Anti-Bribery Lessons: What the Regional CFO Saw

More and more countries are introducing legislation to fight corruption – and some are even getting serious about enforcing the law. The reasons are diverse.
 
In the UK, I believe it is because they see just how much money the Securities and Exchange Commission (SEC) and the Department of Justice (DOJ) in the US are making in enforcing the Foreign Corrupt Practices Act (FCPA). The UK wants some cash as well.
 
In China, the Communist Party leaders understand that a growing middle class will no longer tolerate corrupt officials – and that the middle class now have the means to make their protests heard. In Indonesia, President Susilo Bambang Yudhoyono recognizes that corruption is a deterrent to foreign direct investment, which the country desperately needs.
 
Whatever the reason, we can expect anti-corruption enforcement to increase across Asia Pacific. And make no mistake: The companies that we represent as CFOs are potential targets. As one Chinese official once said: “To frighten the tigers, you have to shoot the monkeys.”  
 
Blame the Americans
Let’s take a quick look at the background that has led us to where we are today.
 
It all started with the US Foreign Corrupt Practices Act of 1977. Put simply, the FCPA states that it is illegal to pay, or to allow someone else to pay, a bribe to a foreign official to gain or retain business. The definition of ‘bribe,’ of course, is far-ranging. It means anything of value – a promise of a job, payment for a child’s education, ‘retirement packages,’ and so on.
 
For 20 years, the FCPA was a problem for US and US-listed companies. In the rest of the world, companies were still free to pay bribes. Even better, these bribes were tax deductible – companies can package them as business expense. Not too surprisingly, US companies thought this gave foreign companies an advantage.
 
They got fed up with watching their European competitors marching into meetings with brief cases full of cash and walking out with lucrative contracts.  So the US authorities requested the OECD – that’s the club of developed nations, including the US, UK, Australia, Japan and South Korea – to persuade their member states to make the payment of bribes illegal for companies in their jurisdictions as well.
 
In 2011, the UK enacted the Bribery Act 2010, which has been described as the FCPA on steroids.  
 
Firstly, the Bribery Act extends the legislation beyond government officials to include private individuals. This is a significant change. In the past when US companies found any questionable payments, usually the first question was: Are government officials involved? If the answer was no, they could relax a little.
 
Companies may still want to act to stop such unethical payments going forward, but at least they were not breaking US law. Today, in the eyes of UK regulators, they would be violating British law.
 
Secondly, the UK legislation does not recognise facilitation payments. Under the FCPA companies are allowed to make payment to expedite government approvals – providing such payments only sped up the process and did not change the outcome. Under the Bribery Act, such payments are illegal.  
 
Thirdly, it introduces an offense of “failure by a commercial organization to prevent bribery”, particularly by an “associated person.” However, the Act does provide a defense if a company can show it has established adequate procedures to prevent such bribery.
 
Fourthly, its jurisdiction extends to companies that “carry out business or part of a business in the UK.” One possible interpretation of this is, if you sell your products in the UK, you will come under the scope of this Act. More likely, listing on the London Stock Exchange will trigger jurisdiction. We cannot be sure until a body of case law is established.
 
The UK department of justice has stated that it expects to levy penalties similar to those imposed by the SEC for FCPA violations. This is to avoid jurisdiction shopping.
 
Here Comes the Whistleblower
In the wake of the 2008/2009 global financial crisis, the US enacted the Dodd-Frank Wall Street Reform and Consumer Protection Act, also in 2011.
 
If you want to download the full act co-sponsored by Sen. Christopher Dodd and Rep. Barney Frank, have plenty of paper in your printer – the document it runs to over 800 pages. So I will focus only on the provisions that are of most interest to us, and that is the Office of the Whistleblower.  
 
This office was created by the US Congress in response to the revelation that some companies and individuals failed to act in the best interest of their clients and the consumer in their desire to make big dollars out of sub-prime mortgages.
 
Recognizing that the people who know most about what is going on in a company are its employees, and knowing that the best way to get employees to tell the SEC of the evil acts that the company was committing was to bribe them, sorry, I mean, reward them, Congress set up the whistleblower provisions.
 
In a nutshell, if a whistleblower tells the SEC something it does not already know, and that leads to the SEC recovering over US$1 million in penalties, then the whistle blower will be eligible for a monetary reward of 10% to 30% of the penalties levied.
 
Given that the average penalty for violations of the FCPA is US$25 million, the whistleblower can expect, on average, to receive an award between US$2.5 million and US$7.5 million. Quite an incentive! And get this – even if you participated in the illegal activity, but later confess, you are still eligible for an award.
 
China Climbs Aboard
Other jurisdictions are watching the SEC program with interest. Europe is considering a similar program and China’s Guangdong province already has such legislation offering rewards of RMB3,000 (US$480) and RMB10,000 (US$1,600) for credible information.
 
In addition to the UK, both China and Russia introduced anti-corruption legislation in 2011. The Chinese legislation prohibits the giving of any “property to any foreign public official or official of an international public organization” to seek any “illegitimate commercial benefit.”
 
As is not uncommon in Chinese legislation, the law is short on specifics and gives prosecutors wide discretion. But it is clearly meant to cover any company doing business in China, including foreign-owned companies, and also PRC citizens wherever they are in the world. The act does not provide for any affirmative defences, so like the UK Bribery Act we need to wait for the outcome of cases to understand how the law can be applied.
 
In addition China continues to step up enforcement actions against public officials who take bribes, with an increasing focus on those who offer bribes. Offering gifts of even nominal value could be construed as breaking PRC law.
 
Guidance offered by some authorities indicates that gifts above RMB200 (US$32) in value would contravene the law. This has led at least one company to stop giving traditional gifts such as mooncakes to public officials. 
 
We can assume that the PRC wants to have its public officials follow Western type practices of refusing all gifts even a modest lunch. Of course the local official you have to deal with may well see things from a different perspective.
 
The Cost of Non-Compliance
The consequences of failing to comply with anti-bribery legislation are severe and can include jail time. There are other costs. There’s the loss of reputation and, consequently, lost sales. There’s the impact on employee morale. One employee of Siemens, which  paid a record US$800 million in 2008 to settle a bribery and corruption case, has talked about the emotional impact of working for a company he could be proud to be part of one day, and the next day seeing his company investigated for criminal actions.
 
There’s massive business disruption – the same Siemens employee told me that there were over 400 policemen investigating Siemens when the allegations of FCPA violations arose. Finally there is an impact on a company’s valuation. On average the stock market valuation of a company indicted of FCPA violation fell by 9%.
 
Another reason for worry is that we in Asia operate in a region where, in many countries, the giving and taking of bribes is ingrained in the culture.  So many of our employees will not, instinctively, understand that this type of activity is wrong.
 
Indeed it is possible for an employee to believe he is doing the right thing by for his/her company by paying a bribe to gain business, to secure an operating permit or to avoid a fine for some minor violation. And this culture of bribe giving can easily affect expatriate employees as well.
 
I was recently at a conference where over lunch I met a senior expat executive of a European company. He readily told me that his company paid bribes in China. Here was a manager telling someone who he has only met for a few minutes that his company was doing something illegal in China. I think this is because this is seen as somehow not illegal, but either “something everyone is doing” or something we need to do to level the playing field so we can compete on equal terms.
 
What Can Companies Do?
But the SEC and now the UK Ministry of Justice are closely watching business in Asia. So what can we do to help ensure our companies comply with all laws? I am going to focus on three areas: 
  • third-party intermediaries
  • employee education
  • good communication channels for employees to raise concerns
 
Vet Your Intermediaries. Six out of ten – 64% – of all FCPA violations arise from actions taken by third-party intermediaries. In the past, there was an attitude that if a company turned a blind eye and didn’t ask what a third party did with the money the company gave them, then it wasn’t the company’s fault if the third party paid bribes.
 
Of course, the SEC does not see this as a defense; take a stance that a company knew or ought to have known that bribes were being paid on its behalf. And recall the UK bribery act makes it an offense of “failure by a commercial organization to prevent bribery.”
 
To prevent problems in this area, I recommend:
 
  • Thoroughly question whether a third party is really necessary. Of course there are many reasons why a third party can be required – the ability to cover the more remote regions of a country, the need to provide support services, and requirements by some governments, especially in strategically sensitive industries.
 
  • If the reasons for using a third party agent are valid, then carefully vet the agent for red flags. One area to consider is the agent’s reputation. If the agent has been subject to criminal or civil enforcement action, this is a clear red flag. But also attempt to establish if the agent has been terminated by other companies for improper conduct. Do they have a reputation for unethical conduct? 

 

Because there can be privacy concerns when investigating companies or individuals, this is probably best left to experts in the field who can navigate their way through national laws. Recently China made available a national data base of companies and individuals that have been convicted of bribery. It is not particularly user friendly and you have to apply in person, but it is a useful tool.

 
  • Review if agents have ties to governments or potential customers. Are family members employed in government departments or with the customer? Do they make large or frequent political contributions? Be very careful of recommendations by government officials or customers.  
 
  • Know the agent’s capabilities. Are they expected to do a reasonable amount of work? Do they have the staff and facilities to carry out the work required? Do they have industry experience? How long have they been in business? Are they established or newly formed?
 
  • Pay reasonable compensation. Is the payment made to the third party reasonable for the work being done? Do they take the credit risk? Do they carry inventory? Do they pay freight charges? What level of field support is being provided? Requests for payment in cash or cash equivalents should be considered a major red flag.
 
  • Apply common sense. If the third party makes comments that arose your suspicion – follow up on them until you get a satisfactory explanation. And finally document everything you do and retain the duty to veto any third party agreement that does not meet your criteria.
 
Educate Your Employees. Your peoplecan be your greatest asset in monitoring what is happening in your company. At your level, you cannot know everything that is going on but your employees do. So train them on your expectations – train them early and train them often.
 
  • Get to them early. Employees are never more receptive to a company’s message than on the first day or so of employment. Make sure they receive a copy of your company’s ethics policy, including an unequivocal statement that the payment of bribes in never acceptable.
 
  • Follow up with regular training and other initiatives. If possible have a senior manager talk to the employee about your company’s culture and continue the steady drumbeat of education with training, ethics newsletters, etc. Where possible, cite examples from your own company.
 
The value of this type of effort was clearly demonstrated earlier the year in the Garth Peterson/Morgan Stanley decision.  Garth Peterson was the MD of Morgan Stanley Real Estate investment division in Shanghai.  He has pleaded guilty to bribing Chinese officials to gain business for Morgan Stanley and also to personally enrich himself.
 
Morgan Stanley avoided prosecution because they were able to show that that they had trained Mr. Peterson regarding his duties under the FCPA seven times and had reminded him of his obligations at least 37 times. In addition, the SEC took into account the fact that Morgan Stanley had procedures in place to vet third parties and made a voluntary disclosure.
 
Note that there is no requirement for companies to voluntarily disclose under the FCPA. The decision whether to disclose or not requires careful consideration.
 
  • As Ronald Regan famously stated: “Trust but verify.” Put procedures in place to identify possible violations. Consider making existing mechanisms such as internal audit attuned to catching possible FCPA violations when conducting reviews.  In a case settled last year, Biomet a medical device company based in Indiana, paid US$22 million in fines in respect of payments it made to doctors in Argentina, Brazil and China. Biomet’s Internal Audit department was aware of these payments, but somehow did not flag them as an FCPA risk.
 
  • Review expense claims on a regular basis. Draw up a high spenders’ list. Some names will be legitimate – I know that I would appear on my company’s high spenders’ list, but it is my job to travel our region from Japan down to Australia. But if a name of a relatively junior employee operating in a single country appears on the list, that may warrant investigation.
 
  • Look at cumulative spend with third parties. Small payments of US$100 may not trigger suspicion. But if they are paid out every week, that could be a cause for concern.
 
Create Good Communication Channels. Make it easy for employees to raise any concerns they may have. Remember the Dodd-Frank whistleblower scheme? The SEC says that the vast majority of whistleblowers contacted their companies before contacting the SEC. Further, they say there has only been one meaningful lead where the company was not the first point of contact. So employees only blow the whistle on a company when they feel that their concerns are being ignored by the company.
 
Set up ways for employees to raise their concerns – phone lines, e-mail addresses (which are the preferred method for Asians). My own company uses an independent company to provide e-mail, phone and internet access to employees, customers, vendors and any other concerned party to raise concerns. This can be useful especially if the individual feels comfortable enough to identify themselves. Sadly anonymous trips are difficult to follow up on.
 
However the ideal way is to have a company culture where employees feel comfortable approaching their manager or their manager’s managers. This means you need to train managers in how to respond when approached by an employee.
 
They must take the employees concerns seriously, they must know the right channels within your company to follow up on these concerns and most importantly they must ensure that the employee is informed of actions the company is taking to address their concerns.
 
Some response should be made to the employee within three to five working days and then regular feedback should be given as the investigation proceeds. Do not allow the employee to believe they are being ignored.
 
They have come to the company because they believe in you, they want the company to behave ethically – in short they are your supporters. If they feel that the company does not care, they may well become to believe that all you have told them about your company’s ethics is a lie. Then they will be tempted to contact the SEC – after all it could make them rich. 
 
Parting Words
There is much more I could cover on this topic. In closing, I want to say this: Do not worry about compliance because it reduces risk of prosecution under the ever increasing legislation. Do not worry about compliance because the penalties are high.
 
Worry about compliance because it makes good business sense. In the business world we all strive for sustainable profitable growth – can business built on bribes ever be sustainable?
 
People and organizations change; the person you are bribing today may be gone tomorrow.  Often the payment of bribes is just a lazy way of avoiding the work needed to clearly communicate your value proposition.  
 
Companies want to do business with suppliers they feel are ethical. In the six years I have been doing business in China, I have seen more and more local companies focusing on their suppliers’ ethical position.  Do business in the right way, for the right reasons and it will be sustainable and it will be profitable.
 
About the Author

Jeremy Gray is the Regional CFO of a major US multinational. The views presented are those of the author, not his company. This article is adapted from a keynote presentation, “Strategies for Proactive Risk Management and Strengthened Internal Control,” he delivered at the 2013 CFO Innovation Shanghai Forum.  

 

Suggested Articles

Some of you might have already been aware of the news that Questex—with the aim to focus on event business—will shut down permanently all media brands in Asia…

Some advice for transitioning into an advisory role

Global risks are intensifying but the collective will to tackle them appears to be lacking. Check out this report for areas of concern