Practical Lessons in Building and Sustaining a Global Ethics & Compliance Program

Practical Lessons in Building and Sustaininga Global Ethics & Compliance Program

January 13, 2012

2

Current Regulatory Risk Environment1

AGCO’s Background and Risk Profile2

Agenda

3

Auditing and Monitoring4

Building out the Ethics & Compliance Program5

Challenges & Lessons Learned6

Anti-Corruption Program Design & Development


3



3






4

Current Regulatory Risk Environment

Navigating the Regulatory and Reputational Labyrinth

Financial reform. Health reform. UK Bribery Act. Basel III. Wherever you sit in the world, an intricate patchwork of emerging regulations affects the way companies do business.

Sixty percent of PwC’s 2011State of the Internal Audit Profession Study respondents expect an increase in attention to regulatory compliance programs in their audit plans.

5

Corruption Risk Trends – Key Drivers US Regulators have been increasingly aggressive in expanding the reach of the FCPA– Continued high level of enforcement actions, particularly against individuals– Industry-focused investigations– Dodd-Frank measures to incentivize whistle blowers

Coordinated approaches to regulation and enforcement internationally– OECD Anti-Bribery Convention – UK Anti-Bribery Act– Double, or even multiple, jeopardy – Increased parallel investigations

Slow growth in mature markets drives further expansion into emerging markets– Inherent risk from culturally acceptable corruption– Populist sentiment against corruption (India movement)– China anti-bribery laws


6

Corporate prosecutions of FCPA violations(affiliated companies aggregated)

Source: Philip Urofsky and Danforth Newcomb, Recent Trends and Patternsin the Enforcement of the FCPA, January 2011


http://www.shearman.com/

7

FCPA criminal and civil fines imposed on corporations globally

Jan-Jun

Source: Philip Urofsky, Recent Trends and Patterns in the Enforcement of theFCPA, July 2011. (www.shearman.com)


http://www.shearman.com/

8

Titles of those charged with civil and/or criminal violations 2006–2011 (ytd)

Source: Scott Peeler, A Study of Individual Liability under the Foreign CorruptPractices Act,” Chadbourne Compliance Quarterly, October 2011


9

Geographical distribution of individual civil and/or criminal casesBased on location(s) of alleged bribe 2006-2011 (ytd)

Source: Scott Peeler, “A Study of Individual Liability under the Foreign CorruptPractices Act,” Chadbourne Compliance Quarterly, October 2011


10



3






11

2010 Revenues $6.9B Founded in 1990 Headquartered in Duluth, GA Leading Pure Play global ag

equipment company

Full range of products and services Portfolio of Brands to meet different

segments of the market

Well-positioned in growing markets 2,600 independent dealers in

140 countries

Two significant acquisition in Q4 2011 – GSI, Dafeng

AGCO’s Background and Risk Profile

NorthAmerica 22%

ROW 4%

EAME 49%

SouthAmerica 25%

Overview

12


Award Winning Products

13

Individually Yours

A World of Experience – Working with You

Smart Machines. Serious Results.

Efficient Technology


Leading Brands

14


Service for Our Customers

15


Global Presence

16

United States – Corporate Headquarters and manufacturing centersUnited Kingdom – EAME shared service centerChina – over $200 million in planned investmentsFrance/Germany, Switzerland – European Principal Company, major manufacturing centersIndia, Russia, Brazil, Mexico – significant expansion, manufacturing centers, major joint ventures


Regulatory Challenges

17

Oil for Food InvestigationOn February 2, 2006 AGCO received a government subpoena related to alleged violations of the Foreign Corrupt Practices Act from AGCO’s business practices conducted in Iraq under the Oil for Food Program.

Management and the Department of Justice (DOJ) conducted an investigation and the results of the investigation revealed that AGCO’s books and records did not meet the full standards under the books and records provisions of the Foreign Corrupt Practices Act.

A settlement was reached with the DOJ$20 million in penalties3 year deferred prosecution agreement.

Under this agreement, AGCO agreed to enhance its anti-corruption compliance programs. Additionally, AGCO was required to submit an annual update to the DOJ regarding the progress of the enhancements to the anti-corruption programs.

Risk Profile

18

Legacy Ethics & Compliance ProgramA Corporate Code of Conduct existed but:

High level guidelines regarding applicable requirements and ethical business conductLimited formal training and guidanceFocus on requirements for SOX compliance

Limited supporting infrastructure and processesGeneral counsel driven with no supporting compliance organizationLimited communication from the topHotline not widely utilized

Guidance related to FCPA was limited to one paragraph in the Code of Conduct

AGCO Background and Risk Profile

19

Auditors or Consultants?

Are we the police or do we help?How do we keep independence and objectivity?

SituationImmediate change neededNo proven existing compliance organization or structureLimited internal resources and expertise available

What AGCO chose Internal Audit was asked to participate as an advisor and developerInternal Audit to design the frameworkInternal Audit to design the procedures with Management inputPartnered with internal and external counsel

Challenges How do you ensure sufficient knowledge and expertiseHow do you transition ownership of the procedures to ManagementHow do you ensure sufficient Management oversight


20



3






21

Anti-Corruption Program Design and Development

Slide 21

Evaluate awareness Walkthrough of procedures and controls Supplemental classroom training and workshops

Design of controls Pilot location review and gap analysis Localized, specific policies and procedures Local Procedural Addendums to A-C Manual

Operating effectiveness of controls Detailed testing of controls and transactions

– Compliance with policies and procedures– Identify potential FCPA risks

Use of technology and data mining– Analysis of customer and vendor master data– Expenditure review; sales reporting

Control Environment

Training, Acceptance and Awareness

FCPA specific procedures and controls

Transactional processes, data and reporting

Compliance Monitoring and Auditing

Corporate Policies

Cor

pora

te L

evel

Loca

tiona

l Lev

el

Risk Assessment Nature and volume of sensitive transactions Business model specifics (dealers, distributors, agents) Country/location specific risks

Policy Development Enhanced Code of Conduct & Business Ethics International Anti-Corruption Policy Anti-Corruption Compliance Manual

Training Design and Deployment General awareness training and education Local, function specific training CBT and classroom

22

Global Code of Conduct

International Anti-Corruption Policy

Local Procedural Addendums

Trai

ning

and

Awa

rene

ss

Anti-Corruption Compliance Manual

Audits and Compliance M

onitoring

Anti-Corruption Compliance

Program


AGCO’s Anti-Corruption Compliance Program

23

AGCO International Anti-Corruption Policy Provides formal guidelines, procedures and controls to help employees comply with

anti-corruption regulations; Available in seven languages: English, German, French, Chinese, Portuguese, Finnish,

and Russian; Broadly distributed and accessible via AGCO’s intranet; Designates regional contacts to clarify questions related to Anti-Corruption; and, Requires annual certification of knowledge and familiarity with Anti-Corruption policies.


24

Anti-Corruption Compliance Manual Designed to aid employees in ensuring FCPA compliance; Outlines more detailed procedures to be used in conjunction with applicable local laws

and regulations; Available in seven languages: English German, French, Chinese Simplified, Portuguese,

Finnish, and Russian; Accessible via AGCO’s intranet; Initially developed based on gaps identified in the initial “Pilot” review and

internal investigations; Periodically reviewed and updated based on internal audit compliance reviews and

changes in the business.


25

Compliance Manual – Local Procedural AddendumsAnti-Corruption Program Design and Development

Internal Audit visited key sites to facilitate localized Anti-Corruption/FCPA compliance. Teams worked with management to assess location or brand business practices and construct procedural addendums that outline specific controls and processes. The addendums are designed to better enable that location/brand to comply with AGCO’s Anti-Corruption Compliance Program. Key areas addressed include:

New Customer Approval and Setup New Vendor Approval and Set Up Relationships with Intermediaries Bids and Tenders Reporting of Direct Sales Commission Payments Employee Expenses for T&E of

Government Officials

Reporting of Government Related Expenditures

Facilitating Payments Promotional and Marketing

Expenses, Gifts Political Contributions Employee Cash Advances Vendor and Customer Master

Changes & Maintenance

26

Training & Awareness – Code of ConductAGCO developed computer based training on the Code of Conduct for employees globally: Currently available in seven languages (including supplementary policy documents*); Required and tracked for the majority of administrative and back office employees; Includes certification and a test; and Loaded on Learning Management System with ability to track certification and test scores.

*Supplementary policy documents that were also translated include:

Code of Conduct Insider Trading Policy US Antitrust Guidelines EU Competition Law Guidelines


Related Party Transaction Policy Export Controls Policy IT Security Program Equal Employment Opportunity

Policy

27

Training & Awareness – Anti-CorruptionAnti-Corruption Program Design and Development

AGCO also developed computer based training around Anti-Corruption and compliance with AGCO’s Anti-Corruption Compliance Program: Available in seven languages in total; Covers key components of the FCPA and the AGCO Anti-Corruption Policy; Includes examples and scenarios to highlight risks and emphasize key elements of the

program; Includes a certification and a test; Includes specific sections with more detailed training for Sales & Marketing, Purchasing

and Finance employees; and Loaded on Learning Management System with ability to track certification and test scores

28


Historical Data Analysis:Analyzed all customer / vendor master data to screen and identify higher risk third parties: Entities and related individuals in high corruption index or sanctioned countries Focus on FCPA and OFAC regulation exposures Identification of government entities and politically exposed persons

The project covered 20 key AGCO locations and nearly 200,000 customer/vendor master records.

Prospective Control Procedures: Utilizing a third party web-based tool in the screening/due diligence of new customers and

vendors Expanding to screening procedures for other risk exposures such as export controls

AGCO Customer and Vendor Data

Data Matching Tool

Manual Follow up Procedures

Matches Based on Similar Names and Addresses

Compares Customer and Vendor Data to World Compliance and Common Hotlist Databases

Compares Customer and Vendor countries to the Corruption Perceptions Index

Results

Transactional Review and Data Analysis

29



3






30Slide 30

Not documented/Informal Formalized Program/Procedural Details

Program Maturity

Cor

pora

teLo

catio

ns

Applicability & Risk Assessment

Program Design Effectiveness & Awareness

Control Design & Awareness

Operating Effectiveness & Detailed Transactions

Level of Procedures

1

2

3

4

Auditing and Monitoring

Program Assessment Model

31

Multi-Year Audit ApproachAuditing and Monitoring

After implementing the program, Management asked IA to provide annual assessments of the effectiveness of what had been implemented. This consisted of the following audit programs by program year:

Year 1 – Determine degree of procedural compliance at location level

Year 2 – Evaluate degree of procedural compliance at location level and degree of Management oversight at the regional level

Year 3 – Expand audit to include year 2 scope, plus evaluate substance of decisions reached for FCPA related transactions

32

Year One

Findings Large degree of procedural non-compliance Lack of management oversight and

coordination

Root Cause Some procedures were too general (check

for compliance, approve transactions, etc.) Lack of clarity of who is responsible for

what Did not include all key business owners in

development and training


Management Response Creation of centralized “Compliance Center”

and organization for Region 1 Better business participation in design

phase Design focusing on desktop procedures Clear assignment of responsibility Creation of enhanced Management

oversight, training and communication processes

33


EAME, EEA and ANZ FCPA – Renewed Focus

34


EAME FCPA Documentation

Bids, Tenders & Direct Sales

New Vendors

New Customers

New Agents/ Consultants

EAME FCPA

Miscellaneous payments

Compliance Center Organization

35

SharePoint Compliance Center SiteAuditing and Monitoring

36

Year Two

Findings Improved procedural compliance Effective oversight in region one Ineffective oversight program in region two

– improvement, but still procedural non-compliance

Root Cause – Region One Effective Management oversight Effective education, training and

accountability efforts

Root Cause – Region Two Failure to effectively provide Management

oversight


Management Response Region one – recognition from the Chief

E&C Officer and CFO Region two – adoption of the “Compliance

Center” and organization

37

Year Three

Findings Region one continues to perform well Region two – procedural compliance

continued to decline During a process/system change in one

area, FCPA controls were not carried forward into the new process

Root Cause Region two failed to provide oversight

personnel The Compliance Center for Region Two did

not have substance– No oversight capacity added– Manager’s didn’t self-monitor

Communication and awareness was lacking


Management Response Global Management now overseeing

Region Two development Punitive actions taken Resources and substance to be provided to

ensure complete adoption

38

Internal Audit Process

Create

Monitor

Improve

Sustain

39



3






40

E&C program was assessed against a framework incorporating elements of recognized compliance frameworks and guidelines

Federal Sentencing GuidelinesCOSOOpen Compliance & Ethics Group (OCEG) Identified and prioritized gaps and

enhancement opportunitiesDeveloped 2 year road map to further develop

the program

Building out the Ethics & Compliance Program

Initial Maturity AssessmentMaturity of E&C Program Elements

Level of Maturity

Immature/Non-Existent

Industry Average

LeadingPractice

- +

Strategy, Mission and VisionGovernance and Organization

Risk Assessment

Policies and Procedures

Delegation of Authority and Due DiligenceExisting and Emerging Laws and RegulationsTraining and CommunicationMonitoring, Auditing and Self EvaluationInternal Communication and Reporting

Issue Escalation and Resolution

Discipline and Incentives

41

Compliance Risk Assessment & Policy InventoryIdentified and evaluated other compliance requirements beyond Anti-Corruption

Inventory of applicable regulatory requirements by geographic regionAssessed risk of non-compliance Assessed potential economic and reputational exposure Performed high level assessment of key program elementsExistence, quality and relevance of policies and proceduresLevel of ownership and accountabilityExistence and availability of training programs Set priorities for further development of compliance programsMulti-year, risk-based road map for Chief Compliance Officer Leverage the framework developed for Anti-Corruption Compliance ProgramInternal Audit involvement in various subject matter areas

Advice on development of programsEvaluating and testing existing programsOngoing monitoring activities


42

Regions Other Factors

Risks

Global N. America

S. America

EAME/EAPAC

Ownership

Policies

Training

Accounting and Financial Reporting l l Anti-bribery/Anti-Corruption l l lAntitrust, Mergers & Competition l l ÒCommercial Regulations Conflicts of Interest l Ò Contracts & Strategic Agreements Ò Ò ÒCorporate Responsibility and Sustainability Ò Employee Labor l Environmental Ethics and Compliance l l ÒExport/ Import Ò Ò Government Contracting Intellectual Property l International Trade Lobbying & Political Activities l l lPrivacy/Confidentiality/Data Protection l Quality/Product Liability Records Management l l Securities Ò Tax l l lUnclaimed Property Ò Workplace Safety Ò

KeyRisks Other Factors

Top Elevated Lowered Insufficient information to

evaluate

Partial information

available

Significant information

available Ò l


43



3






44

Ensure you have the proper sponsor – stature and authority Have a clear scope and plan Account for cultural differences Do not underestimate the difficulty in moving from concept (policy) to reality (desk top

procedures) Ensure you have a robust and aggressive Management oversight function built into the

program to ease transition Be flexible – compliance is important, not adherence to one standard Do not make it overly complex – keep it simple to ease initial adoption, change

management and introduction into new locations Determine your resource needs and the skill sets of your team – put the right person in the

right role

Challenges and Lessons Learned

45

Presenters

Jonathan CorleyAGCO CorporationGlobal Internal Audit [email protected]

Jeff KammererPwCPartner, Risk [email protected]


Practical Lessons in Building and Sustaining a Global Ethics & Compliance Program

Documents

Transcript of Practical Lessons in Building and Sustaining a Global Ethics & Compliance Program