So You Think Your Compliance Budget Isn’t Big … You...So You Think Your Compliance Budget...
Transcript of So You Think Your Compliance Budget Isn’t Big … You...So You Think Your Compliance Budget...
So You Think Your ComplianceBudget Isn’t Big Enough?
Creative Implementation of Programs When You Wish You Had More to Spend
Barbara WagnerAssociate General Counsel and
Assistant SecretaryFormer Chief Compliance Officer
Chiquita Brands International, Inc.September 12, 2006
Society of Corporate Compliance and Ethics2006 Compliance & Ethics Institute September 12, 2006 2
Chiquita: A Global, Diversified Company
Fresh Cut24%
Fresh Select31%
Other1%
Bananas44%
Premier global brand
Strong market position
$4+ billion in sales in 70+ countries
25,000 employees
Production, distribution, marketing
Sales by Segment2005 Pro Forma with Fresh Express
Society of Corporate Compliance and Ethics2006 Compliance & Ethics Institute September 12, 2006 3
A truly global company
MARKETSMAIN PRODUCERS
Society of Corporate Compliance and Ethics2006 Compliance & Ethics Institute September 12, 2006 4
25,000 Employees
Latin America 17,000Europe
3,500
North America
4,500 Costa Rica 4,000
Honduras 4,000
Panama 4,000
Chile 3,000
Guatemala 2,000
Society of Corporate Compliance and Ethics2006 Compliance & Ethics Institute September 12, 2006 5
Separate Departments – but NOT silos
Legal
Compliance
CorporateResponsibility
ERMInternal
Audit
HR
Finance
Society of Corporate Compliance and Ethics2006 Compliance & Ethics Institute September 12, 2006 6
Compliance and Ethics at Chiquita
Corporate ResponsibilityOfficer/Steering Committee
Steering Committee created 1998; CR officer 2000Reinforce and promote a culture of ethical and legal compliance to ensure that corporate responsibility is integrated into the everyday way we do business at Chiquita Focus on social, environmental, and ethical responsibilities, beyond minimum legal standards, in our Core Values and Code of Conduct
Chief Compliance Officer
Position created 2005; full time 2006Oversee the Company’s programs to ensure full legal complianceFocus on legal responsibilities in the Code of Conduct and oversight of implementation by operating units and functions of laws and compliance-related company policies
Society of Corporate Compliance and Ethics2006 Compliance & Ethics Institute September 12, 2006 7
Implementation of Compliance at Chiquita
LegalDepartment
HumanResources
EmployeeCommunications
Corporate Responsibility ERM
BusinessUnits
Tax
ControllersInternalAudit
Compliance
Treasury
Yellow
Light Green
Blue
Auditing
Training
Oversight and
Implementation
- Laws & Policies
CommunicationsCo
de o
f Con
duct
,Va
lues
, Tho
ught
Lead
ersh
ip
Assessment
Methodology
Finan
cial R
epor
ting
Policies
and
Controls
Food
Saf
ety
Import/Export
Environmental
Implementation
and HR Policies
Financial Contro
ls
and Polic
ies
Tax and
Customs Compliance
Labeling
= Operations
= Functional Groups withcompliance component
= Assist with Compliance Mission Investigations
Society of Corporate Compliance and Ethics2006 Compliance & Ethics Institute September 12, 2006 8
Timeline of Key Corporate Responsibility Events
1992 2002
2001
2000 2003
CERES-ACCA Sustainability Reporting Award
SAI AdvisoryBoard
SAI Corporate Conscience Award
SA8000 in Colombia and Panama
EurepGAP in Colombia, Panama and Costa Rica
2004
Code of Conduct(SA8000)
CR Officer
1st internal audits
100% RA Certification
IUF / COLSIBA Agreement
1st CR Report
2nd internal audit with observers
ETI member
Worker training
Top 20 Sustainable Stock Picks (SB20)
SA8000 in Costa Rica
BSR Board
RainforestAllianceEngagement
OAS Corporate Citizen of the Americas Award
100% SA8000 certification1998
2005
100% EurepGAP certification
KLD’s Domini 400 Social Index
Chiquita / RA campaign in Europe
WWF Agreement on Mesoamerican Reef
Italian Ethic Award; Swiss Ethics Finalist
Steering CommitteeCreated
1999
Core Values
3rd-party pilot audits
Society of Corporate Compliance and Ethics2006 Compliance & Ethics Institute September 12, 2006 9
Example 1: Corporate ResponsibilityPartnering with Compliance
Agricultural Production (bananas) primarily in Latin America
Local environmental standards not as stringent as legal requirements in major markets (U.S. & Europe)
Comply with minimum legal standards in countries where products are marketed
Create higher standards and apply consistently
Society of Corporate Compliance and Ethics2006 Compliance & Ethics Institute September 12, 2006 10
Example 1: Corporate ResponsibilityPartnering with Compliance
Rainforest Alliance – Better Banana Project
Early 1990’s – began looking for appropriate partners
1992 – established relationship with Rainforest Alliance
Throughout 1990’s - draft, investigate, refine and adopt standards
2000 – 100% RA certification for owned farms
Adopt other third party standards: SA8000, EUREPGAP
Society of Corporate Compliance and Ethics2006 Compliance & Ethics Institute September 12, 2006 11
Example 1: Corporate ResponsibilityPartnering with Compliance
93%
100%
49%
57%
91%
82%
100%
94%
100%
100%
100%
100%
100%
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
Total
Panama
Nicaragua*
Honduras
Guatemala
Ecuador*
Costa Rica
Colombia*
Purchased Fruit Owned Production
Percentage of Total Farm Area Certified, December 2005
* Chiquita does not own farms in Colombia, Ecuador or Nicaragua.
Society of Corporate Compliance and Ethics2006 Compliance & Ethics Institute September 12, 2006 12
Example 1: Corporate ResponsibilityPartnering with Compliance
Implement with suppliers
Who: Production experts, local environmental coordinators and operations personnel, corporate communications, one lawyer – strong support from CEO and business unit heads
Takeaway: It takes time to achieve credibility with third parties
Society of Corporate Compliance and Ethics2006 Compliance & Ethics Institute September 12, 2006 13
Example 2: Adoption and Implementation ofInternational Trade Policy
The Office of Foreign Assets Control (OFAC) administers and enforces economic sanction programs primarily against countries and groups of individuals, such as terrorists and narcotics traffickers.All US persons must comply (including persons and entities within the U.S., all U.S. incorporated entities and their foreign branches). Fines for violations can be substantial. Entities comply with OFAC regulations by ensuring that vendors, customers, and vendor’s banks names are not on the Specially Designated Nationals and Blocked Persons (SDN) list. The list is updated periodically.
Society of Corporate Compliance and Ethics2006 Compliance & Ethics Institute September 12, 2006 14
Example 2: Adoption and Implementation ofInternational Trade Policy
Committee was formed at Chiquita in November 2004, with members from the Accounting, Treasury, IT, Legal, and Internal Audit departments. Goals included:
1. Develop an international trade compliance policy (with emphasis on OFAC);
2. Evaluate and choose an appropriate software or compliance tool that assists in screening vendors, customers and banks.
3. Refine the A/P and A/R policies to incorporate any OFAC concepts.
4. Develop operational procedures to ensure compliance.
Committee initially identified four vendor solutions that best met the Denied Party Screening (DPS) project requirements. Vendor presentations in April 2005
Society of Corporate Compliance and Ethics2006 Compliance & Ethics Institute September 12, 2006 15
Example 2: Adoption and Implementation ofInternational Trade Policy (continued)
Final selection, based on ability to:Perform scheduled automated denied party screenings (DPS) on Chiquita’s payment systems.Permit manual customer, supplier, and vendor record screening via website.Match entries to the government’s SDN list regardless of international spelling differences.Notify all appropriate Chiquita employees via email of the screening results.Provide audit and activity reports in both paper and electronic formats.Minimize the performance impact to Chiquita’s various payment systems caused by scanning customer, supplier, and vendor records. Conform to Chiquita’s IT environment requirements.
Determined that proper department to sponsor the contract with the vendor was the Controller’s department since A/P is an accounting function.
Society of Corporate Compliance and Ethics2006 Compliance & Ethics Institute September 12, 2006 16
Example 2: Adoption and Implementation ofInternational Trade Policy
Policy adopted September 2005Policy covers:
U.S. anti-terrorism laws, most notably OFACU.S. trade restrictions and sanctions U.S. anti-boycott regulations andOther similar laws in other jurisdictions
Test run of entire A/P list, September 2005; live, regular screening implemented October 2005.Controller’s and finance departments have the most interface in implementing the system and addressing “matches” or “potential matches.” Internal Audit reviews results.Quarterly certification by manager-level employeesTakeaway: Define critically where lawyers can add value.
Society of Corporate Compliance and Ethics2006 Compliance & Ethics Institute September 12, 2006 17
Example 3: Code of Conduct Training
Fully revised Code of Conduct introduced 2000Based on SA8000Additional legal and ethical responsibilities
Original training involved eight hours live training in selected business unitsNever fully rolled out to all employees (20,000 at the time), but broad instruction, including illustrated booklet for agricultural workers
Society of Corporate Compliance and Ethics2006 Compliance & Ethics Institute September 12, 2006 18
Example 3: Code of Conduct Training
Certification to “legal and ethical responsibilities” in Code of Conduct commenced 2003
Initially all managers (approx 750)Expected to read Code and Code-related policiesIncludes certification relating to Conflicts of Interest
Law Department reviews any disclosed conflicts or potential conflicts and clears with appropriate business unit supervisorsInternal Audit department audits both conflicts and code certificationCertification converted to online process in 2005
Society of Corporate Compliance and Ethics2006 Compliance & Ethics Institute September 12, 2006 19
Example 3: Code of Conduct Training
Decision to broaden certification to “all employees who work in an office” in 2006 (approximately 5000)Wanted to include training before they certified – on the Code, Core Values and code-related policies – in six languagesReviewed many products offered by different vendors, including our online compliance trainingHad used a vendor in Costa Rica to prepare some HR and IT training, and decided to have them prepare courseHR Training manager supervised preparation of course
Society of Corporate Compliance and Ethics2006 Compliance & Ethics Institute September 12, 2006 20
Example 3: Code of Conduct Training
Primary content review byManager, corporate responsibility, and other steering committee membersChief Compliance Officer, and other lawyersEmployee Communications
Additional review by HR, legal, operating units, other corporate responsibility steering committee membersSignificant involvement by IT to implement, including code certification
Society of Corporate Compliance and Ethics2006 Compliance & Ethics Institute September 12, 2006 21
Example 3: Code of Conduct Training
Training is 1 ½-2 hours; online (for everyone with email address); available in 6 languagesIncludes testingCertification carried out in a separate online process, approx. 2 weeks after completion of training.Takeaway: Prioritize where it makes most sense to create a customized product, versus tailoring a generic product
Society of Corporate Compliance and Ethics2006 Compliance & Ethics Institute September 12, 2006 22
Example 4: Use of Internal Audit in Compliance
Department has staff of 20Language facility (esp Spanish)Frequent visits to various operations - know the business and know the problemsBroadening scope of responsibilities since SOXCoordinate closely with corporate responsibility audits and assessments
Society of Corporate Compliance and Ethics2006 Compliance & Ethics Institute September 12, 2006 23
Example 4: Use of Internal Audit in Compliance
Examples of value-added services in compliance areaHotline investigations – both financial related and othersExpand scope of selected audits to include legal and regulatory complianceContribute to development of training content on policy and compliance matters Ensure compliance matters are explicitly taken into account in Internal Audit planning and risk assessment processesFully train all Internal Audit staff on compliance matters so they can be alert to issues that may come to their attention during any fieldwork
Compliance issues may inform risk-based priorities in audit planCoordinate closely with corporate responsibility audits and assessmentsTakeaway: Be creative in using available resources
Society of Corporate Compliance and Ethics2006 Compliance & Ethics Institute September 12, 2006 24
Other quick examples
Online training on antitrust and EU competition law
Locations database for hotline
ERM assessment
Society of Corporate Compliance and Ethics2006 Compliance & Ethics Institute September 12, 2006 25
Final takeaways:
5 It takes a long time to achieve credibility with third parties
4 Define critically where lawyers can add value3 Prioritize where it makes most sense to create a
customized product, versus tailoring a generic product
2 Be creative in using available resources1 A small handful of motivated individuals who
cooperate can accomplish a lot