United States companies recognize the importance of establishing an effective anti-corruption compliance program, in order to prevent and detect potential violations of the Foreign Corrupt Practices Act of 1977 (the “FCPA”)1. This awareness results from a long history of aggressive FCPA enforcement by the Fraud Section of the U.S. Department of Justice (“DOJ”) and the U.S. Securities and Exchange Commission (“SEC”).
North of the border, the Royal Canadian Mounted Police has only recently started to aggressively investigate and prosecute Canadian companies for violations of the Corruption of Foreign Public Officials Act (“CFPOA”). As a result, Canadian companies have been slower to recognize the value of implementing their own anti-corruption compliance programs.
Despite this lack of awareness, the need to establish an effective anti-corruption compliance program should not be underestimated. This need is expected to increase significantly in the future, as CFPOA prosecutions become more frequent.
Who is at Risk?
The Canadian companies that are most vulnerable to a CFPOA violation are those that typically rely heavily on: (a) foreign government regulatory approvals, (b) joint venture or production sharing arrangements with foreign governments or state-run agencies; or (c) procurement agreements with foreign governments or state-run agencies. For example, companies operating in the following industries are often the most vulnerable:
- Energy and Natural Resources: Companies that deal with energy and natural resources (i.e. oil, gas, mining, etc.) are at risk because they typically operate in countries that have high levels of corruption, their activities usually require regulatory approval from the foreign government, and they may enter into joint venture or production sharing agreements with a foreign government or state-run agency.
- Healthcare: Companies involved in the healthcare industry (i.e. pharmaceutical companies, medical equipment manufacturers, etc.) are at risk because foreign governments typically operate, fund, and regulate the healthcare system in their respective countries.
- Infrastructure: Companies that deal with infrastructure (i.e. engineering, construction, etc.) are at risk because such contracts are typically awarded by foreign governments or state-run agencies.
Of course, any Canadian company that carries on business in a country having a high level of corruption can also be vulnerable to a CFPOA violation. This risk can be assessed by considering the Corruption Perception Index (“CPI”) for each country where the company carries on business.
Each year, the Berlin-based Transparency International2 assesses each country according to its perceived level of public sector corruption and assigns it a CPI score. A CPI score below 5.0 indicates a serious level of corruption in that particular country.
The Benefits of Establishing an Anti-Corruption Compliance Program
An effective anti-corruption compliance program will significantly reduce the chances of a CFPOA violation. It may also reduce the likelihood of a criminal prosecution or limit the penalties that may be imposed if a violation is ultimately discovered.
In the United States, the existence (or absence) of an effective anti-corruption compliance program carries considerable weight when the DOJ and SEC decide whether to bring criminal charges or an enforcement action against the company. Even where the company had an ineffective program in place at the time of the violation, by taking subsequent steps to implement an effective anti-corruption compliance program, it may still receive more favourable treatment when penalties are ultimately assessed.
Guidelines for Developing an Anti-Corruption Compliance Program
The problem with establishing an anti-corruption compliance program in Canada is that few guidelines exist on how such a program might be implemented. The only helpful Canadian guidance appears in the 2011 probation order issued against Calgary-based Niko Resources Ltd. (“Niko”) after it pled guilty to a charge of bribery under the CFPOA. The probation order requires Niko to adopt internal controls, policies, and procedures that will ensure the following:
- The company must establish a system of internal accounting controls designed to ensure that the company makes and keeps fair and accurate books, records, and accounts.
The company must establish a rigorous anti-corruption compliance code designed to detect and deter violations of the CFPOA (and other applicable anti-corruption laws), which at a minimum includes:
- A clearly articulated and visible corporate policy against violations of the CFPOA and other applicable anti-corruption laws.
- Strong, explicit, and visible support by senior management to its corporation policy against violations of anti-corruption laws and its internal compliance code.
- Compliance standards and procedures designed to reduce the prospect of violations, which will apply to all directors, officers, employees, and outside parties acting on behalf of the company. These standards shall include policies governing: (i) gifts, (ii) hospitality, (iii) entertainment and expenses, (iv) customer travel, (v) political contributions, (vi) charitable donations and sponsorships, (v) facilitation payments, and (vi) solicitation and extortion.
The above compliance standards and procedures must be based on a risk assessment that addresses the specific foreign bribery risks facing the company, including:
- The company’s geographical organization;
- Interactions with various types and levels of government officials;
- Industrial sectors of operation;
- Involvement in joint venture agreements;
- Importance of licences and permits in the company’s operations;
- Degree of governmental insight and inspection; and
- Volume and importance of goods and personnel clearing through customs and immigration.
- The company must review and update anti-corruption compliance standards and procedures no less than annually.
- The company must assign anti-corruption compliance responsibility to one or more senior corporate executives, for the implementation and oversight of the company’s anti-corruption policies, standards and procedures. In addition to any other direct reporting required by the company, these corporate officials must have direct reporting obligations to independent monitoring bodies (including internal audit, the Board of Directors, or any appropriate committee of the Board of Directors). They must also have an adequate level of autonomy from management as well as sufficient resources and authority to maintain such autonomy.
- The company must have a system of financial and accounting procedures reasonably designed to ensure the maintenance of accurate books, records, and accounts so that they cannot be used for the purpose of bribery or concealing bribery.
The company must implement mechanisms designed to ensure that its anti-corruption policies, standards, and procedures are effectively communicated to all directors, officers, employees (and where appropriate, agents and business partners). These mechanisms should include:
- Periodic training for all directors, officers, and employees (and where appropriate, agents and business partners); and
- Annual certifications by all directors, officers, and employees (and where appropriate, agents and business partners) certifying compliance with the training requirements.
The company must establish an effective system for:
- Providing guidance and advice to directors, officers, and employees (and where appropriate, agents and business partners) on complying with the company’s anti-corruption compliance policies, standards and procedures, including when they require advice on an urgent basis or in any foreign jurisdiction where the company operates;
- Internal and confidential reporting by (and whistleblower protection for) directors, officers, employees (and where appropriate, agents and business partners) who make good faith reports of suspected wrongdoing within the company; and
- Responding to such requests and undertaking appropriate action in response to such reports.
- The company must institute appropriate disciplinary procedures to address violations of anti-corruption laws and the company’s internal anti-corruption compliance code by its directors, officers, and employees.
To the extent that the use of agents and business partners is permitted by the company, it must institute appropriate due diligence and compliance requirements for the retention and oversight of agents and business partners, including:
- Properly documenting risk-based due diligence relating to the retention and oversight of agents and business partners;
- Informing agents and business partners of the company’s commitment to abiding by anti-corruption laws, the company’s ethics, and the company’s compliance policies and standards; and
- Seeking a reciprocal compliance commitment from agents and business partners.
Where appropriate, the company must include standard provisions in agreements with all agents and business partners that are reasonably calculated to prevent violations of anti-corruption laws, which may include:
- Anti-corruption representations and undertakings relating to compliance with anti-corruption laws;
- Rights to conduct audits of the books and records of the agent or business partner to ensure compliance with the foregoing; and
- Rights to terminate an agent or business partner in the event of any breach of anti-corruption laws or the company’s policies in that regard.
- The company must conduct a periodic review and testing of its anti-corruption compliance code, in order to evaluate and improve its effectiveness in preventing and detecting violations of anti-corruption laws and the anti-corruption compliance code itself.
The Relevance of U.S. Anti-Corruption Law in Canada
The leading U.S. case on anti-corruption compliance programs is Securities and Exchange Commission v. Siemens Aktiengesellschaft, Civil Action No. 08 CV 02167 (D.D.C.). In that case, the SEC brought an enforcement action against Siemens Aktiengesellschaft (“Siemens”) for several FCPA violations, which allegedly occurred between March 12, 2001 and September 30, 2007.
As part of its 2008 plea agreement, Siemens consented to a court order: (a) permanently enjoining it from future violations of the FCPA, (b) ordering it to pay a total of $1.6 billion for disgorgement of profits and fines, and (c) ordering it to comply with certain undertakings regarding its FCPA compliance program. Many of the undertakings that appeared in the Siemens court order now typically appear in U.S. plea agreements, nonprosecution agreements, and deferred prosecution agreements involving alleged FCPA violations.
When one reviews the undertakings contained in the Siemens court order, it becomes clear that the court in the Niko case borrowed liberally from it when drafting its own probation order. In fact, the Siemens undertakings are virtually identical to the terms and conditions imposed on Niko.
This indicates that Canada has adopted U.S. guidelines, at least for the purpose of assessing the effectiveness of anti-corruption compliance programs. As a result, U.S. cases that address the effectiveness of anti-corruption compliance programs should have relevance in Canada as well.
The implementation of an effective anti-corruption compliance program is an essential precaution for Canadian companies that operate in vulnerable industries or in countries having a high CPI. However, a mediocre compliance program will neither prevent nor detect CFPOA violations; it will also do little to discourage the laying of criminal charges or the imposition of onerous penalties, if a violation is discovered.
It is clear that the Niko case, which provides the only Canadian guidance on how an anti-corruption compliance program should be structured, borrows extensively from U.S. guidelines. Given the significance of U.S. law in this area, a legal advisor who possesses knowledge of both U.S. and Canadian anti-corruption law will be in the best position to develop an effective anti-corruption compliance program for a Canadian company.
Originally published in International Business Bulletin (August 2012)