multinational corporations to implement global compliance programs in recent years. Today, more and more large institutional investors and socially conscious mutual funds with significant backing are making shareholder demands about corporate social responsibility issues- many of which carry important implications for companies’ compliance programs.
Another factor creating an incentive for companies to implement global compliance programs is the importance of many U.S. laws with applicability to conduct outside the United States. A compelling example is the enormous fines that have been levied by the United States against several non-U.S. corporations for antitrust violations based on conduct that largely occurred outside the United States.
Another U.S. law with an intentionally international focus, the Foreign Corrupt Practices Act (FCPA) has created significant incentives for companies to adopt global compliance efforts in the area of antibribery. The FCPA proscribes the bribery of foreign officials by U.S. citizens and organizations and certain others and also requires companies to maintain books and records that accurately reflect transactions and disposition of assets and systems of internal accounting controls. In addition to prohibiting the payment of direct bribes to foreign officials, the FCPA also makes it unlawful for a company to make a payment to a third party while knowing that all or portion of the payment will be used to bribe a foreign official. Under the statute, a company is deemed to have the requisite knowledge if the company “is aware” that misconduct exists or is “substantially certain” to occur or “has a firm belief that such circumstances exists or that such results is substantially certain to occur”. In other words, U.S. companies can be held liable for the conduct of non-U.S. third parties (agents) if the company has some knowledge that its funds- paid to the third party, not a foreign official- will likely be used to bribe the government official.
To help decrease the risk of liability for violations of the FCPA, many companies have implemented compliance policies and procedures. FCPA compliance programs often include extensive written policies, training, due diligence requirements for hiring consultants and other agents, audits of the company’s and its agents’ books and records, and internal communications.
Another example of a U.S. law with a broad multinational reach is the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act (USA PATRIOT Act). Among other things, this law requires financial institutions to establish compliance programs aimed at ensuring adherence to federal anti-money laundering laws. The types of organizations that are subject to the law include not just typical financial institutions, such as banks and broker-dealers, but also other organizations such as casinos, insurance companies, and even car and other vehicle dealerships. Under the Act, anti-money laundering compliance programs must include internal policies, procedures, and controls; a compliance officer; ongoing employee training programs; and independent audit functions to test the program.
Elements of compliance ad ethics programs are also included in recent corporate governance rules promulgated by self-regulatory organizations. Corporate governance rules adopted by the New York Stock Exchange and the Nasdaq require listed companies to adopt and disclose codes of business conduct and ethics applicable to all directors, officers, and employees, wherever located. This has prompted many listed companies that had not already done so to extend their codes and other elements of their compliance programs outside the United States. The New York Stock Exchange also requires audit committee charters to provide that the committee’s purpose is to assist board oversight of a company’s compliance with legal and regulatory requirements.
The Sarbanes-Oxley Act of 2002 has also resulted in the extension of certain components of compliance programs outside the United States. Section 301 of Sarbanes-Oxley requires the national securities exchanges and associations to prohibit the listing of securities of any company if the audit committee has not established procedures for (1) the receipt, retention and treatment of complaints regarding accounting, internal accounting controls or auditing matters and (2) the confidential, anonymous submission by employees of concerns regarding questionable accounting or auditing matters. The required reporting procedures are not limited to residents of the United States; they must be available to employees (and others) wherever located. Thus, many U.S. corporations that previously did not extend reporting procedures to employees and others abroad are now required to do so.
Additional U.S. laws and regulations that are important to consider in the development of a global compliance program include the Export Administration Act, Export Administration Regulations (including export licensing and antiboycott regulations, the Arms Export Control Act, the Trading with the EnemyAct, the International Emergency Economic Powers Act, Foreign Assets Control Regulations, and federal immigration laws.
The United States is not the only country that has developed incentives for organizations to implement compliance programs. Indeed, companies are under increasing pressure to implement compliance programs from a variety of sources. The European Union Competition Commission for example, has considered compliance programs in assessing penalties for anti-competitive conduct by corporations. In addition, the European Union’s policies on competition and data privacy have required many U.S. organizations doing business in Europe or with Europeans to adopt extensive policies and procedures to ensure compliance with local law.
The increasing importance of EU law and policy has not only created additional incentives for compliance programs, however. It has also required U.S. organizations to adapt their programs to the laws and cultural norms of other countries.
Australia has also been fertile territory for the development of compliance program incentives. For example, effective compliance programs can constitute a defense to allegations of certain provisions of Australia’s Trade Practices Act. In addition, in determining the liability of corporations for criminal conduct, Australia’s criminal code requires consideration of the “corporate culture” and specifically, whether a corporation has a corporate culture that encourages or tolerates the commission of a crime. The criminal law defines corporate culture as “an attitude, policy, rule, course of conduct or practice existing within the body corporate generally or in the part of the body corporate in which the relevant activities take place. In other words, the corporate culture is defined in part, by the organization’s “policies and rules” which are important components of the organization’s compliance program.
Regulators across the globe have dramatically stepped up enforcement of anti-bribery and corruption regulations, and this trend is expected to continue. International organizations, particularly those operating in high-risk countries and industries, must protect themselves by ensuring their anti-bribery and corruption compliance programs are comprehensive and effective.
Succeeding in today’s competitive global market means pursuing opportunities in new markets and locations with business partners that are often unfamiliar and difficult to vet. While the rewards motivate the pursuit, the risks associated with these ventures represent a sobering reality.
As the risks of global business grow, regulatory agencies and prosecutors worldwide are becoming more vigilant in rooting out industry-wide fraud and corruption. In this environment, companies must remain informed and proactive and maintain robust compliance programs. These steps are the best way to mitigate risks and present a solid defense to any investigation or prosecution.