Practical Lessons in Building and Sustaining a Global Ethics & Compliance Program
description
Transcript of Practical Lessons in Building and Sustaining a Global Ethics & Compliance Program
Practical Lessons in Building and Sustaininga Global Ethics & Compliance Program
January 13, 2012
2
Current Regulatory Risk Environment1
AGCO’s Background and Risk Profile2
Agenda
3
Auditing and Monitoring4
Building out the Ethics & Compliance Program5
Challenges & Lessons Learned6
Anti-Corruption Program Design & Development
Practical Lessons in Building and Sustaininga Global Ethics & Compliance Program
3
Current Regulatory Risk Environment1
AGCO’s Background and Risk Profile2
3
Auditing and Monitoring4
Building out the Ethics & Compliance Program5
Challenges & Lessons Learned6
Anti-Corruption Program Design & Development
Practical Lessons in Building and Sustaininga Global Ethics & Compliance Program
4
Current Regulatory Risk Environment
Navigating the Regulatory and Reputational Labyrinth
Financial reform. Health reform. UK Bribery Act. Basel III. Wherever you sit in the world, an intricate patchwork of emerging regulations affects the way companies do business.
Sixty percent of PwC’s 2011State of the Internal Audit Profession Study respondents expect an increase in attention to regulatory compliance programs in their audit plans.
5
Corruption Risk Trends – Key Drivers US Regulators have been increasingly aggressive in expanding the reach of the FCPA– Continued high level of enforcement actions, particularly against individuals– Industry-focused investigations– Dodd-Frank measures to incentivize whistle blowers
Coordinated approaches to regulation and enforcement internationally– OECD Anti-Bribery Convention – UK Anti-Bribery Act– Double, or even multiple, jeopardy – Increased parallel investigations
Slow growth in mature markets drives further expansion into emerging markets– Inherent risk from culturally acceptable corruption– Populist sentiment against corruption (India movement)– China anti-bribery laws
Current Regulatory Risk Environment
6
Corporate prosecutions of FCPA violations(affiliated companies aggregated)
Source: Philip Urofsky and Danforth Newcomb, Recent Trends and Patternsin the Enforcement of the FCPA, January 2011
Current Regulatory Risk Environment
7
FCPA criminal and civil fines imposed on corporations globally
Jan-Jun
Source: Philip Urofsky, Recent Trends and Patterns in the Enforcement of theFCPA, July 2011. (www.shearman.com)
Current Regulatory Risk Environment
8
Titles of those charged with civil and/or criminal violations 2006–2011 (ytd)
Source: Scott Peeler, A Study of Individual Liability under the Foreign CorruptPractices Act,” Chadbourne Compliance Quarterly, October 2011
Current Regulatory Risk Environment
9
Geographical distribution of individual civil and/or criminal casesBased on location(s) of alleged bribe 2006-2011 (ytd)
Source: Scott Peeler, “A Study of Individual Liability under the Foreign CorruptPractices Act,” Chadbourne Compliance Quarterly, October 2011
Current Regulatory Risk Environment
10
Current Regulatory Risk Environment1
AGCO’s Background and Risk Profile2
3
Auditing and Monitoring4
Building out the Ethics & Compliance Program5
Challenges & Lessons Learned6
Anti-Corruption Program Design & Development
Practical Lessons in Building and Sustaininga Global Ethics & Compliance Program
11
2010 Revenues $6.9B Founded in 1990 Headquartered in Duluth, GA Leading Pure Play global ag
equipment company
Full range of products and services Portfolio of Brands to meet different
segments of the market
Well-positioned in growing markets 2,600 independent dealers in
140 countries
Two significant acquisition in Q4 2011 – GSI, Dafeng
AGCO’s Background and Risk Profile
NorthAmerica 22%
ROW 4%
EAME 49%
SouthAmerica 25%
Overview
12
AGCO’s Background and Risk Profile
Award Winning Products
13
Individually Yours
A World of Experience – Working with You
Smart Machines. Serious Results.
Efficient Technology
AGCO’s Background and Risk Profile
Leading Brands
14
AGCO’s Background and Risk Profile
Service for Our Customers
15
AGCO’s Background and Risk Profile
Global Presence
16
United States – Corporate Headquarters and manufacturing centersUnited Kingdom – EAME shared service centerChina – over $200 million in planned investmentsFrance/Germany, Switzerland – European Principal Company, major manufacturing centersIndia, Russia, Brazil, Mexico – significant expansion, manufacturing centers, major joint ventures
AGCO’s Background and Risk Profile
Regulatory Challenges
17
Oil for Food InvestigationOn February 2, 2006 AGCO received a government subpoena related to alleged violations of the Foreign Corrupt Practices Act from AGCO’s business practices conducted in Iraq under the Oil for Food Program.
Management and the Department of Justice (DOJ) conducted an investigation and the results of the investigation revealed that AGCO’s books and records did not meet the full standards under the books and records provisions of the Foreign Corrupt Practices Act.
A settlement was reached with the DOJ$20 million in penalties3 year deferred prosecution agreement.
Under this agreement, AGCO agreed to enhance its anti-corruption compliance programs. Additionally, AGCO was required to submit an annual update to the DOJ regarding the progress of the enhancements to the anti-corruption programs.
Risk Profile
18
Legacy Ethics & Compliance ProgramA Corporate Code of Conduct existed but:
High level guidelines regarding applicable requirements and ethical business conductLimited formal training and guidanceFocus on requirements for SOX compliance
Limited supporting infrastructure and processesGeneral counsel driven with no supporting compliance organizationLimited communication from the topHotline not widely utilized
Guidance related to FCPA was limited to one paragraph in the Code of Conduct
AGCO Background and Risk Profile
19
Auditors or Consultants?
Are we the police or do we help?How do we keep independence and objectivity?
SituationImmediate change neededNo proven existing compliance organization or structureLimited internal resources and expertise available
What AGCO chose Internal Audit was asked to participate as an advisor and developerInternal Audit to design the frameworkInternal Audit to design the procedures with Management inputPartnered with internal and external counsel
Challenges How do you ensure sufficient knowledge and expertiseHow do you transition ownership of the procedures to ManagementHow do you ensure sufficient Management oversight
AGCO’s Background and Risk Profile
20
Current Regulatory Risk Environment1
AGCO’s Background and Risk Profile2
3
Auditing and Monitoring4
Building out the Ethics & Compliance Program5
Challenges & Lessons Learned6
Anti-Corruption Program Design & Development
Practical Lessons in Building and Sustaininga Global Ethics & Compliance Program
21
Anti-Corruption Program Design and Development
Slide 21
Evaluate awareness Walkthrough of procedures and controls Supplemental classroom training and workshops
Design of controls Pilot location review and gap analysis Localized, specific policies and procedures Local Procedural Addendums to A-C Manual
Operating effectiveness of controls Detailed testing of controls and transactions
– Compliance with policies and procedures– Identify potential FCPA risks
Use of technology and data mining– Analysis of customer and vendor master data– Expenditure review; sales reporting
Control Environment
Training, Acceptance and Awareness
FCPA specific procedures and controls
Transactional processes, data and reporting
Compliance Monitoring and Auditing
Corporate Policies
Cor
pora
te L
evel
Loca
tiona
l Lev
el
Risk Assessment Nature and volume of sensitive transactions Business model specifics (dealers, distributors, agents) Country/location specific risks
Policy Development Enhanced Code of Conduct & Business Ethics International Anti-Corruption Policy Anti-Corruption Compliance Manual
Training Design and Deployment General awareness training and education Local, function specific training CBT and classroom
22
Global Code of Conduct
International Anti-Corruption Policy
Local Procedural Addendums
Trai
ning
and
Awa
rene
ss
Anti-Corruption Compliance Manual
Audits and Compliance M
onitoring
Anti-Corruption Compliance
Program
Anti-Corruption Program Design and Development
AGCO’s Anti-Corruption Compliance Program
23
AGCO International Anti-Corruption Policy Provides formal guidelines, procedures and controls to help employees comply with
anti-corruption regulations; Available in seven languages: English, German, French, Chinese, Portuguese, Finnish,
and Russian; Broadly distributed and accessible via AGCO’s intranet; Designates regional contacts to clarify questions related to Anti-Corruption; and, Requires annual certification of knowledge and familiarity with Anti-Corruption policies.
Anti-Corruption Program Design and Development
24
Anti-Corruption Compliance Manual Designed to aid employees in ensuring FCPA compliance; Outlines more detailed procedures to be used in conjunction with applicable local laws
and regulations; Available in seven languages: English German, French, Chinese Simplified, Portuguese,
Finnish, and Russian; Accessible via AGCO’s intranet; Initially developed based on gaps identified in the initial “Pilot” review and
internal investigations; Periodically reviewed and updated based on internal audit compliance reviews and
changes in the business.
Anti-Corruption Program Design and Development
25
Compliance Manual – Local Procedural AddendumsAnti-Corruption Program Design and Development
Internal Audit visited key sites to facilitate localized Anti-Corruption/FCPA compliance. Teams worked with management to assess location or brand business practices and construct procedural addendums that outline specific controls and processes. The addendums are designed to better enable that location/brand to comply with AGCO’s Anti-Corruption Compliance Program. Key areas addressed include:
New Customer Approval and Setup New Vendor Approval and Set Up Relationships with Intermediaries Bids and Tenders Reporting of Direct Sales Commission Payments Employee Expenses for T&E of
Government Officials
Reporting of Government Related Expenditures
Facilitating Payments Promotional and Marketing
Expenses, Gifts Political Contributions Employee Cash Advances Vendor and Customer Master
Changes & Maintenance
26
Training & Awareness – Code of ConductAGCO developed computer based training on the Code of Conduct for employees globally: Currently available in seven languages (including supplementary policy documents*); Required and tracked for the majority of administrative and back office employees; Includes certification and a test; and Loaded on Learning Management System with ability to track certification and test scores.
*Supplementary policy documents that were also translated include:
Code of Conduct Insider Trading Policy US Antitrust Guidelines EU Competition Law Guidelines
Anti-Corruption Program Design and Development
Related Party Transaction Policy Export Controls Policy IT Security Program Equal Employment Opportunity
Policy
27
Training & Awareness – Anti-CorruptionAnti-Corruption Program Design and Development
AGCO also developed computer based training around Anti-Corruption and compliance with AGCO’s Anti-Corruption Compliance Program: Available in seven languages in total; Covers key components of the FCPA and the AGCO Anti-Corruption Policy; Includes examples and scenarios to highlight risks and emphasize key elements of the
program; Includes a certification and a test; Includes specific sections with more detailed training for Sales & Marketing, Purchasing
and Finance employees; and Loaded on Learning Management System with ability to track certification and test scores
28
Anti-Corruption Program Design and Development
Historical Data Analysis:Analyzed all customer / vendor master data to screen and identify higher risk third parties: Entities and related individuals in high corruption index or sanctioned countries Focus on FCPA and OFAC regulation exposures Identification of government entities and politically exposed persons
The project covered 20 key AGCO locations and nearly 200,000 customer/vendor master records.
Prospective Control Procedures: Utilizing a third party web-based tool in the screening/due diligence of new customers and
vendors Expanding to screening procedures for other risk exposures such as export controls
AGCO Customer and Vendor Data
Data Matching Tool
Manual Follow up Procedures
Matches Based on Similar Names and Addresses
Compares Customer and Vendor Data to World Compliance and Common Hotlist Databases
Compares Customer and Vendor countries to the Corruption Perceptions Index
Results
Transactional Review and Data Analysis
29
Current Regulatory Risk Environment1
AGCO’s Background and Risk Profile2
3
Auditing and Monitoring4
Building out the Ethics & Compliance Program5
Challenges & Lessons Learned6
Anti-Corruption Program Design & Development
Practical Lessons in Building and Sustaininga Global Ethics & Compliance Program
30Slide 30
Not documented/Informal Formalized Program/Procedural Details
Program Maturity
Cor
pora
teLo
catio
ns
Applicability & Risk Assessment
Program Design Effectiveness & Awareness
Control Design & Awareness
Operating Effectiveness & Detailed Transactions
Level of Procedures
1
2
3
4
Auditing and Monitoring
Program Assessment Model
31
Multi-Year Audit ApproachAuditing and Monitoring
After implementing the program, Management asked IA to provide annual assessments of the effectiveness of what had been implemented. This consisted of the following audit programs by program year:
Year 1 – Determine degree of procedural compliance at location level
Year 2 – Evaluate degree of procedural compliance at location level and degree of Management oversight at the regional level
Year 3 – Expand audit to include year 2 scope, plus evaluate substance of decisions reached for FCPA related transactions
32
Year One
Findings Large degree of procedural non-compliance Lack of management oversight and
coordination
Root Cause Some procedures were too general (check
for compliance, approve transactions, etc.) Lack of clarity of who is responsible for
what Did not include all key business owners in
development and training
Auditing and Monitoring
Management Response Creation of centralized “Compliance Center”
and organization for Region 1 Better business participation in design
phase Design focusing on desktop procedures Clear assignment of responsibility Creation of enhanced Management
oversight, training and communication processes
33
Auditing and Monitoring
EAME, EEA and ANZ FCPA – Renewed Focus
34
Auditing and Monitoring
EAME FCPA Documentation
Bids, Tenders & Direct Sales
New Vendors
New Customers
New Agents/ Consultants
EAME FCPA
Miscellaneous payments
Compliance Center Organization
35
SharePoint Compliance Center SiteAuditing and Monitoring
36
Year Two
Findings Improved procedural compliance Effective oversight in region one Ineffective oversight program in region two
– improvement, but still procedural non-compliance
Root Cause – Region One Effective Management oversight Effective education, training and
accountability efforts
Root Cause – Region Two Failure to effectively provide Management
oversight
Auditing and Monitoring
Management Response Region one – recognition from the Chief
E&C Officer and CFO Region two – adoption of the “Compliance
Center” and organization
37
Year Three
Findings Region one continues to perform well Region two – procedural compliance
continued to decline During a process/system change in one
area, FCPA controls were not carried forward into the new process
Root Cause Region two failed to provide oversight
personnel The Compliance Center for Region Two did
not have substance– No oversight capacity added– Manager’s didn’t self-monitor
Communication and awareness was lacking
Auditing and Monitoring
Management Response Global Management now overseeing
Region Two development Punitive actions taken Resources and substance to be provided to
ensure complete adoption
38
Internal Audit Process
Create
Monitor
Improve
Sustain
39
Current Regulatory Risk Environment1
AGCO’s Background and Risk Profile2
3
Auditing and Monitoring4
Building out the Ethics & Compliance Program5
Challenges & Lessons Learned6
Anti-Corruption Program Design & Development
Practical Lessons in Building and Sustaininga Global Ethics & Compliance Program
40
E&C program was assessed against a framework incorporating elements of recognized compliance frameworks and guidelines
Federal Sentencing GuidelinesCOSOOpen Compliance & Ethics Group (OCEG) Identified and prioritized gaps and
enhancement opportunitiesDeveloped 2 year road map to further develop
the program
Building out the Ethics & Compliance Program
Initial Maturity AssessmentMaturity of E&C Program Elements
Level of Maturity
Immature/Non-Existent
Industry Average
LeadingPractice
- +
Strategy, Mission and VisionGovernance and Organization
Risk Assessment
Policies and Procedures
Delegation of Authority and Due DiligenceExisting and Emerging Laws and RegulationsTraining and CommunicationMonitoring, Auditing and Self EvaluationInternal Communication and Reporting
Issue Escalation and Resolution
Discipline and Incentives
41
Compliance Risk Assessment & Policy InventoryIdentified and evaluated other compliance requirements beyond Anti-Corruption
Inventory of applicable regulatory requirements by geographic regionAssessed risk of non-compliance Assessed potential economic and reputational exposure Performed high level assessment of key program elementsExistence, quality and relevance of policies and proceduresLevel of ownership and accountabilityExistence and availability of training programs Set priorities for further development of compliance programsMulti-year, risk-based road map for Chief Compliance Officer Leverage the framework developed for Anti-Corruption Compliance ProgramInternal Audit involvement in various subject matter areas
Advice on development of programsEvaluating and testing existing programsOngoing monitoring activities
Building out the Ethics & Compliance Program
42
Regions Other Factors
Risks
Global N. America
S. America
EAME/EAPAC
Ownership
Policies
Training
Accounting and Financial Reporting l l Anti-bribery/Anti-Corruption l l lAntitrust, Mergers & Competition l l ÒCommercial Regulations Conflicts of Interest l Ò Contracts & Strategic Agreements Ò Ò ÒCorporate Responsibility and Sustainability Ò Employee Labor l Environmental Ethics and Compliance l l ÒExport/ Import Ò Ò Government Contracting Intellectual Property l International Trade Lobbying & Political Activities l l lPrivacy/Confidentiality/Data Protection l Quality/Product Liability Records Management l l Securities Ò Tax l l lUnclaimed Property Ò Workplace Safety Ò
KeyRisks Other Factors
Top Elevated Lowered Insufficient information to
evaluate
Partial information
available
Significant information
available Ò l
Building out the Ethics & Compliance Program
43
Current Regulatory Risk Environment1
AGCO’s Background and Risk Profile2
3
Auditing and Monitoring4
Building out the Ethics & Compliance Program5
Challenges & Lessons Learned6
Anti-Corruption Program Design & Development
Practical Lessons in Building and Sustaininga Global Ethics & Compliance Program
44
Ensure you have the proper sponsor – stature and authority Have a clear scope and plan Account for cultural differences Do not underestimate the difficulty in moving from concept (policy) to reality (desk top
procedures) Ensure you have a robust and aggressive Management oversight function built into the
program to ease transition Be flexible – compliance is important, not adherence to one standard Do not make it overly complex – keep it simple to ease initial adoption, change
management and introduction into new locations Determine your resource needs and the skill sets of your team – put the right person in the
right role
Challenges and Lessons Learned
45
Presenters
Jonathan CorleyAGCO CorporationGlobal Internal Audit [email protected]
Jeff KammererPwCPartner, Risk [email protected]
Practical Lessons in Building and Sustaininga Global Ethics & Compliance Program