Expert Q&A: Dechert’s Caroline Black on the Changing Landscape of Anti-bribery and Corruption Compliance
January 08, 2020 by Mark Dunn
Caroline Black is a partner in the white-collar crime team at the London-based law firm Dechert LLP. She has worked on several large multi-jurisdictional anti-corruption and bribery cases and advised major companies on putting in place adequate compliance and due diligence procedures. Speaking to LexisNexis from Dechert’s slick, modern offices near Fleet Street, she tells us that legislation against bribery and corruption around the world is getting stronger, and regulators are more willing to take enforcement action against non-compliant companies.
Is anti-bribery and corruption regulation and legislation getting tougher?
It is the case that around the world, there is a rise in enforcement actions and also legislation which is being passed to assist prosecutors to take action against breaches of anti-corruption standards. In terms of enforcement and regulation, we have seen a globalisation of the fight against corruption, money laundering and terrorist financing. We have seen increasing numbers of coordinated corruption investigations in recent years such as the joint Rolls Royce Deferred Prosecution Agreement (DPA) between the British, the Americans and the Brazilians, and Odebrecht between the Brazilians, the Americans, and the Swiss.
The trend for that global coordination will continue with the US and the UK playing lead roles but also increasingly with other jurisdictions being more fully involved in anti-corruption and anti-money laundering efforts.
Interestingly there is also a drive at the moment to give prosecutors more tools through the use of DPAs. DPAs were brought into force in the UK in 2014 but have recently been increasingly used by the SFO. Similar powers have been given to the authorities in France in the form of a CJIP, and there is similar legislation being passed in Canada, Australia, and Singapore.
What do DPAs mean for companies?
There is an increased awareness and desire by the authorities to prosecute companies for anti-corruption breaches. But the use of DPAs also show that prosecutors are thinking about how to incentivise companies to cooperate, to self-report and to be good corporate citizens. The DPA format provides the authorities with greater tools in their armoury to not only incentivise companies using a large stick but also with a carrot in the form of a DPA.
How do companies benefit from being ‘good corporate citizens’, as you put it?
The main benefit is the ability to really market yourself as a company which is ethical, that does business in the right way, and will hopefully attract more work from like-minded firms. Increasingly companies around the world are looking for ethical third parties to do business with. More companies are looking to ensure that the people they do business with are ethical, that they do business in the right way, and are not ultimately going to attribute liability back to them under the very wide anti-corruption laws which are in place.
What are some of the principles of a good due diligence process?
What is really key is having a risk-based approach as a starting point, because completing the same level of due diligence for every third party which a company might engage is unworkable and unmanageable, especially in a large business. But it is also essential that companies are properly identifying those third parties who are the highest risk to their business and ensuring these entities are thoroughly checked and managed.
Another important point is to ensure that reliance is not placed on only one source of information. Information should be sourced from the third party itself, from within the business (the managers and the sales force who proposed the particular third party). Information should be considered from sources available in the public domain or through public records searches and sanctions lists checks. Then depending on the assessment of the risks of the particular third-party consideration could be given to using a reputable due diligence firm or agent. Finally, a company could also make local in-country checks with the chamber of commerce and follow that up with references.
It is also vitally important to ensure that whomever is receiving that information within the company can understand it and ask appropriate follow-up questions, because one failing I’ve seen in the past in some of the companies that we have worked with is that compliance or legal may receive information about red flags that really warrant following up, but the people receiving it do not understand the significance.
How should firms use technology in this process?
Technology is an increasing part of business around the world and it should be part of any due diligence or compliance programme. RegTech is really focusing on the use of automated systems and analytical techniques where suspicious transactions may be identified across a business through a big data sampling tool, so a lot more information can be processed than by any one individual. That being said, you still need an individual to review the findings and ensure that they understand the information coming out. But I think technology is useful to highlight red flags or issues which may occur within a company.
How else is technology being used in the field?
In the field of investigations, technology is also becoming much more accepted and more widely used by the authorities. For example, the UK’s Serious Fraud Office used technology-assisted reviews in the investigation leading to the DPA that was reached with Rolls Royce, so it is a much more acceptable standard to allow the review of a lot of data in the most efficient way possible.
How important is the leadership of a company to a successful anti-bribery and corruption programme?
Tone from the top is absolutely essential. No anti-bribery, anti-money laundering or anti-financial crime system can work without the buy-in from senior management. I believe it is something the authorities will continue to want to see, from those companies who ultimately end up in trouble, but also more generally to demonstrate that you do business in the right way.
Increasingly, information is being made transparent by companies, including publishing policies, procedures and leadership steps taken by CEOs and other senior members of the board or executive management team. That transparency is not limited to bribery and corruption - with the new Gender Pay Gap reporting, Modern Slavery Act reporting and other initiatives, it’s something that will continue as companies push to transform the way that business is done. It’s important that leadership is seen to endorse that transparency across the board.
What advice would you give companies that come across evidence of financial crime?
If a company decides that there is substance to an allegation, it is very important for it to be seen to be reacting in the right way. One of the key first steps that we would advise our clients is to preserve and secure evidence including paper documents and e-data and the various sources of other information that may exist. Companies should then consider whether there is an issue which could lead to a large enforcement action and which authorities may have jurisdiction as different standards may apply.
To have any chance of persuading the authorities in the UK that a company is qualified to receive an invitation to participate in a DPA, there has to be early reporting, consultation, and cooperation. This practice has become apparent from the recent DPA case law in the UK. The most striking example is Rolls Royce where a large fine of nearly £500m was levied against the company. Notably the agreement made it clear that this was a 50% discount on the penalty which it could have expected had the company not gone into the cooperative process. So, it really is financially important for companies to consider cooperation early on in the process.
It is also beneficial for a company’s corporate compliance image to be able to say, “yes we are reviewing this issue, we’ve reported it to the authorities, we are cleaning up our internal processes, we have taken disciplinary action and we have removed those wrongdoers”. This enables the entity to try to manage the process as best it can while also providing positive messaging to the market and any shareholders that the problem is historical and under control.
How can this transparency approach help during an investigation?
What the authorities are really looking for is transparency and cooperation and to approach and deal with the authorities in a way that is respectful and open. Any attempts to cherry-pick or hide specific behaviour or protect individuals is not something the authorities will want to see from a cooperating company. So, I think transparency, disclosure and cooperation are really the cornerstones of the process.
Even outside of an investigation process, transparency is what the authorities want to see. They are looking for commitment to ethical behaviour, to ensuring that reports are made through relevant money-laundering systems if required, proper disclosures to the markets, proper reaction to an adverse event that might happen within a business, and other steps such as publishing gifts and entertainment registers and policies on the company’s website. Companies must demonstrate that ethical business is not just a statement that is made, it really is lived within the organisation.
What should companies consider as the main regulatory risks of anti-bribery and corruption poses?
Regulatory enforcement action can have long lasting, damaging consequences for companies and regulated firms who are found to be in breach of relevant requirements. In terms of anti-corruption, the consequences go beyond mere regulatory breach and into contraventions of legislation prohibiting and criminalising corporate behaviour.
A clear risk is the UK’s Bribery Act 2010 (“Act”) which was enacted eight years ago but is now coming to the fore in terms of enforcement action being taken by the authorities. The Act gives an extremely wide jurisdiction to the UK authorities to bring prosecutions against companies and individuals who fall foul of its provisions, and unlike some of the other legislation around the world it criminalises public bribery, private commercial bribery, and the giving and receiving of bribes. The Act created a sea change in English corporate criminal liability as it enabled the authorities to bring prosecutions against companies on a strict liability basis for the actions of their employees and any other third parties who acted for or on behalf of the company. This was a huge change in corporate liability principles in the UK, which before then were largely limited to actions of senior management.
What are the costs for companies that commit bribery?
There are significant consequences for non-compliance with the Bribery Act. Individuals face up to ten years in prison and unlimited fines. For companies there is an unlimited fine and ancillary consequences such as confiscation of assets and debarment from public contracts across Europe. There is the negative publicity which comes with any type of criminal or regulatory enforcement action that a company might face, and this could have a significant impact on share price and on other relevant commercial relationships.
On the plus side the Bribery Act gives a defence to companies who put in place adequate procedures to prevent bribery, which essentially protects them against the strict liability corporate offence. The defense allows a company to demonstrate to the authorities that it has proper procedures in place to combat bribery and corruption.
How does the Bribery Act compare to the Foreign and Corrupt Practices Act (FCPA) in the US?
The Bribery Act is very wide-ranging in scope as it provides jurisdiction over British nationals and a category of others (with close connection to the UK) wherever in the world they operate. British companies are in scope wherever they operate, as are overseas companies which do part of their business in the UK but are based overseas. This, together with its wide subject matter, is much broader than the feared FCPA. So, although the US authorities are still the world’s leader in terms of enforcement action, the European enforcement authorities and the SFO in particular is fast catching up.
How will the EU’s 5th Anti-Money Laundering Directive affect companies?
The key areas to be clarified by 5AML are around the need for regulated firms to complete enhanced due diligence on third parties. Whereas the Fourth AML Directive set out that enhanced due diligence was required, it did not set out what that meant. The Fifth directive provides specific guidance on the requirements to confirm beneficial ownership, source of funds of a customer, information on the reasons for the intended transactions, approval of senior management and to complete enhanced monitoring.
How might the UK’s departure from the EU affect this?
5AMLD is due to be transposed after Britain leaves the EU but the government appears to be committed to continuing to enhance anti-money laundering and counter terrorism controls alongside broader cooperation on topics of, crime and justice. We have seen already the National Crime Agency use its Unexplained Wealth Order powers against PEPs and Theresa May has made it clear that counter terrorist financing and security is high up on the agenda for post-Brexit Britain. So, although no-one can say with certainty, it’s unlikely that the government will take Britain outside of current or future EU terrorist financing and AML regulations because it would be hugely damaging to the City of London and to the country if the UK was seen as a high-risk non-compliant place to do business.
2. Find out about additional ethical expectations—from investors and consumers—that companies must address in our newest eBook.
3. Share this post on LinkedIn to keep the conversation going.