Multinational companies have increasingly looked to emerging markets for new business opportunities and continued growth. In many instances, these markets present opportunities for companies to increase revenues and enhance their competitive positions. However, conducting business in many of these markets presents significant challenges that may include:
- inadequate infrastructure;
- political uncertainty;
- underdeveloped rule of law;
- currency fluctuation; and
- the need for short-term capital in the hope of realising long-term return on investment.
Compounding these challenges is the reality that many emerging markets present serious corruption risks. Endemic corruption in many of these markets increases potential legal liability, creates an unlevel playing field, diverts resources and often perpetuates deeply entrenched economic inefficiency. Corruption appears in many different forms in a variety of contexts across a number of industries, presenting a real barrier between companies and their business goals. Corrupt business activity is increasingly targeted by prosecutors all around the world. Investigations – regardless of where they originate – create potential legal liability, expose the company to reputational risk and inflict great expense. The potential for significant fines for misconduct is real, as is the possibility of individual prosecutions, which are receiving renewed priority and emphasis in the United States and elsewhere.
There is no one-size-fits-all compliance programme that a company can simply adopt or pull off the shelf. This is particularly true in emerging markets. Companies must take a close look at their operations to ensure that anti-corruption compliance controls can be effectively implemented in emerging markets to mitigate risk. Because compliance is a risk-based process, controls must be designed and implemented in reasonable proportion to available resources. Without this balance, one of two things will happen: either important risks will not be mitigated or the efforts expended for compliance will create a burden that frustrates broader goals.
In general, a multinational company should take a number of factors into consideration before beginning to develop or enhance its compliance programme in emerging markets. Considering these factors is crucial for any compliance programme, as they determine how a company can best respond to corruption risk. These considerations include:
- knowing the market;
- knowing the industry;
- knowing your business model;
- understanding cultural issues;
- designing and implementing controls; and
- evaluating and adjusting the compliance programme.
Know the market
In order to design appropriate compliance controls, it is essential to understand the operating environment for each market in which a company operates or intends to operate. Regulatory, business and corruption environments in markets may differ, particularly among those economies that qualify as 'emerging'. Local business structures, regulatory frameworks and perspectives on the rule of law inevitably affect the ability of a multinational company to identify and control local compliance risks. Analysing these factors helps to identify structural and operational issues that present corruption risks that must be addressed. While emerging markets may be grouped together in some generic respects, each market will have unique corruption considerations that inform the assessment.
Know the industry
Understanding the specific industry in which a company operates is crucial in controlling corruption risks in emerging markets. While all lawfully operating businesses must interact with government officials on some level, three general scenarios relating to the type of business being conducted provide a helpful framework to identify areas of corruption risk. Each of these categories of industry may have risks described in the other scenarios, but it is helpful to begin by focusing on the highest-priority risk associated with a particular industry type.
In the first scenario, industries have governments and government-owned enterprises as customers or engage governments as business partners. The company may be selling to government entities and its success or failure may depend on how much revenue it can generate from government contracts or transactions. Companies in the energy and infrastructure sectors, for example, have governments as customers and generate revenue through contracts or agreements with those entities. Because these interactions are with government customers, heightened control measures are necessary.
In the second scenario, the government is a regulator of commerce, rather than a customer. Contacts typically involve:
- business licences;
- interactions with police and fire departments;
- safety, labour and health issues; and
- general business regulations.
The contacts tend to be low-level and may be frequent and routine. In these contexts, the risk of petty bribes is almost always present as a way to move the business process along. Controls applicable to these types of interaction include:
- clear rules;
- cash controls; and
- monitoring expense and payment requests.
Clearing customs is a common source of corruption risk in this industry scenario; industries that move large quantities of products across borders face heightened risk in customs and logistics.
The third scenario involves the sale of products that are heavily regulated by the government. Here, regulation may focus on business processes or particular products. The pharmaceutical and life sciences industry is a good example. In this sector, ensuring the production and delivery to consumers of safe and effective medicines is a priority. The interactions associated with government oversight – which is often intense – present corruption risks. Corruption risks in this sector also arise from day-to-day interactions with government physicians and healthcare providers, who may make purchasing decisions on an individual or collective basis. The volume of these interactions with these government officials, involving transfers of valuable products throughout the business process, presents unique corruption risks.
A second example of a heavily regulated industry is the financial services sector. Government interactions occur as part of the regulatory and oversight process that seeks to protect the integrity of the country's financial system. In developing markets, financial service providers may also seek business directly from the government. Anti-corruption controls designed around the nature of the financial regulatory process are therefore appropriate and must reflect the nature and frequency of government interactions.
Understanding how a particular sector interacts with the government and government officials and how transfers of value might be made to government officials will help to identify the overall corruption risk that an industry faces, and may inform the types of compliance controls needed to mitigate this corruption risk.
Know your business model
The business model used by a multinational company affects the level of corruption risk and the selection of the most appropriate strategies to control it. There are several key risk differentiators.
First, companies that use a third-party distributor model to market and sell their products have a different risk profile than companies that use a direct sales force model. Appropriate corruption controls differ based on these business models. When a multinational company hires or partners with a third party to market and sell its products in a particular market, the company relies on that third party to conduct business properly. In many reported enforcement actions, multinational companies have been held liable for the conduct of third parties, including distributors, that had acted on their behalf. Accordingly, a business model that relies on distributors can subject the company to heightened corruption risks and puts a premium on selection and oversight of those third parties. At the same time, companies that employ a direct subsidiary or employee model will face risks in terms of overseeing their own employees and processes. Direct control of employees requires a fundamentally different approach to compliance from that presented by the distributor model: direct control focuses on internal controls, training and monitoring of the workforce.
A second key risk differentiator depends on whether a company uses a centralised or decentralised operating model. Companies that have historically allowed subsidiaries or remote operations significant autonomy are inherently subject to greater corruption risk. A decentralised operating model works well only if headquarters can provide effective compliance oversight in an environment where other business decisions fall within the purview of the local operation. Seeking to establish compliance oversight in this otherwise local operating model often leads to resistance and challenges in implementing effective anti-corruption compliance controls. However, it is imprudent to delegate compliance responsibilities to the local operating company without taking adequate confirming steps to ensure effective implementation of controls.
Understand cultural issues
It is critical to understand the extent to which local cultural issues and expectations may conflict with a culture of compliance; but first, it is important to conduct a realistic assessment of the company's own culture of compliance. The organisation's overall values and the tone of support for compliant business activities from the top of the organisation and from in-country management will have a significant impact on the ability to control local corruption risks. Companies that have a strong culture of compliance and that retain or engage local employees with the same philosophy and belief system will generally fare better in confronting local cultural corruption risks than those that do not. Senior leadership must have a firm grasp on these cultural issues in order to accurately evaluate corruption risks in emerging markets and successfully implement controls.
Design and implement controls
Another key consideration in designing an effective anti-corruption compliance programme is deciding where and how compliance controls should be put in place within the company's structure. Most companies have specific polices or a code of conduct that prohibits corruption, or that requires certain activities or interactions with government officials to be pre-approved. However, many organisations have not taken the next crucial step: implementing a risk-based set of controls for effective oversight of activities that raise compliance risks. For example, employees may be informed of the code of conduct requirements, but otherwise be left on their own or under the control of their immediate supervisors in making decisions that involve interactions with government officials. In these situations, it is crucial to understand the nature of risks that result from interactions with government officials and determine ways to address those risks. This analysis is informed by the factors mentioned previously: the market, the industry, the business model and the company culture.
For example, some regulatory frameworks require government officials to inspect manufacturing facilities that produce products to be imported into a specific country. Government officials often request payment or the provision of travel to the manufacturing site to make those regulatory inspections. These types of activity involve travel for government officials and create corruption risks if travel becomes a personal benefit to the officials. Companies should therefore establish heightened controls in the form of advance approval for those kinds of activity — beyond, for example, the individual who is proposing the benefit and the immediate supervisor. Local legal or compliance approval may help to create an appropriate control environment and regional-level approval may be necessary beyond a certain expenditure threshold. In some circumstances, it may also be prudent to require the approval of senior management or legal/compliance personnel at headquarters.
The optimal type, placement and quantity of controls is largely driven by the context in which a company operates, the level of the government officials with which a company interacts and the types of relationship or interaction that a company has with those government officials. To assess the risk inherent in a given activity, a company must identify and quantify potential transfers of value to government officials and consider the reasons for the potential transfers. Gifts, travel, extravagant meals, jobs for relatives and even contributions to favoured charities may be considered value that could influence the decision making of the government official. All of these factors determine where and by whom the review or approval should be conducted. It is also important to review these activities and provide a mechanism that allows consistent application of this pre-review process throughout the organisation, with appropriate record keeping and oversight.
Evaluate and adjust the compliance programme
Continuous evaluation of the effectiveness of controls is essential to any compliance programme, particularly in emerging markets. The initial assessment and risk mitigation plan will make certain operational assumptions, which may be appropriate when the design is completed, but may in practice fail to produce the desired results. Accordingly, it is important to review any compliance programme periodically to ensure that the controls are achieving the desired results and any necessary adjustments are made. For example, some activities deemed to require extensive pre-approval at the outset may, based on actual experience, turn out to be relatively well controlled; in such a case, the cost of pre-approval in terms of business interruption and work hours in the review process may not be worth the effort for the level of control achieved. In some cases, requiring pre-approval of all of a company's charitable contributions by the company's compliance function may have seemed prudent when first implemented, but may, based on actual experience, not be worth the effort where thousands of low-level contributions were made worldwide and the circumstances under which they were made showed minimal, if any, involvement with government officials. Any adjustments along these lines must be made carefully, taking into account the potential risks of adjustments.
Decisions on how anti-corruption controls are modified over time can be facilitated by gathering data based on actual experience and monitoring specific activities and controls. Matching the intensity of the controls with the risks that are perceived in a particular activity is essential to ensure that the organisation is deploying its resources both in the right areas and in ways that maintain the credibility of the compliance process. If the compliance process is viewed as an impediment to conducting efficient business activities and appears unnecessary given the assessed risk, support for compliance will diminish over time, making it much more difficult to maintain the mechanisms that mitigate critical risk and which are expected by government regulators.
Developing markets present significant business opportunities, but they also introduce some of the most serious corruption risks. The factors described above provide the context for developing, implementing, maintaining and adjusting compliance programmes. Because companies and their operations are unique, compliance programmes must be informed by business operations and the imperatives of specific risks.
For further information on this topic please contact Keith Korenchuk, Samuel Witten, Arthur Luk or Cristian Kelly at Arnold & Porter LLP's Washington DC office by telephone (+1 202 942 5000) or email (firstname.lastname@example.org, email@example.com, firstname.lastname@example.org or email@example.com). The Arnold & Porter website can be accessed at www.arnoldporter.com.
This article was first published by the International Law Office, a premium online legal update service for major companies and law firms worldwide. Register for a free subscription.