Business Integrity

1
Business Integrity AccountabilityFCPA Record
Keeping and Internal Control Best Practices

• Carlo di Florio, JD, LL.M
• PricewaterhouseCoopers
• Global Risk Management Solutions
• New York
• 212-520-2275

2
Presentation Overview

• Record-Keeping Provisions and Best Practices
• Permissible Payments and Related Guidelines
• COSO Internal Control Best Practices
• Auditors Role and Disclosure Requirements
• Undertaking Effective Due Diligence
• Identifying and Responding to Red Flags

3
Accounting and Record-Keeping Provisions

• Frequently overlooked and dangerously ignored,
  the accounting provisions of the FCPA require
  publicly-held companies to maintain records that
  accurately reflect transactions and dispositions
  of assets, and to maintain systems of internal
  accounting controls.
• The accounting and record-keeping provisions
  apply to all payments, not just to sums that
  would be material in the traditional financial
  sense.

4
Accounting Provisions - Foreign Affiliates

• A U.S. company is required to assure compliance
  with the accounting provisions by foreign
  affiliates it controls
• An issuer must make a good faith effort to cause
  compliance by affiliates in which its voting
  power is 50 or less
• The SEC is pursuing a number of cases concerning
  illicit payments by foreign subs/affiliates by
  going after the U.S. parent for failure to
  maintain adequate internal controls.

5
FCPA Books and Records Provision

• Requires issuers to make and keep books,
  records, and accounts, which, in reasonable
  detail, accurately and fairly reflect the
  transactions and dispositions of assets by the
  company.

6
Record-Keeping
Transactions should be recorded in conformity
with accepted accounting standards designed to
prevent off-the-books transactions such as
kick-backs and bribes. Reasonable detail is
such level of detail and degree of assurance as
would satisfy prudent officials in the conduct of
their own affairs.
7
Common High-Risk Areas

• Agents commissions - should be reasonable,
  comply with local law, and not touch foreign
  officials.
• Agents Expense Reimbursements - Exercise caution
  with lump-sum expense reimbursement element of a
  foreign agents compensation.

8
Common High-Risk Areas

• FCPA Compliance Audits - Examine foreign branch
  offices and foreign subsidiaries. Because of
  different accounting and oversight systems, these
  entities are often used as vehicles for
  concealing or mischaracterising transactions.
• Specific Transactions - If there are red flags
  regarding a particular transaction, a good place
  to start the risk assessment is with the books
  and records.

9
Common High-Risk Areas

• Acquiring a Foreign Entity - Conduct effective
  due diligence. In certain countries, you will
  likely find prior bribe payment scenarios.
• Investigate red flags and exercise caution over
  treatment of prior transactions
• Institute and internal control framework going
  forward

10
Quantitative and Qualitative Accuracy

• An issuer books, records, and accounts should
  correctly record not only the financial facts of
  the transaction, but also such other information
  as may be necessary to call a reviewers
  attention to any possible qualitative illegality
  or impropriety
• A prudent risk management strategy is to
  transparently account for facilitating payments
  accurately as lawful facilitating payments.

11
Falsification of Books and Records

• Rule 13b2-1 prohibits the falsification of books
  and records required to be kept under the
  record-keeping provisions of the FCPA.
• It applies to any person and there is NO
  materiality requirement
• Books are defined broadly to include accounts,
  correspondence, memoranda, tapes, discs, papers,
  books, and other documents or transcribed
  information of any type.
• The rule prohibits masking transactions or
  characterizing them in any oblique way
• Almost every FCPA case involves payments that
  were concealed or mischaracterized.

12
Misrepresentations to Auditors

• Rule 13b2-2 prohibits any officer or director
  from making (or causing to be made) materially
  false or misleading statements or omitting to
  state any material facts in the preparation of
  filings required by the Exchange Act.
• Extends to internal auditors as well as outside
  auditors
• A failure to clarify a representation can also
  constitute a violation

13
Books and Records - Rules of Thumb

• All accounting records, expenditures, expense
  reports, invoices, vouchers, gifts, business
  entertainment and any other business records
  should be accurately and reliably reported and
  recorded.
• Any and all payments by or on behalf of Company
  may only be made on the basis of appropriate
  supporting documentation and only for the purpose
  specified in the documentation.
• No undisclosed or unrecorded fund or asset
  (off-books or slush funds) may be established
  or maintained for any purpose

14
Books and Records - Rules of Thumb

• To avoid even the appearance of impropriety, no
  payments to any third party should be made in
  cash other than documented petty cash
  disbursements.
• No corporate checks should be written to cash,
  bearer, or third party designees of a party
  entitled to payment.
• No payments should be made outside the country of
  residence of the recipient without the prior
  written approval of the Chief Financial Officer
  and the office of General Counsel.

15
Facilitating Payments Exception

• The anti-bribery provisions create a limited
  exception for small payments or gifts made to
  expedite or secure performance of a routine
  governmental action. The facilitating payments
  covered by this exception include routine
  payments made
• to obtain documents necessary to qualify a
  person to do business in the country
• to process government papers
• to provide police protection, postal services,
  or necessary inspections or
• to provide phone, utilities, cargo,
• or similar services

16
Facilitating Payments - Control and
Record-Keeping Issues

• Look for the following information in the
  accounting records for lawful facilitating
  payments
• Records demonstrating the amount of the payment,
  the identity of the recipient, the routine act
  provided, and whether it is customary in the
  country
• Written approval from the office of General
  Counsel
• Written opinion from reputable local counsel
  concerning the legality of the facilitating
  payment.

17
FCPA Safe Harbors (Affirmative Defenses)

• The FCPA provides two affirmative defenses
• 1. Where the payment or gift was lawful under
  the written laws of the foreign country
• 2. Where the payment or gift was a reasonable
  and bonafide expenditure directly related to
  either
• the promotion, demonstration, or explanation
  of products or services, or
• the execution or performance of the contract

18
Guidelines for Bonafide Expenditures - Travel and
Entertainment

• The amount of the expenditure should be
  reasonable, not lavish or excessive. Avoid
  expenditures for family members of foreign
  officials.
• There should be an appropriate balance between
  the business purpose of the trip and the
  entertainment and leisure activities provided.
• The legitimate business reasons for the
  expenditures, and the absence of any corrupt
  inducements should be carefully documented. For
  example, a written invitation should be sent to
  the recipient stating that the trip is primarily
  for educational or promotional purposes. Inform
  the superior of the recipient of the purpose and
  financial arrangements for the trip.
• Ensure that there is no double reimbursement
  (e.g., by the company and the officials ministry).

19
Guidelines for Bonafide Expenditures

• All expense reimbursements should be supported by
  appropriate receipts reflecting the nature of the
  expense reimbursed.
• Effective risk management is to pay vendors
  directly for travel and lodging expenses
• Avoid cash payments (e.g., walking around
  money.)

20
Guidelines for Bonafide Expenditures

• The amount and type of expenditures should be
  consistent with U.S. and local custom
• The expenditures should be lawful under local law
• The expenditures should be accurately reflected
  on the books and records, and supported by
  appropriate documentation

21
Example - Guidelines for Ministers Conferences
Outside County

• Record the amount of the payment, the identity of
  the recipient, and the business purpose.
• Attach copies of expense records and
  correspondence establishing payment and purpose.
• If based on contract requirements, attach a copy
  of the relevant pages of the contract.
• If a written opinion from reputable local counsel
  is obtained, attach a copy.
• If obtained, attach copy of correspondence from
  superior that he supports the trip and companys
  payment.

22
General Guidelines for Gifts

• The Department of Justice provided some guidance
  in an early advisory opinion (FCPA Rev. Proc.
  Rel. No. 81-1), but it is limited to the specific
  case. In that case, gifts allowed
• when permitted by local law
• when the ceremonial value of the item exceeds its
  intrinsic value
• when the cost of the gift does not exceed 500
  per person
• when the expense is commensurate with the
  legitimate and generally accepted local custom
  for such expenses by private business persons in
  the country

23
Guidelines for Gifts

• nominal in value
• not in the form of money
• permitted under the laws of the host country
• customary, in type and value, in the host country
• made transparently at an appropriate time and in
  an appropriate circumstance
• made as a courtesy or token of regard or esteem,
  or in return for hospitality
• Given openly rather than secretly
• Accurately reflected in the companys books and
  records

24
Gifts and Entertainment - Sample Policy

• Record the gift or entertainment provided and its
  value
• attach all receipts and expense records
• Identify the circumstances, such as a holiday
• If a gift arises out of local custom or is
  permitted by applicable law or regulations,
  summarize the custom or attach a copy of the
  applicable law or regulation
• If applicable law or regulation does not
  specifically address the legality of providing
  gift or entertainment, obtain written opinion of
  reputable local counsel specifying that the gift
  or entertainment is not illegal and include the
  opinion with the accounting records

25
FCPA Accounting Controls Provision

• Requires issuers to devise and maintain
  accounting controls sufficient to provide
  reasonable assurances that four objectives are
  met
• that transactions are executed in accordance with
  Managements instructions
• that transactions are recorded as necessary to
  permit proper accounting and preparation of
  financial statements
• that access to assets is controlled according to
  managements instructions
• that records are reconciled with existing assets
  at reasonable intervals

26
What is Required?

• The FCPA does not mandate any particular kind of
  internal control frameworks.
• The test is whether a system, taken as a whole,
  reasonably meets the statutes specified
  objectives.
• The SEC has made reference to what would be
  generally accepted as an adequate internal
  control system.
• Best practices have been formalized in a widely
  accepted form by the Committee of Sponsoring
  Organizations (COSO) of the Treadway
  Commission.

27
Adequate Internal Controls

• COSO broadly defines internal control as a
  process, effected by an entitys board of
  directors, management or other personnel,
  designed to provide reasonable assurance
  regarding
• 1) the efficiency of operations
• 2) the reliability of financial reporting and
• 3) compliance with applicable laws and
  regulations.

28
Adequate Internal Controls

• To achieve these objectives, effective internal
  control consists of establishing five
  interrelated components
• control environment
• risk assessment
• control activities
• information and communication systems
• monitoring mechanisms

29
Control Environment

• The "control environment" is what sets the tone
  of an organization and provides discipline and
  structure. It reflects the entitys corporate
  governance and includes
• the integrity and competence of the entity's
  people
• management's philosophy and operating style and
• the way management and the board assign authority
  and responsibility throughout the organization.

30
Risk Assessment

• "Risk assessment" is the identification and
  analysis of risks to determine how they should be
  effectively managed.
• Once risks have been identified, sourced and
  measured, steps must be taken to avoid, transfer,
  or otherwise reduce the risks to acceptable
  levels.
• As an example, to evaluate the risk of bribery
  and corruption in the procurement process, one
  might analyze how engineering could create
  specifications that favor specific vendors, how
  purchasing could unfairly award contracts, and
  how accounting could record kickbacks.

31
Control Activities

• The "control activities" are the policies and
  procedures that help ensure that management's
  directives are carried out.
• These include such practices as authorization,
  reconciliation and segregation of duties.
• Such activities would permeate the entire
  organization, at all levels and in all functions.
  
• They should be tailored to reflect the entitys
  specific control environment, objectives, and
  tolerance for risks.

32
Information and Communication

• "Information and communication systems" produce
  operational, financial and compliance related
  reports, and they also notify personnel of their
  role in the internal control system. These
  systems must provide a means for moving important
  information to the very top of the organization
  and for receiving inputs from external parties.
• As an example, consider information of corrupt
  practices coming from a whistleblower. The
  source could be a marketing clerk within the
  organization who comes across incriminating
  documents or an external vendor who witnesses a
  corrupt practice. In either event, it is
  critical that internal and external information
  be identified, captured, and communicated in a
  form and time frame that enables decision makers
  to carry out their responsibilities.

33
Monitoring

• Finally, "monitoring" is a process that assesses
  the quality of the system's performance over
  time.
• When deficiencies are discovered, they must be
  reported and appropriate remedial action taken.
• The internal enforcement mechanism must be taken
  seriously by subsidiary, branch, and regional
  management and personnel.

34
When Are Controls Adequate

• All five components should be present and
  functioning
• effectively to conclude that internal control
  over operations is
• effective. (COSO)

35
Auditors Role

• Auditors have been given added responsibility in
  detecting and reporting fraud in recent years.
• Under Statement of Accounting Standards (SAS)
  53, auditors should make appropriate inquiries of
  management , when risk factors indicate,
  concerning a companys compliance with laws
  against bribery.
• In 1997, SAS No. 82 came into effect providing
  that auditors must not only report fraud but also
  search for it. Even if not material, detected
  misstatements due to fraud must be reported.
• SEC enforcement actions are increasing under
  Books and Records provisions and related
  anti-fraud rules

36
Auditors Role

• Risk Factors that must be considered under SAS
  No. 82 may be grouped into three categories
• Managements characteristics and influence over
  the control environment
• The economic and regulatory environment in which
  Company operates
• Companys operating characteristics (nature and
  complexity of transactions) and its financial
  condition.

37
Auditors Role

• In assessing risks, the auditor may consider
• what steps have been taken to implement and
  enforce a formal code of conduct
• whether there are specific controls that mitigate
  the risk of fraud or whether specific control
  deficiencies may exacerbate the risk of fraud
• the effectiveness of a program to prevent, deter
  and detect fraud
• whether an oversight committee (e.g., audit
  committee of the board or compliance committee)
  has identified fraud risk factors

38
Communicating Findings of Fraud

• Whenever there is evidence that fraud may exist,
  SAS No. 82 requires that the matter should be
  brought to the attention of appropriate level of
  management.
• Even if not material, detected misstatements due
  to fraud must be reported at least one level of
  management above those involved.
• Communication may also be necessary to the
  compliance committee and the audit committee of
  the board as well since the management above may
  be too close to the conduct.

39
Treatment in Financial Statements

• Materiality generally governs disclosure
  obligations for publicly-held companies
• SAS No. 82 notes that an illegal payment of an
  otherwise immaterial amount could be material if
  there is a reasonable possibility that it could
  lead to a material contingent liability or a
  material loss of income.
• If material revenue or earnings are derived from
  transactions involving illegal acts, or will be
  impacted by attendant risks, that information
  must be considered for disclosure

40
Disclosure Requirements

• The 1996 Private Securities Litigation Reform Act
  provides that companies must institute procedures
  designed to provide reasonable assurance of
  detecting illegal acts that would have a direct
  and material effect on the determination of
  financial statement amounts.
• The auditor must consider the effect of an
  illegal act on the financial statements,
  including any contingent monetary effects such as
  fines, penalties, and damages.

41
Disclosure Requirements (contd)

• When an auditor concludes that an illegal act may
  have a material effect on the financial
  statements, and that senior management has not
  taken remedial action, the auditor must report to
  the board of directors that the failure to take
  remedial action is reasonably expected to warrant
  departure from a standard report of the auditor
  or warrant resignation from the audit.
• The board of directors and the auditor then have
  disclosure obligations to the SEC.

42
Effective Due Diligenceof Business Partners and
Agents

• An Ounce of Prevention...

43
Due Diligence is Critical

• Conduct due diligence on the integrity of all
  foreign partners, agents, consultants, marketing
  representatives and other business associates
• Understand their reputation and confirm their
  experience, competence and integrity
• Understand the corruption risks posed by
  conflicts of interest and relationships with
  public officials
• Follow-up on Red Flags

44
Undertaking Due Diligence Investigations
Sources of Information

• Relevant country desk officers at the U.S.
  Department of State and U.S. Department of
  Commerce (or comparable government offices)
• Commercial attaché at the U.S. embassy in the
  relevant foreign country
• Published press reports concerning the agents
  activities and corruption within the particular
  country, ministry or agency

45
Undertaking Due Diligence Investigations (contd)

• Commercial and investigative databases
• Request references from the agent and check
  reputation of agent in the local business
  community
• Conduct a site visit and assess
  operation/resources
• Ensure that terms of the proposed compensation
  arrangement appear consistent with the market for
  comparable services
• Maintain file of due diligence efforts

46
Red Flags in Using Agents

• Country has widespread history of corruption
• Questionable reputation in the business community
  
• Local law prohibits use of agents
• Agent has family or business ties to a government
  official
• Agent is recommended to you by the foreign
  government customer
• Agent insists that identity not be disclosed
• Agent refuses to expressly certify compliance
  with FCPA

47
Red Flags in Using Agents (contd)

• Agent lacks the staff or facility to perform
  services
• Agent requests a payment or commission
  substantially above the going rate.
• Agent requests commission up-front for him to
  get the business or make the necessary
  arrangements.
• Agent requests payment through some unusual means
  (e.g., to third country, third party, by bearer
  instrument, etc.)

48
GOAL - Demonstrate Integrity

• It is important that a company be able to
  demonstrate that it has conducted adequate due
  diligence, it has followed-up on red flags, and
  it has structured the transaction/relationship to
  reasonably ensure the integrity of the deal and
  compliance with the law and internal control
  best practices.

49
Supporters of The OECD Anti-Bribery Convention
Europe
Austria Belgium Czech Republic Denmark Finland Ger
many Greece
Hungary Iceland Ireland Italy Luxembourg The
Netherlands Norway Poland Portugal Slovak
Republic Spain Sweden Switzerland Turkey
North America Canada United States
Asia Australia Japan Korea New Zealand
Central South America Argentina Brazil Chile Mex
ico