The federal government’s increased focus on enforcing its anti-corruption regime means that C-suite executives and risk managers must devote significant resources to ensure their companies conduct the reviews and investiga- tions necessary to be in compliance with the Corruption of Foreign Public Officials Act (CFPOA)—all while avoiding the potential pitfalls that can arise in the process.

In 2013, certain amendments to the CFPOA, which came into force in 1999, were enacted to strengthen Canada’s anti-corruption legislation. Since then, Ottawa has committed to enforce the legislation and combat corruption, which executives and risk managers of companies that do business around the world must take very seriously.

“The government’s increased focus on anti-corruption compliance and enforcement has created a situation in which companies that conduct business in higher-risk jurisdictions simply can’t afford not to focus on anti-corruption as a compliance priority,” says Mark Morrison, a partner with Blake, Cassels & Graydon LLP (Blakes) in Calgary and co-practice group leader of the law firm’s national Business Crimes, Investigations and Compliance group. “Quite simply, the risk of not doing so is too great.”

In fact, “what we’ve seen over the past year on the enforcement side  in Canada has been a real emphasis on enforcing the CFPOA not just on corporations, but on individuals as well,” Morrison points out. “There have been a series of charges and the first conviction of an individual who was sentenced to three years in jail.”

For companies, executives and risk managers to avoid such serious risk, they need to have an overall anti-corruption program to ensure they’re compliant with the CFPOA. A major component of such a program is regular internal anti-corruption reviews, Morrison says: “Oftentimes, those will be driven financially by the internal audit department or the risk-management group—and it will typically involve taking a risk-based approach by focusing on areas of increased corruption risk and higher- risk areas, such as higher-risk countries in which you carry on your business.”

It’s often through such a review process that issues are determined and escalated into investigations. Doing this properly is a critical risk-management practice for your company.

“When an issue is identified, you have to decide at which stage you make the transition from a compliance review, which is non- privileged if lawyers are not involved, to it actually being covered by one of the various types of privilege that exist,” says Michael Dixon, a partner with Blakes in Calgary who regularly advises corporate clients on anti- bribery and corruption matters. “So, a good practice is making sure that people know that when an issue is detected, they need to get in touch with counsel, report it up the flag pole and take the steps necessary to preserve privilege early, which can pay dividends down the road.”

If this were to happen, it would be critical for companies to conduct credible investigations to determine the nature and full extent of the problem and what kind of exposure and liabilities may result from it. If the issue is serious, then one of the fundamental decisions a company must make is when to bring in outside counsel, Morrison says, noting that this is typical when conduct potentially implicates senior executives and/or if there’s risk of either reputational or criminal consequence for the company. independent qualified law firm adds an extra stamp of credibility to the investigation and that becomes particularly important if you are ever dealing with the authorities,” he says. “Furthermore, if the issue is one that could create legal consequences for the company, then an investigation should be carried out under the umbrella of privilege, which requires that counsel directs the investigation.”

“Bringing in an independent qualified law firm adds an extra stamp of credibility to the investigation and that becomes particularly important if you are ever dealing with the authorities.”

Mark Morrison, partner with Blake, Cassels & Graydon LLP

In fact, not setting up a zone of privilege is one of the major pitfalls companies should avoid when conducting an investigation, Morrison says, noting it would protect a firm from having to turn over investigation files to the authorities or to plaintiffs that may not necessarily put it in the best light if the company is hit with search warrants, criminal proceedings, or if it faces civil litigation.

Another would be not following proper data document preservation at the outset of an investigation. “Authorities would look carefully to ensure that proper data and documentary evidence preservation steps have been taken,” Morrison says, “and it’s a very difficult position for a company to be in to have to acknowledge that there’s lost evidence or that it allowed evidence to be destroyed because it didn’t preserve it properly.”

Finally, there’s substantial risk in placing the investigation in the hands of somebody who has a vested interest in the outcome. “Not putting the investigation in the hands of a more independent party creates the risk that the issue doesn’t get properly identified or is effectively covered up or glossed over, which has the potential to create much more significant problems for the company,” he says.

And in situations in which there’s concern of wrongdoing involving the C-suite, Dixon says, “the best approach would be to have outside counsel reporting to a special committee of the board comprised of independent board members.”