Anti-bribery legislation and the role of general counsel

Reporting on recent cases in Canada involving the levying of significant fines and debarment of companies demonstrated to have participated in the bribing of foreign public officials has highlighted the need for general counsel to play a central role as far as prevention goes. This usually entails obtaining management and board buy-in, drafting appropriate anti-corruption policies, awareness and training and ongoing monitoring and reporting. 

The Corruption of Foreign Public Officials Act has been law in Canada since 1999. Many companies are aware of it but many, frankly, are not.

My sense is that the legislation is often not taken seriously enough by in-house counsel. This could be due to a number of factors such as companies experiencing rapid growth that outpaces compliance, cost-cutting measures (unfortunately, compliance costs are an easy target), lack of management buy-in or awareness or in-house counsel simply lifting its ethics compliance and other anti-corruption policies and practices from the web and failing to customize it to its client’s business, particularly to the challenges faced by the so-called rank-and-file in the field.

This column discusses some of the difficulties faced by general counsel in terms of protecting their clients from transgressing the CFPOA.

Management buy-in and leadership

The adage “you don’t know what you don’t know” is appropriate with regard to the details of the CFPOA for many Canadian managers. Even for those who are conversant, the legislation requires a number of judgment calls, and so guidance from the legal team is necessary. The legislation permits  expenses that were incurred in good faith by or on behalf of a foreign public official, including hospitality and gifts of nominal value. For example, refreshments, meals or token mementos of a meeting are not illegal. What is  “reasonable” depends  on  the  circumstances  in  which  the  gift  or  hospitality was extended  and  its absolute. Unlike its counterpart in the U.K., there is no guidance on what “reasonable means.” In my mind, that is a great departure point for convincing management of the need for an appropriate policy and procedures to shed light on what is acceptable and what is not. 

It is important to identify a senior corporate officer to have ownership of the program. Most Canadian companies delegate or assign the task to their general counsel, if they have one, to take charge of compliance. The alternative is to have a separate ethics compliance officer. Whoever  occupies the role or is responsible should report directly to the audit committee of the board. Unfortunately, most companies prefer to have their ethics compliance officer report to the general counsel, who then reports to the audit committee. In practice, that is less than optimum — the ECO should report directly to the committee.

There must be a genuine, convincing and public statement from the very highest level of management of a corporate policy of zero tolerance to bribery. Message alignment is critical; otherwise, those directly involved in implementation of the program may draw the conclusion that management may say one thing officially even if the reality is quite different: Minor transgressions are tolerated and simply the cost of doing business or keeping up with the competition. 

Of course, the program must be adequately funded and, ideally, mechanisms put in place to avoid budgets being slashed. 

Risk assessment

The danger in simply lifting a compliance policy and set of practices from the web even if the search is done in a disciplined way based on best practices is that unless the policies and procedures specifically fit a client’s operations in terms of type of industry, locations, etc. there could be gaps in coverage and the program simply becomes a box-ticking exercise. A thorough corruption risk assessment should be conducted involving legal, finance, internal controls, government relations, operations, investor relations and others who are well positioned within the organization to assess risk from the bottom up. 

The assessment should identify the nature and extent of exposure to potential internal and external risks within the corporate environment including country risk, sector risk, business risk and business partner risk.  Even in countries perceived to have a high intolerance of corruption, national customs can pose a challenge to the bribery-conscious, particularly in the areas of gift-giving, hospitality and entertainment.

Asia is a great example of a part of the world where the delivery of a gift to an official is socially acceptable, indeed even expected. Clear lines have to be drawn between the gifting of a bottle of Canadian maple syrup and new hard-to-get tires for the official’s car. It should be recognized that there may be fundamental cultural dissonance when it comes to recognizing corruption in many parts of the world.

Some policies, and most anti-corruption legislation, allow facilitation payments, which are payments made to officials to perform “routine governmental action,” such as processing papers, issuing permits and other actions of an official, in order to expedite performance of duties of non-discretionary nature, i.e., which they are already bound to perform.

The payment is not intended to influence the outcome of the official's action, only its timing. These payments are one of the few exceptions allowed under anti-bribery legislation. The determination of what is routine and not intended to influence an outcome, however, is often nebulous, so many companies prohibit facilitation payments altogether. If allowed, a strict policy should be put in place involving an approval process for facilitation payments. A risk assessment ought to carefully determine the risks and benefits of making such payments.

It should be noted that the Canadian government has indicated that the facilitation payment exception will be removed from the CFPOA by way of an Order in Council at a date that is yet to be determined.

Compliance policy

A properly thought out compliance policy should dovetail with the business and realities at ground zero. It is important to conduct some fact finding, for example, by interviewing employees and agents involved in sales, marketing, purchasing, government relations and the like. 

Most of the policies I have seen are very detailed and often contain concrete examples by way of illustration. 

Guidance should be developed for all levels of interaction, including political payments and payments to charities and various forms of corporate sponsorships.

A proper policy should include tiered levels of sign-off and internal audit controls, including double controls for agency payments.

Consideration should be given to incorporating anti-corruption procedures   into mergers, acquisitions and joint ventures due diligence. Contracts, for example, should include standard provisions such as representations and warranties and indemnities addressing anti-corruption laws, together with audit rights.

The policy should be applicable not only to employees and officers but also independent contractors and directors and advisers. 

 Training

Awareness creation and training can be delivered in numerous ways.  Often, anti-corruption training is provided by way of an online training program followed by certification. My sense is that live, one-on-one training utilizing a mix of hypothetical, real-life and current affairs examples works very effectively. Role play also permits individuals to experience realistic examples of how an official may attempt to solicit a bribe and what an appropriate response might be. 

General counsel should be active in training managers who can then in turn provide guidance to their direct reports. It would be prudent for the general counsel to observe managers in a simulated session to ensure that they are communicating the program effectively and understand matters such as role and responsibility assignment and the like.  

Monitoring

General counsel typically play an important role in ensuring that the program is followed, kept up to date and changes made as necessary. 

Proper monitoring involves working closely with internal and external audit teams, being plugged into reporting hotlines and other whistleblowing platforms, reviewing, testing and updating the program on a regular basis (at least annually), building board awareness in terms of risk assessment and compliance and overall in ensuring that program is comprehensive, proportional, customized for the business from the bottom up and that the corporate culture is one of “speaking up.”