It has become increasingly clear that Canadian multinationals whose global operations intersect with foreign governments and agencies have a vital interest in establishing rigorous anti-corruption compliance programs and implementing them with strict discipline. In this article, Blaney McMurtry partner Henry J. Chang discusses why, who is most at risk, what these programs should contain, and what benefits they confer.
United States companies recognize the importance of establishing an effective anti-corruption compliance program in order to prevent and detect potential violations of the Foreign Corrupt Practices Act of 1977 (FCPA)1. This awareness results from a long history of aggressive FCPA enforcement by the Fraud Section of the U.S. Department of Justice (DOJ) and the U.S. Securities and Exchange Commission (SEC).
North of the border, the Royal Canadian Mounted Police have only recently started to investigate and prosecute Canadian companies aggressively for violations of the Corruption of Foreign Public Officials Act (CFPOA). As a result, Canadian companies have been slower to recognize the value of implementing their own anti-corruption compliance programs.
Despite this lack of awareness, the need to establish an effective anti-corruption compliance program should not be underestimated. This need is expected to increase significantly in the future as CFPOA prosecutions become more frequent.
Who is at Risk?
The Canadian companies that are most vulnerable to a CFPOA violation are those that typically rely heavily on: (a) foreign government regulatory approvals, (b) joint venture or production sharing arrangements with foreign governments or state-run agencies, or (c) procurement agreements with foreign governments or state-run agencies. For example, companies that deal with energy and natural resources (such as mining) are at risk because they typically operate in countries that have been found to have high levels of corruption; their activities usually require regulatory approval from the foreign government, and they may enter into joint venture or production sharing agreements with a foreign government or state-run agency.
Of course, any Canadian company that carries on business in a country having a high level of corruption can also be vulnerable to a CFPOA violation. This risk can be assessed by considering the Corruption Perception Index (CPI) for each country where the company carries on business.
Each year, Berlin-based Transparency International2 assesses each country according to its perceived level of public sector corruption and assigns it a CPI score. A CPI score below 5.0 indicates a serious level of corruption in that particular country.
The Benefits of Establishing an Anti-Corruption Compliance Program
An effective anti-corruption compliance program will reduce the chances of a COFPA violation significantly. It may also reduce the likelihood of a criminal prosecution or limit the penalties that may be imposed if a violation is ultimately discovered.
In the United States, the existence (or absence) of an effective anti-corruption compliance program carries considerable weight when the DOJ and SEC decide whether to bring criminal charges or a civil enforcement action against the company. Even where the company had no such program in place at the time of the violation, by taking subsequent steps to implement an effective anti-corruption compliance program, it may still receive more favourable treatment when penalties are ultimately assessed.
Guidelines for Developing an Anti-Corruption Compliance Program
The problem with establishing an anti-corruption compliance program in Canada is that few guidelines exist on how such a program might be implemented. The only helpful Canadian guidance appears in the 2011 probation order issued against Calgary-based Niko Resources Ltd. (Niko) after it pleaded guilty to a charge of bribery under the COFPA. The language of the probation order specifically requires Niko to adopt the following internal controls, policies, and procedures:
- The company must establish a system of internal accounting controls designed to ensure that it makes and keeps fair and accurate books, records, and accounts.
The company must establish a rigorous anti-corruption compliance code designed to detect and deter violations of the CFPOA (and other applicable anti-corruption laws) which, at a minimum, include:
- A clearly articulated and visible corporate policy against violations of the CFPOA and other applicable anti-corruption laws.
- Strong, explicit, and visible support by senior management of the corporation’s policy against violations of anti-corruption laws and its internal compliance code.
- Compliance standards and procedures designed to reduce the prospect of violations, which apply to all directors, officers, employees and outside parties acting on behalf of the company. These standards shall include policies governing: (i) gifts, (ii) hospitality, (iii) entertainment and expenses, (iv) customer travel, (v) political contributions, (vi) charitable donations and sponsorships, (v) facilitation payments, and (vi) solicitation and extortion.
The above compliance standards and procedures must be based on a risk assessment that addresses the specific foreign bribery risks facing the company, including:
- The company’s geographical organization;
- Interactions with various types and levels of government officials;
- Industrial sectors of operation;
- Involvement in joint venture agreements;
- Importance of licences and permits in the company’s operations;
- Degree of governmental insight and inspection; and
- Volume and importance of goods and personnel clearing through customs and immigration.
- The company must review and update anti-corruption compliance standards and procedures no less than annually.
- The company must assign anti-corruption compliance responsibility to one or more senior corporate executives for the implementation and oversight of the company’s anti-corruption policies, standards and procedures. In addition to any other direct reporting required by the company, these corporate officials must have direct reporting obligations to independent monitoring bodies (including internal audit, the Board of Directors, or any appropriate committee of the Board of Directors). They must also have an adequate level of autonomy from management as well as sufficient resources and authority to maintain such autonomy.
- The company must ensure that it has a system of financial and accounting procedures reasonably designed to ensure the maintenance of accurate books, records, and accounts to ensure that they cannot be used for the purpose of bribery or concealing bribery.
The company must implement mechanisms designed to ensure that its anti-corruption policies, standards, and procedures are effectively communicated to all directors, officers, employees (and, where appropriate, agents and business partners). These mechanisms should include:
- Periodic training for all directors, officers, and employees (and, where appropriate, agents and business partners); and
- Annual certifications by all directors, officers, and employees (and, where appropriate, agents and business partners) certifying compliance with the training requirements.
The company must establish an effective system for:
- Providing guidance and advice to directors, officers, and employees (and, where appropriate, agents and business partners) on complying with the company’s anti-corruption compliance policies, standards and procedures, including when they require advice on an urgent basis or in any foreign jurisdiction where the company operates;
- Internal and confidential reporting by (and whistleblower protection for) directors, officers, employees (and, where appropriate, agents and business partners) who make good faith reports of suspected wrongdoing within the company; and
- Responding to such requests and undertaking appropriate action in response to such reports.
- The company must institute appropriate disciplinary procedures to address violations of anti-corruption laws, and its own internal anti-corruption compliance code, by its directors, officers, and employees.
To the extent that the use of agents and business partners is permitted by the company, it must institute appropriate due diligence and compliance requirements for the retention and oversight of agents and business partners, including:
- Properly documenting risk-based due diligence relating to the retention and oversight of agents and business partners;
- Informing agents and business partners of the company’s commitment to abiding by anti-corruption laws, the company’s ethics, and the company’s compliance policies and standards; and
- Seeking a reciprocal compliance commitment from agents and business partners.
Where appropriate, the company must include standard provisions in agreements with all agents and business partners that are reasonably calculated to prevent violations of anti-corruption laws, which may include:
- Anti-corruption representations and undertakings relating to compliance with anti-corruption laws;
- Rights to conduct audits of the books and records of the agent or business partner to ensure compliance with the foregoing; and
- Rights to terminate an agent or business partner in the event of any breach of anti-corruption laws or the company’s policies in that regard.
- The company must conduct a periodic review and testing of its anti-corruption compliance code, in order to evaluate and improve its effectiveness in preventing and detecting violations of anti-corruption laws and the anti-corruption compliance code itself.
The Relevance of U.S. Anti-Corruption Law in Canada
The leading U.S. case on anti-corruption compliance programs is Securities and Exchange Commission v. Siemens Aktiengesellschaft, Civil Action No. 08 CV 02167 (D.D.C.). In that case, the SEC brought an enforcement action against Siemens Aktiengesellschaft (Siemens) for several FCPA violations, which allegedly occurred between March 12, 2001 and September 30, 2007.
As part of its 2008 plea agreement, Siemens consented to a court order: (a) permanently enjoining it from future violations of the FCPA, (b) ordering it to pay a total of $1.6 billion for disgorgement of profits and fines, and (c) ordering it to comply with certain undertakings regarding its FCPA compliance program. Many of the undertakings that appeared in the Siemens court order now typically appear in U.S. plea agreements, nonprosecution agreements, and deferred prosecution agreements involving alleged FCPA violations.
When one reviews the undertakings contained in the Siemens court order, it becomes clear that the court in the Niko case borrowed liberally from it when drafting its own probation order. In fact, the Siemens undertakings are virtually identical to the terms and conditions imposed on Niko.
This indicates that Canada is applying U.S. guidelines, at least when assessing the effectiveness of anti-corruption compliance programs. As a result, U.S. cases that address the effectiveness of anti-corruption compliance programs should have relevance in Canada as well.
The implementation of an effective anti-corruption compliance program is an essential precaution for Canadian companies that operate in vulnerable industries or in countries having a high CPI. However, a mediocre compliance program will neither prevent nor detect COFPA violations; it will also do little to discourage the laying of criminal charges or the imposition of onerous penalties if a violation is discovered.
It is clear that the Niko case, which provides the only Canadian guidance on how an anti-corruption compliance program should be structured, borrows extensively from U.S. guidelines. Given the significance of U.S. law in this area, a legal advisor who possesses knowledge of both U.S. and Canadian anti-corruption law will be in the best position to develop an effective anti-corruption compliance program for a Canadian company.