Compliance Due Diligence: Mergers & Acquisitions and Third ...€¦ · 9/20/2013 1 LOUIS PEROLD...

9/20/2013

1

LOUIS PEROLD

COMPLIANCE MANAGER, SASOL LTD.

KRISTA MUSZAK

SENIOR COMPLIANCE ANALYST, PAYCHEX, INC.

2013 Compliance and Ethics Institute 1

Compliance Due Diligence In

Multi-National Transactions:

Mergers & Acquisitions

and Third Parties

TODAY’S AGENDA

• Overview of Compliance program due diligence

• Risks found in Mergers & Acquisitions and Third

Parties

• Assessing a due diligence program

• Emerging Markets

• Enforcement programs for anti-corruption and anti-

bribery.


9/20/2013

2

OVERVIEW

What is compliance program due diligence

• It is the process of reviewing the adequacy and effectiveness of a

company’s compliance program to detect and mitigate the regulatory

risks applicable to the areas of operations such as health & safety,

environment, tax, human resources, sales & marketing etc..

Purpose of compliance program due diligence

• To determine if the target company has an adequate compliance

program, according to the SEC guidelines, to prevent violations. This

provides substantial protection against government enforcement

action.

Benefit

• If an effective and robust compliance program is found to be in place

it can be used as a defense in case of government prosecution.


RISKS

What are the risk areas?

• Industry specific risks

• Specific regulatory requirements for different industries, i.e.

energy, food & drugs, transport, financial services, medical

devices

• General risks

• Anti corruption, anti trust


9/20/2013

3

COMPLIANCE PROGRAM RISK INVENTORY

• Accounting Fraud/Earnings

management

• Antitrust/competition law

• Confidential information

• Conflicts of interest

• Consumer protection

• Document

Management/Retention

• Employment/Labor

• Environmental

• Government Contracting

• Harassment

• Intellectual property


o Money Laundering

o Political

contributions/bribery/lobbying

o Privacy

o Product/service safety

o Purchasing

o Securities

o Taxes

o Wages

o Workplace safety and health

o Workplace violence and security

ASSESSING A

PROGRAM

5 Step process:

1. Establish points of contact

2. Collect relevant documents

3. Review the Compliance and Ethics Mission and Goals

4. Review the 7 Elements of an Effective compliance Program

• Oversight and operational structure of the program

• Policies and Procedures/Code of Conduct

• Education, Training and communication

• Monitoring and auditing

• Reporting

• Response to detected violations

• Enforcement Practices/Disciplinary Action

5. Review the periodic evaluation of the program’s effectiveness


9/20/2013

4

ASSESSING A

PROGRAM CONT.

Review the 7 Elements of an Effective compliance Program

1. Oversight and operational structure of the program

• Role of the Board

• Compliance Officer/Committee

• Reporting & Access

• Program Personnel

• Budget/Resources


ASSESSING A

PROGRAM CONT.


2. Policies and Procedures/Code of Conduct

• Identify industry practices & standards and laws & regulations

• Policies & procedures developed accordingly

• Review cycles

• Distributed

• Enforced


9/20/2013

5

ASSESSING A

PROGRAM CONT.


3. Education, Training and communication

• Training process: Formal & Informal

• Plan & schedules

• Material developed – fit for purpose

• Delivery channels


ASSESSING A

PROGRAM CONT.


4. Monitoring and auditing

• Audit plan & methodology – risk based

• Audit frequency

• Independence


9/20/2013

6

ASSESSING A

PROGRAM CONT.


5. Reporting

• System for reporting – anonymous

• Non-retaliation policy

• Investigations

• Record keeping


ASSESSING A

PROGRAM CONT.


6. Response to detected violations

• Response process to detected violations

• Disclosures procedures

• Corrective action plans to prevent recurrences

• Obtain history of violations, actions taken and auditing results


9/20/2013

7

ASSESSING A

PROGRAM CONT.


7. Enforcement Practices/Disciplinary Action

• Disciplinary and termination practices

• Distributed and understood


ASSESSING A

PROGRAM CONT.

Red flags

• Ineffective compliance program elements

• Company in financial difficulty

• Frequent breached of policies and procedures

• Inactive compliance and ethics committee

• No access to the board

• No regular reports to the board

• CCO not allowed direct access to the CEO

• Lack of independence

• Frequent requests to waive policies

• No consistent consequence management for violations


9/20/2013

8

RISK DETERMINATION


Company Name

Company's Industry Jurisdiction Total Annual Revenue USD

Aerospace Africa Less than $ 500 million

Agriculture/Livestock Asia Pacific $ 500 - $900 million

Automobile Australia $ 1 - $1.9 billion

Banking Canada $2 - $2.9 billion

Business Services Europe Middle East $3 - $3.9 billion

Chemicals United Kingdom $4 - $4.9 billion

Electronics United States $5 - $9.9 billion

Computer Software/Internet $10 - $25 billion

Construction More that $25 billion

Consumer Product Goods

Defense/Military

Distribution/Wholesale

Education

Energy

Engineering

Entertainment

Financial Services

Food beverages and Tabaco

Government/Public Sector

Health Care/Health Insurance

Hospitality

Insurance

IT Services

Manufacturing

Media, Publishing and Communications

Metals/Mining

Pharmaceuticals/Biotech

Real Estate

Retail

Telecommunications

Transportation and Logistics

Utilities

Other

RANKING YOUR

PROGRAM

7 Elements of an Effective Compliance Program

Principles Description Level 1 Level 2 Level 3 Level 4 Level 5

1 Compliance oversight and operational structure of the program

2 Standards, Policies and Procedures/Code of Conduct

3 Compliance Risk management

4 Education, Training and communication

5 Monitoring and auditing

6 Reporting

7 Response to detected violations

8 Enforcement Practices/Disciplinary Action


9/20/2013

9

RANKING YOUR

PROGRAM

Level 1- Absent

There is no commitment to compliance illustrated by no dedicated resources, no

formal compliance policy and the absence of a compliance program.

Level 2- Reactive

There is commitment to address compliance issues when major breaches arise.

Level 3- Foundation

There is commitment to address compliance issues when major breaches arise.

There is no formal compliance program but policies and monitoring activities are put

in place to prevent the reoccurrence of major breaches.

Level 4- Proactive

There is a commitment to have a strong compliance program in place with dedicated

resources and a clear assessment of all risk areas. The program encompasses on-

going monitoring and measurement as well as proactive and preventative elements.

Level 5- Embedded

The compliance program pervades the organization in every respect: strategically,

culturally and operationally. Every staff member is aware of and takes appropriate

responsibility for the effective implementation of the compliance program and its

ongoing improvement.


RISK CASE STUDY:

HALLIBURTON

DOJ Opinion Procedure Release 08-02

• Privacy regulations

• Warranties

• Price


9/20/2013

10

COMPLIANCE PROGRAM

STANDARDS AROUND

THE GLOBE


COMPLIANCE PROGRAM

STANDARDS AROUND THE

GLOBE

• Australasian Compliance Institute: ISO 31000 standards

• Compliance Institute of Southern Africa: Generally

Accepted Compliance Practice framework

• Applying and difference to the US Sentencing Guidelines


9/20/2013

11

COMPLIANCE PROGRAM

STANDARDS AROUND

THE GLOBE


Sentencing Guidelines: 7

Principles – USA

Generally Accepted Compliance

Practice framework – Southern

Africa

1. Compliance Oversight 1. Governance

2. Responsibility of Management,

3. Establishment of a compliance

Function,

4. Status,

5. Independence

COMPLIANCE PROGRAM STANDARDS

AROUND THE GLOBE


Sentencing Guidelines 7

Principles – USA

Generally Accepted Compliance

Practice framework – Southern

Africa

2. Standards and Procedures

3. Education and Training

4. Auditing and Monitoring

5. Reporting

6. Enforcement and Discipline

7. Response and Prevention

6. Compliance Policy Statement,

7. Compliance Function’s Role &

responsibility: • Identify and assess compliance

obligations

• Policies, procedures and controls

• Adequacy and effectiveness

monitoring

• Report to management and

regulators

• Communication, advice, guidance

and training

• Record keeping

9/20/2013

12

DUE DILIGENCE AND

MERGERS & ACQUISITIONS

Case Study & Discussion


THIRD PARTY

ASSESSMENTS


Anti-corruption Assessment Plan of a Third Party

What is your risk profile in the region?

What is the third party's risk profile?

Is a third party truly necessary to conduct/facilitate your business?

Are they multi-tiered? (sub-suppliers?)

Are the suppliers local or at the corporate level?

What are their credentials/expertise?

What are their established relationships that can help or hurt your business?

What are their policies and procedures? Are they inline with yours?

Are there any violations against the third party?

Are there any violations against the principal agents/owners of the third party ?

How long is this relationship going to last?

9/20/2013

13

THIRD PARTY

ASSESSMENTS

Due Diligence Implementation plan for a Third Party

Assign designee to facilitate implementation

Create contract in precise language; include expectations of business relationship

Educate third party in your business acumen

Account for travel to facilitate implementation

Ensure policies are written in clear, easy to follow language

Address specific risk profile vulnerabilities

Develop a plan to address any violations.


COMMON THIRD

PARTY RED FLAGS

To assist companies in understanding third party risk, DOJ and SEC identify these common red flags in the Guide:

• excessive commissions to third-party agents or consultants;

• unreasonably large discounts to third-party distributors;

• vaguely described services" within third-party consulting agreements;

• the third party’s line of business differs from that for which it has been engaged;

• the third party is related to or closely associated with the foreign official;

• a foreign official initiated or requested the third party’s involvement;

• the third party is a shell company incorporated in an offshore jurisdiction;

• the third party requests payment to offshore bank accounts.


http://www.sec.gov/spotlight/fcpa/fcpa-resource-guide.pdf

9/20/2013

14

DUE DILIGENCE AND

THIRD PARTIES

Case Study & Discussion


EMERGING MARKET RISKS

• Immature legislation

• Enforcement

• Culture

• Interaction between regulators


9/20/2013

15

DOJ/SEC

ENFORCEMENT

Benchmark your methods against these trends

• What is the bribery risk for your business?

• What is the commitment from the top?

• How robust is your due diligence program?

• Do you provide a consistent message within the Policies,

Procedures and Training?

• Do you have a strong Implementation, Monitoring and Review

process in place to safeguard your business?


ENFORCEMENT

ABROAD

• UK Bribery Act of 2010

• United Nations Convention Against Corruption

• Organisation for Economic Cooperation and

Development (OECD)


9/20/2013

16

CASES &

LESSONS LEARNED

• SEC v. Christopher Black

• Titan Communications

• Alcoa/Alumina

• Tyco fraud case

• Morgan Stanley and Peterson


Discovery

Resolution

Responsibility

Corrective Action

CASES &

LESSONS LEARNED


Titan Corporation

An early FCPA enforcement action

DOJ emphasized lack of internal controls: Apart from ABAC policy Titan had no compliance programme i.e. no due diligence, training, on-going monitoring

At the time, 2005, the $28.5 million in penalties were largest ever imposed on a corporate in terms of the FCPA

Alcoa

Corrupt payments to officials at state-owned Alba (Aluminium Bahrain B.S.C.) in exchange for raw material supply contracts

Possible FCPA settlements with the DOJ and SEC for alleged bribes to officials of Bahrain's Alba could amount to more than $300 million in 2013

In 2011, Victor Dahdaleh, who had acted as Alcoa's agent in Bahrain, was arrested in London, where he lives. He was charged under U.K. law with bribing officials at Alba.

Last year, Bruce Allan Hall, an Australian who served as CEO of Alba, was charged in London with taking bribes. Hall was extradited from Australia after his arrest there in 2010.

Inadequate internal controls.

http://www.fcpablog.com/blog/2011/10/25/alcoa-agent-arrested-in-uk.html

http://www.fcpablog.com/blog/2012/2/16/former-alba-chief-charged-in-london.html

9/20/2013

17

CASES &

LESSONS LEARNED


Tyco (Fraud case)

Crackdown on corporate corruption case

SEC filed civil fraud cases against 3 former top executives, including the CEO and CFO

Failed to disclose multi-million dollar low interest and interest-free loans taken from company as required by federal securities laws

Former Tyco CEO Dennis Kozlowski and ex-CFO Mark Swartz were found guilty of stealing hundreds of millions of dollars from the manufacturing conglomerate

After the verdicts were read in court, Dennis Kozlowski's face was scarlet red and his daughter buried her face in her hands, according to an eyewitness. Swartz' wife appeared to be in shock and Kozlowski's wife was crying.

The trial of Kozlowski and Swartz was solely about the improper use of company funds, in other words, greed.

The 66-year-old Kozlowski and former Tyco International Ltd. chief financial officer Mark Swartz were convicted in 2005 of fraud and larceny and sentenced to 8 1/3 to 25 years in prison.

Kozlowski was denied parole in April 2012 on his sentence in a $100 million fraud case. He challenged the decision and a mid-level appeals court ruled Tuesday that the state parole board acted properly.

CASES &

LESSONS LEARNED


SEC vs Christopher Black

CFO and senior vice president of American Commercial Lines Inc.

According to the SEC, Office Depot, and its then CEO and CFO, selectively signalled to analysts and institutional investors that the company would not meet analysts’ earnings estimates for the second quarter of 2007

Caused violation of section 13(a) of Exchange Act due to selective disclosures made agreed to pay penalties of $50,000.

Significantly, in each of these actions, the SEC noted that Office Depot, the company involved, did not have written policies or procedures concerning Regulation FD and had not conducted any formal training in this area.

Morgan Stanley & Peterson

Peterson conspired with others to circumvent Morgan Stanley’s internal controls in order effect bribe payments

DOJ declined to prosecute Morgan Stanley due to adequate controls implemented to prevent bribery

Controls were related to training, compliance notifications, counterparty due diligence and on going testing and monitoring of the control environment

Adequate compliance programme was a defence against DOJ enforcement

Peterson imprisoned for 9 months

9/20/2013

18

THANK YOU!

Louis Perold [email protected]

za.linkedin.com/pub/louis-perold/28/663/3a2/

Krista Muszak [email protected]

http://www.linkedin.com/pub/krista-muszak/5a/9a0/495

Disclaimer:

This presentation provides general information and is not

legal advice and should not be used or taken as legal advice

for specific situations. You should consult with legal counsel

before taking any action or making any decisions concerning

the matters in this presentation.


5

mailto:[email protected]








Compliance Due Diligence: Mergers & Acquisitions and Third ...€¦ · 9/20/2013 1 LOUIS PEROLD...

Documents

Transcript of Compliance Due Diligence: Mergers & Acquisitions and Third ...€¦ · 9/20/2013 1 LOUIS PEROLD...